Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware suspected to be preventing recovery disk creation [Closed] [So


  • This topic is locked This topic is locked

#31
uc577

uc577

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Do I have to totally uninstall and reinstall it though? Because this is what mine looks like now under protection :upset:

Attached Thumbnails

  • malwarebytes pic.png

  • 0

Advertisements


#32
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
No yours is not the paid version so go ahead and run the OTL fix.
  • 0

#33
uc577

uc577

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
The OTL fix log is:

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-867742007-3196716687-2430734396-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_USERS\S-1-5-21-867742007-3196716687-2430734396-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-867742007-3196716687-2430734396-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AB832701-5A42-44E2-8A26-D3E479FCB445}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB832701-5A42-44E2-8A26-D3E479FCB445}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-867742007-3196716687-2430734396-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Uilani\Desktop\cmd.bat deleted successfully.
C:\Users\Uilani\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Uilani
->Temp folder emptied: 72540356 bytes
->Temporary Internet Files folder emptied: 757011236 bytes
->Java cache emptied: 8389158 bytes
->FireFox cache emptied: 124557485 bytes
->Apple Safari cache emptied: 17189888 bytes
->Flash cache emptied: 15056950 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3691884 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50199 bytes
RecycleBin emptied: 843452 bytes

Total Files Cleaned = 953.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 10252012_120844

Files\Folders moved on Reboot...
C:\Users\Uilani\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Uilani\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
___________________________________________________________

The Combofix log just came up finally :thumbsup:

