Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Chitka Infected My System
Message
<blockquote data-quote="ChitkaStruck" data-source="post: 120860" data-attributes="member: 8255"><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2013</p><p>Ran by SYSTEM on 15-05-2013 18:32:09</p><p>Running from E:\</p><p>Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)</p><p>Internet Explorer Version 9</p><p>Boot Mode: Recovery</p><p>The current controlset is ControlSet001</p><p><strong>ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.</strong></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [CyCpIo] C:\Program Files\Cypress\TrackPad\CyCpIo.exe [2364928 2011-03-10] (Cypress Semiconductor Corporation)</p><p>HKLM\...\Run: [CyHidWin] C:\Program Files\Cypress\TrackPad\CyHidWin.exe [2351104 2011-03-10] (Cypress Semiconductor, Inc.)</p><p>HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6611560 2011-02-25] (Realtek Semiconductor)</p><p>HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 [2189416 2011-03-01] (Realtek Semiconductor)</p><p>HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [312936 2011-02-18] (NVIDIA Corporation)</p><p>HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()</p><p>HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10355200 2011-01-24] (Intel Corporation)</p><p>HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2010-12-17] (Intel(R) Corporation)</p><p>HKLM\...\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe [4500128 2011-01-31] (Dell Inc.)</p><p>HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()</p><p>HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207845 2011-04-29] ()</p><p>HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [503942 2011-04-13] (Creative Technology Ltd)</p><p>HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)</p><p>HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1532992 2013-03-13] (McAfee, Inc.)</p><p>HKLM-x32\...\Run: [] [x]</p><p>HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)</p><p>HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()</p><p>HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [885760 2011-04-29] ()</p><p>HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)</p><p>HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)</p><p>HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)</p><p>HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)</p><p>HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)</p><p>HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [151952 2012-11-29] (Apple Inc.)</p><p>AppInit_DLLs: C:\Windows\system32\nvinitx.dll [226920 2011-02-19] (NVIDIA Corporation)</p><p>Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk</p><p>ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [220528 2010-08-30] (McAfee, Inc.)</p><p>S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)</p><p>S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)</p><p>S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)</p><p>S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)</p><p>S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-11-17] (McAfee, Inc.)</p><p>S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)</p><p>S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)</p><p>S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)</p><p>S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)</p><p>S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)</p><p>S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)</p><p>S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)</p><p>S3 cyhid; C:\Windows\System32\DRIVERS\cyhid.sys [104960 2011-03-17] (Windows (R) Win 7 DDK provider)</p><p>S3 cykbfltrService; C:\Windows\System32\DRIVERS\cykbfltr.sys [13312 2011-03-10] (Cypress Semiconductor, Inc.)</p><p>S3 cymfltrService; C:\Windows\System32\DRIVERS\cymfltr.sys [62464 2011-03-23] (Cypress Semiconductor, Inc.)</p><p>S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)</p><p>S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)</p><p>S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)</p><p>S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)</p><p>S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)</p><p>S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)</p><p>S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)</p><p>S3 mfeavfk01; No ImagePath</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-05-15 20:11 - 2013-05-15 20:11 - 00262144 ____A C:\Windows\Minidump\051513-18532-01.dmp</p><p>2013-05-15 19:42 - 2013-05-15 19:42 - 00262144 ____A C:\Windows\Minidump\051513-25599-01.dmp</p><p>2013-05-15 19:28 - 2013-05-15 19:28 - 00262144 ____A C:\Windows\Minidump\051513-24289-01.dmp</p><p>2013-05-15 18:44 - 2013-05-15 18:44 - 00262144 ____A C:\Windows\Minidump\051513-37533-01.dmp</p><p>2013-05-15 18:32 - 2013-05-15 18:32 - 00000000 ____D C:\FRST</p><p>2013-05-15 18:11 - 2013-05-15 18:11 - 00262144 ____A C:\Windows\Minidump\051513-16146-01.dmp</p><p>2013-05-15 01:32 - 2013-05-15 01:32 - 00262144 ____A C:\Windows\Minidump\051413-28563-01.dmp</p><p>2013-05-15 01:16 - 2013-05-15 01:16 - 00262144 ____A C:\Windows\Minidump\051413-24008-01.dmp</p><p>2013-05-15 01:05 - 2013-05-15 01:05 - 00001761 ____A C:\Users\Niaz\Desktop\RKreport[2]_D_05142013_02d2305.txt</p><p>2013-05-15 01:04 - 2013-05-15 01:04 - 00001834 ____A C:\Users\Niaz\Desktop\RKreport[1]_S_05142013_02d2304.txt</p><p>2013-05-15 01:02 - 2013-05-15 01:04 - 00000000 ____D C:\Users\Niaz\Desktop\RK_Quarantine</p><p>2013-05-15 01:01 - 2013-05-15 01:01 - 00816128 ____A C:\Users\Niaz\Downloads\RogueKiller.exe</p><p>2013-05-15 00:56 - 2013-05-15 00:57 - 00003236 ____A C:\AdwCleaner[S1].txt</p><p>2013-05-15 00:55 - 2013-05-15 00:56 - 00628743 ____A C:\Users\Niaz\Downloads\AdwCleaner.exe</p><p>2013-05-15 00:40 - 2013-05-15 00:40 - 00000000 ____D C:\Users\Niaz\Downloads\mbar-1.05.0.1001</p><p>2013-05-15 00:39 - 2013-05-15 00:40 - 12917756 ____A C:\Users\Niaz\Downloads\mbar-1.05.0.1001.zip</p><p>2013-05-15 00:34 - 2013-05-15 00:34 - 00000000 ____D C:\_OTL</p><p>2013-05-15 00:27 - 2013-05-15 00:27 - 00262144 ____A C:\Windows\Minidump\051413-25755-01.dmp</p><p>2013-05-15 00:05 - 2013-05-15 00:05 - 00001332 ____A C:\Users\Niaz\Downloads\aswMBR.txt</p><p>2013-05-15 00:05 - 2013-05-15 00:05 - 00000512 ____A C:\Users\Niaz\Downloads\MBR.dat</p><p>2013-05-15 00:02 - 2013-05-15 00:03 - 04745728 ____A (AVAST Software) C:\Users\Niaz\Downloads\aswMBR.exe</p><p>2013-05-15 00:01 - 2013-05-15 00:01 - 00086680 ____A C:\Users\Niaz\Downloads\OTL.Txt</p><p>2013-05-15 00:01 - 2013-05-15 00:01 - 00083842 ____A C:\Users\Niaz\Downloads\Extras.Txt</p><p>2013-05-14 23:48 - 2013-05-14 23:48 - 00602112 ____A (OldTimer Tools) C:\Users\Niaz\Downloads\OTL.exe</p><p>2013-05-14 23:45 - 2013-05-14 23:45 - 00262144 ____A C:\Windows\Minidump\051413-31059-01.dmp</p><p>2013-05-14 22:20 - 2013-05-14 22:20 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe</p><p>2013-05-14 22:09 - 2013-05-14 22:09 - 00262144 ____A C:\Windows\Minidump\051413-37331-01.dmp</p><p>2013-05-14 22:00 - 2013-05-14 22:21 - 00000000 ____D C:\ProgramData\HitmanPro</p><p>2013-05-14 22:00 - 2013-05-14 22:21 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro</p><p>2013-05-14 22:00 - 2013-05-14 22:03 - 09741664 ____A (SurfRight B.V.) C:\Users\Niaz\Downloads\HitmanPro_x64.exe</p><p>2013-05-14 21:54 - 2013-05-14 21:54 - 00262144 ____A C:\Windows\Minidump\051413-25381-01.dmp</p><p>2013-05-14 20:51 - 2013-05-14 20:51 - 00000000 ____D C:\Users\Niaz\Application Data\Malwarebytes</p><p>2013-05-14 20:51 - 2013-05-14 20:51 - 00000000 ____D C:\Users\Niaz\AppData\Roaming\Malwarebytes</p><p>2013-05-14 20:50 - 2013-05-14 20:50 - 01440846 ____A C:\Users\Niaz\Downloads\mbam-chameleon-1.62.1.1000.zip</p><p>2013-05-14 20:50 - 2013-05-14 20:50 - 00000000 ____D C:\Users\Niaz\Downloads\mbam-chameleon-1.62.1.1000</p><p>2013-05-14 19:51 - 2013-05-15 20:11 - 00000000 ____D C:\Windows\Minidump</p><p>2013-05-14 19:50 - 2013-05-15 20:10 - 585401410 ____A C:\Windows\MEMORY.DMP</p><p>2013-05-14 19:07 - 2013-05-14 19:07 - 00000165 ___AH C:\Users\Niaz\My Documents\~$Bioluminescence.pptx</p><p>2013-05-14 19:07 - 2013-05-14 19:07 - 00000165 ___AH C:\Users\Niaz\Documents\~$Bioluminescence.pptx</p><p>2013-05-14 16:42 - 2013-05-14 16:42 - 00000000 __SHD C:\$$PendingFiles</p><p>2013-05-08 23:46 - 2013-05-08 23:56 - 00000000 ____D C:\Users\Niaz\Local Settings\Microsoft Games</p><p>2013-05-08 23:46 - 2013-05-08 23:56 - 00000000 ____D C:\Users\Niaz\Local Settings\Application Data\Microsoft Games</p><p>2013-05-08 23:46 - 2013-05-08 23:56 - 00000000 ____D C:\Users\Niaz\AppData\Local\Microsoft Games</p><p>2013-04-23 22:52 - 2013-04-12 09:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys</p><p>2013-04-19 17:33 - 2013-05-15 01:41 - 13459909 ____A C:\Users\Niaz\My Documents\Bioluminescence.pptx</p><p>2013-04-19 17:33 - 2013-05-15 01:41 - 13459909 ____A C:\Users\Niaz\Documents\Bioluminescence.pptx</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2013-05-15 20:28 - 2011-07-26 22:34 - 01526856 ____A C:\Windows\WindowsUpdate.log</p><p>2013-05-15 20:26 - 2009-07-14 00:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI</p><p>2013-05-15 20:20 - 2012-11-08 23:03 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2013-05-15 20:18 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2013-05-15 20:18 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2013-05-15 20:11 - 2013-05-15 20:11 - 00262144 ____A C:\Windows\Minidump\051513-18532-01.dmp</p><p>2013-05-15 20:11 - 2013-05-14 19:51 - 00000000 ____D C:\Windows\Minidump</p><p>2013-05-15 20:11 - 2012-11-08 23:03 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2013-05-15 20:11 - 2011-07-26 22:46 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks</p><p>2013-05-15 20:11 - 2011-07-26 22:46 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks</p><p>2013-05-15 20:11 - 2011-07-26 22:46 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks</p><p>2013-05-15 20:11 - 2011-07-26 22:46 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks</p><p>2013-05-15 20:11 - 2011-07-26 22:46 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks</p><p>2013-05-15 20:11 - 2011-07-26 22:46 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks</p><p>2013-05-15 20:11 - 2011-07-26 22:39 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup</p><p>2013-05-15 20:11 - 2011-07-26 22:24 - 00000000 ____D C:\ProgramData\NVIDIA</p><p>2013-05-15 20:11 - 2011-07-26 22:24 - 00000000 ____D C:\ProgramData\Application Data\NVIDIA</p><p>2013-05-15 20:11 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT</p><p>2013-05-15 20:11 - 2009-07-13 23:51 - 00087850 ____A C:\Windows\setupact.log</p><p>2013-05-15 20:10 - 2013-05-14 19:50 - 585401410 ____A C:\Windows\MEMORY.DMP</p><p>2013-05-15 19:42 - 2013-05-15 19:42 - 00262144 ____A C:\Windows\Minidump\051513-25599-01.dmp</p><p>2013-05-15 