Jump to content

orinwarren

Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

Reputation

0 Neutral
  1. orinwarren
    Also before anyone jumps the gun and assumes I entered the solution specifically given for the other topic I listed in the link.http://forums.malwar...pic=117917&st=0 ,No I did not as that solution clearly indicated that it was meant for that poster and could damage my computer I did that. I simply followed the instructions for acquiring the logs before stopping and posting them here.
  2. orinwarren
    Was doing research last night and working online. Logged out and shut down. Started up computer to discover the FBI Moneypak scam/virus had taken over my computer. Spent most of the day looking up how to resolve this on my brothers computer online. Most of them instructed accessing in safe mode and manualling removing it. Problem is the safe mode is also blocked by this virus now and the RUN appliacation and rgedit tools are blocked even though Ihave the adminstrator privelges active. We found a similar thread about this here and followed the instructions the expert gave there as well but have reached a dead end. http://forums.malwarebytes.org/index.php?showtopic=117917&st=0 I think who ever made this virsus is has worked around the previous solutions you can find posted online now. Now I am debating throwing my labtop in the trash... Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-12-2012 Ran by SYSTEM at 29-12-2012 17:36:40 Running from E:\ Windows 7 Ultimate (X86) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [9972328 2010-12-23] (Realtek Semiconductor) HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1386776 2011-06-23] (Logitech, Inc.) HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated) HKLM\...\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM\...\Run: [NetFxUpdate_v1.1.4322] "C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID [x] HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated) HKLM\...\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2513472 2009-04-16] (TOSHIBA) HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [718688 2009-09-30] (Microsoft Corporation) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947176 2012-09-12] (Microsoft Corporation) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKU\Mike\...\Run: [steam] "C:\Program Files\Steam\steam.exe" -silent [1354736 2012-12-04] (Valve Corporation) HKU\Mike\...\Run: [bitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe" [4771184 2011-06-30] (BitTorrent, Inc.) HKU\Mike\...\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe [3077528 2011-08-01] () HKU\Mike\...\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [574296 2012-03-06] (IObit) HKU\Mike\...\Run: [Facebook Update] "C:\Users\Mike\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-13] (Facebook Inc.) HKU\Mike\...\Run: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-06-23] (Google Inc.) HKU\Mike\...\Run: [spotify] "C:\Users\Mike\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [5576408 2012-09-12] (Spotify Ltd) HKU\Mike\...\Run: [spotify Web Helper] "C:\Users\Mike\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-09-12] () HKLM\...\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [449584 2011-07-08] (Malwarebytes Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X] Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 ==================== Services (Whitelisted) =================== 2 AdvancedSystemCareService5; C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe [913752 2012-03-14] (IObit) 2 camsvc; C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA) 2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2012-08-23] () 2 WebOptimizer; C:\Windows\System32\dmwu.exe [1006448 2012-09-13] () 2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x] 3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x] ==================== Drivers (Whitelisted) ==================== 3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [39064 2011-04-30] (Logitech, Inc.) 3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30360 2011-04-30] (Logitech, Inc.) 0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [193552 2012-08-30] (Microsoft Corporation) 3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7122944 2010-10-18] (Intel Corporation) 3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [22272 2009-03-18] (TOSHIBA Corporation) 2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [47616 2009-10-28] (REDC) 2 rixdpcie; C:\Windows\System32\DRIVERS\rixdpe86.sys [38912 2009-12-11] (REDC) 3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [60160 2009-08-13] (Microsoft Corporation) 1 A2DDA; \??