Jump to content

gene23baltimore

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Perfect, all problems solved. Thank you so much Mr.C, and I will be donating via PayPal shortly to show my appreciation.
  2. Thanks again MrC. Here are the two text files after running MB-AntiRootKit. It found 1 malware and fixed it, and I also ran FixDamage and it applied its own fix. My only issue right now is that I'm still getting the Boot Manager boot-up menu: (1) Windows 7 or (2) Windows 7 Ultimate (Recovered). I didn't have that before. Thanks! mbar-log-2013-03-02 (17-14-24).txt system-log.txt
  3. Thanks a lot Mr. C, great job!!! The Safe Mode works and the system is clean now. Just one question: When starting up I get a "Windows Boot Manager" screen that gives me 2 choices: 1. Windows 7 2. Windows 7 Ultimate (Recovered) Option (2) doesn't work, and shuts down after the logo screen. Option (1) works and that's the one I'm using. I didn't have this screen before, is there a way to suppress it, or to get rid of the nonfunctional Option #2 (7 Ultimate Recovered)? Thanks again so much!!!
  4. Hi, I am getting an FBI Virus and the Safe Mode shuts down immediately and does not work. I ran the FRST tool from Notepad as suggested in another thread. Here is my output. What should I fix? Thanks FRST Tool Output: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2013 Ran by SYSTEM at 02-03-2013 13:36:26 Running from L:\ Windows 7 Ultimate (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-23] (Realtek Semiconductor) HKLM\...\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [x] HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-02-22] (Adobe Systems Incorporated) HKLM\...\Run: [sBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe" [x] HKLM-x32\...\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-06-14] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.) HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2009-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-14] () HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248040 2010-02-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.) HKU\Eugene\...\Run: [AdobeBridge] [x] HKU\Eugene\...\Run: [{4239BFB4-06B3-446A-AFEE-081F6C92B83D}] rundll32 "C:\Users\Eugene\AppData\Local\ATI\{4239BFB4-06B3-446A-AFEE-081F6C92B83D}\epecoro.dll",DllRegisterServerW [638976 2013-02-16] (Microsoft Corporation) HKU\Eugene\...\Run: [wesvie] rundll32.exe "C:\Users\Eugene\AppData\Roaming\wesvie.dll",ExecuteSql [169984 2013-03-01] () HKU\Eugene\...\Run: [ifamp] rundll32.exe "C:\Users\Eugene\AppData\Roaming\ifamp.dll",get_pCAL [530432 2013-03-01] (Time Technology Ltd.) HKU\Eugene\...\Run: [acper] rundll32.exe "C:\Users\Eugene\AppData\Roaming\acper.dll",EvalFrameEx [339456 2013-03-01] () HKU\Eugene\...\RunOnce: [E8319CC3EAD5FE6F0000E830B499043D] C:\ProgramData\E8319CC3EAD5FE6F0000E830B499043D\E8319CC3EAD5FE6F0000E830B499043D.exe [401408 2013-03-01] () HKU\Eugene\...\Winlogon: [shell] explorer.exe,C:\Users\Eugene\AppData\Roaming\skype.dat [89600 2011-11-16] () Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) ==================== Services (Whitelisted) =================== 4 NMSAccess; "C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe" [71096 2009-01-12] () 4 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] ==================== Drivers (Whitelisted) ===================== 1 ElRawDisk; \??\C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation) 3 gfiark; C:\Windows\System32\Drivers\gfiark.sys [38096 2012-12-17] (GFI Software) 0 gfibto; C:\Windows\System32\Drivers\gfibto.sys [14456 2013-01-12] (GFI Software) 3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-10-06] () 3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-06] () 3 pmxdrv; C:\Windows\System32\Drivers\pmxdrv.sys [38536 2012-03-17] () 3 synusb64; C:\Windows\System32\Drivers\synusb64.sys [30352 2009-06-26] (Steinberg Media Technologies GmbH) 3 VIRUSUSB; C:\Windows\System32\Drivers\VIRUSUSB.sys [468032 2010-05-27] (access) 3 VTIAUDIO; C:\Windows\System32\Drivers\VTIAUDIO.sys [49728 2010-05-27] (usb-audio.de) 3 VTIMIDEV01; C:\Windows\System32\drivers\vtimidi.sys [32768 2010-05-11] (Kemper Digital Gmbh) 3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x] 3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x] 3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2013-03-02 06:31 - 2013-03-02 06:31 - 00002062 ____A C:\Users\Eugene\Desktop\Disk Antivirus Professional.lnk 2013-03-01 18:31 - 2013-03-02 06:36 - 00000004 ____A C:\Users\Eugene\AppData\Roaming\skype.ini 2013-03-01 18:27 - 2013-03-02 06:31 - 00006522 ____A C:\Users\Eugene\AppData\Local\56fe6125-4a0b-46a3-8a00-9f6d6c1201b1.crx 2013-03-01 18:27 - 2013-03-02 06:31 - 00000000 ____D C:\ProgramData\E8319CC3EAD5FE6F0000E830B499043D 2013-03-01 18:27 - 2013-03-01 18:27 - 00530432 ____A (Time Technology Ltd.) C:\Users\Eugene\AppData\Roaming\ifamp.dll 2013-03-01 18:27 - 2013-03-01 18:27 - 00339456 ____A () C:\Users\Eugene\AppData\Roaming\acper.dll 2013-03-01 18:26 - 2013-03-01 18:26 - 00169984 ____A () C:\Users\Eugene\AppData\Roaming\wesvie.dll 2013-02-27 05:04 - 2013-01-13 13:17 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-02-27 05:04 - 2013-01-13 13:17 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-02-27 05:04 - 2013-01-13 13:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-02-27 05:04 - 2013-01-13 13:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-02-27 05:04 - 2013-01-13 13:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-02-27 05:04 - 2013-01-13 13:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-02-27 05:04 - 2013-01-13 13:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-02-27 05:04 - 2013-01-13 13:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll 2013-02-27 05:04 - 2013-01-13 13:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-02-27 05:04 - 2013-01-13 12:35 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-02-27 05:04 - 2013-01-13 12:35 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-02-27 05:04 - 2013-01-13 12:35 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-02-27 05:04 - 2013-01-13 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-02-27 05:04 - 2013-01-13 12:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-02-27 05:04 - 2013-01-13 12:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-02-27 05:04 - 2013-01-13 12:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-02-27 05:04 - 2013-01-13 12:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-02-27 05:04 - 2013-01-13 12:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-02-27 05:04 - 2013-01-13 12:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-02-27 05:04 - 2013-01-13 12:22 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2013-02-27 05:04 - 2013-01-13 12:20 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2013-02-27 05:04 - 2013-01-13 12:09 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2013-02-27 05:04 - 2013-01-13 12:08 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-02-27 05:04 - 2013-01-13 12:08 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll 2013-02-27 05:04 - 2013-01-13 11:59 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2013-02-27 05:04 - 2013-01-13 11:58 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll 2013-02-27 05:04 - 2013-01-13 11:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2013-02-27 05:04 - 2013-01-13 11:53 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2013-02-27 05:04 - 2013-01-13 11:53 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2013-02-27 05:04 - 2013-01-13 11:51 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll 2013-02-27 05:04 - 2013-01-13 11:49 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll 2013-02-27 05:04 - 2013-01-13 11:48 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2013-02-27 05:04 - 2013-01-13 11:46 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll 2013-02-27 05:04 - 2013-01-13 11:43 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-02-27 05:04 - 2013-01-13 11:38 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-02-27 05:04 - 2013-01-13 11:38 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll 2013-02-27 05:04 - 2013-01-13 11:38 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll 2013-02-27 05:04 - 2013-01-13 11:37 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2013-02-27 05:04 - 2013-01-13 11:25 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll 2013-02-27 05:04 - 2013-01-13 11:24 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2013-02-27 05:04 - 2013-01-13 11:24 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll 2013-02-27 05:04 - 2013-01-13 11:20 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll 2013-02-27 05:04 - 2013-01-13 11:20 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll 2013-02-27 05:04 - 2013-01-13 11:15 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-02-27 05:04 - 2013-01-13 11:10 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll 2013-02-27 05:04 - 2013-01-13 11:02 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-02-27 05:04 - 2013-01-13 10:34 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2013-02-27 05:04 - 2013-01-13 10:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll 2013-02-27 05:04 - 2013-01-13 10:09 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll 2013-02-27 05:04 - 2013-01-13 09:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2013-02-27 05:04 - 2013-01-13 09:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll 2013-02-27 05:04 - 2013-01-03 22:11 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll 2013-02-27 05:04 - 2013-01-03 22:11 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2013-02-18 16:42 - 2013-02-18 16:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-02-12 15:49 - 2013-01-07 21:40 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-02-12 15:49 - 2013-01-07 20:39 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-02-12 15:49 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-02-12 15:49 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-02-12 15:49 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-02-12 15:49 