19:28 - 2013-05-15 19:28 - 00262144 ____A C:\Windows\Minidump\051513-24289-01.dmp</p><p>2013-05-15 18:44 - 2013-05-15 18:44 - 00262144 ____A C:\Windows\Minidump\051513-37533-01.dmp</p><p>2013-05-15 18:32 - 2013-05-15 18:32 - 00000000 ____D C:\FRST</p><p>2013-05-15 18:11 - 2013-05-15 18:11 - 00262144 ____A C:\Windows\Minidump\051513-16146-01.dmp</p><p>2013-05-15 17:26 - 2010-11-20 22:47 - 00075828 ____A C:\Windows\PFRO.log</p><p>2013-05-15 01:41 - 2013-04-19 17:33 - 13459909 ____A C:\Users\Niaz\My Documents\Bioluminescence.pptx</p><p>2013-05-15 01:41 - 2013-04-19 17:33 - 13459909 ____A C:\Users\Niaz\Documents\Bioluminescence.pptx</p><p>2013-05-15 01:32 - 2013-05-15 01:32 - 00262144 ____A C:\Windows\Minidump\051413-28563-01.dmp</p><p>2013-05-15 01:16 - 2013-05-15 01:16 - 00262144 ____A C:\Windows\Minidump\051413-24008-01.dmp</p><p>2013-05-15 01:05 - 2013-05-15 01:05 - 00001761 ____A C:\Users\Niaz\Desktop\RKreport[2]_D_05142013_02d2305.txt</p><p>2013-05-15 01:04 - 2013-05-15 01:04 - 00001834 ____A C:\Users\Niaz\Desktop\RKreport[1]_S_05142013_02d2304.txt</p><p>2013-05-15 01:04 - 2013-05-15 01:02 - 00000000 ____D C:\Users\Niaz\Desktop\RK_Quarantine</p><p>2013-05-15 01:01 - 2013-05-15 01:01 - 00816128 ____A C:\Users\Niaz\Downloads\RogueKiller.exe</p><p>2013-05-15 01:01 - 2012-08-19 04:48 - 00000000 ____D C:\Users\Niaz\My Documents\English5</p><p>2013-05-15 01:01 - 2012-08-19 04:48 - 00000000 ____D C:\Users\Niaz\Documents\English5</p><p>2013-05-15 00:57 - 2013-05-15 00:56 - 00003236 ____A C:\AdwCleaner[S1].txt</p><p>2013-05-15 00:56 - 2013-05-15 00:55 - 00628743 ____A C:\Users\Niaz\Downloads\AdwCleaner.exe</p><p>2013-05-15 00:40 - 2013-05-15 00:40 - 00000000 ____D C:\Users\Niaz\Downloads\mbar-1.05.0.1001</p><p>2013-05-15 00:40 - 2013-05-15 00:39 - 12917756 ____A C:\Users\Niaz\Downloads\mbar-1.05.0.1001.zip</p><p>2013-05-15 00:34 - 2013-05-15 00:34 - 00000000 ____D C:\_OTL</p><p>2013-05-15 00:27 - 2013-05-15 00:27 - 00262144 ____A C:\Windows\Minidump\051413-25755-01.dmp</p><p>2013-05-15 00:05 - 2013-05-15 00:05 - 00001332 ____A C:\Users\Niaz\Downloads\aswMBR.txt</p><p>2013-05-15 00:05 - 2013-05-15 00:05 - 00000512 ____A C:\Users\Niaz\Downloads\MBR.dat</p><p>2013-05-15 00:03 - 2013-05-15 00:02 - 04745728 ____A (AVAST Software) C:\Users\Niaz\Downloads\aswMBR.exe</p><p>2013-05-15 00:01 - 2013-05-15 00:01 - 00086680 ____A C:\Users\Niaz\Downloads\OTL.Txt</p><p>2013-05-15 00:01 - 2013-05-15 00:01 - 00083842 ____A C:\Users\Niaz\Downloads\Extras.Txt</p><p>2013-05-14 23:48 - 2013-05-14 23:48 - 00602112 ____A (OldTimer Tools) C:\Users\Niaz\Downloads\OTL.exe</p><p>2013-05-14 23:45 - 2013-05-14 23:45 - 00262144 ____A C:\Windows\Minidump\051413-31059-01.dmp</p><p>2013-05-14 23:28 - 2012-08-19 01:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service</p><p>2013-05-14 23:26 - 2011-07-26 22:53 - 00000000 ____D C:\Program Files (x86)\McAfee</p><p>2013-05-14 23:25 - 2012-08-19 04:38 - 00000000 ____D C:\Users\Niaz\Desktop\Junk</p><p>2013-05-14 23:24 - 2012-08-19 01:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox</p><p>2013-05-14 22:21 - 2013-05-14 22:00 - 00000000 ____D C:\ProgramData\HitmanPro</p><p>2013-05-14 22:21 - 2013-05-14 22:00 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro</p><p>2013-05-14 22:20 - 2013-05-14 22:20 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe</p><p>2013-05-14 22:09 - 2013-05-14 22:09 - 00262144 ____A C:\Windows\Minidump\051413-37331-01.dmp</p><p>2013-05-14 22:03 - 2013-05-14 22:00 - 09741664 ____A (SurfRight B.V.) C:\Users\Niaz\Downloads\HitmanPro_x64.exe</p><p>2013-05-14 21:54 - 2013-05-14 21:54 - 00262144 ____A C:\Windows\Minidump\051413-25381-01.dmp</p><p>2013-05-14 21:09 - 2012-08-19 01:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware</p><p>2013-05-14 20:51 - 2013-05-14 20:51 - 00000000 ____D C:\Users\Niaz\Application Data\Malwarebytes</p><p>2013-05-14 20:51 - 2013-05-14 20:51 - 00000000 ____D C:\Users\Niaz\AppData\Roaming\Malwarebytes</p><p>2013-05-14 20:50 - 2013-05-14 20:50 - 01440846 ____A C:\Users\Niaz\Downloads\mbam-chameleon-1.62.1.1000.zip</p><p>2013-05-14 20:50 - 2013-05-14 20:50 - 00000000 ____D C:\Users\Niaz\Downloads\mbam-chameleon-1.62.1.1000</p><p>2013-05-14 20:40 - 2012-08-19 00:46 - 00000000 ____D C:\users\Niaz</p><p>2013-05-14 20:35 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal</p><p>2013-05-14 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender</p><p>2013-05-14 20:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Cursors</p><p>2013-05-14 20:34 - 2013-03-13 02:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight</p><p>2013-05-14 20:34 - 2012-12-04 00:08 - 00000000 ____D C:\Program Files\iTunes</p><p>2013-05-14 20:34 - 2012-12-04 00:08 - 00000000 ____D C:\Program Files (x86)\iTunes</p><p>2013-05-14 20:34 - 2012-11-30 23:10 - 00000000 ____D C:\Program Files (x86)\Crayon Physics Deluxe</p><p>2013-05-14 20:34 - 2012-11-09 13:32 - 00000000 ____D C:\Program Files (x86)\GameFly</p><p>2013-05-14 20:34 - 2012-11-09 13:11 - 00000000 ____D C:\Program Files (x86)\iCare Data Recovery Professional</p><p>2013-05-14 20:34 - 2012-10-13 20:42 - 00000000 ____D C:\Program Files (x86)\Origin</p><p>2013-05-14 20:34 - 2012-09-03 14:09 - 00000000 ____D C:\ProgramData\HP Product Assistant</p><p>2013-05-14 20:34 - 2012-09-03 14:09 - 00000000 ____D C:\ProgramData\Application Data\HP Product Assistant</p><p>2013-05-14 20:34 - 2012-09-03 14:07 - 00000000 ____D C:\Program Files (x86)\HP</p><p>2013-05-14 20:34 - 2012-09-03 13:49 - 00000000 ____D C:\ProgramData\HP</p><p>2013-05-14 20:34 - 2012-09-03 13:49 - 00000000 ____D C:\ProgramData\Application Data\HP</p><p>2013-05-14 20:34 - 2012-08-25 11:02 - 00000000 ____D C:\Program Files\Dell Support Center</p><p>2013-05-14 20:34 - 2012-08-19 01:12 - 00000000 ____D C:\Program Files (x86)\QuickTime</p><p>2013-05-14 20:34 - 2012-08-19 01:10 - 00000000 ____D C:\Program Files\Bonjour</p><p>2013-05-14 20:34 - 2012-08-19 01:10 - 00000000 ____D C:\Program Files (x86)\Bonjour</p><p>2013-05-14 20:34 - 2012-08-19 01:10 - 00000000 ____D C:\Program Files (x86)\Apple Software Update</p><p>2013-05-14 20:34 - 2012-08-19 01:07 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack</p><p>2013-05-14 20:34 - 2012-08-19 01:06 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack</p><p>2013-05-14 20:34 - 2012-08-19 01:06 - 00000000 ____D C:\Program Files (x86)\AIM</p><p>2013-05-14 20:34 - 2011-07-27 00:21 - 00000000 ____D C:\Program Files\NVIDIA Corporation</p><p>2013-05-14 20:34 - 2011-07-27 00:21 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation</p><p>2013-05-14 20:34 - 2011-07-26 22:53 - 00000000 ____D C:\ProgramData\McAfee</p><p>2013-05-14 20:34 - 2011-07-26 22:53 - 00000000 ____D C:\ProgramData\Application Data\McAfee</p><p>2013-05-14 20:34 - 2011-07-26 22:53 - 00000000 ____D C:\Program Files (x86)\mcafee.com</p><p>2013-05-14 20:34 - 2011-07-26 22:50 - 00000000 ____D C:\Program Files (x86)\Windows Live</p><p>2013-05-14 20:34 - 2011-07-26 22:41 - 00000000 ___RD C:\Program Files (x86)\Skype</p><p>2013-05-14 20:34 - 2010-11-21 02:16 - 00000000 ___RD C:\Users\Public\Recorded TV</p><p>2013-05-14 20:34 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\restore</p><p>2013-05-14 20:34 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar</p><p>2013-05-14 20:34 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer</p><p>2013-05-14 20:34 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar</p><p>2013-05-14 20:34 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer</p><p>2013-05-14 20:34 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media</p><p>2013-05-14 20:34 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries</p><p>2013-05-14 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\spp</p><p>2013-05-14 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\servicing</p><p>2013-05-14 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\L2Schemas</p><p>2013-05-14 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\IME</p><p>2013-05-14 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System</p><p>2013-05-14 20:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration</p><p>2013-05-14 20:26 - 2012-08-19 05:03 - 00000000 ____D C:\Users\Niaz\Application Data\.minecraft</p><p>2013-05-14 20:26 - 2012-08-19 05:03 - 00000000 ____D C:\Users\Niaz\AppData\Roaming\.minecraft</p><p>2013-05-14 20:24 - 2012-08-19 22:34 - 00000000 __RHD C:\MSOCache</p><p>2013-05-14 19:07 - 2013-05-14 19:07 - 00000165 ___AH C:\Users\Niaz\My Documents\~$Bioluminescence.pptx</p><p>2013-05-14 19:07 - 2013-05-14 19:07 - 00000165 ___AH C:\Users\Niaz\Documents\~$Bioluminescence.pptx</p><p>2013-05-14 16:42 - 2013-05-14 16:42 - 00000000 __SHD C:\$$PendingFiles</p><p>2013-05-10 14:05 - 2012-08-19 04:48 - 00000000 ____D C:\Users\Niaz\My Documents\Other</p><p>2013-05-10 14:05 - 2012-08-19 04:48 - 00000000 ____D C:\Users\Niaz\Documents\Other</p><p>2013-05-08 23:56 - 2013-05-08 23:46 - 00000000 ____D C:\Users\Niaz\Local Settings\Microsoft Games</p><p>2013-05-08 23:56 - 2013-05-08 23:46 - 00000000 ____D C:\Users\Niaz\Local Settings\Application Data\Microsoft Games</p><p>2013-05-08 23:56 - 2013-05-08 23:46 - 00000000 ____D C:\Users\Niaz\AppData\Local\Microsoft Games</p><p>2013-05-08 23:44 - 2012-08-20 00:48 - 00000000 ____D C:\Users\Niaz\Application Data\vlc</p><p>2013-05-08 23:44 - 2012-08-20 00:48 - 00000000 ____D C:\Users\Niaz\AppData\Roaming\vlc</p><p>2013-05-04 11:12 - 2011-07-26 22:38 - 00000000 ____D C:\ProgramData\Application Data\Adobe</p><p>2013-05-04 11:12 - 2011-07-26 22:38 - 00000000 ____D C:\ProgramData\Adobe</p><p>2013-05-04 11:10 - 2012-08-19 01:02 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</p><p>2013-05-03 17:45 - 2012-12-26 17:51 - 00000000 ____D C:\Users\Niaz\My Documents\YT100</p><p>2013-05-03 17:45 - 2012-12-26 17:51 - 00000000 ____D C:\Users\Niaz\Documents\YT100</p><p>2013-04-25 23:48 - 2012-08-19 04:48 - 00000000 ____D C:\Users\Niaz\My Documents\Virtue notes</p><p>2013-04-25 23:48 - 2012-08-19 04:48 - 00000000 ____D C:\Users\Niaz\Documents\Virtue notes</p><p>2013-04-25 23:04 - 2012-08-19 00:51 - 00000000 ____D C:\Users\Niaz\Local Settings\VirtualStore</p><p>2013-04-25 23:04 - 2012-08-19 00:51 - 00000000 ____D C:\Users\Niaz\Local Settings\Application Data\VirtualStore</p><p>2013-04-25 23:04 - 2012-08-19 00:51 - 00000000 ____D C:\Users\Niaz\AppData\Local\VirtualStore</p><p>2013-04-21 08:52 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker</p><p>2013-04-21 08:52 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat</p><p>2013-04-15 20:18 - 2011-07-26 22:58 - 00000000 ____D C:\ProgramData\Sonic</p><p>2013-04-15 20:18 - 2011-07-26 22:58 - 00000000 ____D C:\ProgramData\Application Data\Sonic</p><p>2013-04-15 20:09 - 2013-03-29 16:53 - 00000000 ____D C:\Users\Niaz\Desktop\Phys 41</p><p></p><p>==================== Known DLLs (Whitelisted) ================</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\wininit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\SysWOW64\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== EXE ASSOCIATION =====================</p><p></p><p>HKLM\...\.exe: exefile => OK</p><p>HKLM\...\exefile\DefaultIcon: %1 => OK</p><p>HKLM\...\exefile\open\command: "%1" %* => OK</p><p></p><p>==================== Restore Points =========================</p><p></p><p>Restore point made on: 2013-04-24 01:37:30</p><p>Restore point made on: 2013-05-04 16:37:19</p><p>Restore point made on: 2013-05-11 21:49:14</p><p>Restore point made on: 2013-05-14 17:46:51</p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 9%</p><p>Total physical RAM: 8106.07 MB</p><p>Available physical RAM: 7324.76 MB</p><p>Total Pagefile: 8104.27 MB</p><p>Available Pagefile: 7312.96 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.88 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: (OS) (Fixed) (Total:679 GB) (Free:515.07 GB) NTFS (Disk=0 Partition=3)</p><p>Drive d: (RECOVERY) (Fixed) (Total:19.53 GB) (Free:11.42 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]</p><p>Drive e: () (Removable) (Total:0.96 GB) (Free:0.6 GB) FAT (Disk=1 Partition=1)</p><p>Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 07F2837E)</p><p>Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)</p><p>Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)</p><p>Partition 3: (Not Active) - (Size=679 GB) - (Type=07 NTFS)</p><p></p><p>========================================================</p><p>Disk: 1 (Size: 981 MB) (Disk ID: 00876DDC)</p><p>Partition 1: (Active) - (Size=981 MB) - (Type=06)</p><p></p><p></p><p>Last Boot: 2013-05-04 16:29</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="ChitkaStruck, post: 120860, member: 8255"] Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2013 Ran by SYSTEM on 15-05-2013 18:32:09 Running from E:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [CyCpIo] C:\Program Files\Cypress\TrackPad\CyCpIo.exe [2364928 2011-03-10] (Cypress Semiconductor Corporation) HKLM\...\Run: [CyHidWin] C:\Program Files\Cypress\TrackPad\CyHidWin.exe [2351104 2011-03-10] (Cypress Semiconductor, Inc.) HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6611560 2011-02-25] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 [2189416 2011-03-01] (Realtek Semiconductor) HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [312936 2011-02-18] (NVIDIA Corporation) HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] () HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10355200 2011-01-24] (Intel Corporation) HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2010-12-17] (Intel(R) Corporation) HKLM\...\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe [4500128 2011-01-31] (Dell Inc.) HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] () HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207845 2011-04-29] () HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [503942 2011-04-13] (Creative Technology Ltd) HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.) HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1532992 2013-03-13] (McAfee, Inc.) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] () HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [885760 2011-04-29] () HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard) HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [151952 2012-11-29] (Apple Inc.) AppInit_DLLs: C:\Windows\system32\nvinitx.dll [226920 2011-02-19] (NVIDIA Corporation) Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) ==================== Services (Whitelisted) ================= S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [220528 2010-08-30] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-11-17] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.) S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.) S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.) S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] () ==================== Drivers (Whitelisted) ==================== S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.) S3 cyhid; C:\Windows\System32\DRIVERS\cyhid.sys [104960 2011-03-17] (Windows (R) Win 7 DDK provider) S3 cykbfltrService; C:\Windows\System32\DRIVERS\cykbfltr.sys [13312 2011-03-10] (Cypress Semiconductor, Inc.) S3 cymfltrService; C:\Windows\System32\DRIVERS\cymfltr.sys [62464 2011-03-23] (Cypress Semiconductor, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.) S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.) S3 mfeavfk01; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-15 20:11 - 2013-05-15 20:11 - 00262144 ____A C:\Windows\Minidump\051513-18532-01.dmp 2013-05-15 19:42 - 2013-05-15 19:42 - 00262144 ____A C:\Windows\Minidump\051513-25599-01.dmp 2013-05-15 19:28 - 2013-05-15 19:28 - 00262144 ____A C:\Windows\Minidump\051513-24289-01.dmp 2013-05-15 18:44 - 2013-05-15 18:44 - 00262144 ____A C:\Windows\Minidump\051513-37533-01.dmp 2013-05-15 18:32 - 2013-05-15 18:32 - 00000000 ____D C:\FRST 2013-05-15 18:11 - 2013-05-15 18:11 - 00262144 ____A C:\Windows\Minidump\051513-16146-01.dmp 2013-05-15 01:32 - 2013-05-15 01:32 - 00262144 ____A C:\Windows\Minidump\051413-28563-01.dmp 2013-05-15 01:16 - 2013-05-15 01:16 - 00262144 ____A C:\Windows\Minidump\051413-24008-01.dmp 2013-05-15 01:05 - 2013-05-15 01:05 - 00001761 ____A C:\Users\Niaz\Desktop\RKreport[2]_D_05142013_02d2305.txt 