\C:\Users\Mike\Desktop\EmsisoftEmergencyKit\Run\a2ddax86.sys [x] 3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x] 3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x] 3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2012-12-29 17:33 - 2012-12-29 17:33 - 00000000 ____D C:\FRST 2012-12-29 15:13 - 2012-12-29 15:13 - 00001082 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk 2012-12-29 15:13 - 2012-12-29 15:13 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-12-29 15:13 - 2011-07-08 05:55 - 00022712 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-12-29 15:07 - 2012-12-29 15:07 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes 2012-12-29 15:07 - 2012-12-29 15:07 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-12-29 15:07 - 2011-07-08 05:55 - 00041272 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys 2012-12-29 15:02 - 2012-12-29 15:04 - 00000112 ____A C:\Windows\setupact.log 2012-12-29 15:02 - 2012-12-29 15:02 - 00000000 ____A C:\Windows\setuperr.log 2012-12-29 11:29 - 2012-12-29 11:29 - 00000000 ____D C:\Users\Mike\AppData\Roaming\EurekaLog 2012-12-21 01:00 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2012-12-21 01:00 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll 2012-12-14 08:54 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-12-14 08:54 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-12-14 08:54 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-12-14 08:54 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-12-14 08:54 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-12-14 08:54 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-12-14 08:54 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-12-14 08:54 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-12-14 08:54 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-12-14 08:54 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-12-14 08:54 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-12-14 08:54 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-12-14 08:54 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-12-14 08:54 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-12-14 08:54 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-12-14 08:54 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-12-14 06:40 - 2012-11-21 18:56 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-12-14 06:39 - 2012-10-04 08:47 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2012-12-14 06:39 - 2012-10-04 08:43 - 00868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2012-12-14 06:39 - 2012-10-04 08:43 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll 2012-12-14 06:39 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll 2012-12-14 06:39 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll 2012-12-14 06:39 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-12-14 06:39 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll 2012-12-14 06:39 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll 2012-12-14 06:39 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll 2012-12-14 06:39 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll 2012-12-14 06:39 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-12-14 06:39 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-12-14 06:39 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll 2012-12-14 06:39 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-12-14 06:39 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll 2012-12-14 06:39 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll 2012-12-14 06:39 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll 2012-12-14 06:39 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-12-14 06:39 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll 2012-12-14 06:39 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll 2012-12-14 06:39 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll 2012-12-14 06:39 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll 2012-12-14 06:39 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-12-14 06:39 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll 2012-12-14 06:39 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll 2012-12-14 06:39 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll 2012-12-14 06:39 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll 2012-12-14 06:39 - 2012-10-04 06:57 - 00271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe 2012-12-14 06:39 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll 2012-12-14 06:39 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll 2012-12-14 06:39 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll 2012-12-14 06:39 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll 2012-12-14 06:38 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll 2012-12-14 06:38 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll ==================== One Month Modified Files and Folders ======== 2012-12-29 17:33 - 2012-12-29 17:33 - 00000000 ____D C:\FRST 2012-12-29 15:17 - 2011-06-30 10:27 - 01870530 ____A C:\Windows\WindowsUpdate.log 2012-12-29 15:13 - 2012-12-29 15:13 - 00001082 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk 2012-12-29 15:13 - 2012-12-29 15:13 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-12-29 15:11 - 2011-06-30 08:50 - 00739918 ____A C:\Windows\System32\PerfStringBackup.INI 2012-12-29 15:07 - 2012-12-29 15:07 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes 2012-12-29 15:07 - 2012-12-29 15:07 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-12-29 15:05 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-12-29 15:04 - 2012-12-29 15:02 - 00000112 ____A C:\Windows\setupact.log 2012-12-29 15:02 - 2012-12-29 15:02 - 00000000 ____A C:\Windows\setuperr.log 2012-12-29 15:00 - 2011-07-03 00:23 - 00000000 ____D C:\Program Files\Steam 2012-12-29 15:00 - 2011-06-30 09:14 - 00000000 ____D C:\Users\Mike\AppData\Roaming\BitTorrent 2012-12-29 14:56 - 2012-11-03 08:36 - 52805632 ____A C:\Windows\System32\config\SOFTWARE.iobit 2012-12-29 14:56 - 2012-11-03 08:36 - 16912384 ____A C:\Windows\System32\config\SYSTEM.iobit 2012-12-29 14:56 - 2012-11-03 08:36 - 00450560 ____A C:\Windows\System32\config\DEFAULT.iobit 2012-12-29 14:56 - 2012-11-03 08:36 - 00069632 ____A C:\Windows\System32\config\SAM.iobit 2012-12-29 14:56 - 2012-11-03 08:36 - 00028672 ____A C:\Windows\System32\config\SECURITY.iobit 2012-12-29 14:56 - 2011-06-30 08:47 - 00000000 ____D C:\users\Mike 2012-12-29 14:41 - 2011-08-01 01:03 - 00000000 ____D C:\Users\Mike\AppData\Local\PMB Files 2012-12-29 11:29 - 2012-12-29 11:29 - 00000000 ____D C:\Users\Mike\AppData\Roaming\EurekaLog 2012-12-29 09:33 - 2009-07-13 20:34 - 00018224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-12-29 09:33 - 2009-07-13 20:34 - 00018224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-12-29 09:28 - 2012-06-15 17:18 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1217937582-2889780426-1002776351-1001UA.job 2012-12-29 09:22 - 2011-07-03 00:23 - 00000000 ____D C:\Program Files\Common Files\Steam 2012-12-29 02:02 - 2012-06-23 20:15 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1217937582-2889780426-1002776351-1001UA.job 2012-12-29 01:16 - 2012-05-03 05:03 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-12-28 12:28 - 2011-06-30 13:24 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2012-12-28 10:40 - 2012-09-12 00:27 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Spotify 2012-12-27 08:02 - 2012-06-23 20:15 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1217937582-2889780426-1002776351-1001Core.job 2012-12-25 18:32 - 2012-11-19 22:10 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Tropico 4 2012-12-25 13:01 - 2012-06-15 17:18 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1217937582-2889780426-1002776351-1001Core.job 2012-12-21 13:26 - 2009-07-13 20:33 - 03772152 ____A C:\Windows\System32\FNTCACHE.DAT 2012-12-16 10:52 - 2011-07-21 21:17 - 00000000 ____D C:\Users\Mike\AppData\Local\Paint.NET 2012-12-16 06:13 - 2012-12-21 01:00 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2012-12-16 06:13 - 2012-12-21 01:00 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll 2012-12-16 00:30 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache 2012-12-14 08:54 - 2011-06-30 19:25 - 00000000 ____D C:\Users\All Users\Microsoft Help 2012-12-14 08:50 - 2011-06-30 11:30 - 65087872 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-12-14 08:16 - 2012-05-03 05:03 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-12-14 08:16 - 2011-06-30 11:00 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-12-04 17:04 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll [2011-06-30 21:38] - [2010-11-20 04:21] - 0843264 ____A (Microsoft Corporation) F0912678C35E4FE5220A4869861B6ED7 C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-12-28 17:59:42 ==================== Memory info =========================== Percentage of memory in use: 12% Total physical RAM: 3963.98 MB Available physical RAM: 3470.78 MB Total Pagefile: 3962.26 MB Available Pagefile: 3480.3 MB Total Virtual: 2047.88 MB Available Virtual: 1962.3 MB ==================== Partitions ============================= 1 Drive c: (TI100343V0F) (Fixed) (Total:286.38 GB) (Free:147.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.3 GB) NTFS 3 Drive e: (Dec 29 2012) (CDROM) (Total:4.37 GB) (Free:4.37 GB) UDF 4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 1500 MB 1024 KB Partition 2 Primary 286 GB 1501 MB Partition 3 Primary 10 GB 287 GB ========================================================= Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D TOSHIBA SYS NTFS Partition 1500 MB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C TI100343V0F NTFS Partition 286 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 17 (Suspicious Type) Hidden: Yes Active: No There is no volume associated with this partition. ========================================================= Last Boot: 2012-12-25 10:14 ==================== End Of Log ============================ Farbar Recovery Scan Tool (x86) Version: 29-12-2012 Ran by SYSTEM at 2012-12-29 17:38:01 Running from E:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 C:\Windows\System32\services.exe [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 === End Of Search ===
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.