ComboFix 12-10-25.02 - Uilani 10/25/2012 12:39:22.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2218 [GMT -7:00]
Running from: c:\users\Uilani\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-09-25 to 2012-10-25 )))))))))))))))))))))))))))))))
.
.
2012-10-25 19:54 . 2012-10-25 19:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-25 19:38 . 2012-10-25 19:38 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBA6DA55-FF50-4769-8AC3-CBCF5D66B3C9}\offreg.dll
2012-10-25 09:45 . 2012-10-25 09:45 -------- d-----w- c:\program files (x86)\ESET
2012-10-25 00:11 . 2012-10-25 00:11 -------- d-----w- c:\users\Uilani\AppData\Roaming\Malwarebytes
2012-10-25 00:11 . 2012-10-25 00:11 -------- d-----w- c:\programdata\Malwarebytes
2012-10-25 00:11 . 2012-10-25 00:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-25 00:11 . 2012-09-30 02:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-24 04:07 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBA6DA55-FF50-4769-8AC3-CBCF5D66B3C9}\mpengine.dll
2012-10-10 01:12 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 01:12 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 01:12 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 01:12 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 01:12 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 01:12 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 01:12 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 01:12 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 01:12 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 01:12 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-09 18:33 . 2012-10-09 18:33 208216 ----a-w- c:\windows\system32\drivers\30026918.sys
2012-09-25 21:07 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 08:04 . 2011-01-08 06:08 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 11:34 . 2012-04-09 02:50 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 11:34 . 2011-07-05 00:51 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-01 16:17 . 2012-09-01 16:17 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-01 16:17 . 2012-09-01 16:17 289768 ----a-w- c:\windows\system32\javaws.exe
2012-09-01 16:17 . 2010-09-09 20:07 189416 ----a-w- c:\windows\system32\javaw.exe
2012-09-01 16:17 . 2012-09-01 16:17 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-01 16:17 . 2010-09-09 20:07 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-01 16:17 . 2010-09-09 20:07 188904 ----a-w- c:\windows\system32\java.exe
2012-08-24 11:15 . 2012-09-23 00:47 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-23 00:47 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-23 00:51 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-23 00:51 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-23 00:50 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-23 00:51 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-23 00:52 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-23 00:50 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-23 00:52 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-23 00:49 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-23 00:50 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-23 00:49 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-23 00:51 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-23 00:54 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-23 00:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-23 00:53 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-23 00:50 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-23 00:50 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-23 00:51 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-23 00:52 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-23 00:53 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-23 00:54 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-13 02:07 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-13 02:07 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-13 02:07 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-13 02:07 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-10 01:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-13 02:07 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-13 02:07 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Spotify Web Helper"="c:\users\Uilani\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-22 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-25 201512]
"VitaKeyTSR"="c:\program files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe" [2010-06-09 380272]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-06-14 587320]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-17 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 acfva;acfva;c:\windows\system32\DRIVERS\ACFVA64.sys [2009-09-02 123008]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 dgcfltr;DGC Filter Driver;c:\windows\system32\DRIVERS\ACFDCP64.sys [2009-04-29 34944]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-22 115168]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-08-25 349800]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-04 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2009-11-11 20056]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AcfXAudioService;AcfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-06-07 408576]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-06-25 338168]
S2 EgisTec Service;EgisTec Service;c:\program files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [2010-06-09 697712]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-06-09 646000]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-06-14 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-04-15 2533400]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2010-05-17 71168]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2010-05-17 175104]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [2010-05-17 81920]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-06-25 32880]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-18 7680512]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-04-16 39832]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 11:34]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 10:34]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 10:34]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867742007-3196716687-2430734396-1000Core.job
- c:\users\Uilani\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11 08:04]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867742007-3196716687-2430734396-1000UA.job
- c:\users\Uilani\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11 08:04]
.
2012-10-22 c:\windows\Tasks\HPCeeScheduleForUilani.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-26 324096]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"CnxtCoInstallerDefer"="c:\program files\CONEXANT\SETUP4D162AA40\SETUP\SETUP64.EXE" [2009-11-19 1421312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 66.51.205.100 66.51.206.100
FF - ProfilePath - c:\users\Uilani\AppData\Roaming\Mozilla\Firefox\Profiles\ji290ugd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.studyblue.com/
FF - ExtSQL: 2012-09-09 13:16; [email protected]; c:\users\Uilani\AppData\Roaming\Mozilla\Firefox\Profiles\ji290ugd.default\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2010-12-29 06:00; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-vfd-adk - c:\program files (x86)\OApps\vfd-adk_uninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-25 16:02:29
ComboFix-quarantined-files.txt 2012-10-25 23:02
ComboFix2.txt 2012-10-12 21:22
.
Pre-Run: 368,343,588,864 bytes free
Post-Run: 368,256,679,936 bytes free
.
- - End Of File - - AA5B252E20490A14A3FCB1DE5CEDA5FA
________________________________________________________________

I'm not sure about what issues it still has since it's so soon. I do notice on certain websites I'm not seeing the random ads I was seeing lately.

Edited by uc577, 25 October 2012 - 05:05 PM.

  • 0

#34
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
I do not see an active AntiVirus on your machine. I only see MalwareBytes' which is an on demand antimalware product. If you have one then turn it on, if not please download and install Microsoft Security Essentials below.

Antvirus software is a necessity. This is your primary line of defense against the type of malware that has infected your computer. Each of the following products have real-time protection and scheduled scans. Please choose one, install it, update the antivirus database/definitions, and run a complete scan.


*Please note* You should never install more than one anti-virus program on a PC because it will cause conflicts.
  • 0

#35
uc577

uc577

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Oh that's actually the antivirus I had but I couldn't figure out how to disable it without uninstalling it so I just took it off entirely for the time being. :P

I'm reinstalling it now and I'll do a full scan. :thumbsup:

Edited by uc577, 25 October 2012 - 08:16 PM.

  • 0

#36
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
:thumbsup:

Let me know the result when you finish. And also update me on your computer issues.

Regards,

CompCav
  • 0

#37
uc577

uc577

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Hello CompCav. So I ran the full scan and it went on for several hours. It deleted a few of the same adware. I've attached a picture of one of them because they all have the same name. Unfortunately my online homework I was doing as the scan had begun did the strangest thing when I tried to save it--it instead deleted all of my answers and submitted. This is especially strange because I've never heard of this happening with this program and I've been using it all semester. It said that an adobe plug-in failed to run or something like that, but I suppose that may have been an unrelated glitch. Horribly inconvenient though. :tazz:

Only time will tell what other surprises my computer has in store for me. :smashcomp:

Attached Thumbnails

  • pc clean info.png

Edited by uc577, 26 October 2012 - 03:29 AM.

  • 0

#38
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Let's look at your system from the outside.



For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
Posted Image
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
  • 0

#39
uc577

uc577

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Here's the log the scan produced :happy: :

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2012
Ran by SYSTEM at 29-10-2012 13:34:32
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-06-25] (Alcor Micro Corp.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-17] (IDT, Inc.)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash [1441792 2010-06-08] (Intel® Corporation)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [611896 2010-01-20] ()
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [CnxtCoInstallerDefer] C:\Program Files\CONEXANT\SETUP4D162AA40\SETUP\SETUP64.EXE -REBOOTED_FROM_NO_ENUM_INSTALL -S [1421312 2009-11-19] (Conexant Systems, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [401192 2009-12-24] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201512 2009-12-24] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe /run [380272 2010-06-08] (Egis Technology Inc. )
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [587320 2011-06-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Uilani\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Uilani\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Uilani\...\Run: [Spotify Web Helper] "C:\Users\Uilani\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1199576 2012-10-21] (Spotify Ltd)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Services (Whitelisted) ===================

2 AcfXAudioService; C:\Windows\SysWOW64\ACFXAU64.dll [436736 2009-04-28] (Conexant Systems, Inc.)
2 DvmMDES; "C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe" [338168 2010-06-25] (DeviceVM, Inc.)
2 EgisTec Service; "C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe" [697712 2010-06-08] (Egis Technology Inc. )
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)

==================== Drivers (Whitelisted) =====================

3 acfva; C:\Windows\System32\DRIVERS\ACFVA64.sys [123008 2009-09-01] (Conexant Systems Inc.)
3 dgcfltr; C:\Windows\System32\DRIVERS\ACFDCP64.sys [34944 2009-04-28] (Conexant Systems, Inc.)
1 DVMIO; C:\Windows\System32\Drivers\DVMIO.sys [20056 2009-11-11] (DeviceVM, Inc.)
2 mdmxsdk; C:\Windows\System32\DRIVERS\ACFSDK64.sys [17024 2007-03-15] (Conexant)
3 MODEMCSA; C:\Windows\System32\Drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation)
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
2 XAudio; C:\Windows\System32\DRIVERS\ACFXAU64.sys [10240 2009-04-28] (Conexant Systems, Inc.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-10-27 22:01 - 2012-10-27 22:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-10-25 18:18 - 2012-10-25 18:18 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-10-25 18:18 - 2012-10-25 18:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-10-25 18:15 - 2012-10-25 18:16 - 13529576 ____A (Microsoft Corporation) C:\Users\Uilani\Downloads\mseinstall (1).exe
2012-10-25 15:02 - 2012-10-25 15:02 - 00023484 ____A C:\ComboFix.txt
2012-10-25 11:27 - 2012-10-25 11:28 - 04988534 ____R (Swearware) C:\Users\Uilani\Desktop\ComboFix.exe
2012-10-25 10:52 - 2012-10-25 10:53 - 00602112 ____A (OldTimer Tools) C:\Users\Uilani\Desktop\OTL.exe
2012-10-25 09:31 - 2012-10-25 11:05 - 00156088 ____A C:\Users\Uilani\Desktop\OTL.Txt
2012-10-25 08:05 - 2012-10-25 08:05 - 04731392 ____A (AVAST Software) C:\Users\Uilani\Desktop\aswMBR.exe
2012-10-25 08:02 - 2012-10-25 08:02 - 00009072 ____A C:\AdwCleaner[S1].txt
2012-10-25 08:01 - 2012-10-25 08:01 - 00538941 ____A C:\Users\Uilani\Downloads\adwcleaner.exe
2012-10-25 01:45 - 2012-10-25 01:45 - 00000000 ____D C:\Program Files (x86)\ESET
2012-10-24 16:11 - 2012-10-24 16:11 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-24 16:11 - 2012-10-24 16:11 - 00000000 ____D C:\Users\Uilani\AppData\Roaming\Malwarebytes
2012-10-24 16:11 - 2012-10-24 16:11 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-10-24 16:11 - 2012-10-24 16:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-24 16:11 - 2012-09-29 18:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-10-21 20:17 - 2012-10-21 20:17 - 01937047 ____A C:\Users\Uilani\Downloads\CADV presentation.pptx
2012-10-19 08:53 - 2012-10-22 12:29 - 00000000 ____D C:\Users\Uilani\Desktop\CADV Presentation
2012-10-12 12:38 - 2012-10-25 15:03 - 00000000 ____D C:\Qoobox
2012-10-12 12:38 - 2012-10-12 13:20 - 00000000 ____D C:\Windows\erdnt
2012-10-12 12:38 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-10-12 12:38 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-10-12 12:38 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-10-12 12:38 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-10-12 12:38 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-10-12 12:38 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-10-12 12:38 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-10-12 12:38 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-10-09 17:13 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-09 17:13 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-09 17:13 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-09 17:13 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-10-09 17:13 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-09 17:13 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-09 17:13 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-09 17:13 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-09 17:13 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-10-09 17:13 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-10-09 17:13 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-09 17:13 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-10-09 17:13 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-10-09 17:13 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-09 17:13 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-10-09 17:13 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-10-09 17:13 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-10-09 17:13 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-10-09 17:13 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-10-09 17:13 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-10-09 17:13 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-10-09 17:13 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-09 17:13 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-09 17:12 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-09 17:12 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-09 17:12 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-09 17:12 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-09 17:12 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-09 17:12 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-09 17:12 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-09 17:12 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-09 17:12 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-09 17:12 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-10-09 10:33 - 2012-10-09 10:33 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\30026918.sys
2012-10-09 10:28 - 2012-10-09 10:29 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Uilani\Downloads\tdsskiller.exe


==================== 3 Months Modified Files ==================

2012-10-29 12:29 - 2010-09-26 05:14 - 01974311 ____A C:\Windows\WindowsUpdate.log
2012-10-29 12:20 - 2012-05-11 00:04 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867742007-3196716687-2430734396-1000UA.job
2012-10-29 11:42 - 2009-07-13 21:13 - 00742014 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-29 11:34 - 2012-04-08 18:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-29 11:34 - 2011-12-24 02:34 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-29 10:23 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-29 10:23 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-29 10:16 - 2011-12-24 02:34 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-29 10:16 - 2010-09-26 05:24 - 00000050 ____A C:\Windows\System32\SupplicantTest.log
2012-10-29 10:16 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-29 10:16 - 2009-07-13 20:51 - 00106095 ____A C:\Windows\setupact.log
2012-10-28 22:49 - 2012-05-11 00:04 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867742007-3196716687-2430734396-1000Core.job
2012-10-28 20:27 - 2012-04-01 17:03 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForUilani.job
2012-10-28 20:13 - 2011-01-03 15:32 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-10-26 09:58 - 2010-09-26 05:22 - 00242232 ____A C:\Windows\PFRO.log
2012-10-25 18:19 - 2011-08-23 13:14 - 00001945 ____A C:\Windows\epplauncher.mif
2012-10-25 18:16 - 2012-10-25 18:15 - 13529576 ____A (Microsoft Corporation) C:\Users\Uilani\Downloads\mseinstall (1).exe
2012-10-25 15:02 - 2012-10-25 15:02 - 00023484 ____A C:\ComboFix.txt
2012-10-25 11:55 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-10-25 11:28 - 2012-10-25 11:27 - 04988534 ____R (Swearware) C:\Users\Uilani\Desktop\ComboFix.exe
2012-10-25 11:05 - 2012-10-25 09:31 - 00156088 ____A C:\Users\Uilani\Desktop\OTL.Txt
2012-10-25 10:53 - 2012-10-25 10:52 - 00602112 ____A (OldTimer Tools) C:\Users\Uilani\Desktop\OTL.exe
2012-10-25 08:31 - 2012-09-18 14:23 - 00000512 ____A C:\Users\Uilani\Desktop\MBR.dat
2012-10-25 08:05 - 2012-10-25 08:05 - 04731392 ____A (AVAST Software) C:\Users\Uilani\Desktop\aswMBR.exe
2012-10-25 08:02 - 2012-10-25 08:02 - 00009072 ____A C:\AdwCleaner[S1].txt
2012-10-25 08:01 - 2012-10-25 08:01 - 00538941 ____A C:\Users\Uilani\Downloads\adwcleaner.exe
2012-10-24 16:11 - 2012-10-24 16:11 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-21 20:17 - 2012-10-21 20:17 - 01937047 ____A C:\Users\Uilani\Downloads\CADV presentation.pptx
2012-10-14 17:51 - 2010-12-25 08:48 - 00000388 ____A C:\Users\Uilani\AppData\Local\mv_Photo.xml
2012-10-12 13:06 - 2009-07-13 18:34 - 73138176 ____A C:\Windows\System32\config\software.bak
2012-10-12 13:06 - 2009-07-13 18:34 - 17039360 ____A C:\Windows\System32\config\system.bak
2012-10-12 13:06 - 2009-07-13 18:34 - 01310720 ____A C:\Windows\System32\config\default.bak
2012-10-12 13:06 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\security.bak
2012-10-12 13:06 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\sam.bak
2012-10-10 00:04 - 2011-01-07 22:08 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-09 10:33 - 2012-10-09 10:33 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\30026918.sys
2012-10-09 10:29 - 2012-10-09 10:28 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Uilani\Downloads\tdsskiller.exe
2012-10-09 03:34 - 2012-04-08 18:50 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-10-09 03:34 - 2011-07-04 16:51 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-29 18:54 - 2012-10-24 16:11 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-23 14:31 - 2012-09-23 14:31 - 00000008 ____A C:\Users\Uilani\Desktop\musictransferrecord.txt
2012-09-18 14:40 - 2012-09-16 15:00 - 00159510 ____A C:\Users\Uilani\Downloads\OTL.Txt
2012-09-18 14:28 - 2012-09-18 14:27 - 00600064 ____A (OldTimer Tools) C:\Users\Uilani\Downloads\OTL (2).exe
2012-09-18 12:07 - 2012-09-18 12:03 - 04731392 ____A (AVAST Software) C:\Users\Uilani\Downloads\aswMBR.exe
2012-09-18 11:57 - 2012-09-18 11:57 - 00600576 ____A (OldTimer Tools) C:\Users\Uilani\Downloads\OTL (1).exe
2012-09-18 09:49 - 2012-09-18 09:49 - 00001272 ____A C:\Users\Uilani\Desktop\RKreport[3].txt
2012-09-18 09:48 - 2012-09-18 09:48 - 00001593 ____A C:\Users\Uilani\Desktop\RKreport[2].txt
2012-09-18 09:47 - 2012-09-18 09:47 - 00001684 ____A C:\Users\Uilani\Desktop\RKreport[1].txt
2012-09-18 09:30 - 2012-09-18 09:30 - 01378816 ____A C:\Users\Uilani\Desktop\RogueKiller.exe
2012-09-18 09:29 - 2012-09-18 09:29 - 01378816 ____A C:\Users\Uilani\Downloads\RogueKiller.exe
2012-09-18 00:01 - 2011-01-08 19:35 - 00759600 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-09-17 15:19 - 2009-07-13 21:08 - 00032614 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-16 15:01 - 2012-09-16 15:01 - 00109694 ____A C:\Users\Uilani\Downloads\Extras.Txt
2012-09-16 14:54 - 2012-09-16 14:54 - 00600064 ____A (OldTimer Tools) C:\Users\Uilani\Downloads\OTL.exe
2012-09-16 03:16 - 2012-08-25 23:45 - 00292771 ____A C:\Users\Uilani\Desktop\CatchOutput.exe
2012-09-15 06:50 - 2012-09-04 11:36 - 00001823 ____A C:\Users\Public\Desktop\Recuva.lnk
2012-09-14 11:19 - 2012-10-09 17:12 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 10:28 - 2012-10-09 17:12 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-09-10 19:23 - 2012-09-10 19:23 - 00010782 ____A C:\Users\Uilani\Desktop\DriveInfo.txt1(2)
2012-09-09 16:32 - 2012-09-09 16:30 - 00010782 ____A C:\Users\Uilani\Desktop\DriveInfo1.txt
2012-09-08 17:18 - 2012-09-08 17:17 - 00475136 ____A (Fujitsu) C:\Users\Uilani\Downloads\fjdtwin.exe
2012-09-04 22:33 - 2011-09-15 21:35 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-09-04 13:45 - 2012-09-04 13:45 - 00001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-09-04 10:05 - 2012-09-04 10:05 - 00001056 ____A C:\Users\Uilani\Music - Shortcut.lnk
2012-09-01 08:35 - 2012-09-01 08:34 - 13085120 ____A (Microsoft Corporation) C:\Users\Uilani\Downloads\Silverlight_x64.exe
2012-09-01 08:28 - 2012-09-01 08:28 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-09-01 08:20 - 2012-09-01 08:18 - 32693736 ____A (Oracle Corporation) C:\Users\Uilani\Downloads\jre-7u7-windows-x64(1).exe
2012-09-01 08:17 - 2012-09-01 08:17 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-09-01 08:17 - 2012-09-01 08:17 - 00289768 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-09-01 08:17 - 2012-09-01 08:17 - 00108008 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2012-09-01 08:17 - 2010-09-09 12:07 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-09-01 08:17 - 2010-09-09 12:07 - 00189416 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-09-01 08:17 - 2010-09-09 12:07 - 00188904 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-09-01 08:08 - 2012-09-01 08:06 - 32693736 ____A (Oracle Corporation) C:\Users\Uilani\Downloads\jre-7u7-windows-x64.exe
2012-08-31 10:19 - 2012-10-09 17:13 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-30 21:03 - 2012-08-30 21:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-30 21:03 - 2012-08-30 21:03 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-08-30 20:57 - 2012-08-30 20:57 - 00002148 ____A C:\Users\Public\Desktop\Photo Explosion.lnk
2012-08-30 18:30 - 2012-08-30 18:30 - 00000931 ____A C:\Users\Public\Desktop\Splashup Light.lnk
2012-08-30 10:03 - 2012-10-09 17:13 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-30 09:12 - 2012-10-09 17:13 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-30 09:12 - 2012-10-09 17:13 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-27 16:05 - 2010-12-25 08:48 - 00000115 ____A C:\Users\Uilani\AppData\Local\mv_music.xml
2012-08-24 10:05 - 2012-10-09 17:13 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 08:57 - 2012-10-09 17:13 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-24 03:15 - 2012-09-22 16:47 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:39 - 2012-09-22 16:47 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 02:31 - 2012-09-22 16:51 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 02:22 - 2012-09-22 16:51 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 02:21 - 2012-09-22 16:50 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 02:20 - 2012-09-22 16:51 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 02:18 - 2012-09-22 16:52 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 02:17 - 2012-09-22 16:50 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 02:14 - 2012-09-22 16:52 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 02:14 - 2012-09-22 16:49 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 02:13 - 2012-09-22 16:50 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 02:12 - 2012-09-22 16:49 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 02:11 - 2012-09-22 16:51 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 02:10 - 2012-09-22 16:54 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 02:09 - 2012-09-22 16:55 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 02:04 - 2012-09-22 16:53 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 23:27 - 2012-09-22 16:47 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 23:03 - 2012-09-22 16:47 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 22:59 - 2012-09-22 16:50 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 22:51 - 2012-09-22 16:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 22:51 - 2012-09-22 16:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 22:51 - 2012-09-22 16:50 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 22:49 - 2012-09-22 16:52 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 22:48 - 2012-09-22 16:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 22:47 - 2012-09-22 16:53 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 22:47 - 2012-09-22 16:52 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 22:47 - 2012-09-22 16:50 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 22:45 - 2012-09-22 16:51 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 22:44 - 2012-09-22 16:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 22:44 - 2012-09-22 16:49 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 22:43 - 2012-09-22 16:54 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 22:40 - 2012-09-22 16:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-22 10:12 - 2012-09-12 18:07 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-12 18:07 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-12 18:07 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-12 18:07 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 13:01 - 2012-09-25 13:07 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-20 10:48 - 2012-10-09 17:13 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-20 10:48 - 2012-10-09 17:13 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-20 10:48 - 2012-10-09 17:13 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-08-20 10:48 - 2012-10-09 17:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-08-20 10:48 - 2012-10-09 17:13 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-20 10:48 - 2012-10-09 17:13 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-08-20 10:48 - 2012-10-09 17:13 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-08-20 10:46 - 2012-10-09 17:13 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-20 10:38 - 2012-10-09 17:13 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 17:13 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 17:13 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 17:13 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 17:13 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 17:13 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 17:13 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 17:13 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 17:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 17:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 17:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 17:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 17:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 17:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 17:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 17:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 17:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 17:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 17:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 17:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 17:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 17:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 17:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 17:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 17:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 17:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 17:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 17:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 09:40 - 2012-10-09 17:13 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-08-20 09:38 - 2012-10-09 17:13 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-08-20 09:37 - 2012-10-09 17:13 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-08-20 09:37 - 2012-10-09 17:13 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-08-20 09:37 - 2012-10-09 17:13 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-08-20 09:32 - 2012-10-09 17:13 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 17:13 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 17:13 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 17:13 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 17:13 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 17:13 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 17:13 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 17:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 17:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 17:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 17:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 17:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 17:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 17:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 17:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 17:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 17:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 17:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 17:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 17:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 17:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 17:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 17:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 17:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-20 07:38 - 2012-10-09 17:13 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-08-20 07:38 - 2012-10-09 17:13 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-08-20 07:33 - 2012-10-09 17:13 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 07:33 - 2012-10-09 17:13 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 07:33 - 2012-10-09 17:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 07:33 - 2012-10-09 17:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-16 14:05 - 2012-08-16 14:03 - 20791199 ____A C:\Users\Uilani\Downloads\videora-ipod-600-setup.exe
2012-08-15 03:23 - 2009-07-13 20:45 - 00335880 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-14 03:11 - 2012-08-14 03:10 - 00469088 ____A C:\Windows\Minidump\081412-47455-01.dmp
2012-08-14 03:10 - 2012-03-23 22:53 - 434655819 ____A C:\Windows\MEMORY.DMP
2012-08-12 21:05 - 2011-09-16 22:42 - 00002491 ____A C:\Users\Public\Desktop\Safari.lnk
2012-08-12 20:58 - 2012-08-12 20:58 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-08-12 20:42 - 2012-08-12 20:42 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-08-12 10:30 - 2012-08-12 10:30 - 01358007 ____A C:\Users\Uilani\Downloads\Dojotech Spotify Recorder (Spotify 3.0).zip
2012-08-10 16:56 - 2012-10-09 17:12 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-10 15:56 - 2012-10-09 17:12 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-08-04 04:28 - 2012-08-04 04:28 - 00284296 ____A C:\Windows\Minidump\080412-30357-01.dmp
2012-08-02 09:58 - 2012-09-12 18:07 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 08:57 - 2012-09-12 18:07 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 3893.86 MB
Available physical RAM: 3185.4 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3184.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:441.83 GB) (Free:342.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:23.64 GB) (Free:3.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: (KINGSTON) (Removable) (Total:0.93 GB) (Free:0.84 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 962 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 441 GB 200 MB
Partition 3 Primary 23 GB 442 GB
Partition 4 Primary 103 MB 465 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 441 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 23 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 958 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H KINGSTON FAT Removable 958 MB Healthy