2013-05-15 01:04 - 2013-05-15 01:04 - 00001834 ____A C:\Users\Niaz\Desktop\RKreport[1]_S_05142013_02d2304.txt 2013-05-15 01:02 - 2013-05-15 01:04 - 00000000 ____D C:\Users\Niaz\Desktop\RK_Quarantine 2013-05-15 01:01 - 2013-05-15 01:01 - 00816128 ____A C:\Users\Niaz\Downloads\RogueKiller.exe 2013-05-15 00:56 - 2013-05-15 00:57 - 00003236 ____A C:\AdwCleaner[S1].txt 2013-05-15 00:55 - 2013-05-15 00:56 - 00628743 ____A C:\Users\Niaz\Downloads\AdwCleaner.exe 2013-05-15 00:40 - 2013-05-15 00:40 - 00000000 ____D C:\Users\Niaz\Downloads\mbar-1.05.0.1001 2013-05-15 00:39 - 2013-05-15 00:40 - 12917756 ____A C:\Users\Niaz\Downloads\mbar-1.05.0.1001.zip 2013-05-15 00:34 - 2013-05-15 00:34 - 00000000 ____D C:\_OTL 2013-05-15 00:27 - 2013-05-15 00:27 - 00262144 ____A C:\Windows\Minidump\051413-25755-01.dmp 2013-05-15 00:05 - 2013-05-15 00:05 - 00001332 ____A C:\Users\Niaz\Downloads\aswMBR.txt 2013-05-15 00:05 - 2013-05-15 00:05 - 00000512 ____A C:\Users\Niaz\Downloads\MBR.dat 2013-05-15 00:02 - 2013-05-15 00:03 - 04745728 ____A (AVAST Software) C:\Users\Niaz\Downloads\aswMBR.exe 2013-05-15 00:01 - 2013-05-15 00:01 - 00086680 ____A C:\Users\Niaz\Downloads\OTL.Txt 2013-05-15 00:01 - 2013-05-15 00:01 - 00083842 ____A C:\Users\Niaz\Downloads\Extras.Txt 2013-05-14 23:48 - 2013-05-14 23:48 - 00602112 ____A (OldTimer Tools) C:\Users\Niaz\Downloads\OTL.exe 2013-05-14 23:45 - 2013-05-14 23:45 - 00262144 ____A C:\Windows\Minidump\051413-31059-01.dmp 2013-05-14 22:20 - 2013-05-14 22:20 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe 2013-05-14 22:09 - 2013-05-14 22:09 - 00262144 ____A C:\Windows\Minidump\051413-37331-01.dmp 2013-05-14 22:00 - 2013-05-14 22:21 - 00000000 ____D C:\ProgramData\HitmanPro 2013-05-14 22:00 - 2013-05-14 22:21 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro 2013-05-14 22:00 - 2013-05-14 22:03 - 09741664 ____A (SurfRight B.V.) C:\Users\Niaz\Downloads\HitmanPro_x64.exe 2013-05-14 21:54 - 2013-05-14 21:54 - 00262144 ____A C:\Windows\Minidump\051413-25381-01.dmp 2013-05-14 20:51 - 2013-05-14 20:51 - 00000000 ____D C:\Users\Niaz\Application Data\Malwarebytes 2013-05-14 20:51 - 2013-05-14 20:51 - 00000000 ____D C:\Users\Niaz\AppData\Roaming\Malwarebytes 2013-05-14 20:50 - 2013-05-14 20:50 - 01440846 ____A C:\Users\Niaz\Downloads\mbam-chameleon-1.62.1.1000.zip 2013-05-14 20:50 - 2013-05-14 20:50 - 00000000 ____D C:\Users\Niaz\Downloads\mbam-chameleon-1.62.1.1000 2013-05-14 19:51 - 2013-05-15 20:11 - 00000000 ____D C:\Windows\Minidump 2013-05-14 19:50 - 2013-05-15 20:10 - 585401410 ____A C:\Windows\MEMORY.DMP 2013-05-14 19:07 - 2013-05-14 19:07 - 00000165 ___AH C:\Users\Niaz\My Documents\~$Bioluminescence.pptx 2013-05-14 19:07 - 2013-05-14 19:07 - 00000165 ___AH C:\Users\Niaz\Documents\~$Bioluminescence.pptx 2013-05-14 16:42 - 2013-05-14 16:42 - 00000000 __SHD C:\$$PendingFiles 2013-05-08 23:46 - 2013-05-08 23:56 - 00000000 ____D C:\Users\Niaz\Local Settings\Microsoft Games 2013-05-08 23:46 - 2013-05-08 23:56 - 00000000 ____D C:\Users\Niaz\Local Settings\Application Data\Microsoft Games 2013-05-08 23:46 - 2013-05-08 23:56 - 00000000 ____D C:\Users\Niaz\AppData\Local\Microsoft Games 2013-04-23 22:52 - 2013-04-12 09:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-19 17:33 - 2013-05-15 01:41 - 13459909 ____A C:\Users\Niaz\My Documents\Bioluminescence.pptx 2013-04-19 17:33 - 2013-05-15 01:41 - 13459909 ____A C:\Users\Niaz\Documents\Bioluminescence.pptx ==================== One Month Modified Files and Folders ======= 2013-05-15 20:28 - 2011-07-26 22:34 - 01526856 ____A C:\Windows\WindowsUpdate.log 2013-05-15 20:26 - 2009-07-14 00:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-15 20:20 - 2012-11-08 23:03 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-15 20:18 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-15 20:18 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-15 20:11 - 2013-05-15 20:11 - 00262144 ____A C:\Windows\Minidump\051513-18532-01.dmp 2013-05-15 20:11 - 2013-05-14 19:51 - 00000000 ____D C:\Windows\Minidump 2013-05-15 20:11 - 2012-11-08 23:03 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-15 20:11 - 2011-07-26 22:46 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks 2013-05-15 20:11 - 2011-07-26 22:46 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks 2013-05-15 20:11 - 2011-07-26 22:46 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2013-05-15 20:11 - 2011-07-26 22:46 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks 2013-05-15 20:11 - 2011-07-26 22:46 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks 2013-05-15 20:11 - 2011-07-26 22:46 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2013-05-15 20:11 - 2011-07-26 22:39 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2013-05-15 20:11 - 2011-07-26 22:24 - 00000000 ____D C:\ProgramData\NVIDIA 2013-05-15 20:11 - 2011-07-26 22:24 - 00000000 ____D C:\ProgramData\Application Data\NVIDIA 2013-05-15 20:11 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-15 20:11 - 2009-07-13 23:51 - 00087850 ____A C:\Windows\setupact.log 2013-05-15 20:10 - 2013-05-14 19:50 - 585401410 ____A C:\Windows\MEMORY.DMP 2013-05-15 19:42 - 2013-05-15 19:42 - 00262144 ____A C:\Windows\Minidump\051513-25599-01.dmp 2013-05-15 19:28 - 2013-05-15 19:28 - 00262144 ____A C:\Windows\Minidump\051513-24289-01.dmp 2013-05-15 18:44 - 2013-05-15 18:44 - 00262144 ____A C:\Windows\Minidump\051513-37533-01.dmp 2013-05-15 18:32 - 2013-05-15 18:32 - 00000000 ____D C:\FRST 2013-05-15 18:11 - 2013-05-15 18:11 - 00262144 ____A C:\Windows\Minidump\051513-16146-01.dmp 2013-05-15 17:26 - 2010-11-20 22:47 - 00075828 ____A C:\Windows\PFRO.log 2013-05-15 01:41 - 2013-04-19 17:33 - 13459909 ____A C:\Users\Niaz\My Documents\Bioluminescence.pptx 2013-05-15 01:41 - 2013-04-19 17:33 - 13459909 ____A C:\Users\Niaz\Documents\Bioluminescence.pptx 2013-05-15 01:32 - 2013-05-15 01:32 - 00262144 ____A C:\Windows\Minidump\051413-28563-01.dmp 2013-05-15 01:16 - 2013-05-15 01:16 - 00262144 ____A C:\Windows\Minidump\051413-24008-01.dmp 2013-05-15 01:05 - 2013-05-15 01:05 - 00001761 ____A C:\Users\Niaz\Desktop\RKreport[2]_D_05142013_02d2305.txt 2013-05-15 01:04 - 2013-05-15 01:04 - 00001834 ____A C:\Users\Niaz\Desktop\RKreport[1]_S_05142013_02d2304.txt 2013-05-15 01:04 - 2013-05-15 01:02 - 00000000 ____D C:\Users\Niaz\Desktop\RK_Quarantine 2013-05-15 01:01 - 2013-05-15 01:01 - 00816128 ____A C:\Users\Niaz\Downloads\RogueKiller.exe 2013-05-15 01:01 - 2012-08-19 04:48 - 00000000 ____D C:\Users\Niaz\My Documents\English5 2013-05-15 01:01 - 2012-08-19 04:48 - 00000000 ____D C:\Users\Niaz\Documents\English5 2013-05-15 00:57 - 2013-05-15 00:56 - 00003236 ____A C:\AdwCleaner[S1].txt 2013-05-15 00:56 - 2013-05-15 00:55 - 00628743 ____A C:\Users\Niaz\Downloads\AdwCleaner.exe 2013-05-15 00:40 - 2013-05-15 00:40 - 00000000 ____D C:\Users\Niaz\Downloads\mbar-1.05.0.1001 2013-05-15 00:40 - 2013-05-15 00:39 - 12917756 ____A C:\Users\Niaz\Downloads\mbar-1.05.0.1001.zip 2013-05-15 00:34 - 2013-05-15 00:34 - 00000000 ____D C:\_OTL 2013-05-15 00:27 - 2013-05-15 00:27 - 00262144 ____A C:\Windows\Minidump\051413-25755-01.dmp 2013-05-15 00:05 - 2013-05-15 00:05 - 00001332 ____A C:\Users\Niaz\Downloads\aswMBR.txt 2013-05-15 00:05 - 2013-05-15 00:05 - 00000512 ____A C:\Users\Niaz\Downloads\MBR.dat 2013-05-15 00:03 - 2013-05-15 00:02 - 04745728 ____A (AVAST Software) C:\Users\Niaz\Downloads\aswMBR.exe 2013-05-15 00:01 - 2013-05-15 00:01 - 00086680 ____A C:\Users\Niaz\Downloads\OTL.Txt 2013-05-15 00:01 - 2013-05-15 00:01 - 00083842 ____A C:\Users\Niaz\Downloads\Extras.Txt 2013-05-14 23:48 - 2013-05-14 23:48 - 00602112 ____A (OldTimer Tools) C:\Users\Niaz\Downloads\OTL.exe 2013-05-14 23:45 - 2013-05-14 23:45 - 00262144 ____A C:\Windows\Minidump\051413-31059-01.dmp 2013-05-14 23:28 - 2012-08-19 01:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-05-14 23:26 - 2011-07-26 22:53 - 00000000 ____D C:\Program Files (x86)\McAfee 2013-05-14 23:25 - 2012-08-19 04:38 - 00000000 ____D C:\Users\Niaz\Desktop\Junk 2013-05-14 23:24 - 2012-08-19 01:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-14 22:21 - 2013-05-14 22:00 - 00000000 ____D C:\ProgramData\HitmanPro 2013-05-14 22:21 - 2013-05-14 22:00 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro 2013-05-14 22:20 - 2013-05-14 22:20 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe 2013-05-14 22:09 - 2013-05-14 22:09 - 00262144 ____A C:\Windows\Minidump\051413-37331-01.dmp 2013-05-14 22:03 - 2013-05-14 22:00 - 09741664 ____A (SurfRight B.V.) C:\Users\Niaz\Downloads\HitmanPro_x64.exe 2013-05-14 21:54 - 2013-05-14 21:54 - 00262144 ____A C:\Windows\Minidump\051413-25381-01.dmp 2013-05-14 21:09 - 2012-08-19 01:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-05-14 20:51 - 2013-05-14 20:51 - 00000000 ____D C:\Users\Niaz\Application Data\Malwarebytes 2013-05-14 20:51 - 2013-05-14 20:51 - 00000000 ____D C:\Users\Niaz\AppData\Roaming\Malwarebytes 2013-05-14 20:50 - 2013-05-14 20:50 - 01440846 ____A C:\Users\Niaz\Downloads\mbam-chameleon-1.62.1.1000.zip 2013-05-14 20:50 - 2013-05-14 20:50 - 00000000 ____D C:\Users\Niaz\Downloads\mbam-chameleon-1.62.1.1000 2013-05-14 20:40 - 2012-08-19 00:46 - 00000000 ____D C:\users\Niaz 2013-05-14 20:35 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal 2013-05-14 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-05-14 20:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Cursors 2013-05-14 20:34 - 2013-03-13 02:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-05-14 20:34 - 2012-12-04 00:08 - 00000000 ____D C:\Program Files\iTunes 2013-05-14 20:34 - 2012-12-04 00:08 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-05-14 20:34 - 2012-11-30 23:10 - 00000000 ____D C:\Program Files (x86)\Crayon Physics Deluxe 2013-05-14 20:34 - 2012-11-09 13:32 - 00000000 ____D C:\Program Files (x86)\GameFly 2013-05-14 20:34 - 2012-11-09 13:11 - 00000000 ____D C:\Program Files (x86)\iCare Data Recovery Professional 2013-05-14 20:34 - 2012-10-13 20:42 - 00000000 ____D C:\Program Files (x86)\Origin 2013-05-14 20:34 - 2012-09-03 14:09 - 00000000 ____D C:\ProgramData\HP Product Assistant 2013-05-14 20:34 - 2012-09-03 14:09 - 00000000 ____D C:\ProgramData\Application Data\HP Product Assistant 2013-05-14 20:34 - 2012-09-03 14:07 - 00000000 ____D C:\Program Files (x86)\HP 2013-05-14 20:34 - 2012-09-03 13:49 - 00000000 ____D C:\ProgramData\HP 2013-05-14 20:34 - 2012-09-03 13:49 - 00000000 ____D C:\ProgramData\Application Data\HP 2013-05-14 20:34 - 2012-08-25 11:02 - 00000000 ____D C:\Program Files\Dell Support Center 2013-05-14 20:34 - 2012-08-19 01:12 - 00000000 ____D C:\Program Files (x86)\QuickTime 2013-05-14 20:34 - 2012-08-19 01:10 - 00000000 ____D C:\Program Files\Bonjour 2013-05-14 20:34 - 2012-08-19 01:10 - 00000000 ____D C:\Program Files (x86)\Bonjour 2013-05-14 20:34 - 2012-08-19 01:10 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2013-05-14 