While internet browsing my computer somehow became infected by a virus. Now most programs won't open at all or will open for a short time before freezing up. I will have only five to ten minutes to complete any task before the computer totally freezes up. I was able to run Malwarebytes while in safe mode and it identified Trojan.zekos.patched7645P0. Malwarebytes then got hung up while running the heuristic analysis and by then the computer had started to lock up. I was able to run the FRST tool and the results are attached.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Steven (administrator) on STEVEN-PC on 10-06-2015 19:10:00
Running from C:\Users\Steven.Steven-PC\Desktop
Loaded Profiles: Steven (Available Profiles: Steven)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Stardock Corporation) C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
() C:\Program Files (x86)\Stardock\MyColors\wbvista.exe
(AMD) C:\Windows\System32\atieclxx.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dell) C:\Users\Steven.Steven-PC\AppData\Local\Apps\2.0\ZTHCPYXZ.HDR\GCG5ADT7.AY7\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe
() C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
() C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
(TODO: <Company name>) C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\ESP64Proxy.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Alienware) C:\Program Files\Alienware\Command Center\DoorController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-06-18] (Alienware)
HKLM-x32\...\Run: [SiHBAWakeupUtility] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\MyColors\fast64.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4029747782-3714501738-2995947912-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\S-1-5-21-4029747782-3714501738-2995947912-1000\...\Run: [DellSystemDetect] => C:\Users\Steven.Steven-PC\AppData\Local\Apps\2.0\ZTHCPYXZ.HDR\GCG5ADT7.AY7\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe [262720 2014-06-21] (Dell)
HKU\S-1-5-21-4029747782-3714501738-2995947912-1000\...\MountPoints2: {c5c64c74-964e-11e1-bd12-806e6f6e6963} - D:\FalloutLauncher.exe
HKU\S-1-5-21-4029747782-3714501738-2995947912-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\RunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EasySetPackage.lnk [2014-06-14]
ShortcutTarget: EasySetPackage.lnk -> C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\EasySetPackage.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stardock MyColors.lnk [2014-06-14]
ShortcutTarget: Stardock MyColors.lnk -> C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4029747782-3714501738-2995947912-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKU\S-1-5-21-4029747782-3714501738-2995947912-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-4029747782-3714501738-2995947912-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE9HP&PC=UP50
SearchScopes: HKU\S-1-5-21-4029747782-3714501738-2995947912-1000 -> DefaultScope {C9384CC4-10BA-4008-8F68-1BA0C82C3FC9} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-4029747782-3714501738-2995947912-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4029747782-3714501738-2995947912-1000 -> {61AB72F0-FF53-4C25-99D0-762F03A5DA1C} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4029747782-3714501738-2995947912-1000 -> {C9384CC4-10BA-4008-8F68-1BA0C82C3FC9} URL = https://search.yahoo...p={searchTerms}
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/...t/Ode/pcd86.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-03-02] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.251
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-05-04]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
Chrome:
=======
CHR Profile: C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-25]
CHR Extension: (No Name) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeljlhkkoipjimklndofjoafhpccdfjo [2015-03-25]
CHR Extension: (Google Docs) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-25]
CHR Extension: (Google Drive) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-25]
CHR Extension: (YouTube) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-25]
CHR Extension: (Google Search) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28]
CHR Extension: (Google Sheets) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-25]
CHR Extension: (No Name) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-03-26]
CHR Extension: (Bookmark Manager) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-25]
CHR Extension: (Google Wallet) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-27]