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2013-02-12 15:49 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-02-12 15:49 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-02-12 15:49 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-02-12 15:49 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-02-12 15:49 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-02-12 15:49 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-02-12 15:49 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-02-12 15:49 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS 2013-02-12 15:49 - 2012-12-20 05:59 - 01492992 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-02-12 15:49 - 2012-12-20 05:59 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-02-12 15:49 - 2012-12-20 05:59 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-02-12 15:49 - 2012-12-20 05:56 - 09058304 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-02-12 15:49 - 2012-12-20 05:56 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-02-12 15:49 - 2012-12-20 05:55 - 12295168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-02-12 15:49 - 2012-12-20 05:55 - 02458112 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-02-12 15:49 - 2012-12-20 05:55 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-02-12 15:49 - 2012-12-20 05:55 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-02-12 15:49 - 2012-12-20 04:53 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-02-12 15:49 - 2012-12-20 04:53 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-02-12 15:49 - 2012-12-20 04:53 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-02-12 15:49 - 2012-12-20 04:50 - 06030336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-02-12 15:49 - 2012-12-20 04:50 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-02-12 15:49 - 2012-12-20 04:50 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-02-12 15:49 - 2012-12-20 04:49 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-02-12 15:49 - 2012-12-20 04:49 - 02078208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-02-12 15:49 - 2012-12-20 04:49 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-02-12 15:49 - 2012-12-20 04:02 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-02-12 15:49 - 2012-12-20 03:20 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-02-09 08:37 - 2013-02-09 08:37 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk 2013-02-09 08:37 - 2012-08-21 10:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys 2013-02-09 08:36 - 2013-02-09 08:37 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-02-09 08:36 - 2013-02-09 08:37 - 00000000 ____D C:\Program Files\iTunes 2013-02-09 08:36 - 2013-02-09 08:36 - 00000000 ____D C:\Program Files\iPod 2013-02-03 14:00 - 2013-02-03 14:00 - 00000000 ____D C:\ProgramData\flgynadmvpanvwu 2013-02-03 13:58 - 2013-02-03 13:58 - 00108266 ____A C:\ProgramData\phnrreoovtslony 2013-02-03 13:57 - 2013-02-03 14:00 - 00108308 ____A C:\ProgramData\erkhohvrtctmsjm ==================== One Month Modified Files and Folders ======= 2013-03-02 10:32 - 2010-01-06 23:34 - 01555268 ____A C:\Windows\PFRO.log 2013-03-02 09:26 - 2010-02-02 18:36 - 00000000 ____D C:\Users\Eugene\AppData\Roaming\dvdcss 2013-03-02 09:26 - 2010-01-19 18:05 - 00000000 ____D C:\Users\Eugene\AppData\Roaming\vlc 2013-03-02 09:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK 2013-03-02 09:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR 2013-03-02 09:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK 2013-03-02 09:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR 2013-03-02 09:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat 2013-03-02 09:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2013-03-02 06:36 - 2013-03-01 18:31 - 00000004 ____A C:\Users\Eugene\AppData\Roaming\skype.ini 2013-03-02 06:35 - 2012-04-28 07:46 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-03-02 06:33 - 2009-07-13 20:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-03-02 06:33 - 2009-07-13 20:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-03-02 06:31 - 2013-03-02 06:31 - 00002062 ____A C:\Users\Eugene\Desktop\Disk Antivirus Professional.lnk 2013-03-02 06:31 - 2013-03-01 18:27 - 00006522 ____A C:\Users\Eugene\AppData\Local\56fe6125-4a0b-46a3-8a00-9f6d6c1201b1.crx 2013-03-02 06:31 - 2013-03-01 18:27 - 00000000 ____D C:\ProgramData\E8319CC3EAD5FE6F0000E830B499043D 2013-03-02 06:31 - 2010-02-05 15:09 - 00065536 _____ C:\Windows\System32\Ikeext.etl 2013-03-02 06:31 - 2010-02-02 15:25 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs 2013-03-02 06:31 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-03-02 06:31 - 2009-07-13 20:51 - 00201860 ____A C:\Windows\setupact.log 2013-03-02 06:29 - 2010-01-16 11:30 - 00000000 ____D C:\users\Eugene 2013-03-01 20:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing 2013-03-01 18:30 - 2010-03-03 16:49 - 00000000 ____D C:\programming 2013-03-01 18:29 - 2010-01-16 14:19 - 00000000 ____D C:\Eugene 2013-03-01 18:27 - 2013-03-01 18:27 - 00530432 ____A (Time Technology Ltd.) C:\Users\Eugene\AppData\Roaming\ifamp.dll 2013-03-01 18:27 - 2013-03-01 18:27 - 00339456 ____A () C:\Users\Eugene\AppData\Roaming\acper.dll 2013-03-01 18:26 - 2013-03-01 18:26 - 00169984 ____A () C:\Users\Eugene\AppData\Roaming\wesvie.dll 2013-03-01 18:26 - 2013-01-11 16:02 - 00000761 ____A C:\Windows\System32\Drivers\etc\hosts.txt 2013-03-01 17:38 - 2009-07-13 21:10 - 02034766 ____A C:\Windows\WindowsUpdate.log 2013-02-27 05:35 - 2012-04-28 07:46 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-02-27 05:35 - 2011-12-14 15:12 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-02-26 05:19 - 2012-11-04 06:18 - 00000000 ____D C:\Users\Eugene\AppData\Roaming\BitTorrent 2013-02-24 19:09 - 2010-01-24 11:22 - 00028672 ____A C:\Users\Eugene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-02-24 15:58 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI 2013-02-23 19:21 - 2010-01-16 11:30 - 00000000 ____D C:\Users\Eugene\AppData\Local\VirtualStore 2013-02-19 20:23 - 2012-08-27 18:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-02-18 16:42 - 2013-02-18 16:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-02-17 14:43 - 2009-07-13 21:08 - 00032652 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-02-16 07:08 - 2010-01-16 11:31 - 00000000 ____D C:\Users\Eugene\AppData\Local\ATI 2013-02-13 14:30 - 2009-07-13 20:45 - 05018200 ____A C:\Windows\System32\FNTCACHE.DAT 2013-02-12 19:39 - 2009-07-13 18:34 - 00000499 ____A C:\Windows\win.ini 2013-02-12 19:37 - 2010-01-18 05:53 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-02-12 19:35 - 2011-03-06 14:30 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-02-10 06:27 - 2010-02-06 11:17 - 00000366 ____A C:\Windows\Tasks\Driver Fetch.job 2013-02-09 08:43 - 2010-01-18 19:01 - 00000000 ____D C:\mp3 2013-02-09 08:37 - 2013-02-09 08:37 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk 2013-02-09 08:37 - 2013-02-09 08:36 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-02-09 08:37 - 2013-02-09 08:36 - 00000000 ____D C:\Program Files\iTunes 2013-02-09 08:37 - 2010-08-14 10:53 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-02-09 08:36 - 2013-02-09 08:36 - 00000000 ____D C:\Program Files\iPod 2013-02-06 19:34 - 2010-01-16 11:31 - 00131376 ____A C:\Users\Eugene\AppData\Local\GDIPFONTCACHEV1.DAT 2013-02-03 14:00 - 2013-02-03 14:00 - 00000000 ____D C:\ProgramData\flgynadmvpanvwu 2013-02-03 14:00 - 2013-02-03 13:57 - 00108308 ____A C:\ProgramData\erkhohvrtctmsjm 2013-02-03 13:58 - 2013-02-03 13:58 - 00108266 ____A C:\ProgramData\phnrreoovtslony ZeroAccess: C:\$Recycle.Bin\S-1-5-21-3963059261-2004545127-1510009522-1000\$328b4b83b4e061038fa78729b5dddaab ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-03-01 18:31:31 Restore point made on: 2013-03-01 18:56:01 Restore point made on: 2013-03-02 06:36:04 ==================== Memory info =========================== Percentage of memory in use: 7% Total physical RAM: 16375.12 MB Available physical RAM: 15192.78 MB Total Pagefile: 16373.27 MB Available Pagefile: 15180.83 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:1.61 GB) NTFS 2 Drive d: (MYEXFAT) (Fixed) (Total:0.1 GB) (Free:0.1 GB) FAT 3 Drive f: () (Fixed) (Total:931.41 GB) (Free:439.77 GB) NTFS 9 Drive l: (USB20FD) (Removable) (Total:15.22 GB) (Free:15.22 GB) FAT32 10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 11 Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.88 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 465 GB 0 B Disk 1 Online 931 GB 0 B Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 No Media 0 B 0 B Disk 6 Online 15 GB 0 B Partitions of Disk 0: =============== Disk ID: 2BD2C32A Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 39 MB 31 KB Partition 2 Primary 14 GB 40 MB Partition 3 Primary 451 GB 14 GB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 10 FAT Partition 39 MB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y RECOVERY NTFS Partition 14 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 451 GB Healthy ========================================================= Partitions of Disk 1: =============== Disk ID: 1EC41EC3 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 931 GB 101 MB ================================================================================== Disk: 1 Partition 1 Type : 06 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 D MYEXFAT FAT Partition 100 MB Healthy ========================================================= Disk: 1 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 F NTFS Partition 931 GB Healthy ========================================================= Partitions of Disk 6: =============== Disk ID: C3072E18 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 15 GB 1752 KB ================================================================================== Disk: 6 Partition 1 Type : 0C Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 9 L USB20FD FAT32 Removable 15 GB Healthy ========================================================= Last Boot: 2013-02-23 06:41 ==================== End Of Log =============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.