20:34 - 2012-08-19 01:07 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2013-05-14 20:34 - 2012-08-19 01:06 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack 2013-05-14 20:34 - 2012-08-19 01:06 - 00000000 ____D C:\Program Files (x86)\AIM 2013-05-14 20:34 - 2011-07-27 00:21 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2013-05-14 20:34 - 2011-07-27 00:21 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-05-14 20:34 - 2011-07-26 22:53 - 00000000 ____D C:\ProgramData\McAfee 2013-05-14 20:34 - 2011-07-26 22:53 - 00000000 ____D C:\ProgramData\Application Data\McAfee 2013-05-14 20:34 - 2011-07-26 22:53 - 00000000 ____D C:\Program Files (x86)\mcafee.com 2013-05-14 20:34 - 2011-07-26 22:50 - 00000000 ____D C:\Program Files (x86)\Windows Live 2013-05-14 20:34 - 2011-07-26 22:41 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-05-14 20:34 - 2010-11-21 02:16 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-05-14 20:34 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\restore 2013-05-14 20:34 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar 2013-05-14 20:34 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2013-05-14 20:34 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar 2013-05-14 20:34 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2013-05-14 20:34 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media 2013-05-14 20:34 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries 2013-05-14 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\spp 2013-05-14 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\servicing 2013-05-14 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\L2Schemas 2013-05-14 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\IME 2013-05-14 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System 2013-05-14 20:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration 2013-05-14 20:26 - 2012-08-19 05:03 - 00000000 ____D C:\Users\Niaz\Application Data\.minecraft 2013-05-14 20:26 - 2012-08-19 05:03 - 00000000 ____D C:\Users\Niaz\AppData\Roaming\.minecraft 2013-05-14 20:24 - 2012-08-19 22:34 - 00000000 __RHD C:\MSOCache 2013-05-14 19:07 - 2013-05-14 19:07 - 00000165 ___AH C:\Users\Niaz\My Documents\~$Bioluminescence.pptx 2013-05-14 19:07 - 2013-05-14 19:07 - 00000165 ___AH C:\Users\Niaz\Documents\~$Bioluminescence.pptx 2013-05-14 16:42 - 2013-05-14 16:42 - 00000000 __SHD C:\$$PendingFiles 2013-05-10 14:05 - 2012-08-19 04:48 - 00000000 ____D C:\Users\Niaz\My Documents\Other 2013-05-10 14:05 - 2012-08-19 04:48 - 00000000 ____D C:\Users\Niaz\Documents\Other 2013-05-08 23:56 - 2013-05-08 23:46 - 00000000 ____D C:\Users\Niaz\Local Settings\Microsoft Games 2013-05-08 23:56 - 2013-05-08 23:46 - 00000000 ____D C:\Users\Niaz\Local Settings\Application Data\Microsoft Games 2013-05-08 23:56 - 2013-05-08 23:46 - 00000000 ____D C:\Users\Niaz\AppData\Local\Microsoft Games 2013-05-08 23:44 - 2012-08-20 00:48 - 00000000 ____D C:\Users\Niaz\Application Data\vlc 2013-05-08 23:44 - 2012-08-20 00:48 - 00000000 ____D C:\Users\Niaz\AppData\Roaming\vlc 2013-05-04 11:12 - 2011-07-26 22:38 - 00000000 ____D C:\ProgramData\Application Data\Adobe 2013-05-04 11:12 - 2011-07-26 22:38 - 00000000 ____D C:\ProgramData\Adobe 2013-05-04 11:10 - 2012-08-19 01:02 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-05-03 17:45 - 2012-12-26 17:51 - 00000000 ____D C:\Users\Niaz\My Documents\YT100 2013-05-03 17:45 - 2012-12-26 17:51 - 00000000 ____D C:\Users\Niaz\Documents\YT100 2013-04-25 23:48 - 2012-08-19 04:48 - 00000000 ____D C:\Users\Niaz\My Documents\Virtue notes 2013-04-25 23:48 - 2012-08-19 04:48 - 00000000 ____D C:\Users\Niaz\Documents\Virtue notes 2013-04-25 23:04 - 2012-08-19 00:51 - 00000000 ____D C:\Users\Niaz\Local Settings\VirtualStore 2013-04-25 23:04 - 2012-08-19 00:51 - 00000000 ____D C:\Users\Niaz\Local Settings\Application Data\VirtualStore 2013-04-25 23:04 - 2012-08-19 00:51 - 00000000 ____D C:\Users\Niaz\AppData\Local\VirtualStore 2013-04-21 08:52 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker 2013-04-21 08:52 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat 2013-04-15 20:18 - 2011-07-26 22:58 - 00000000 ____D C:\ProgramData\Sonic 2013-04-15 20:18 - 2011-07-26 22:58 - 00000000 ____D C:\ProgramData\Application Data\Sonic 2013-04-15 20:09 - 2013-03-29 16:53 - 00000000 ____D C:\Users\Niaz\Desktop\Phys 41 ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-04-24 01:37:30 Restore point made on: 2013-05-04 16:37:19 Restore point made on: 2013-05-11 21:49:14 Restore point made on: 2013-05-14 17:46:51 ==================== Memory info =========================== Percentage of memory in use: 9% Total physical RAM: 8106.07 MB Available physical RAM: 7324.76 MB Total Pagefile: 8104.27 MB Available Pagefile: 7312.96 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:679 GB) (Free:515.07 GB) NTFS (Disk=0 Partition=3) Drive d: (RECOVERY) (Fixed) (Total:19.53 GB) (Free:11.42 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)] Drive e: () (Removable) (Total:0.96 GB) (Free:0.6 GB) FAT (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 07F2837E) Partition 1: (Not Active) - (Size=102 MB) - (Type=DE) Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=679 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 981 MB) (Disk ID: 00876DDC) Partition 1: (Active) - (Size=981 MB) - (Type=06) Last Boot: 2013-05-04 16:29 ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top