CHR Extension: (Gmail) - C:\Users\Steven.Steven-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-25]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-09]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-09]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154856 2015-06-04] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2012-08-03] ()
R2 SiHbaWakeupService; C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe [62464 2009-07-27] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 LGDDCDevice; C:\Windows\SysWOW64\LGI2CDriver.sys [16384 2009-12-22] (LG Soft India) [File not signed]
S3 LGII2CDevice; C:\Windows\SysWOW64\LGPII2CDriver.sys [19456 2009-12-22] (LG Soft India) [File not signed]
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2015-06-10] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 mio; C:\Windows\System32\DRIVERS\mio.sys [7680 2011-05-04] (Dell/Alienware)
R0 SI3132; C:\Windows\System32\DRIVERS\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-10 19:10 - 2015-06-10 19:11 - 00017356 _____ C:\Users\Steven.Steven-PC\Desktop\FRST.txt
2015-06-10 19:10 - 2015-06-10 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-06-10 19:09 - 2015-06-10 19:10 - 00000000 ____D C:\FRST
2015-06-10 19:09 - 2015-06-10 15:07 - 02108928 _____ (Farbar) C:\Users\Steven.Steven-PC\Desktop\FRST64.exe
2015-06-02 20:16 - 2015-06-02 20:16 - 00002156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-05-18 20:32 - 2015-03-18 22:07 - 05503416 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-18 20:32 - 2015-03-18 21:57 - 03963320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-18 20:32 - 2015-03-18 21:57 - 03908024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-18 19:23 - 2015-05-18 19:23 - 00000000 ____D C:\Users\Steven.Steven-PC\AppData\Local\openvr
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-10 19:11 - 2009-07-14 00:13 - 00793298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-10 19:10 - 2014-05-04 10:07 - 00001844 _____ C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2015-06-10 19:09 - 2012-05-04 20:14 - 01278294 _____ C:\Windows\WindowsUpdate.log
2015-06-10 19:08 - 2012-05-08 17:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-10 19:08 - 2009-07-13 23:51 - 00043148 _____ C:\Windows\setupact.log
2015-06-10 19:07 - 2012-12-22 16:31 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-10 19:06 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-10 18:56 - 2014-06-18 19:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-10 07:40 - 2014-06-14 08:56 - 00000000 ____D C:\Windows\pss
2015-06-09 21:54 - 2012-12-22 16:31 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-09 19:57 - 2012-05-05 22:03 - 00091560 _____ C:\Windows\PFRO.log
2015-06-09 19:43 - 2009-07-13 23:45 - 00019712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-09 19:43 - 2009-07-13 23:45 - 00019712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-09 19:42 - 2012-05-05 21:52 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-06-08 22:06 - 2012-05-04 17:49 - 00000000 ____D C:\Users\Steven.Steven-PC
2015-06-08 21:59 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-08 21:58 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2015-05-30 22:03 - 2015-03-25 19:40 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-18 22:06 - 2012-05-04 17:26 - 00000000 ____D C:\Users\Steven
2015-05-18 21:29 - 2012-05-09 03:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-18 21:29 - 2012-05-09 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-18 20:47 - 2013-07-13 03:01 - 00000000 ____D C:\Windows\system32\MRT
2015-05-18 20:47 - 2012-05-07 21:15 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-18 20:43 - 2012-05-06 17:49 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-18 20:42 - 2012-05-09 03:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-18 19:08 - 2012-05-05 22:31 - 00000000 ____D C:\Program Files (x86)\Steam
2015-05-15 19:41 - 2012-12-22 16:31 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 19:41 - 2012-12-22 16:31 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-12 23:17 - 2014-11-27 00:26 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
==================== Files in the root of some directories =======
2012-05-20 14:13 - 2012-05-20 14:13 - 0000104 _____ () C:\Users\Steven.Steven-PC\AppData\Local\fusioncache.dat
2012-05-05 19:46 - 2013-01-03 23:54 - 0007605 _____ () C:\Users\Steven.Steven-PC\AppData\Local\resmon.resmoncfg
Some files in TEMP:
====================
C:\Users\Steven.Steven-PC\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Steven.Steven-PC\AppData\Local\Temp\drm_dyndata_7380006.dll
C:\Users\Steven.Steven-PC\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Steven.Steven-PC\AppData\Local\Temp\ose00000.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed