Jump to content

sacredmelon

Honorary Members
  • Posts

    72
  • Joined

  • Last visited

Everything posted by sacredmelon

  1. Hi MrC. Sorry for not replying. I will be going on vacation to China tomorrow so I will most likely not respond to this thread anymore. Thank you for all the help. Also, I ran Security check and it didnt seem to work, but that doesnt matter. Close thread if possible and I will try to donate via my cousins paypal when I come back. ( I am 14 by the way)
  2. Yes working. Thank you very much. Now what do I do with the user32.ini? Or am is my computer clean now?
  3. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:01-07-2014 Ran by Mr.Li at 2014-07-04 11:25:45 Run:9 Running from C:\Users\Mr.Li\Desktop\FRST Boot Mode: Normal ============================================== Content of fixlist: ***************** Replace: C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe C:\Windows\regedit.exe ***************** Could not find C:\Windows\regedit.exe C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe copied successfully to C:\Windows\regedit.exe ==== End of Fixlog ====
  4. SystemLook 30.07.11 by jpshortstuff Log created at 21:22 on 03/07/2014 by Mr.Li Administrator - Elevation successful ========== filefind ========== Searching for "regedit.exe " C:\Users\Mr.Li\Desktop\REGEDIT\regedit.exe --a---- 398336 bytes [20:15 02/07/2014] [01:14 14/07/2009] 8A4883F5E7AC37444F23279239553878 C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe --a---- 398336 bytes [23:17 13/07/2009] [01:14 14/07/2009] 8A4883F5E7AC37444F23279239553878 -= EOF =-
  5. Still blank. GrantPerms by Farbar Ran by Mr.Li (administrator) at 2014-07-03 20:20:13 ===============================================
  6. GrantPerms by Farbar Ran by Mr.Li (administrator) at 2014-07-03 20:03:32 =============================================== Its coming up blank. This is the path i used. Am i doing it worong? C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
  7. I am able to rename it myself. I just cant attach it. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:01-07-2014 Ran by Mr.Li at 2014-07-03 19:08:31 Run:8 Running from C:\Users\Mr.Li\Desktop\FRST Boot Mode: Normal ============================================== Content of fixlist: ***************** Move: C:\Windows\System32\user32.ini C:\Windows\System32\user32.ini.old ***************** "C:\Windows\System32\user32.ini" moved successfully to C:\Windows\System32\user32.ini.old ==== End of Fixlog ====
  8. Do you mean you want me to rename it and attach it, or do you mean to have administrative power to do so on my computer? Because I am able to change its name, but im not permitted to upload it.
  9. Encrypted file. Quite large. I will attach it instead as COPY+PASTE would take up 2 pages of this thread. I changed the extension to .txt because im not permitted to upload .ini files. user32.txt
  10. SystemLook 30.07.11 by jpshortstuff Log created at 16:38 on 03/07/2014 by Mr.Li Administrator - Elevation successful ========== filefind ========== Searching for "User32.ini" C:\Windows\System32\user32.ini --a---- 811520 bytes [17:29 10/12/2013] [04:46 04/01/2013] 9F7F362B7B1F7D21206C4DCDF584C376 -= EOF =-
  11. Here is the systemlook. SystemLook 30.07.11 by jpshortstuffLog created at 15:28 on 03/07/2014 by Mr.LiAdministrator - Elevation successful ========== filefind ========== Searching for "user32.dll"C:\Windows\System32\user32.dll --a---- 811520 bytes [03:22 01/07/2014] [01:16 14/07/2009] 34B7E222E81FAFA885F0C5F2CFA56861C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll --a---- 811520 bytes [23:24 13/07/2009] [01:16 14/07/2009] 34B7E222E81FAFA885F0C5F2CFA56861 -= EOF =- I do seem to have one more problem though. It seems that the User32.ini file is detected as having a virus by virustotal. Here is the scan. https://www.virustotal.com/en/file/97c71f26a6c65f8761c020ea84e27184276bdc696ce8c5e8ebb5019631152eab/analysis/1404415783/
  12. Here ya go. It seems legit to me. SystemLook 30.07.11 by jpshortstuff Log created at 15:16 on 03/07/2014 by Mr.LiAdministrator - Elevation successful ========== filefind ========== Searching for "csrss.exe"C:\Windows\System32\csrss.exe --a---- 6144 bytes [23:11 13/07/2009] [01:14 14/07/2009] 342271F6142E7C70805B8A81E1BA5F5CC:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe --a---- 6144 bytes [23:11 13/07/2009] [01:14 14/07/2009] 342271F6142E7C70805B8A81E1BA5F5C -= EOF =-
  13. it worked i think. Also, I cannot seem to find csrss.exe anywhere. I will try to use the systemfind thing to find it. I will post results if I do. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:01-07-2014 Ran by Mr.Li at 2014-07-03 15:09:35 Run:7 Running from C:\Users\Mr.Li\Desktop\FRST Boot Mode: Normal ============================================== Content of fixlist: ***************** Replace: C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll C:\Windows\System32\user32.dll ***************** C:\Windows\System32\user32.dll => Moved successfully. C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll copied successfully to C:\Windows\System32\user32.dll ==== End of Fixlog ====
  14. Also, do you know what csrss.exe is? I googled it says its supposed to be critical to the computer functioning but under "description" in task manager (processes) it is black. is this a legit process?
  15. It says I cannot do it because the file is open in another program? It says the System32 folder is open and I must close it before I replace the file.
  16. Hmm. Another thing I noticed is that there are 2 User32.dll files on my computer. One is in the C:\Windows\System32 folder and the other seems to be in the C:\Windows\winsxs\x86_microsoft-windows-user32 folder. Is this normal? Both come up clean with virustotal. The only difference is that the scan of the User32.dll in the winsxs folder is considered "probably harmless because there are strong indicaters" and the User32.dll in the System32 folder is just a normal scan.
  17. I believe that the virustotal scan was mine. I scanned my User32.dll 3 times just to make sure. And yes it was last night around 8PM. I see you live in New Jersey. I live in New York City. SystemLook 30.07.11 by jpshortstuffLog created at 21:47 on 02/07/2014 by Mr.LiAdministrator - Elevation successful ========== filefind ========== Searching for "User32.dll"C:\Windows\System32\user32.dll --a---- 850944 bytes [03:22 01/07/2014] [04:46 04/01/2013] 424A0F3A5FA80C4B23116EC944FA64D3C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll --a---- 811520 bytes [23:24 13/07/2009] [01:16 14/07/2009] 34B7E222E81FAFA885F0C5F2CFA56861 -= EOF =-
  18. They dont seem to be there. Here is a FRST scan anyway. I will try to rescan. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-07-2014Ran by Mr.Li (administrator) on MRLI-PC on 02-07-2014 18:33:00Running from C:\Users\Mr.Li\Desktop\FRSTPlatform: Microsoft Windows 7 Professional (X86) OS Language: English (United States)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Razer Inc.) C:\Program Files\Razer\Razer Game Booster\RzKLService.exe(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe(VMware, Inc.) C:\Program Files\VMware\VMware Horizon View Client\wsnm.exe(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe(VMware, Inc.) C:\Program Files\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe(Aeria Games & Entertainment) C:\Program Files\Aeria Games\Ignite\aeriaignite.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Valve Corporation) C:\Program Files\Steam\Steam.exe(Informer Technologies, Inc.) C:\Program Files\Software Informer\softinfo.exe(PPStream Inc.) D:\PPS.tv\PPStream\PPSKernel.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe() C:\Users\Mr.Li\Desktop\RogueKiller.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [soundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.)HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2562848 2013-04-19] ()HKLM\...\Run: [Aeria Ignite] => C:\Program Files\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exeHKU\S-1-5-21-1522354521-3173218659-3440494766-1000\...\Run: [steam] => C:\Program Files\Steam\Steam.exe [1754816 2014-05-29] (Valve Corporation)HKU\S-1-5-21-1522354521-3173218659-3440494766-1000\...\Run: [software Informer] => C:\Program Files\Software Informer\softinfo.exe [2920517 2011-10-27] (Informer Technologies, Inc.)HKU\S-1-5-21-1522354521-3173218659-3440494766-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Mr.Li\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)HKU\S-1-5-21-1522354521-3173218659-3440494766-1000\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\PPSKernel.exe [4154232 2013-09-16] (PPStream Inc.)HKU\S-1-5-21-1522354521-3173218659-3440494766-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1HKU\S-1-5-21-1522354521-3173218659-3440494766-1000\...\MountPoints2: E - E:\FalloutLauncher.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2D69F8471348CD01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usSearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 167.206.13.180 167.206.13.181 192.168.1.1 FireFox:========FF ProfilePath: C:\Users\Mr.Li\AppData\Roaming\Mozilla\Firefox\Profiles\er1zbp71.defaultFF DefaultSearchEngine: YahooFF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No FileFF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll No FileFF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin: @pps.tv/nppps - D:\PPS.tv\PPStream\nppps.dll ()FF Plugin: @qq.com/npqscall - C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)FF Plugin: @qq.com/QQlive - C:\Program Files\Tencent\QQLive\LiveOcx\npQQLive.dll (Tencent)FF Plugin: @qq.com/QQPhotoDrawEx - C:\Program Files\Tencent\Qzone\npQQPhotoDrawEx.dll ()FF Plugin: @qq.com/QzoneMusic - C:\Program Files\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll (Tencent)FF Plugin: @qq.com/TXSSO - C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.41\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Mr.Li\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Extension: Battlefield Play4Free - C:\Users\Mr.Li\AppData\Roaming\Mozilla\Firefox\Profiles\er1zbp71.default\Extensions\battlefieldplay4free@ea.com [2013-05-04]FF Extension: XJZ Survey Remover - C:\Users\Mr.Li\AppData\Roaming\Mozilla\Firefox\Profiles\er1zbp71.default\Extensions\survey-remover@gmx.com.xpi [2013-05-04]FF Extension: Adblock Plus - C:\Users\Mr.Li\AppData\Roaming\Mozilla\Firefox\Profiles\er1zbp71.