Jump to content

kkcc

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks TheDarkKnight for all your help and quick responses!! I don't know what Pmode is. Here is fixlog Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-01-2013 02 Ran by SYSTEM at 2013-01-22 22:16:50 Run:1 Running from H:\ ============================================== HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default value was restored successfully . [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}] should be deleted in normal mode (if present). HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\\DhcpNameServer Value deleted successfully. C:\$Recycle.Bin\S-1-5-21-2989422500-999938887-3150858802-1001\$142c56b9109f7c097f172e3181ed74e3 moved successfully. C:\$Recycle.Bin\S-1-5-18\$142c56b9109f7c097f172e3181ed74e3 moved successfully. ==== End of Fixlog ====
  2. search Farbar Recovery Scan Tool (x64) Version: 21-01-2013 02 Ran by SYSTEM at 2013-01-22 21:10:54 Running from H:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ======
  3. Here's my logs: FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-01-2013 02 Ran by SYSTEM at 22-01-2013 21:08:58 Running from H:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11895400 2011-06-24] (Realtek Semiconductor) HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2735400 2011-03-31] (Synaptics Incorporated) HKLM\...\Run: [HP LaserJet Professional CM1410 Series Fax] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe "HP LaserJet Professional CM1410 Series Fax" [3706424 2010-08-24] (Hewlett-Packard Company) HKLM-x32\...\Run: [ToolboxFX] "C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on [58936 2010-10-25] (Hewlett-Packard Company) HKLM-x32\...\Run: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [663552 2007-03-23] (Brother Industries, Ltd.) HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [41944 2012-07-31] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640480 2012-07-30] (Adobe Systems Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" [107112 2006-12-07] (Symantec Corporation) HKLM-x32\...\Run: [vptray] C:\PROGRA~2\SYMANT~1\VPTray.exe [134808 2006-12-13] (Symantec Corporation) HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296056 2012-05-30] (RealNetworks, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.) HKU\KC\...\Run: [Google Update] "C:\Users\KC\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-01-08] (Google Inc.) HKU\KC\...\Run: [uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [x] HKU\KC\...\Run: [svcml] rundll32.exe "C:\Users\KC\AppData\Roaming\svcml.dll",ARawDecodeDone [165888 2013-01-22] (Pmode) HKU\KC\...\Winlogon: [shell] explorer.exe,C:\Users\KC\AppData\Roaming\skype.dat [110080 2011-11-16] () HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$142c56b9109f7c097f172e3181ed74e3\n. ATTENTION! ====> ZeroAccess Tcpip\Parameters: [DhcpNameServer] 75.153.176.9 75.153.176.1 AppInit_DLLs: C:\windows\system32\nvinitx.dll Startup: C:\Users\KC\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Services (Whitelisted) =================== 2 ccEvtMgr; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [107624 2006-12-07] (Symantec Corporation) 2 ccSetMgr; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [107624 2006-12-07] (Symantec Corporation) 2 DefWatch; "C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe" [30872 2006-12-13] (Symantec Corporation) 3 LiveUpdate; "C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE" [2541248 2006-10-31] (Symantec Corporation) 3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-31] () 2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-05-31] (Symantec Corporation) 2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [244904 2009-11-30] () 2 Symantec AntiVirus; "C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe" [1962136 2006-12-13] (Symantec Corporation) ==================== Drivers (Whitelisted) ===================== 1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-07-31] (Symantec Corporation) 3 NAVENG; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130118.007\ENG64.SYS [126192 2012-12-20] (Symantec Corporation) 3 NAVEX15; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130118.007\EX64.SYS [2087664 2012-12-20] (Symantec Corporation) 3 rtport; C:\Windows\SysWow64\Drivers\rtport.sys [15144 2011-11-17] (Windows ® 2003 DDK 3790 provider) 1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [394600 2006-11-22] (Symantec Corporation) 3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [426392 2006-11-22] (Symantec Corporation) 1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [30104 2006-11-22] (Symantec Corporation) 3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [156008 2012-03-07] (Symantec Corporation) 3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2013-01-22 20:16 - 2013-01-22 20:34 - 00000004 ____A C:\Users\KC\AppData\Roaming\skype.ini 2013-01-22 20:10 - 2013-01-22 20:10 - 00165888 ____A (Pmode) C:\Users\KC\AppData\Roaming\svcml.dll 2013-01-21 21:10 - 2013-01-21 21:10 - 02350080 ____A C:\Users\KC\Desktop\2012_CHEP_Treatment_EN_Apr30.ppt 2013-01-21 21:10 - 2013-01-21 21:10 - 01930752 ____A C:\Users\KC\Desktop\2012_CHEP_WhatsNew_EN_Apr30.ppt 2013-01-21 19:51 - 2013-01-21 19:52 - 00000000 ____D C:\Users\KC\AppData\Local\{88683492-EE6A-494F-A6BA-962C2561D6F6} 2013-01-20 17:27 - 2013-01-20 17:39 - 00000000 ____D C:\Users\KC\Desktop\lupus proctitis 2013-01-20 16:21 - 2013-01-20 16:21 - 00038400 ____A C:\Users\KC\Desktop\CCU Block 9 Call Schedule.xls 2013-01-17 16:51 - 2013-01-17 17:01 - 00000000 ____D C:\Users\KC\Desktop\wegener 2013-01-15 22:06 - 2013-01-15 22:33 - 00000000 ____D C:\Users\KC\Desktop\cardio trials 2013-01-14 21:06 - 2013-01-14 21:06 - 00000000 ____D C:\Users\KC\AppData\Local\{02671147-CA77-45A0-A176-D5243F314F6E} 2013-01-14 20:05 - 2013-01-22 19:21 - 00000000 ____D C:\Users\KC\Desktop\email dump to sort 2013-01-13 22:35 - 2013-01-17 19:14 - 00000000 ____D C:\Users\KC\Desktop\2013 Apr Edmonton EP electve 2013-01-13 22:35 - 2013-01-13 22:38 - 00000000 ____D C:\Users\KC\Desktop\cardiology case report 2013-01-13 22:34 - 2013-01-17 19:14 - 00000000 ____D C:\Users\KC\Desktop\2013 June Toronto CCU elective 2013-01-13 22:33 - 2013-01-13 22:33 - 00000000 ____D C:\Users\KC\Desktop\other CV reference 2013-01-13 22:32 - 2013-01-13 22:33 - 00000000 ____D C:\Users\KC\Desktop\2013 Apr ACP conference 2013-01-13 18:54 - 2013-01-13 18:54 - 00000000 ____D C:\Users\KC\AppData\Local\{F1FA01CA-1AB8-4BBF-AC58-CF3FC699ACE8} 2013-01-12 19:28 - 2013-01-12 19:28 - 00000000 ____D C:\Users\KC\AppData\Local\{2C0AF6F8-70CD-474E-9027-B69A4C4056E4} 2013-01-12 00:28 - 2013-01-12 00:28 - 00000000 ____D C:\Users\KC\AppData\Local\{AC9A9F47-D1FE-4D49-B9CD-AFA4D4DE9B55} 2013-01-11 23:04 - 2013-01-17 19:14 - 00000000 ____D C:\Users\KC\Desktop\DCIM 2013-01-10 21:50 - 2013-01-10 21:50 - 00000000 ____D C:\Users\KC\AppData\Roaming\Nero 2013-01-10 21:42 - 2013-01-12 21:33 - 00000000 ____D C:\Users\All Users\Seagate 2013-01-10 00:23 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll 2013-01-10 00:23 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll 2013-01-10 00:23 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll 2013-01-10 00:23 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll 2013-01-10 00:23 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs 2013-01-10 00:23 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs 2013-01-10 00:23 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs 2013-01-10 00:23 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs 2013-01-10 00:23 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs 2013-01-10 00:23 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs 2013-01-10 00:23 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs 2013-01-10 00:23 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs 2013-01-10 00:23 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs 2013-01-10 00:23 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs 2013-01-10 00:23 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs 2013-01-10 00:23 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs 2013-01-10 00:23 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs 2013-01-10 00:23 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs 2013-01-10 00:23 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs 2013-01-10 00:23 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs 2013-01-10 00:23 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs 2013-01-10 00:23 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs 2013-01-10 00:23 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs 2013-01-10 00:23 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs 2013-01-10 00:23 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs 2013-01-10 00:23 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs 2013-01-10 00:23 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs 2013-01-10 00:23 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs 2013-01-10 00:23 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs 2013-01-10 00:23 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs 2013-01-10 00:23 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs 2013-01-10 00:23 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs 2013-01-10 00:23 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll 2013-01-10 00:23 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2013-01-10 00:23 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2013-01-10 00:23 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2013-01-10 00:23 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-01-10 00:23 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-01-10 00:23 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2013-01-10 00:23 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2013-01-10 00:23 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2013-01-10 00:23 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2013-01-10 00:22 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll 2013-01-10 00:22 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll 2013-01-10 00:22 - 2012-11-29 21:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2013-01-10 00:22 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll 2013-01-10 00:22 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll 2013-01-10 00:22 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2013-01-10 00:22 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll 2013-01-10 00:22 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 20:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-01-10 00:22 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-01-10 00:22 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-01-10 00:22 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe 2013-01-10 00:22 - 2012-11-29 18:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-01-10 00:22 - 2012-11-29 18:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-01-10 00:22 - 2012-11-29 18:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-01-10 00:22 - 2012-11-29 18:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-01-10 00:22 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-01-10 00:22 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls 2013-01-10 00:22 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls 2013-01-10 00:22 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-01-10 00:22 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe 2013-01-06 22:41 - 2013-01-06 22:41 - 00000000 ____D C:\Users\KC\Desktop\2013 Jan - Nancy party 2013-01-06 14:05 - 2013-01-06 14:05 - 00000000 ____D C:\Users\KC\AppData\Local\{0B499AAD-290C-4C4B-BA93-EB36651D2724} 2013-01-06 01:14 - 2013-01-06 01:14 - 00077824 ____A C:\Users\KC\Desktop\Block 8 CC final version.xls 2013-01-05 21:34 - 2013-01-05 21:34 - 00744806 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2013-01-05 21:33 - 2013-01-05 21:33 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk 2013-01-05 21:32 - 2012-08-21 13:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys 2013-01-05 21:31 - 2013-01-05 21:32 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-01-05 21:31 - 2013-01-05 21:32 - 00000000 ____D C:\Program Files\iTunes 2013-01-05 21:31 - 2013-01-05 21:32 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-01-05 21:31 - 2013-01-05 21:31 - 00000000 ____D C:\Program Files\iPod 2013-01-05 17:46 - 2013-01-05 17:46 - 00000000 ____D C:\Users\KC\AppData\Local\{D26BE529-DA92-43EB-8645-BCDF9615491B} 2013-01-02 19:41 - 2013-01-02 19:41 - 00000000 ____D C:\Users\KC\AppData\Local\{1F999E70-EB46-4F6D-8AFF-BC211CA0E605} 2013-01-01 11:04 - 2013-01-01 11:04 - 00000000 ____D C:\Users\KC\AppData\Local\{C272D7BB-555C-4D67-A903-1192DCA102DC} 2012-12-31 21:34 - 2012-12-31 21:34 - 00000000 ____D C:\Users\KC\AppData\Local\{2823A759-4068-430B-B4E2-DB2EDE632073} 2012-12-30 23:08 - 2012-12-30 23:09 - 00000000 ____D C:\Users\KC\AppData\Local\{29D6C146-B8F9-4638-B27C-9FA761F85B47} 2012-12-30 09:46 - 2012-12-30 09:46 - 00000000 ____D C:\Users\KC\AppData\Local\{BB392596-FF44-43C7-8BB9-E6FD0B21E532} 2012-12-29 17:13 - 2012-12-29 17:13 - 00000000 ____D C:\Users\KC\AppData\Local\{C7FB466F-DE94-41E1-9FD7-D5CB70D45159} 2012-12-24 22:00 - 2012-12-24 22:00 - 00000000 ____D C:\Users\KC\AppData\Local\{F5B1F9BE-9FED-459D-A0B1-0A18DA3B4FEB} ==================== One Month Modified Files and Folders ======= 2013-01-22 21:08 - 2013-01-22 21:08 - 00000000 ____D C:\FRST 2013-01-22 20:39 - 2009-07-13 20:51 - 00059570 ____A C:\Windows\setupact.log 2013-01-22 20:34 - 2013-01-22 20:16 - 00000004 ____A C:\Users\KC\AppData\Roaming\skype.ini 2013-01-22 20:32 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-01-22 20:28 - 2012-12-03 21:58 - 00555008 __ASH C:\Users\KC\Desktop\Thumbs.db 2013-01-22 20:18 - 2011-09-27 17:01 - 01368789 ____A C:\Windows\WindowsUpdate.log 2013-01-22 20:10 - 2013-01-22 20:10 - 00165888 ____A (Pmode) C:\Users\KC\AppData\Roaming\svcml.dll 2013-01-22 20:10 - 2012-02-02 23:14 - 00000000 ____D C:\Users\KC\AppData\Local\CrashDumps 2013-01-22 19:57 - 2012-01-08 13:51 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2989422500-999938887-3150858802-1001UA.job 2013-01-22 19:56 - 2012-02-27 20:42 - 00000000 ____D C:\Users\KC\Documents\Outlook Files 2013-01-22 19:21 - 2013-01-14 20:05 - 00000000 ____D C:\Users\KC\Desktop\email dump to sort 2013-01-22 19:11 - 2009-07-13 20:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-01-22 19:11 - 2009-07-13 20:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-01-22 18:56 - 2012-01-08 13:51 - 00000844 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2989422500-999938887-3150858802-1001Core.job 2013-01-21 23:11 - 2012-01-08 15:19 - 00000000 ____D C:\Data scanned 2013-01-21 21:10 - 2013-01-21 21:10 - 02350080 ____A C:\Users\KC\Desktop\2012_CHEP_Treatment_EN_Apr30.ppt 2013-01-21 21:10 - 2013-01-21 21:10 - 01930752 ____A C:\Users\KC\Desktop\2012_CHEP_WhatsNew_EN_Apr30.ppt 2013-01-21 19:52 - 2013-01-21 19:51 - 00000000 ____D C:\Users\KC\AppData\Local\{88683492-EE6A-494F-A6BA-962C2561D6F6} 2013-01-21 19:49 - 2009-07-13 21:13 - 00739612 ____A C:\Windows\System32\PerfStringBackup.INI 2013-01-20 17:39 - 2013-01-20 17:27 - 00000000 ____D C:\Users\KC\Desktop\lupus proctitis 2013-01-20 17:39 - 2012-07-26 15:46 - 00000000 ____D C:\Users\KC\Desktop\CAIR 2013-01-20 17:28 - 2012-03-04 13:01 - 00021504 ____A C:\Users\KC\Desktop\kcp.xlsx 2013-01-20 16:21 - 2013-01-20 16:21 - 00038400 ____A C:\Users\KC\Desktop\CCU Block 9 Call Schedule.xls 2013-01-17 19:14 - 2013-01-13 22:35 - 00000000 ____D C:\Users\KC\Desktop\2013 Apr Edmonton EP electve 2013-01-17 19:14 - 2013-01-13 22:34 - 00000000 ____D C:\Users\KC\Desktop\2013 June Toronto CCU elective 2013-01-17 19:14 - 2013-01-11 23:04 - 00000000 ____D C:\Users\KC\Desktop\DCIM 2013-01-17 19:14 - 2012-06-02 16:03 - 00000000 ____D C:\Users\KC\Desktop\notes 2013-01-17 17:01 - 2013-01-17 16:51 - 00000000 ____D C:\Users\KC\Desktop\wegener 2013-01-15 22:33 - 2013-01-15 22:06 - 00000000 ____D C:\Users\KC\Desktop\cardio trials 2013-01-15 21:55 - 2012-12-10 19:48 - 00000000 ____D C:\Users\KC\Desktop\pulmonary artery aneurysm 2013-01-15 17:52 - 2012-01-08 13:53 - 00002351 ____A C:\Users\KC\Desktop\Google Chrome.lnk 2013-01-14 21:06 - 2013-01-14 21:06 - 00000000 ____D C:\Users\KC\AppData\Local\{02671147-CA77-45A0-A176-D5243F314F6E} 2013-01-14 17:45 - 2010-11-20 19:47 - 00326070 ____A C:\Windows\PFRO.log 2013-01-13 22:38 - 2013-01-13 22:35 - 00000000 ____D C:\Users\KC\Desktop\cardiology case report 2013-01-13 22:33 - 2013-01-13 22:33 - 00000000 ____D C:\Users\KC\Desktop\other CV reference 2013-01-13 22:33 - 2013-01-13 22:32 - 00000000 ____D C:\Users\KC\Desktop\2013 Apr ACP conference 2013-01-13 18:54 - 2013-01-13 18:54 - 00000000 ____D C:\Users\KC\AppData\Local\{F1FA01CA-1AB8-4BBF-AC58-CF3FC699ACE8} 2013-01-12 23:10 - 2012-01-08 22:23 - 00000000 ____D C:\Users\KC\AppData\Roaming\Skype 2013-01-12 21:33 - 2013-01-10 21:42 - 00000000 ____D C:\Users\All Users\Seagate 2013-01-12 21:33 - 2012-04-15 17:14 - 00000000 ____D C:\Users\KC\AppData\Roaming\Seagate 2013-01-12 21:33 - 2012-04-15 17:12 - 00000000 ____D C:\Program Files (x86)\Seagate 2013-01-12 19:28 - 2013-01-12 19:28 - 00000000 ____D C:\Users\KC\AppData\Local\{2C0AF6F8-70CD-474E-9027-B69A4C4056E4} 2013-01-12 04:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-01-12 03:20 - 2009-07-13 20:45 - 00431672 ____A C:\Windows\System32\FNTCACHE.DAT 2013-01-12 00:28 - 2013-01-12 00:28 - 00000000 ____D C:\Users\KC\AppData\Local\{AC9A9F47-D1FE-4D49-B9CD-AFA4D4DE9B55} 2013-01-12 00:24 - 2012-01-09 21:10 - 00000000 ____D C:\Users\KC\AppData\Roaming\Apple Computer 2013-01-11 23:20 - 2012-02-17 20:10 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-01-11 23:18 - 2012-01-09 00:04 - 00000000 ____D C:\Users\All Users\Microsoft Help 2013-01-10 21:50 - 2013-01-10 21:50 - 00000000 ____D C:\Users\KC\AppData\Roaming\Nero 2013-01-10 21:50 - 2012-01-08 21:29 - 00000000 ____D C:\users\KC 2013-01-08 22:52 - 2012-05-23 21:20 - 00000000 ____D C:\Users\KC\Desktop\New folder 2013-01-07 21:42 - 2012-01-08 22:00 - 00000000 ____D C:\Users\KC\AppData\Roaming\Adobe 2013-01-06 22:41 - 2013-01-06 22:41 - 00000000 ____D C:\Users\KC\Desktop\2013 Jan - Nancy party 2013-01-06 14:05 - 2013-01-06 14:05 - 00000000 ____D C:\Users\KC\AppData\Local\{0B499AAD-290C-4C4B-BA93-EB36651D2724} 2013-01-06 01:14 - 2013-01-06 01:14 - 00077824 ____A C:\Users\KC\Desktop\Block 8 CC final version.xls 2013-01-05 21:34 - 2013-01-05 21:34 - 00744806 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2013-01-05 21:33 - 2013-01-05 21:33 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk 2013-01-05 21:32 - 2013-01-05 21:31 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-01-05 21:32 - 2013-01-05 21:31 - 00000000 ____D C:\Program Files\iTunes 2013-01-05 21:32 - 2013-01-05 21:31 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-01-05 21:31 - 2013-01-05 21:31 - 00000000 ____D C:\Program Files\iPod 2013-01-05 17:46 - 2013-01-05 17:46 - 00000000 ____D C:\Users\KC\AppData\Local\{D26BE529-DA92-43EB-8645-BCDF9615491B} 2013-01-05 16:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF 2013-01-02 19:41 - 2013-01-02 19:41 - 00000000 ____D C:\Users\KC\AppData\Local\{1F999E70-EB46-4F6D-8AFF-BC211CA0E605} 2013-01-01 11:04 - 2013-01-01 11:04 - 00000000 ____D C:\Users\KC\AppData\Local\{C272D7BB-555C-4D67-A903-1192DCA102DC} 2012-12-31 21:34 - 2012-12-31 21:34 - 00000000 ____D C:\Users\KC\AppData\Local\{2823A759-4068-430B-B4E2-DB2EDE632073} 2012-12-30 23:09 - 2012-12-30 23:08 - 00000000 ____D C:\Users\KC\AppData\Local\{29D6C146-B8F9-4638-B27C-9FA761F85B47} 2012-12-30 09:46 - 2012-12-30 09:46 - 00000000 ____D C:\Users\KC\AppData\Local\{BB392596-FF44-43C7-8BB9-E6FD0B21E532} 2012-12-29 17:13 - 2012-12-29 17:13 - 00000000 ____D C:\Users\KC\AppData\Local\{C7FB466F-DE94-41E1-9FD7-D5CB70D45159} 2012-12-24 22:00 - 2012-12-24 22:00 - 00000000 ____D C:\Users\KC\AppData\Local\{F5B1F9BE-9FED-459D-A0B1-0A18DA3B4FEB} ZeroAccess: C:\$Recycle.Bin\S-1-5-21-2989422500-999938887-3150858802-1001\$142c56b9109f7c097f172e3181ed74e3 ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$142c56b9109f7c097f172e3181ed74e3 ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-01-10 21:40:29 Restore point made on: 2013-01-10 21:46:59 Restore point made on: 2013-01-10 21:54:42 Restore point made on: 2013-01-10 21:58:41 Restore point made on: 2013-01-10 22:01:12 Restore point made on: 2013-01-11 23:16:22 Restore point made on: 2013-01-12 03:00:21 Restore point made on: 2013-01-12 21:29:55 Restore point made on: 2013-01-12 21:30:46 Restore point made on: 2013-01-15 18:01:57 Restore point made on: 2013-01-18 22:25:13 Restore point made on: 2013-01-20 11:56:12 Restore point made on: 2013-01-20 18:41:24 Restore point made on: 2013-01-20 19:00:43 Restore point made on: 2013-01-22 19:08:19 ==================== Memory info =========================== Percentage of memory in use: 11% Total physical RAM: 6057.55 MB Available physical RAM: 5332.25 MB Total Pagefile: 6055.75 MB Available Pagefile: 5314.23 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:211 GB) (Free:83.98 GB) NTFS 2 Drive d: () (Fixed) (Total:363.39 GB) (Free:316.76 GB) NTFS 3 Drive f: (SAMSUNG_REC) (Fixed) (Total:21.68 GB) (Free:1.01 GB) NTFS ==>[system with boot components (obtained from reading drive)] 5 Drive h: () (Removable) (Total:0.95 GB) (Free:0.95 GB) FAT 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 7 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 596 GB 1024 KB Disk 1 Online 977 MB 0 B Partitions of Disk 0: =============== Disk ID: 3DB2A4BB Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 211 GB 101 MB Partition 0 Extended 363 GB 211 GB Partition 4 Logical 363 GB 211 GB Partition 3 Recovery 21 GB 574 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 211 GB Healthy ========================================================= Disk: 0 Partition 4 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 D NTFS Partition 363 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 27 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 F SAMSUNG_REC NTFS Partition 21 GB Healthy Hidden ========================================================= Partitions of Disk 1: =============== Disk ID: 00000001 Partition ### Type Size Offset ------------- ---------------- ------- ------- * Partition 1 Primary 977 MB 0 B ================================================================================== Disk: 1 There is no partition selected. There is no partition selected. Please select a partition and try again. ========================================================= Last Boot: 2013-01-14 18:05 ==================== End Of Log =============================
  4. My computer was just infected with the FBI virus and i can't get into safe mode. Can someone help me remove it?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.