Jump to content

shassar

Honorary Members
 View Profile  See their activity

  • Posts

    32

  • Joined

  • Last visited

 Content Type 

Everything posted by shassar

  1. shassar
    Gringo, here is the log: ComboFix 13-05-07.01 - user 05/07/2013 11:02:34.2.4 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2486.1615 [GMT -7:00] Running from: E:\ComboFix.exe Command switches used :: E:\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} . . ((((((((((((((((((((((((( Files Created from 2013-04-07 to 2013-05-07 ))))))))))))))))))))))))))))))) . . 2013-05-07 18:08 . 2013-05-07 18:08 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-07 15:40 . 2013-05-07 18:08 -------- d-----w- c:\users\user\AppData\Local\temp 2013-05-07 06:06 . 2013-05-07 06:06 -------- d-----w- C:\FRST 2013-05-06 23:56 . 2013-05-06 23:56 -------- d-----w- c:\windows\Sun 2013-05-06 05:58 . 2013-05-06 05:58 -------- d-----w- c:\users\user\AppData\Roaming\No Company Name 2013-05-05 15:37 . 2013-05-07 02:16 -------- d-----w- c:\windows\system32\catroot2 2013-05-05 15:08 . 2013-05-06 06:41 181064 ----a-w- c:\windows\PSEXESVC.EXE 2013-05-05 15:05 . 2013-05-05 15:05 -------- d-----w- C:\RegBackup 2013-05-05 07:13 . 2013-05-07 02:17 -------- d-----w- c:\programdata\Norton 2013-05-05 07:13 . 2013-05-05 16:09 -------- d-----w- c:\users\user\AppData\Local\NPE 2013-05-05 06:43 . 2013-05-05 06:43 -------- d-----w- c:\programdata\Kaspersky Lab 2013-05-05 05:53 . 2013-05-07 02:17 -------- d-----w- c:\programdata\PrevxCSI 2013-05-05 05:13 . 2013-05-06 04:00 -------- d-----w- c:\users\user\AppData\Local\Diagnostics 2013-05-04 17:25 . 2013-05-04 17:28 -------- d-----w- c:\programdata\HitmanPro 2013-05-04 17:02 . 2013-05-04 17:02 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes 2013-05-04 17:02 . 2013-05-04 17:02 -------- d-----w- c:\programdata\Malwarebytes 2013-05-04 17:02 . 2013-05-04 17:02 -------- d-----w- c:\users\user\AppData\Local\Programs 2013-05-04 16:38 . 2013-05-07 02:17 -------- d-----w- c:\program files\stinger 2013-05-04 15:24 . 2013-05-07 02:17 -------- d-----w- c:\programdata\2CCACBE1EB855D5500002CCA9F1B616A 2013-04-29 18:32 . 2013-04-29 18:32 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2013-04-29 17:03 . 2013-04-29 17:03 -------- d-----w- c:\users\user\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 2013-04-29 17:03 . 2013-05-07 02:17 -------- d-----w- c:\program files\Adobe Download Assistant 2013-04-29 17:03 . 2013-04-29 17:03 -------- d-----w- c:\program files\Common Files\Adobe AIR 2013-04-17 06:43 . 2009-10-21 22:29 320512 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp101.dll 2013-04-17 06:41 . 2013-05-07 02:17 -------- d-----w- c:\program files\Common Files\HP 2013-04-17 06:41 . 2013-04-17 06:41 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2013-04-17 06:39 . 2009-10-21 22:29 125440 ----a-w- c:\windows\system32\hpf3l101.dll 2013-04-17 06:37 . 2013-04-17 06:37 -------- d-----w- c:\programdata\HP 2013-04-17 06:36 . 2009-10-22 14:55 452736 ----a-w- c:\windows\system32\hpzids01.dll 2013-04-17 06:36 . 2009-09-11 07:44 887296 ----a-w- c:\windows\system32\hposwia_p04a.dll 2013-04-17 06:36 . 2009-09-11 07:44 966656 ----a-w- c:\windows\system32\hpost_p04a.dll 2013-04-17 06:36 . 2009-09-11 07:44 315392 ----a-w- c:\windows\system32\hposc_p04a.dll 2013-04-17 06:33 . 2013-04-17 06:33 -------- d-----w- c:\users\user\AppData\Local\ElevatedDiagnostics 2013-04-16 16:41 . 2013-04-16 16:41 -------- d-----w- c:\program files\Common Files\Java 2013-04-16 16:40 . 2013-04-16 16:39 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-04-16 16:40 . 2013-04-16 16:39 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-04-16 16:40 . 2013-04-16 16:39 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-04-16 16:39 . 2013-04-16 16:39 -------- d-----w- c:\program files\Java 2013-04-10 21:02 . 2013-02-12 15:13 2691072 ----a-w- c:\windows\system32\mstscax.dll 2013-04-10 21:02 . 2013-02-12 15:07 131072 ----a-w- c:\windows\system32\aaclient.dll 2013-04-10 21:02 . 2013-02-12 13:59 36864 ----a-w- c:\windows\system32\tsgqec.dll 2013-04-10 21:01 . 2013-03-19 05:06 3958120 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-04-10 21:01 . 2013-03-19 05:06 3902312 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-10 21:01 . 2013-03-19 04:54 38912 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-10 21:01 . 2013-03-19 02:50 69632 ----a-w- c:\windows\system32\smss.exe 2013-04-10 21:01 . 2013-03-01 03:11 2345984 ----a-w- c:\windows\system32\win32k.sys 2013-04-10 21:01 . 2013-03-02 05:09 1210712 ----a-w- c:\windows\system32\drivers\ntfs.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-31 06:35 . 2013-03-29 19:58 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-31 06:35 . 2013-03-29 19:58 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-29 04:14 . 2013-03-29 04:14 86528 ----a-w- c:\windows\system32\iesysprep.dll 2013-03-29 04:14 . 2013-03-29 04:14 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-03-29 04:14 . 2013-03-29 04:14 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-03-29 04:14 . 2013-03-29 04:14 74752 ----a-w- c:\windows\system32\iesetup.dll 2013-03-29 04:14 . 2013-03-29 04:14 63488 ----a-w- c:\windows\system32\tdc.ocx 2013-03-29 04:14 . 2013-03-29 04:14 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-03-29 04:14 . 2013-03-29 04:14 367104 ----a-w- c:\windows\system32\html.iec 2013-03-29 04:14 . 2013-03-29 04:14 35840 ----a-w- c:\windows\system32\imgutil.dll 2013-03-29 04:14 . 2013-03-29 04:14 23552 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-29 04:14 . 2013-03-29 04:14 161792 ----a-w- c:\windows\system32\msls31.dll 2013-03-29 04:14 . 2013-03-29 04:14 152064 ----a-w- c:\windows\system32\wextract.exe 2013-03-29 04:14 . 2013-03-29 04:14 150528 ----a-w- c:\windows\system32\iexpress.exe 2013-03-29 04:14 . 2013-03-29 04:14 11776 ----a-w- c:\windows\system32\mshta.exe 2013-03-29 04:14 . 2013-03-29 04:14 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-03-29 04:14 . 2013-03-29 04:14 101888 ----a-w- c:\windows\system32\admparse.dll 2013-03-29 04:13 . 2013-03-29 04:13 801792 ----a-w- c:\windows\system32\FntCache.dll 2013-03-29 04:13 . 2013-03-29 04:13 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-03-29 04:13 . 2013-03-29 04:13 442880 ----a-w- c:\windows\system32\XpsPrint.dll 2013-03-29 04:13 . 2013-03-29 04:13 3181568 ----a-w- c:\windows\system32\mf.dll 2013-03-29 04:13 . 2013-03-29 04:13 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-03-29 04:13 . 2013-03-29 04:13 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-03-29 04:13 . 2013-03-29 04:13 196608 ----a-w- c:\windows\system32\mfreadwrite.dll 2013-03-29 04:13 . 2013-03-29 04:13 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-03-29 04:13 . 2013-03-29 04:13 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll 2013-03-29 04:13 . 2013-03-29 04:13 135168 ----a-w- c:\windows\system32\XpsRasterService.dll 2013-03-29 04:13 . 2013-03-29 04:13 107520 ----a-w- c:\windows\system32\cdd.dll 2013-03-19 12:50 . 2013-03-30 06:49 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC360ADE-5240-4BA0-A456-1DAF53638C38}\mpengine.dll 2013-02-12 13:51 . 2013-03-29 04:09 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys 2010-02-23 14:43 . 2010-02-23 14:43 22582576 ----a-w- c:\program files\ValiditySensorsSetup.exe 2013-04-12 13:23 . 2013-04-12 13:23 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-09-13 1873192] "IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2012-07-25 1626112] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] "mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-02-28 515888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2013-01-28 20:08 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2013-02-20 19:35 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe . R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [x] R3 iscFlash;iscFlash;c:\swsetup\sp56058\iscflash.sys [x] R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys [x] R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x] S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [x] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x] S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x] S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x] S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x] S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [x] S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x] S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys [x] S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPService REG_MULTI_SZ HPSLPSVC HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 GPSvcGroup REG_MULTI_SZ GPSvc . Contents of the 'Scheduled Tasks' folder . 2013-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-29 06:35] . 2013-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-611549666-323232126-141575741-1000Core.job - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-31 15:23] . 2013-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-611549666-323232126-141575741-1000UA.job - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-31 15:23] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 192.168.1.1 FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\l1f6ad6v.default\ . . Completion time: 2013-05-07 11:11:11 ComboFix-quarantined-files.txt 2013-05-07 18:11 ComboFix2.txt 2013-05-07 15:44 . Pre-Run: 591,432,269,824 bytes free Post-Run: 591,361,425,408 bytes free . - - End Of File - - 2D768AE3BAE58FE4AC39CB3665625F59
  2. shassar
    Gringo, The computer is behaving. I have it disconnected from the wireless and internet though. I am able to open programs and do as I please. But before I fully trust it, I want to make sure it's 100% gone. Two days ago I thought I was clean, turns out maybe I wasn't. I think ComboFix deleted some stuff when I was watching what it was doing. Thanks again.
  3. shassar
    Hi Gringo, Sorry, I went to sleep for the night. I ran ComboFix, here is the log: ComboFix 13-05-07.01 - user 05/07/2013 8:34.1.4 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2486.1532 [GMT -7:00] Running from: E:\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\autorun.inf . . ((((((((((((((((((((((((( Files Created from 2013-04-07 to 2013-05-07 ))))))))))))))))))))))))))))))) . . 2013-05-07 06:06 . 2013-05-07 06:06 -------- d-----w- C:\FRST 2013-05-06 23:56 . 2013-05-06 23:56 -------- d-----w- c:\windows\Sun 2013-05-06 05:58 . 2013-05-06 05:58 -------- d-----w- c:\users\user\AppData\Roaming\No Company Name 2013-05-05 15:37 . 2013-05-07 02:16 -------- d-----w- c:\windows\system32\catroot2 2013-05-05 15:08 . 2013-05-06 06:41 181064 ----a-w- c:\windows\PSEXESVC.EXE 2013-05-05 15:05 . 2013-05-05 15:05 -------- d-----w- C:\RegBackup 2013-05-05 07:13 . 2013-05-07 02:17 -------- d-----w- c:\programdata\Norton 2013-05-05 07:13 . 2013-05-05 16:09 -------- d-----w- c:\users\user\AppData\Local\NPE 2013-05-05 06:43 . 2013-05-05 06:43 -------- d-----w- c:\programdata\Kaspersky Lab 2013-05-05 05:53 . 2013-05-07 02:17 -------- d-----w- c:\programdata\PrevxCSI 2013-05-05 05:13 . 2013-05-06 04:00 -------- d-----w- c:\users\user\AppData\Local\Diagnostics 2013-05-04 17:25 . 2013-05-04 17:28 -------- d-----w- c:\programdata\HitmanPro 2013-05-04 17:02 . 2013-05-04 17:02 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes 2013-05-04 17:02 . 2013-05-04 17:02 -------- d-----w- c:\programdata\Malwarebytes 2013-05-04 17:02 . 2013-05-04 17:02 -------- d-----w- c:\users\user\AppData\Local\Programs 2013-05-04 16:38 . 2013-05-07 02:17 -------- d-----w- c:\program files\stinger 2013-05-04 15:24 . 2013-05-07 02:17 -------- d-----w- c:\programdata\2CCACBE1EB855D5500002CCA9F1B616A 2013-04-29 18:32 . 2013-04-29 18:32 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2013-04-29 17:03 . 2013-04-29 17:03 -------- d-----w- c:\users\user\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 2013-04-29 17:03 . 2013-05-07 02:17 -------- d-----w- c:\program files\Adobe Download Assistant 2013-04-29 17:03 . 2013-04-29 17:03 -------- d-----w- c:\program files\Common Files\Adobe AIR 2013-04-17 06:43 . 2009-10-21 22:29 320512 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp101.dll 2013-04-17 06:41 . 2013-05-07 02:17 -------- d-----w- c:\program files\Common Files\HP 2013-04-17 06:41 . 2013-04-17 06:41 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2013-04-17 06:39 . 2009-10-21 22:29 125440 ----a-w- c:\windows\system32\hpf3l101.dll 2013-04-17 06:37 . 2013-04-17 06:37 -------- d-----w- c:\programdata\HP 2013-04-17 06:36 . 2009-10-22 14:55 452736 ----a-w- c:\windows\system32\hpzids01.dll 2013-04-17 06:36 . 2009-09-11 07:44 887296 ----a-w- c:\windows\system32\hposwia_p04a.dll 2013-04-17 06:36 . 2009-09-11 07:44 966656 ----a-w- c:\windows\system32\hpost_p04a.dll 2013-04-17 06:36 . 2009-09-11 07:44 315392 ----a-w- c:\windows\system32\hposc_p04a.dll 2013-04-17 06:33 . 2013-04-17 06:33 -------- d-----w- c:\users\user\AppData\Local\ElevatedDiagnostics 2013-04-16 16:41 . 2013-04-16 16:41 -------- d-----w- c:\program files\Common Files\Java 2013-04-16 16:40 . 2013-04-16 16:39 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-04-16 16:40 . 2013-04-16 16:39 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-04-16 16:40 . 2013-04-16 16:39 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-04-16 16:39 . 2013-04-16 16:39 -------- d-----w- c:\program files\Java 2013-04-10 21:02 . 2013-02-12 15:13 2691072 ----a-w- c:\windows\system32\mstscax.dll 2013-04-10 21:02 . 2013-02-12 15:07 131072 ----a-w- c:\windows\system32\aaclient.dll 2013-04-10 21:02 . 2013-02-12 13:59 36864 ----a-w- c:\windows\system32\tsgqec.dll 2013-04-10 21:01 . 2013-03-19 05:06 3958120 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-04-10 21:01 . 2013-03-19 05:06 3902312 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-10 21:01 . 2013-03-19 04:54 38912 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-10 21:01 . 2013-03-19 02:50 69632 ----a-w- c:\windows\system32\smss.exe 2013-04-10 21:01 . 2013-03-01 03:11 2345984 ----a-w- c:\windows\system32\win32k.sys 2013-04-10 21:01 . 2013-03-02 05:09 1210712 ----a-w- c:\windows\system32\drivers\ntfs.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-31 06:35 . 2013-03-29 19:58 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-31 06:35 . 2013-03-29 19:58 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-29 04:14 . 2013-03-29 04:14 86528 ----a-w- c:\windows\system32\iesysprep.dll 2013-03-29 04:14 . 2013-03-29 04:14 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-03-29 04:14 . 2013-03-29 04:14 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-03-29 04:14 . 2013-03-29 04:14 74752 ----a-w- c:\windows\system32\iesetup.dll 2013-03-29 04:14 . 2013-03-29 04:14 63488 ----a-w- c:\windows\system32\tdc.ocx 2013-03-29 04:14 . 2013-03-29 04:14 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-03-29 04:14 . 2013-03-29 04:14 367104 ----a-w- c:\windows\system32\html.iec 2013-03-29 04:14 . 2013-03-29 04:14 35840 ----a-w- c:\windows\system32\imgutil.dll 2013-03-29 04:14 . 2013-03-29 04:14 23552 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-29 04:14 . 2013-03-29 04:14 161792 ----a-w- c:\windows\system32\msls31.dll 2013-03-29 04:14 . 2013-03-29 04:14 152064 ----a-w- c:\windows\system32\wextract.exe 2013-03-29 04:14 . 2013-03-29 04:14 150528 ----a-w- c:\windows\system32\iexpress.exe 2013-03-29 04:14 . 2013-03-29 04:14 11776 ----a-w- c:\windows\system32\mshta.exe 2013-03-29 04:14 . 2013-03-29 04:14 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-03-29 04:14 . 2013-03-29 04:14 101888 ----a-w- c:\windows\system32\admparse.dll 2013-03-29 04:13 . 2013-03-29 04:13 801792 ----a-w- c:\windows\system32\FntCache.dll 2013-03-29 04:13 . 2013-03-29 04:13 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-03-29 04:13 . 2013-03-29 04:13 442880 ----a-w- c:\windows\system32\XpsPrint.dll 2013-03-29 04:13 . 2013-03-29 04:13 3181568 ----a-w- c:\windows\system32\mf.dll 2013-03-29 04:13 . 2013-03-29 04:13 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-03-29 04:13 . 2013-03-29 04:13 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-03-29 04:13 . 2013-03-29 04:13 196608 ----a-w- c:\windows\system32\mfreadwrite.dll 2013-03-29 04:13 . 2013-03-29 04:13 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-03-29 04:13 . 2013-03-29 04:13 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll 2013-03-29 04:13 . 2013-03-29 04:13 135168 ----a-w- c:\windows\system32\XpsRasterService.dll 2013-03-29 04:13 . 2013-03-29 04:13 107520 ----a-w- c:\windows\system32\cdd.dll 2013-03-19 12:50 . 2013-03-30 06:49 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC360ADE-5240-4BA0-A456-1DAF53638C38}\mpengine.dll 2013-02-12 13:51 . 2013-03-29 04:09 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys 2010-02-23 14:43 . 2010-02-23 14:43 22582576 ----a-w- c:\program files\ValiditySensorsSetup.exe 2013-04-12 13:23 . 2013-04-12 13:23 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-09-13 1873192] "IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2012-07-25 1626112] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] "mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-02-28 515888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2013-01-28 20:08 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2013-02-20 19:35 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe . R2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [x] R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x] R2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [x] R3 iscFlash;iscFlash;c:\swsetup\sp56058\iscflash.sys [x] R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys [x] R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [x] S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x] S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x] S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [x] S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x] S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys [x] S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPService REG_MULTI_SZ HPSLPSVC HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 GPSvcGroup REG_MULTI_SZ GPSvc . Contents of the 'Scheduled Tasks' folder . 2013-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-29 06:35] . 2013-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-611549666-323232126-141575741-1000Core.job - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-31 15:23] . 2013-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-611549666-323232126-141575741-1000UA.job - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-31 15:23] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 192.168.1.1 FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\l1f6ad6v.default\ . - - - - ORPHANS REMOVED - - - - . SafeBoot-mbamchameleon . . . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\sppsvc.exe c:\program files\Common Files\McAfee\SystemCore\mfefire.exe c:\windows\system32\taskhost.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conhost.exe c:\windows\System32\rundll32.exe c:\program files\Common Files\McAfee\Platform\mcuicnt.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\progra~1\McAfee\MSC\McAPExe.exe c:\program files\mcafee.com\agent\McUpdate.exe . ************************************************************************** . Completion time: 2013-05-07 08:44:43 - machine was rebooted ComboFix-quarantined-files.txt 2013-05-07 15:44 . Pre-Run: 592,180,170,752 bytes free Post-Run: 592,097,013,760 bytes free . - - End Of File - - D98BFCA20212C2EEAB402CC211E04C60
  4. shassar
    Hi Gringo, Did both, here are the logs: Report of AdwCleaner before I HIT DELETE: # AdwCleaner v2.300 - Logfile created 05/06/2013 at 23:54:43 # Updated 28/04/2013 by Xplode # Operating system : Windows 7 Home Premium (32 bits) # User : user - SHABNAM # Boot Mode : Normal # Running from : E:\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16476 [OK] Registry is clean. -\\ Mozilla Firefox v20.0.1 (en-US) ************************* AdwCleaner[R1].txt - [650 octets] - [06/05/2013 23:54:43] ########## EOF - C:\AdwCleaner[R1].txt - [709 octets] ########## Log of ADwCleaner after I HIT DELETE: # AdwCleaner v2.300 - Logfile created 05/06/2013 at 23:56:08 # Updated 28/04/2013 by Xplode # Operating system : Windows 7 Home Premium (32 bits) # User : user - SHABNAM # Boot Mode : Normal # Running from : E:\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16476 [OK] Registry is clean. -\\ Mozilla Firefox v20.0.1 (en-US) ************************* AdwCleaner[R1].txt - [777 octets] - [06/05/2013 23:54:43] AdwCleaner[s1].txt - [282 octets] - [06/05/2013 23:55:53] AdwCleaner[s2].txt - [770 octets] - [06/05/2013 23:56:08] ########## EOF - C:\AdwCleaner[s2].txt - [829 octets] ########## Report of RogueKiller: RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User : user [Admin rights] Mode : Remove -- Date : 05/07/2013 00:03:45 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Policies\Explorer\Run : KB2485155 ("C:\Users\user\AppData\Local\KB2485155\KB2485155.exe") [x] -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK6465GSX ATA Device +++++ --- User --- [MBR] 24304683413533eef67a37f6dae9bfc3 [bSP] 79a1d7888a00f5eb673f80ceeacca462 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 610378 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_05072013_02d0003.txt >> RKreport[1]_S_05072013_02d0002.txt ; RKreport[2]_D_05072013_02d0003.txt
  5. shassar
    Also, Just booted y computer... I now have control! Thank you! So, what do I need to do next to really kill this virus? Should I just do what you and the other user discusses?
  6. shassar
    Hi Gringo, Thank you for the prompt reply. I did what you said, here is the log... Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-05-2013 Ran by SYSTEM at 2013-05-06 23:48:37 Run:1 Running from F:\ Boot Mode: Recovery ============================================== HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\KB2485155 => Value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\KB2485155 => Value deleted successfully. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully. HKEY_USERS\user\Software\Microsoft\Windows\CurrentVersion\Run\\KB2485155 => Value deleted successfully. HKEY_USERS\user\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr => Value deleted successfully. HKEY_USERS\user\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools => Value deleted successfully. MFE_RR => Service deleted successfully. C:\Users\user\AppData\Local\KB2485155 => Moved successfully. C:\Users\user\AppData\Local\Temp\mfe_rr.sys => File/Directory not found. ==== End of Fixlog ====
  7. shassar
    Hi all, I have read a similar thread http://forums.malwarebytes.org/index.php?showtopic=117917 by Gringo and another user. I followed the steps and I realized I have to stop because my logs differ from this individual. The story is on 5/4 I downloaded a book from rapidshare. I never had a virus, ever on any of my computers. My current computer has McAfee. About 24 hours later I got a virus called "System Care Antivirus". McAfee was unable to recognize nor remove it. On Safe Mode I deleted the virus with Malware Bytes Anti-Malware. After my computer recovered I noticed McAfee firewall was off because Windows firewall was off. I ran Microsoft Repair from Tweaking.com and it was able to restore all the missing components from the Security Center. I reran McAfee, Malware Bytes, Norton Power Eraser, HitmanPro, and Microsoft Malacious Malware Remover. I got a clean bill of health and was happy. Everything was functioning until this evening. I got a white screen that locked my computer, a false warning from FBI. What was I doing before it? Nothing I was on Facebook. I did not download anything funny today. So I did what Gringo suggested for the other user. Booted to Repair Windows with command promt. I downloaded Frst.exe from Bleeping computers as I have Windows 7 32-bit Basic Home. Gringo I will post my logs, can you make sure I copy and pate the correct one on the Notepad so I can run it on my infected computer? Thanks a million! Last: Even I clean this virus, am I going to be ok? Because I got one on Saturday the fake virus scan and now this funny FBI one 2 days later. Is it possible that it's coming from my wireless? I am temporary at my uncle's and none of the wireless's are locked with WPA. The reason is because we have one modem and 4 routers communicating as the house is huge. This way everyone has internet at all parts of the house. I feel like someone sent me viruses over my wireless... although maybe it's unlikely. This from f:\frst.exe Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-05-2013 Ran by SYSTEM on 06-05-2013 22:06:48 Running from F:\ Windows 7 Home Premium (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1873192 2010-09-13] (Synaptics Incorporated) HKLM\...\Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash [1626112 2012-07-25] (Intel® Corporation) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated) HKLM\...\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [515888 2013-02-28] (McAfee, Inc.) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [KB2485155] "C:\Users\user\AppData\Local\KB2485155\KB2485155.exe" [128528 2013-05-06] (Venus) HKLM\...\Policies\Explorer\Run: [KB2485155] "C:\Users\user\AppData\Local\KB2485155\KB2485155.exe" [128528 2013-05-06] (Venus) HKLM\...\Winlogon: [shell] explorer.exe, "C:\Users\user\AppData\Local\KB2485155\KB2485155.exe" [x ] () HKU\user\...\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c [ 2013-03-31] (Google Inc.) HKU\user\...\Run: [KB2485155] "C:\Users\user\AppData\Local\KB2485155\KB2485155.exe" [x] HKU\user\...\Policies\system: [DisableTaskMgr] 1 HKU\user\...\Policies\system: [DisableRegistryTools] 1 ========================== Services (Whitelisted) ================= S2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [446464 2012-07-18] (Red Bend Ltd.) S2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [184728 2013-03-05] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [184728 2013-03-05] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [184728 2013-03-05] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [287752 2013-03-01] (McAfee, Inc.) S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [184728 2013-03-05] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [184728 2013-03-05] (McAfee, Inc.) S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [632344 2012-10-06] (McAfee, Inc.) S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [168880 2012-12-26] (McAfee, Inc.) S2 mfevtp; C:\Windows\system32\mfevtps.exe [171976 2012-12-26] (McAfee, Inc.) S2 vcsFPService; C:\Windows\system32\vcsFPService.exe [1799472 2010-02-23] (Validity Sensors, Inc.) S2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [765952 2012-07-18] (Intel® Corporation) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] () ==================== Drivers (Whitelisted) ==================== S3 bpenum; C:\Windows\System32\DRIVERS\bpenum.sys [67584 2012-07-03] (Intel Corporation) S3 bpmp; C:\Windows\System32\DRIVERS\bpmp.sys [149504 2012-07-03] (Intel Corporation) S3 bpusb; C:\Windows\System32\Drivers\bpusb.sys [71168 2012-07-03] (Intel Corporation) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60480 2012-12-26] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147472 2012-05-28] (McAfee, Inc.) S3 iscFlash; C:\SwSetup\sp56058\iscflash.sys [22400 2010-09-15] (Insyde Software) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [132976 2012-12-26] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [234824 2012-12-26] (McAfee, Inc.) S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65488 2012-12-26] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [362640 2012-12-26] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565416 2012-12-26] (McAfee, Inc.) S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [252200 2012-11-02] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81456 2012-11-02] (McAfee, Inc.) S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [210168 2012-12-26] (McAfee, Inc.) S3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7435264 2011-01-04] (Intel Corporation) S3 mfeavfk01; No ImagePath S3 MFE_RR; \??\C:\Users\user\AppData\Local\Temp\mfe_rr.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-06 22:06 - 2013-05-06 22:06 - 00000000 ____D C:\FRST 2013-05-06 15:56 - 2013-05-06 15:56 - 00000000 ____D C:\Windows\Sun 2013-05-06 15:56 - 2013-05-06 15:56 - 00000000 ____D C:\Users\user\AppData\Local\KB2485155 2013-05-05 22:18 - 2013-05-06 18:17 - 00000000 ____D C:\Users\user\Desktop\Tweaking.com - Windows Repair 2013-05-05 22:17 - 2013-05-05 22:17 - 03517580 ____A C:\Users\user\Downloads\tweaking.com_windows_repair_aio.zip 2013-05-05 21:58 - 2013-05-05 21:58 - 00000000 ____D C:\Users\user\AppData\Roaming\No Company Name 2013-05-05 21:57 - 2013-05-05 21:58 - 05546413 ____A C:\Users\user\Downloads\tweaking.com_windows_repair_aio_setup.exe 2013-05-05 21:50 - 2013-05-05 21:50 - 00871208 ____A (SetupManager) C:\Users\user\Downloads\Setup.exe 2013-05-05 08:14 - 2013-05-06 18:17 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-05-05 08:14 - 2013-04-04 13:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-05-05 08:13 - 2013-05-05 08:13 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.75.0.1300.exe 2013-05-05 07:55 - 2013-05-05 07:55 - 00354299 ____A (Farbar) C:\Users\user\Downloads\FSS(1).exe 2013-05-05 07:08 - 2013-05-05 22:41 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE 2013-05-05 07:05 - 2013-05-05 07:05 - 00000207 ____A C:\Windows\tweaking.com-regbackup-SHABNAM-Microsoft-Windows-7-Home-Premium-(32-bit).dat 2013-05-05 07:05 - 2013-05-05 07:05 - 00000000 ____D C:\RegBackup 2013-05-05 06:47 - 2013-05-05 06:47 - 00362882 ____A C:\Users\user\Downloads\SharedAccess.reg 2013-05-05 06:47 - 2013-05-05 06:47 - 00007586 ____A C:\Users\user\Downloads\WinDefend.reg 2013-05-05 06:45 - 2013-05-05 07:55 - 00002854 ____A C:\Users\user\Downloads\FSS.txt 2013-05-05 06:44 - 2013-05-05 06:44 - 00354299 ____A (Farbar) C:\Users\user\Downloads\FSS.exe 2013-05-04 23:13 - 2013-05-06 18:17 - 00000000 ____D C:\ProgramData\Norton 2013-05-04 23:13 - 2013-05-05 08:09 - 00000000 ____D C:\Users\user\AppData\Local\NPE 2013-05-04 23:13 - 2013-05-04 23:13 - 02986440 ____A (Symantec Corporation) C:\Users\user\Downloads\NPE.exe 2013-05-04 22:43 - 2013-05-04 22:43 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-05-04 22:33 - 2013-05-04 22:39 - 163728480 ____A C:\Users\user\Downloads\setup_11.0.0.1245.x01_2013_05_05_08_26.exe 2013-05-04 21:54 - 2013-05-04 21:56 - 09097384 ____A (SurfRight B.V.) C:\Users\user\Downloads\HitmanPro(1).exe 2013-05-04 21:53 - 2013-05-06 18:17 - 00000000 ____D C:\ProgramData\PrevxCSI 2013-05-04 21:53 - 2013-05-04 21:53 - 00945272 ____A (Prevx) C:\Users\user\Downloads\prevxcsibus(1).exe 2013-05-04 21:52 - 2013-05-04 21:52 - 00945272 ____A (Prevx) C:\Users\user\Downloads\prevxcsibus.exe 2013-05-04 21:46 - 2013-05-04 21:46 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\user\Downloads\tdsskiller.exe 2013-05-04 09:25 - 2013-05-04 09:28 - 00000000 ____D C:\ProgramData\HitmanPro 2013-05-04 09:24 - 2013-05-04 09:25 - 09097384 ____A (SurfRight B.V.) C:\Users\user\Downloads\HitmanPro.exe 2013-05-04 09:02 - 2013-05-04 09:02 - 00000000 ____D C:\Users\user\AppData\Roaming\Malwarebytes 2013-05-04 09:02 - 2013-05-04 09:02 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-05-04 08:38 - 2013-05-06 18:17 - 00000000 ____D C:\Program Files\stinger 2013-05-04 07:24 - 2013-05-06 18:17 - 00000000 ____D C:\ProgramData\2CCACBE1EB855D5500002CCA9F1B616A 2013-05-03 09:19 - 2013-05-03 09:20 - 00000000 ____D C:\Users\user\Documents\zeldamanga 2013-05-03 09:19 - 2013-05-03 09:19 - 00000000 ____D C:\Users\user\Desktop\zeldamanga 2013-05-01 15:17 - 2013-05-01 15:17 - 00002472 ____A C:\Users\user\Desktop\1 2013-04-29 10:32 - 2013-04-29 10:32 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2013-04-29 09:03 - 2013-05-06 18:17 - 00000000 ____D C:\Program Files\Adobe Download Assistant 2013-04-29 09:03 - 2013-04-29 09:03 - 00000000 ____D C:\Users\user\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 2013-04-29 09:03 - 2013-04-29 09:03 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia 2013-04-29 09:03 - 2013-04-29 09:03 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia 2013-04-29 09:03 - 2013-04-29 09:03 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR 2013-04-29 09:02 - 2013-04-29 09:02 - 02524336 ____A C:\Users\user\Downloads\AdobeDownloadAssistant.exe 2013-04-24 12:16 - 2013-04-24 12:16 - 00066680 ____A C:\Users\user\Downloads\getBackgroundReport(2).do 2013-04-24 12:15 - 2013-04-24 12:15 - 00067173 ____A C:\Users\user\Downloads\getBackgroundReport.do 2013-04-24 12:15 - 2013-04-24 12:15 - 00066774 ____A C:\Users\user\Downloads\getBackgroundReport(1).do 2013-04-22 11:48 - 2013-04-22 11:48 - 00015355 ____A C:\Users\user\Downloads\caf.cfm 2013-04-22 11:48 - 2013-04-22 11:48 - 00005991 ____A C:\Users\user\Downloads\cv.cfm 2013-04-22 11:42 - 2013-04-22 11:42 - 00000000 ____A C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2013-04-16 22:41 - 2013-05-06 18:17 - 00000000 ____D C:\Program Files\Common Files\HP 2013-04-16 22:41 - 2013-04-16 22:41 - 00000000 ____D C:\Program Files\Common Files\Hewlett-Packard 2013-04-16 22:39 - 2009-10-21 14:29 - 00125440 ____A (Hewlett-Packard Company) C:\Windows\System32\hpf3l101.dll 2013-04-16 22:37 - 2013-04-16 22:47 - 00172870 ____A C:\Windows\hpoins46.dat 2013-04-16 22:37 - 2013-04-16 22:47 - 00000356 ____A C:\ProgramData\hpzinstall.log 2013-04-16 22:37 - 2013-04-16 22:37 - 00000000 ____D C:\ProgramData\HP 2013-04-16 22:37 - 2009-12-01 14:07 - 00000601 ____A C:\Windows\hpomdl46.dat 2013-04-16 22:36 - 2009-10-22 06:55 - 00452736 ____A (Hewlett-Packard) C:\Windows\System32\hpzids01.dll 2013-04-16 22:36 - 2009-09-10 23:44 - 00966656 ____A (Hewlett-Packard Co.) C:\Windows\System32\hpost_p04a.dll 2013-04-16 22:36 - 2009-09-10 23:44 - 00887296 ____A (Hewlett-Packard) C:\Windows\System32\hposwia_p04a.dll 2013-04-16 22:36 - 2009-09-10 23:44 - 00315392 ____A (Hewlett-Packard Co.) C:\Windows\System32\hposc_p04a.dll 2013-04-16 22:35 - 2013-04-16 22:36 - 60341952 ____A C:\Users\user\Downloads\PS_AIO_07_D110_USW_Basic_Win_enu_140_126.exe 2013-04-16 20:57 - 2013-04-16 20:57 - 00002125 ____A C:\Users\user\Desktop\Usmleworld QBank.lnk 2013-04-16 20:57 - 2013-04-16 20:57 - 00001474 ____A C:\Users\user\Downloads\qbankclient.jnlp 2013-04-16 08:48 - 2013-04-16 08:48 - 00002129 ____A C:\Users\user\Desktop\Usmleworld Step3 CCS.lnk 2013-04-16 08:47 - 2013-04-16 08:47 - 00001384 ____A C:\Users\user\Downloads\Step3Client.jnlp 2013-04-16 08:43 - 2013-04-16 08:45 - 31521184 ____A (Oracle Corporation) C:\Users\user\Downloads\jre-7u17-windows-i586.exe 2013-04-16 08:41 - 2013-04-16 08:41 - 00000000 ____D C:\ProgramData\Sun 2013-04-16 08:41 - 2013-04-16 08:41 - 00000000 ____D C:\Program Files\Common Files\Java 2013-04-16 08:40 - 2013-04-16 08:39 - 00861088 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2013-04-16 08:40 - 2013-04-16 08:39 - 00782240 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2013-04-16 08:40 - 2013-04-16 08:39 - 00262560 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-04-16 08:40 - 2013-04-16 08:39 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-04-16 08:40 - 2013-04-16 08:39 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-04-16 08:40 - 2013-04-16 08:39 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2013-04-16 08:39 - 2013-04-16 08:39 - 00000000 ____D C:\Program Files\Java 2013-04-16 08:37 - 2013-04-16 08:37 - 00896928 ____A (Oracle Corporation) C:\Users\user\Downloads\jxpiinstall.exe 2013-04-15 05:55 - 2013-04-15 05:57 - 00000000 ____D C:\Users\user\Desktop\Shab 2013-04-12 05:23 - 2013-05-06 18:17 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-04-11 06:04 - 2013-02-21 20:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-04-11 06:04 - 2013-02-21 19:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-04-11 06:04 - 2013-02-21 19:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-04-11 06:04 - 2013-02-21 19:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-04-11 06:04 - 2013-02-21 19:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-04-11 06:04 - 2013-02-21 19:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-04-11 06:04 - 2013-02-21 19:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-04-11 06:04 - 2013-02-21 19:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-04-11 06:04 - 2013-02-21 19:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-04-11 06:04 - 2013-02-21 19:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-04-11 06:04 - 2013-02-21 19:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-04-11 06:04 - 2013-02-21 19:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-04-11 06:04 - 2013-02-21 19:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-04-11 06:04 - 2013-02-21 19:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-04-11 06:04 - 2013-02-21 19:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-04-11 06:04 - 2013-02-21 19:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-04-10 21:36 - 2013-04-10 21:36 - 00000000 ____A C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2013-04-10 13:02 - 2013-02-12 07:13 - 02691072 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll 2013-04-10 13:02 - 2013-02-12 07:07 - 00131072 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll 2013-04-10 13:02 - 2013-02-12 05:59 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll 2013-04-10 13:01 - 2013-03-18 21:06 - 03958120 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2013-04-10 13:01 - 2013-03-18 21:06 - 03902312 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-04-10 13:01 - 2013-03-18 20:54 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll 2013-04-10 13:01 - 2013-03-18 18:50 - 00069632 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe 2013-04-10 13:01 - 2013-03-01 21:09 - 01210712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-10 13:01 - 2013-02-28 19:11 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys ==================== One Month Modified Files and Folders ======== 2013-05-06 22:06 - 2013-05-06 22:06 - 00000000 ____D C:\FRST 2013-05-06 21:48 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles 2013-05-06 20:55 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-06 20:55 - 2009-07-13 20:39 - 00026548 ____A C:\Windows\setupact.log 2013-05-06 20:55 - 2009-07-13 20:34 - 00014816 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-06 20:55 - 2009-07-13 20:34 - 00014816 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-06 18:17 - 2013-05-05 22:18 - 00000000 ____D C:\Users\user\Desktop\Tweaking.com - Windows Repair 2013-05-06 18:17 - 2013-05-05 08:14 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-05-06 18:17 - 2013-05-04 23:13 - 00000000 ____D C:\ProgramData\Norton 2013-05-06 18:17 - 2013-05-04 21:53 - 00000000 ____D C:\ProgramData\PrevxCSI 2013-05-06 18:17 - 2013-05-04 08:38 - 00000000 ____D C:\Program Files\stinger 2013-05-06 18:17 - 2013-05-04 07:24 - 00000000 ____D C:\ProgramData\2CCACBE1EB855D5500002CCA9F1B616A 2013-05-06 18:17 - 2013-04-29 09:03 - 00000000 ____D C:\Program Files\Adobe Download Assistant 2013-05-06 18:17 - 2013-04-16 22:41 - 00000000 ____D C:\Program Files\Common Files\HP 2013-05-06 18:17 - 2013-04-12 05:23 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-05-06 18:17 - 2013-04-05 15:42 - 00000000 ___RD C:\Program Files\Skype 2013-05-06 18:17 - 2013-04-05 15:42 - 00000000 ____D C:\ProgramData\Skype 2013-05-06 18:17 - 2013-04-05 15:42 - 00000000 ____D C:\Program Files\Common Files\Skype 2013-05-06 18:17 - 2013-04-01 09:09 - 00000000 ____D C:\ProgramData\Apple Computer 2013-05-06 18:17 - 2013-04-01 09:09 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-05-06 18:17 - 2013-04-01 09:09 - 00000000 ____D C:\Program Files\iTunes 2013-05-06 18:17 - 2013-04-01 09:09 - 00000000 ____D C:\Program Files\iPod 2013-05-06 18:17 - 2013-04-01 09:09 - 00000000 ____D C:\Program Files\Bonjour 2013-05-06 18:17 - 2013-04-01 09:09 - 00000000 ____D C:\Program Files\Apple Software Update 2013-05-06 18:17 - 2013-04-01 09:08 - 00000000 ____D C:\ProgramData\Apple 2013-05-06 18:17 - 2013-03-30 22:49 - 00000000 ____D C:\Program Files\Driver 2013-05-06 18:17 - 2013-03-30 22:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-05-06 18:17 - 2013-03-29 22:43 - 00000000 ____D C:\Program Files\Microsoft.NET 2013-05-06 18:17 - 2013-03-29 22:43 - 00000000 ____D C:\Program Files\Microsoft Works 2013-05-06 18:17 - 2013-03-29 22:43 - 00000000 ____D C:\Program Files\Common Files\DESIGNER 2013-05-06 18:17 - 2013-03-29 22:40 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-05-06 18:17 - 2013-03-29 12:41 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-05-06 18:17 - 2013-03-29 09:34 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2013-05-06 18:17 - 2013-03-29 08:25 - 00000000 ____D C:\Program Files\Synaptics 2013-05-06 18:17 - 2013-03-29 08:15 - 00000000 ____D C:\SP50862 2013-05-06 18:17 - 2013-03-29 08:15 - 00000000 ____D C:\Program Files\Validity Sensors 2013-05-06 18:17 - 2013-03-29 08:07 - 00000000 ____D C:\Program Files\HP 2013-05-06 18:17 - 2013-03-29 08:07 - 00000000 ____D C:\Program Files\Hewlett-Packard 2013-05-06 18:17 - 2013-03-28 20:30 - 00000000 ____D C:\Program Files\Intel 2013-05-06 18:17 - 2009-07-13 23:49 - 00000000 ____D C:\Program Files\Windows Journal 2013-05-06 18:17 - 2009-07-13 23:48 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-05-06 18:17 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\addins 2013-05-06 18:17 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Sidebar 2013-05-06 18:17 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2013-05-06 18:17 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Defender 2013-05-06 18:17 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Reference Assemblies 2013-05-06 18:17 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\MSBuild 2013-05-06 18:17 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Microsoft Games 2013-05-06 18:17 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\DVD Maker 2013-05-06 18:17 - 2009-07-13 18:37 - 00000000 ___RD C:\Users\Public\Libraries 2013-05-06 18:17 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\IME 2013-05-06 18:17 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Help 2013-05-06 18:17 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Globalization 2013-05-06 18:17 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Cursors 2013-05-06 18:17 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Branding 2013-05-06 18:17 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\AppCompat 2013-05-06 18:17 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Windows NT 2013-05-06 18:17 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\System 2013-05-06 18:17 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines 2013-05-06 18:17 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\Services 2013-05-06 18:17 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2013-05-06 18:16 - 2013-03-29 11:56 - 00000000 ____D C:\Windows\System32\Macromed 2013-05-06 18:16 - 2009-07-13 23:48 - 00000000 ____D C:\Windows\ShellNew 2013-05-06 18:16 - 2009-07-13 20:56 - 00000000 ____D C:\Windows\System32\winrm 2013-05-06 18:16 - 2009-07-13 20:56 - 00000000 ____D C:\Windows\System32\WCN 2013-05-06 18:16 - 2009-07-13 20:56 - 00000000 ____D C:\Windows\System32\slmgr 2013-05-06 18:16 - 2009-07-13 20:56 - 00000000 ____D C:\Windows\System32\Printing_Admin_Scripts 2013-05-06 18:16 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\twain_32 2013-05-06 18:16 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\System32\WindowsPowerShell 2013-05-06 18:16 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\System32\WinBioPlugIns 2013-05-06 18:16 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\System32\restore 2013-05-06 18:16 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\Performance 2013-05-06 18:16 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\Offline Web Pages 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 __RSD C:\Windows\Media 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\TAPI 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\zh-TW 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\zh-HK 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\zh-CN 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\wfp 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\uk-UA 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\tr-TR 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\th-TH 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\sv-SE 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\sr-Latn-CS 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\spp 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\spool 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\Speech 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\SMI 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\sl-SI 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\sk-SK 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ru-RU 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ro-RO 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ras 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\pt-PT 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\pt-BR 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\pl-PL 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\nl-NL 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NetworkList 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\nb-NO 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\MUI 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\Msdtc 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\lv-LV 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\lt-LT 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ko-KR 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ja-JP 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\it-IT 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\IME 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\icsxml 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ias 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\hu-HU 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\hr-HR 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\he-IL 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\fr-FR 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\fi-FI 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\et-EE 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\el-GR 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\de-DE 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\com 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\bg-BG 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ar-SA 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\AdvancedInstallers 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\system 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Speech 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\security 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\schemas 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Resources 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\PLA 2013-05-06 18:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\L2Schemas 2013-05-06 16:33 - 2013-03-28 19:45 - 01202708 ____A C:\Windows\WindowsUpdate.log 2013-05-06 16:32 - 2013-03-28 19:49 - 00713888 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-06 16:31 - 2013-04-05 23:56 - 00001844 ____A C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk 2013-05-06 16:28 - 2013-03-31 07:23 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-611549666-323232126-141575741-1000UA.job 2013-05-06 15:56 - 2013-05-06 15:56 - 00000000 ____D C:\Windows\Sun 2013-05-06 15:56 - 2013-05-06 15:56 - 00000000 ____D C:\Users\user\AppData\Local\KB2485155 2013-05-06 15:10 - 2013-03-29 11:58 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-06 07:35 - 2013-03-31 07:23 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-611549666-323232126-141575741-1000Core.job 2013-05-05 22:43 - 2013-03-29 09:33 - 00068936 ____A C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT 2013-05-05 22:43 - 2009-07-13 20:33 - 00612392 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-05 22:41 - 2013-05-05 07:08 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE 2013-05-05 22:17 - 2013-05-05 22:17 - 03517580 ____A C:\Users\user\Downloads\tweaking.com_windows_repair_aio.zip 2013-05-05 22:06 - 2013-03-29 12:34 - 00000000 ____D C:\ProgramData\Adobe 2013-05-05 22:04 - 2013-03-29 12:41 - 00000000 ____D C:\Program Files\Adobe 2013-05-05 21:58 - 2013-05-05 21:58 - 00000000 ____D C:\Users\user\AppData\Roaming\No Company Name 2013-05-05 21:58 - 2013-05-05 21:57 - 05546413 ____A C:\Users\user\Downloads\tweaking.com_windows_repair_aio_setup.exe 2013-05-05 21:50 - 2013-05-05 21:50 - 00871208 ____A (SetupManager) C:\Users\user\Downloads\Setup.exe 2013-05-05 08:13 - 2013-05-05 08:13 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.75.0.1300.exe 2013-05-05 08:09 - 2013-05-04 23:13 - 00000000 ____D C:\Users\user\AppData\Local\NPE 2013-05-05 07:55 - 2013-05-05 07:55 - 00354299 ____A (Farbar) C:\Users\user\Downloads\FSS(1).exe 2013-05-05 07:55 - 2013-05-05 06:45 - 00002854 ____A C:\Users\user\Downloads\FSS.txt 2013-05-05 07:45 - 2013-03-30 10:45 - 00030758 ____A C:\Windows\PFRO.log 2013-05-05 07:05 - 2013-05-05 07:05 - 00000207 ____A C:\Windows\tweaking.com-regbackup-SHABNAM-Microsoft-Windows-7-Home-Premium-(32-bit).dat 2013-05-05 07:05 - 2013-05-05 07:05 - 00000000 ____D C:\RegBackup 2013-05-05 06:47 - 2013-05-05 06:47 - 00362882 ____A C:\Users\user\Downloads\SharedAccess.reg 2013-05-05 06:47 - 2013-05-05 06:47 - 00007586 ____A C:\Users\user\Downloads\WinDefend.reg 2013-05-05 06:44 - 2013-05-05 06:44 - 00354299 ____A (Farbar) C:\Users\user\Downloads\FSS.exe 2013-05-04 23:13 - 2013-05-04 23:13 - 02986440 ____A (Symantec Corporation) C:\Users\user\Downloads\NPE.exe 2013-05-04 22:43 - 2013-05-04 22:43 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-05-04 22:39 - 2013-05-04 22:33 - 163728480 ____A C:\Users\user\Downloads\setup_11.0.0.1245.x01_2013_05_05_08_26.exe 2013-05-04 21:56 - 2013-05-04 21:54 - 09097384 ____A (SurfRight B.V.) C:\Users\user\Downloads\HitmanPro(1).exe 2013-05-04 21:53 - 2013-05-04 21:53 - 00945272 ____A (Prevx) C:\Users\user\Downloads\prevxcsibus(1).exe 2013-05-04 21:52 - 2013-05-04 21:52 - 00945272 ____A (Prevx) C:\Users\user\Downloads\prevxcsibus.exe 2013-05-04 21:46 - 2013-05-04 21:46 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\user\Downloads\tdsskiller.exe 2013-05-04 21:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Registration 2013-05-04 09:28 - 2013-05-04 09:25 - 00000000 ____D C:\ProgramData\HitmanPro 2013-05-04 09:25 - 2013-05-04 09:24 - 09097384 ____A (SurfRight B.V.) C:\Users\user\Downloads\HitmanPro.exe 2013-05-04 09:02 - 2013-05-04 09:02 - 00000000 ____D C:\Users\user\AppData\Roaming\Malwarebytes 2013-05-04 09:02 - 2013-05-04 09:02 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-05-04 07:30 - 2013-04-05 15:42 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype 2013-05-03 09:20 - 2013-05-03 09:19 - 00000000 ____D C:\Users\user\Documents\zeldamanga 2013-05-03 09:19 - 2013-05-03 09:19 - 00000000 ____D C:\Users\user\Desktop\zeldamanga 2013-05-01 15:30 - 2013-03-30 22:28 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla 2013-05-01 15:17 - 2013-05-01 15:17 - 00002472 ____A C:\Users\user\Desktop\1 2013-04-29 10:33 - 2013-03-29 11:59 - 00000000 ____D C:\Users\user\AppData\Roaming\Adobe 2013-04-29 10:32 - 2013-04-29 10:32 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2013-04-29 10:32 - 2013-03-31 19:50 - 00000000 ____D C:\Users\user\AppData\Local\Adobe 2013-04-29 09:03 - 2013-04-29 09:03 - 00000000 ____D C:\Users\user\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 2013-04-29 09:03 - 2013-04-29 09:03 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia 2013-04-29 09:03 - 2013-04-29 09:03 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia 2013-04-29 09:03 - 2013-04-29 09:03 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR 2013-04-29 09:02 - 2013-04-29 09:02 - 02524336 ____A C:\Users\user\Downloads\AdobeDownloadAssistant.exe 2013-04-24 12:16 - 2013-04-24 12:16 - 00066680 ____A C:\Users\user\Downloads\getBackgroundReport(2).do 2013-04-24 12:15 - 2013-04-24 12:15 - 00067173 ____A C:\Users\user\Downloads\getBackgroundReport.do 2013-04-24 12:15 - 2013-04-24 12:15 - 00066774 ____A C:\Users\user\Downloads\getBackgroundReport(1).do 2013-04-22 11:48 - 2013-04-22 11:48 - 00015355 ____A C:\Users\user\Downloads\caf.cfm 2013-04-22 11:48 - 2013-04-22 11:48 - 00005991 ____A C:\Users\user\Downloads\cv.cfm 2013-04-22 11:42 - 2013-04-22 11:42 - 00000000 ____A C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2013-04-21 07:07 - 2013-04-05 23:53 - 00000000 ____D C:\Program Files\McAfee 2013-04-16 22:47 - 2013-04-16 22:37 - 00172870 ____A C:\Windows\hpoins46.dat 2013-04-16 22:47 - 2013-04-16 22:37 - 00000356 ____A C:\ProgramData\hpzinstall.log 2013-04-16 22:41 - 2013-04-16 22:41 - 00000000 ____D C:\Program Files\Common Files\Hewlett-Packard 2013-04-16 22:37 - 2013-04-16 22:37 - 00000000 ____D C:\ProgramData\HP 2013-04-16 22:36 - 2013-04-16 22:35 - 60341952 ____A C:\Users\user\Downloads\PS_AIO_07_D110_USW_Basic_Win_enu_140_126.exe 2013-04-16 20:57 - 2013-04-16 20:57 - 00002125 ____A C:\Users\user\Desktop\Usmleworld QBank.lnk 2013-04-16 20:57 - 2013-04-16 20:57 - 00001474 ____A C:\Users\user\Downloads\qbankclient.jnlp 2013-04-16 08:48 - 2013-04-16 08:48 - 00002129 ____A C:\Users\user\Desktop\Usmleworld Step3 CCS.lnk 2013-04-16 08:47 - 2013-04-16 08:47 - 00001384 ____A C:\Users\user\Downloads\Step3Client.jnlp 2013-04-16 08:45 - 2013-04-16 08:43 - 31521184 ____A (Oracle Corporation) C:\Users\user\Downloads\jre-7u17-windows-i586.exe 2013-04-16 08:41 - 2013-04-16 08:41 - 00000000 ____D C:\ProgramData\Sun 2013-04-16 08:41 - 2013-04-16 08:41 - 00000000 ____D C:\Program Files\Common Files\Java 2013-04-16 08:39 - 2013-04-16 08:40 - 00861088 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2013-04-16 08:39 - 2013-04-16 08:40 - 00782240 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2013-04-16 08:39 - 2013-04-16 08:40 - 00262560 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-04-16 08:39 - 2013-04-16 08:40 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-04-16 08:39 - 2013-04-16 08:40 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-04-16 08:39 - 2013-04-16 08:40 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2013-04-16 08:39 - 2013-04-16 08:39 - 00000000 ____D C:\Program Files\Java 2013-04-16 08:37 - 2013-04-16 08:37 - 00896928 ____A (Oracle Corporation) C:\Users\user\Downloads\jxpiinstall.exe 2013-04-15 05:57 - 2013-04-15 05:55 - 00000000 ____D C:\Users\user\Desktop\Shab 2013-04-11 06:02 - 2013-03-28 20:33 - 70490256 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-04-10 21:37 - 2013-04-01 09:10 - 00000000 ____D C:\Users\user\AppData\Roaming\Apple Computer 2013-04-10 21:36 - 2013-04-10 21:36 - 00000000 ____A C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2013-04-06 11:55 - 2009-07-13 18:37 - 00000000 ___RD C:\users\Public 2013-04-06 09:20 - 2013-03-30 22:37 - 00000000 ____D C:\ProgramData\McAfee ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2013-03-28 20:07] - [2012-09-06 08:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-04-16 08:39:35 Restore point made on: 2013-04-24 20:51:42 Restore point made on: 2013-04-29 10:09:04 Restore point made on: 2013-05-04 07:35:20 Restore point made on: 2013-05-04 07:36:24 Restore point made on: 2013-05-05 07:05:15 Restore point made on: 2013-05-05 07:05:44 Restore point made on: 2013-05-05 21:53:31 ==================== Memory info =========================== Percentage of memory in use: 13% Total physical RAM: 3893.86 MB Available physical RAM: 3360.37 MB Total Pagefile: 3892.14 MB Available Pagefile: 3399.28 MB Total Virtual: 2047.88 MB Available Virtual: 1962.3 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:596.07 GB) (Free:551.58 GB) NTFS Drive f: () (Removable) (Total:0.98 GB) (Free:0.29 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] ============================== MBR & Partition Table ================== ==================================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 42F842F7) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=596 GB) - (Type=07 NTFS) ==================================================================== Disk: 1 (Size: 1011 MB) (Disk ID: D187C800) Partition 1: (Active) - (Size=1011 MB) - (Type=0B) Last Boot: 2013-05-04 10:31 ==================== End Of Log ============================ Farbar Recovery Scan Tool (x86) Version: 06-05-2013 Ran by SYSTEM at 2013-05-06 22:13:06 Running from F:\ Boot Mode: Recovery This one is from services.exe when I ran a search ================== Search: "services.exe" =================== C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 C:\Windows\System32\services.exe [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 === End Of Search ===
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.