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-09]FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-31]FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-31] Chrome: =======CHR StartupUrls: "https://www.google.com/"CHR DefaultSearchProvider: Google.comCHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR DefaultNewTabURL: CHR Extension: (Google Docs) - C:\Users\Mr.Li\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-04]CHR Extension: (Google Drive) - C:\Users\Mr.Li\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-04]CHR Extension: (YouTube) - C:\Users\Mr.Li\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-04]CHR Extension: (4chan X) - C:\Users\Mr.Li\AppData\Local\Google\Chrome\User Data\Default\Extensions\cellaaeoekimmemgdheibaibbaoeefbl [2014-06-18]CHR Extension: (Google Search) - C:\Users\Mr.Li\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-04]CHR Extension: (Dynamite) - C:\Users\Mr.Li\AppData\Local\Google\Chrome\User Data\Default\Extensions\djoedchmhkmbnkggjnbachnpikkabfhk [2014-06-02]CHR Extension: (AdBlock) - C:\Users\Mr.Li\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-11]CHR Extension: (Reddit Enhancement Suite) - C:\Users\Mr.Li\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-02-16]CHR Extension: (Google Wallet) - C:\Users\Mr.Li\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-25]CHR Extension: (4chan Plus) - C:\Users\Mr.Li\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj [2014-03-24]CHR Extension: (Gmail) - C:\Users\Mr.Li\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-04]CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09] ========================== Services (Whitelisted) ================= S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-15] (McAfee, Inc.)S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-05-04] ()R2 RzKLService; C:\Program Files\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [725208 2013-12-09] (VMware, Inc.)R2 vmware-view-usbd; C:\Program Files\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [2509016 2013-12-10] (VMware, Inc.)R2 wsnm; C:\Program Files\VMware\VMware Horizon View Client\wsnm.exe [486104 2014-01-21] (VMware, Inc.)S3 WinHttpAutoProxySvc; winhttp.dll [X] ==================== Drivers (Whitelisted) ==================== S3 apf003; C:\Windows\system32\apf003.sys [13232 2014-01-31] () [File not signed]R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [122136 2014-05-13] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [198936 2014-05-13] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149784 2014-05-13] (AVG Technologies CZ, s.r.o.)R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-05-13] (AVG Technologies CZ, s.r.o.)R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192280 2014-05-13] (AVG Technologies CZ, s.r.o.)R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [237848 2014-05-13] (AVG Technologies CZ, s.r.o.)R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107288 2014-05-13] (AVG Technologies CZ, s.r.o.)R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-05-13] (AVG Technologies CZ, s.r.o.)R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.)R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [43736 2013-12-09] (VMware, Inc.)S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-07-01] ()S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [35288 2014-03-10] (The OpenVPN Project)R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114408 2014-03-11] (Power Software Ltd)U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35152 2014-07-02] ()S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2013-12-09] (VMware, Inc.)S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]S3 vtany; \??\C:\Windows\vtany.sys [X]S3 WinRing0_1_2_0; \??\C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys [X]S3 XDva401; \??\C:\Windows\system32\XDva401.sys [X]S3 XDva409; \??\C:\Windows\system32\XDva409.sys [X]R3 XDva410; \??\C:\Windows\system32\XDva410.sys [X]U3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-02 16:53 - 2014-07-02 16:53 - 00079623 _____ () C:\Users\Mr.Li\Downloads\Junction.zip2014-07-02 16:53 - 2010-09-07 15:39 - 00150392 _____ (Sysinternals - www.sysinternals.com) C:\Windows\junction.exe2014-07-02 16:15 - 2014-07-02 16:16 - 00000000 ____D () C:\Users\Mr.Li\Desktop\REGEDIT2014-07-02 16:12 - 2014-07-02 16:12 - 00085504 _____ () C:\Users\Mr.Li\Downloads\Inherit.exe2014-07-02 15:00 - 2014-07-02 15:04 - 00000822 _____ () C:\Users\Mr.Li\Downloads\SystemLook.txt2014-07-02 15:00 - 2014-07-02 15:00 - 00139264 _____ () C:\Users\Mr.Li\Downloads\SystemLook.exe2014-07-02 13:58 - 2014-07-02 13:58 - 00426965 _____ () C:\Users\Mr.Li\Downloads\FAPCF ONE.rar2014-07-02 13:44 - 2014-07-02 13:44 - 00000000 ___SD () C:\ComboFix2014-07-02 13:43 - 2014-07-02 13:43 - 05212874 ____R (Swearware) C:\Users\Mr.Li\Downloads\ComboFix.exe2014-07-02 13:43 - 2014-07-02 13:43 - 00000071 _____ () C:\Users\Mr.Li\Desktop\ComboFix.exe.url2014-07-02 13:41 - 2014-07-02 13:41 - 00001701 _____ () C:\Users\Mr.Li\Downloads\fixlist.txt2014-07-02 12:22 - 2014-07-02 18:12 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-07-02 12:22 - 2014-07-02 12:22 - 04721240 _____ () C:\Users\Mr.Li\Desktop\RogueKiller.exe2014-07-02 12:22 - 2014-07-02 12:22 - 00000000 ____D () C:\ProgramData\RogueKiller2014-07-02 12:08 - 2014-07-02 18:33 - 00000000 ____D () C:\Users\Mr.Li\Desktop\FRST2014-07-01 21:48 - 2014-07-01 23:30 - 00000000 ___HD () C:\Users\Mr.Li\Documents\.symform2014-07-01 21:48 - 2014-07-01 21:48 - 00000000 ___HD () C:\Users\Mr.Li\Documents\.symform-store2014-07-01 21:32 - 2014-07-02 13:58 - 00001792 _____ () C:\Users\Public\Desktop\FAPCF ONE.lnk2014-07-01 21:32 - 2014-07-02 13:58 - 00000000 ____D () C:\Windows\FAPCF2014-07-01 21:24 - 2014-07-01 21:25 - 00000000 ____D () C:\CFLog2014-07-01 21:15 - 2014-07-01 21:15 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys2014-07-01 19:43 - 2014-07-01 21:04 - 00005964 _____ () C:\Windows\system32\.crusader2014-07-01 19:36 - 2014-07-01 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro2014-07-01 19:36 - 2014-07-01 19:36 - 00000000 ____D () C:\Program Files\HitmanPro2014-07-01 19:35 - 2014-07-01 19:45 - 00000000 ____D () C:\ProgramData\HitmanPro2014-07-01 19:02 - 2014-07-01 19:02 - 00000000 ____H () C:\Users\Mr.Li\Documents\Default.rdp2014-07-01 17:41 - 2014-07-01 17:41 - 00000000 ____D () C:\Program Files\Symform2014-07-01 12:21 - 2014-07-01 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder2014-07-01 12:21 - 2014-07-01 12:21 - 00000000 ____D () C:\Program Files\Magical Jelly Bean2014-07-01 10:53 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe2014-07-01 10:53 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe2014-07-01 10:53 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-07-01 10:53 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-07-01 10:53 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-07-01 10:53 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe2014-07-01 10:53 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe2014-07-01 10:53 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe2014-07-01 10:51 - 2014-07-01 10:52 - 00000000 ____D () C:\Qoobox2014-07-01 10:51 - 2014-07-01 10:51 - 00000000 ____D () C:\Windows\erdnt2014-06-30 23:22 - 2013-01-04 00:46 - 00850944 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll2014-06-30 23:01 - 2014-06-30 23:01 - 00000079 _____ () C:\Windows\wininit.ini2014-06-30 22:54 - 2014-06-30 22:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files2014-06-30 22:26 - 2014-07-02 12:07 - 00000000 ____D () C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP2014-06-30 22:26 - 2014-06-30 22:26 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard2014-06-30 21:27 - 2014-07-01 10:21 - 00416938 _____ () C:\Windows\PFRO.log2014-06-30 20:30 - 2014-06-30 23:01 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-06-30 18:17 - 2014-07-02 18:33 - 00000000 ____D () C:\FRST2014-06-30 18:15 - 2014-06-30 18:15 - 00008376 _____ () C:\Users\hijackthis.log2014-06-30 16:58 - 2014-07-02 12:03 - 00078388 _____ () C:\Windows\WindowsUpdate.log2014-06-30 16:55 - 2014-07-02 00:00 - 00001456 _____ () C:\Windows\setupact.log2014-06-30 16:55 - 2014-06-30 16:55 - 00000000 _____ () C:\Windows\setuperr.log2014-06-30 16:51 - 2014-06-30 16:51 - 00000000 ____H () C:\Windows\system32\Default.rdp2014-06-30 15:49 - 2014-06-01 17:18 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-06-21 22:59 - 2014-06-21 23:16 - 00000000 ____D () C:\Program Files\AudioSurf2014-06-19 21:49 - 2014-06-19 21:49 - 00000000 ____D () C:\Program Files\Z8Games2014-06-10 19:59 - 2014-06-10 19:59 - 00000000 ____D () C:\Program Files\Common Files\Skype2014-06-07 18:33 - 2014-06-07 18:33 - 00007602 _____ () C:\Users\Mr.Li\AppData\Local\Resmon.ResmonCfg2014-06-07 12:31 - 2014-06-07 12:31 - 00000000 ____D () C:\Program Files\Common Files\InstallShield2014-06-05 20:41 - 2014-06-05 20:41 - 00000000 ____D () C:\Users\Mr.Li\AppData\Local\SniperV22014-06-05 20:00 - 2014-06-05 20:00 - 00000000 _____ () C:\dfu.log ==================== One Month Modified Files and Folders ======= 2014-07-02 18:33 - 2014-07-02 12:08 - 00000000 ____D () C:\Users\Mr.Li\Desktop\FRST2014-07-02 18:33 - 2014-06-30 18:17 - 00000000 ____D () C:\FRST2014-07-02 18:12 - 2014-07-02 12:22 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-07-02 18:03 - 2009-07-14 00:34 - 00033664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-07-02 18:03 - 2009-07-14 00:34 - 00033664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-07-02 16:53 - 2014-07-02 16:53 - 00079623 _____ () C:\Users\Mr.Li\Downloads\Junction.zip2014-07-02 16:16 - 2014-07-02 16:15 - 00000000 ____D () C:\Users\Mr.Li\Desktop\REGEDIT2014-07-02 16:12 - 2014-07-02 16:12 - 00085504 _____ () C:\Users\Mr.Li\Downloads\Inherit.exe2014-07-02 15:04 - 2014-07-02 15:00 - 00000822 _____ () C:\Users\Mr.Li\Downloads\SystemLook.txt2014-07-02 15:00 - 2014-07-02 15:00 - 00139264 _____ () C:\Users\Mr.Li\Downloads\SystemLook.exe2014-07-02 14:42 - 2014-03-14 18:40 - 00000000 ____D () C:\Users\Mr.Li\Documents\Cross Fire2014-07-02 13:58 - 2014-07-02 13:58 - 00426965 _____ () C:\Users\Mr.Li\Downloads\FAPCF ONE.rar2014-07-02 13:58 - 2014-07-01 21:32 - 00001792 _____ () C:\Users\Public\Desktop\FAPCF ONE.lnk2014-07-02 13:58 - 2014-07-01 21:32 - 00000000 ____D () C:\Windows\FAPCF2014-07-02 13:58 - 2014-04-05 21:12 - 00000002 _____ () C:\Windows\system32\Drivers\etc\hosts.ics2014-07-02 13:44 - 2014-07-02 13:44 - 00000000 ___SD () C:\ComboFix2014-07-02 13:43 - 2014-07-02 13:43 - 05212874 ____R (Swearware) C:\Users\Mr.Li\Downloads\ComboFix.exe2014-07-02 13:43 - 2014-07-02 13:43 - 00000071 _____ () C:\Users\Mr.Li\Desktop\ComboFix.exe.url2014-07-02 13:41 - 2014-07-02 13:41 - 00001701 _____ () C:\Users\Mr.Li\Downloads\fixlist.txt2014-07-02 13:33 - 2012-06-12 21:07 - 00000000 ____D () C:\Users\Mr.Li\AppData\Local\Microsoft Help2014-07-02 12:22 - 2014-07-02 12:22 - 04721240 _____ () C:\Users\Mr.Li\Desktop\RogueKiller.exe2014-07-02 12:22 - 2014-07-02 12:22 - 00000000 ____D () C:\ProgramData\RogueKiller2014-07-02 12:09 - 2013-08-15 21:21 - 00000000 ____D () C:\ProgramData\MFAData2014-07-02 12:07 - 2014-06-30 22:26 - 00000000 ____D () C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP2014-07-02 12:03 - 2014-06-30 16:58 - 00078388 _____ () C:\Windows\WindowsUpdate.log2014-07-02 12:03 - 2012-06-29 00:20 - 00000000 ____D () C:\Users\Mr.Li\AppData\Roaming\Software Informer2014-07-02 12:03 - 2012-06-28 16:03 - 00000000 ____D () C:\Program Files\Steam2014-07-02 00:00 - 2014-06-30 16:55 - 00001456 _____ () C:\Windows\setupact.log2014-07-02 00:00 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-07-01 23:30 - 2014-07-01 21:48 - 00000000 ___HD () C:\Users\Mr.Li\Documents\.symform2014-07-01 21:48 - 2014-07-01 21:48 - 00000000 ___HD () C:\Users\Mr.Li\Documents\.symform-store2014-07-01 21:25 - 2014-07-01 21:24 - 00000000 ____D () C:\CFLog2014-07-01 21:19 - 2013-12-27 13:16 - 00000000 ____D () C:\Users\Mr.Li\Desktop\James2014-07-01 21:15 - 2014-07-01 21:15 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys2014-07-01 21:04 - 2014-07-01 19:43 - 00005964 _____ () C:\Windows\system32\.crusader2014-07-01 19:45 - 2014-07-01 19:35 - 00000000 ____D () C:\ProgramData\HitmanPro2014-07-01 19:36 - 2014-07-01 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro2014-07-01 19:36 - 2014-07-01 19:36 - 00000000 ____D () C:\Program Files\HitmanPro2014-07-01 19:02 - 2014-07-01 19:02 - 00000000 ____H () C:\Users\Mr.Li\Documents\Default.rdp2014-07-01 18:10 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\twain_322014-07-01 17:41 - 2014-07-01 17:41 - 00000000 ____D () C:\Program Files\Symform2014-07-01 13:20 - 2012-06-29 00:51 - 00000000 ____D () C:\Users\Mr.Li\Documents\Tencent Files2014-07-01 12:36 - 2014-03-26 16:12 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-01 12:21 - 2014-07-01 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder2014-07-01 12:21 - 2014-07-01 12:21 - 00000000 ____D () C:\Program Files\Magical Jelly Bean2014-07-01 10:52 - 2014-07-01 10:51 - 00000000 ____D () C:\Qoobox2014-07-01 10:51 - 2014-07-01 10:51 - 00000000 ____D () C:\Windows\erdnt2014-07-01 10:21 - 2014-06-30 21:27 - 00416938 _____ () C:\Windows\PFRO.log2014-07-01 10:21 - 2013-09-06 22:24 - 00000000 ____D () C:\ProgramData\AVAST Software2014-06-30 23:01 - 2014-06-30 23:01 - 00000079 _____ () C:\Windows\wininit.ini2014-06-30 23:01 - 2014-06-30 20:30 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-06-30 22:54 - 2014-06-30 22:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files2014-06-30 22:26 - 2014-06-30 22:26 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard2014-06-30 21:31 - 2009-07-14 00:53 - 00032616 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-06-30 21:24 - 2014-05-27 00:08 - 00000026 _____ () C:\Windows\Zone.Identifier2014-06-30 18:16 - 2014-02-16 01:55 - 00780436 _____ () C:\Windows\system32\PerfStringBackup.INI2014-06-30 18:15 - 2014-06-30 18:15 - 00008376 _____ () C:\Users\hijackthis.log2014-06-30 17:58 - 2014-05-04 15:48 - 00000000 ____D () C:\Users\Mr.Li\Desktop\New folder2014-06-30 17:31 - 2014-05-20 19:08 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-06-30 16:55 - 2014-06-30 16:55 - 00000000 _____ () C:\Windows\setuperr.log2014-06-30 16:52 - 2012-07-19 14:32 - 00000000 ____D () C:\Windows\Minidump2014-06-30 16:52 - 2012-06-11 20:16 - 00000000 ____D () C:\Windows\Panther2014-06-30 16:51 - 2014-06-30 16:51 - 00000000 ____H () C:\Windows\system32\Default.rdp2014-06-30 16:16 - 2013-06-29 15:32 - 00000000 ____D () C:\Users\Mr.Li\AppData\Local\Akamai2014-06-30 16:16 - 2013-05-26 18:35 - 00000000 ____D () C:\Users\Public\Documents\ppstream2014-06-30 16:16 - 2012-07-31 20:14 - 00000000 ____D () C:\Users\Mr.Li\AppData\Roaming\PPStream2014-06-30 16:16 - 2012-06-11 16:26 - 00000000 ____D () C:\Users\Mr.Li2014-06-30 16:16 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\registration2014-06-30 16:07 - 2013-08-28 13:19 - 00000000 ____D () C:\Users\Administrator2014-06-30 16:07 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\wfp2014-06-30 14:10 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\Offline Web Pages2014-06-25 00:02 - 2013-05-04 23:34 - 00000000 ____D () C:\Users\Mr.Li\AppData\Roaming\BitTorrent2014-06-22 22:56 - 2012-08-07 10:46 - 00000000 ____D () C:\Users\Mr.Li\AppData\Roaming\Skype2014-06-22 14:49 - 2012-07-03 21:44 - 00000000 ____D () C:\Users\Mr.Li\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam2014-06-21 23:16 - 2014-06-21 22:59 - 00000000 ____D () C:\Program Files\AudioSurf2014-06-19 21:49 - 2014-06-19 21:49 - 00000000 ____D () C:\Program Files\Z8Games2014-06-19 20:35 - 2013-12-20 18:54 - 00003382 _____ () C:\console.log2014-06-19 20:04 - 2014-03-11 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Z8Games2014-06-19 17:02 - 2014-03-25 17:23 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared2014-06-19 17:02 - 2014-03-25 17:22 - 00000000 ____D () C:\ProgramData\DivX2014-06-18 13:28 - 2013-12-03 14:46 - 00000935 _____ () C:\Users\Public\Desktop\AVG 2014.lnk2014-06-18 13:28 - 2013-12-03 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG2014-06-13 20:22 - 2014-02-23 22:25 - 00000000 ____D () C:\Users\Mr.Li\AppData\Roaming\.minecraft2014-06-10 19:59 - 2014-06-10 19:59 - 00000000 ____D () C:\Program Files\Common Files\Skype2014-06-10 19:59 - 2012-08-07 10:46 - 00000000 ___RD () C:\Program Files\Skype2014-06-10 19:59 - 2012-08-07 10:46 - 00000000 ____D () C:\ProgramData\Skype2014-06-07 20:59 - 2013-06-29 16:33 - 00000000 ____D () C:\Windows\system32\directx2014-06-07 20:58 - 2013-06-29 16:33 - 00000000 ___HD () C:\Windows\msdownld.tmp2014-06-07 20:53 - 2013-08-16 01:08 - 00000000 ____D () C:\Users\Mr.Li\Documents\My games2014-06-07 18:33 - 2014-06-07 18:33 - 00007602 _____ () C:\Users\Mr.Li\AppData\Local\Resmon.ResmonCfg2014-06-07 17:22 - 2013-08-24 17:53 - 00000000 ____D () C:\Users\Mr.Li\Documents\Nexus Mod Manager2014-06-07 12:35 - 2013-08-23 01:56 - 00000000 ____D () C:\Program Files\Bethesda Softworks2014-06-07 12:35 - 2012-06-13 12:27 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information2014-06-07 12:31 - 2014-06-07 12:31 - 00000000 ____D () C:\Program Files\Common Files\InstallShield2014-06-05 20:41 - 2014-06-05 20:41 - 00000000 ____D () C:\Users\Mr.Li\AppData\Local\SniperV22014-06-05 20:24 - 2013-06-29 16:33 - 00000000 ____D () C:\Users\Mr.Li\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames2014-06-05 20:00 - 2014-06-05 20:00 - 00000000 _____ () C:\dfu.log2014-06-05 18:49 - 2013-06-29 16:26 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll[2014-06-30 23:22] - [2013-01-04 00:46] - 0850944 ____A (Microsoft Corporation) 424A0F3A5FA80C4B23116EC944FA64D3 C:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-29 01:12 ==================== End Of Log ============================
  19. If I try to open Junction.exe, the black box also launches and closes immediately
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.