=========================================================

Last Boot: 2012-10-22 19:21

==================== End Of Log =============================
  • 0

#40
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Based on the logs this:

It said that an adobe plug-in failed to run or something like that, but I suppose that may have been an unrelated glitch.

is not due to malware.


Step 1.

Since you have MalwareBytes' installed just update it and run quickscan.

Post the log it produces.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



Step 2.

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Step 3.

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 4.

Please post:


mbam log
eset log
security check log


Please give me an update on how your computer is doing!
  • 0

Advertisements


#41
uc577

uc577

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
This is the log from MBAM:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.29.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Uilani :: OOEEGALANI [administrator]

10/29/2012 6:40:01 PM
mbam-log-2012-10-29 (18-40-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206052
Time elapsed: 5 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
_______________________________________________

As for the ESET online scan, it once again is freezing at 4% :smashcomp:

Attached Thumbnails

  • proxy.png

  • 0

#42
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Some machines have that problem let's run this one instead:

Notes to helper: KSS cannot be installed when other Kasperksy Lab applications are installed
Also KSS does not remove malicious objects or disinfect infected files

  • Go to here
  • Click the download button under Kaspersky Security Scan
  • Download and run the file
  • It will start to download the Kaspersky Security Scan program data
  • Once downloaded the installer will begin
  • Click Next
  • Accept the License Agreement
  • Click Install
  • The program will now install
  • Click Finish
  • Kaspersky Security Scan will now start

    Posted Image
  • Click the Full Scan button

    Posted Image
  • The scan will take about an hour or two depending on the amount of data on your hard drive
  • If the scan detects problems it will open a Problems found window (you can click Details to view the scan results)

    Posted Image
  • Once the scan is complete do the following:
    • For XP: Navigate to C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot
      For Vista/7: Navigate to C:\ProgramData\Kaspersky Lab\KSS2\DataRoot
    • Right-click on the HtmlReport folder --> Click Send to --> Click Compressed (zipped) folder
    • Attach the HtmlReport zipped folder to your next post
      Posted Image
      Posted Image
      Posted Image
  • You can now close Kaspersky Security Scan

  • 0

#43
uc577

uc577

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
I forgot to post the security check log :whistling:
Here that one is:

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.1
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.2)
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbam.exe
ESET ESET Online Scanner OnlineCmdLineScanner.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
___________________________________________________________________________

Edited by uc577, 30 October 2012 - 01:55 AM.

  • 0

#44
uc577

uc577

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Here's the Kaspersky report as well. :thumbsup:

Attached Files


Edited by uc577, 30 October 2012 - 02:00 AM.

  • 0

#45
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Posted Image UPDATE JAVA
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:

Clear the Java Cache by following the instructions here

  • Please download JavaRa to your desktop.
    • Click the Download button next to Legacy Version Version 1.1.6 to download JavaRA and unzip it to its own folder.
  • Run JavaRa.exe
  • Pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts.
    Posted Image
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
    • The most current version is Java SE 7u9. You want the Windows (86) Offline 32bit version.
    • Also for 64 bit systems you need Java SE 7U9 offlline 64 bit


Once you have updated please let me know what issues remain.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP