Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack.NoFolderOption System Infected HELP


  • This topic is locked This topic is locked

#151
Jayli

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
The file isn't there. I even did a ShowHidden and couldn't find it. I also did a search on the computer. Nothing found. Thanks.

Edit: Researched "cannot find mp3genres.txt" information stating this is both an Adobe and FL Studio VST problem. Found this on the Adobe Site.

"Some have had luck moving their various VST plug-ins to their Desktop."


Response from one person. "all is good, i moved the vst files to the desktop and both fl studio and priemere work perfect!"

Edited by Jayli, 12 November 2012 - 08:07 PM.

  • 0

Advertisements


#152
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Copy the text in the code box:

/md5start
Title.png
MP3Genres.txt
FLEngine.dll
FL.exe
/md5stop

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes
then Run Scan.

You should get 1 log. Please copy and paste it.
  • 0

#153
Jayli

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Heres the log. * I created a Title.png image last night with MS Paint and put it in the folder, so the Title.png is NOT the original FL Studios image. Adding the image to the folder stopped Error #1. Is there a program like RECUVA that we can use to recover the deleted files? Thanks.

OTL logfile created on: 13/11/2012 10:51:27 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JayLi\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.51% Memory free
4.00 Gb Paging File | 3.25 Gb Available in Paging File | 81.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 44.82 Gb Free Space | 60.22% Space Free | Partition Type: NTFS

Computer Name: LISETTEMILLER | User Name: JayLi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/06 12:45:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JayLi\Desktop\OTL.exe
PRC - [2012/11/04 21:25:17 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/10/30 17:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/26 22:41:08 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/08/30 19:01:05 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2011/10/12 08:40:34 | 000,417,792 | ---- | M] (SA International) -- C:\Program Files\SignWarehouse\Vinyl Express LXi1\Program\SAiDownloaderVistaUI.exe
PRC - [2011/10/12 08:38:38 | 000,077,824 | ---- | M] (SA International) -- C:\Windows\System32\SAiDownloaderVista.exe
PRC - [2011/10/12 08:28:36 | 000,065,536 | ---- | M] (SA International) -- C:\Windows\System32\SAiAdmin.exe
PRC - [2011/09/22 06:06:06 | 001,259,040 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2011/09/22 00:03:02 | 000,374,304 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2011/09/22 00:00:00 | 000,292,384 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 16:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2007/12/19 14:58:32 | 000,086,016 | R--- | M] (SA International) -- C:\Windows\System32\SAiLicSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/04 21:25:16 | 009,814,968 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/10/26 22:41:07 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2009/08/16 19:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - [2012/11/03 01:06:52 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/26 22:41:07 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/30 19:01:05 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/10/12 08:40:34 | 000,417,792 | ---- | M] (SA International) [Auto | Running] -- C:\Program Files\SignWarehouse\Vinyl Express LXi1\Program\SAiDownloaderVistaUI.exe -- (SAiDownloader)
SRV - [2011/10/12 08:38:38 | 000,077,824 | ---- | M] (SA International) [Auto | Running] -- C:\Windows\System32\SAiDownloaderVista.exe -- (SAiDownloaderVista)
SRV - [2011/10/12 08:28:36 | 000,065,536 | ---- | M] (SA International) [Auto | Running] -- C:\Windows\System32\SAiAdmin.exe -- (SAiAdmin)
SRV - [2011/09/22 06:06:06 | 001,259,040 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2011/09/22 00:03:02 | 000,374,304 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2011/09/22 00:00:00 | 000,292,384 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe -- (SentinelSecurityRuntime)
SRV - [2010/02/19 15:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/19 14:58:32 | 000,086,016 | R--- | M] (SA International) [Auto | Running] -- C:\Windows\System32\SAiLicSvr.exe -- (SAiLicSvr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\JayLi\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/10/30 17:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 17:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 17:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 17:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 17:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/15 11:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/08/23 09:46:55 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2012/08/23 09:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 09:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/08/23 09:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/05/27 06:05:08 | 000,041,896 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2011/03/18 08:46:26 | 000,061,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2011/03/18 08:46:10 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2010/11/20 16:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 16:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 16:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 16:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 16:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 16:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 16:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 16:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 16:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/12 03:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/09/17 06:05:02 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sentinel.sys -- (Sentinel)
DRV - [2009/09/09 17:19:16 | 000,069,664 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\oz776.sys -- (guardian2)
DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C9 58 6E 20 2D A5 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/11/06 13:29:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/02 23:36:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/11/06 13:29:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/07 16:59:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/10/01 19:32:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JayLi\AppData\Roaming\Mozilla\Extensions
[2012/11/07 13:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JayLi\AppData\Roaming\Mozilla\Firefox\Profiles\b9gr7xr1.default\extensions
[2012/11/02 23:41:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/26 22:41:08 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

O1 HOSTS File: ([2012/11/07 14:12:37 | 000,000,698 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOption = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35048641-5242-4676-B360-E7CF5876E6E2}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/11 13:00:27 | 000,000,000 | ---D | C] -- C:\Users\JayLi\AppData\Local\Diagnostics
[2012/11/08 20:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vinyl Express LXi1
[2012/11/08 13:46:14 | 000,347,424 | ---- | C] (Microsoft Corporation) -- C:\Users\JayLi\Desktop\MicrosoftFixit.ProgramInstallUninstall.RNP.21275827186257757.3.1.Run.exe
[2012/11/08 13:01:39 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2012/11/08 13:01:37 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\terminpt.sys
[2012/11/08 13:01:37 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2012/11/08 13:01:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2012/11/08 13:01:35 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2012/11/08 13:01:33 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2012/11/08 13:01:33 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbGD.sys
[2012/11/08 13:01:28 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2012/11/08 13:01:28 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2012/11/08 13:01:28 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll
[2012/11/08 13:01:28 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2012/11/08 13:01:28 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2012/11/08 13:01:28 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2012/11/08 13:01:28 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2012/11/08 13:01:28 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2012/11/08 13:01:27 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012/11/08 13:01:27 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2012/11/08 12:27:30 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2012/11/08 12:27:07 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/11/08 12:26:59 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012/11/08 12:26:54 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2012/11/08 12:26:54 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2012/11/08 12:26:34 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2012/11/08 12:26:34 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2012/11/08 12:26:33 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2012/11/08 12:26:33 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2012/11/08 12:26:32 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2012/11/08 12:26:32 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2012/11/08 12:26:22 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/11/08 12:26:21 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012/11/08 12:26:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/11/08 12:26:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/11/08 12:26:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/11/08 12:26:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/11/08 12:26:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/11/08 12:26:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/11/08 12:26:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/11/08 12:26:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/11/08 12:26:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/11/08 12:26:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/11/08 12:26:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/11/08 12:26:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/08 12:26:17 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/11/08 12:26:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/11/08 12:26:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/11/08 12:26:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/11/08 12:26:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/11/08 12:26:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/11/08 12:26:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/11/08 12:26:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/11/08 12:26:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/11/08 12:26:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/11/08 12:26:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/11/08 12:26:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/11/08 12:26:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/11/08 12:26:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/11/08 12:26:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/11/08 12:26:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/11/08 12:25:55 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/11/08 12:25:43 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2012/11/08 12:25:41 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/11/08 12:25:38 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/11/08 12:25:35 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2012/11/08 12:25:34 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2012/11/08 12:25:33 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2012/11/08 12:25:29 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2012/11/08 12:25:23 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/11/08 12:25:21 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/11/08 12:25:05 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012/11/08 12:24:53 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012/11/08 12:24:53 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/11/08 12:19:57 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2012/11/07 15:30:26 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\JayLi\Desktop\tdsskiller.exe
[2012/11/07 15:14:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/07 15:14:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/07 15:14:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/07 15:14:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/07 14:58:11 | 004,997,881 | R--- | C] (Swearware) -- C:\Users\JayLi\Desktop\ComboFix.exe
[2012/11/07 14:50:39 | 000,000,000 | ---D | C] -- C:\Users\JayLi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ShellExView
[2012/11/07 14:50:39 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2012/11/07 14:10:58 | 000,000,000 | ---D | C] -- C:\Users\JayLi\Documents\HostsXpert
[2012/11/07 12:22:39 | 000,000,000 | ---D | C] -- C:\Users\JayLi\Desktop\HostsXpert
[2012/11/07 12:15:35 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\JayLi\Desktop\aswMBR.exe
[2012/11/06 12:45:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JayLi\Desktop\OTL.exe
[2012/11/03 16:58:19 | 000,000,000 | ---D | C] -- C:\Users\JayLi\Documents\VRAiFiles
[2012/11/03 16:58:08 | 000,000,000 | ---D | C] -- C:\Users\JayLi\Documents\VinylR
[2012/11/03 16:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SafeNet Sentinel
[2012/11/03 16:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\SafeNet Sentinel
[2012/11/03 16:48:07 | 008,396,912 | ---- | C] (SafeNet, Inc. ) -- C:\Users\JayLi\Desktop\Sentinel Protection Installer 7.6.5.exe
[2012/11/03 16:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SafeNet Sentinel
[2012/11/03 16:27:28 | 000,000,000 | ---D | C] -- C:\Users\JayLi\Documents\Downloaded Installations
[2012/11/03 03:14:19 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/11/03 03:03:37 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~Q
[2012/11/03 02:49:52 | 000,000,000 | ---D | C] -- C:\$INPLACE.~TR
[2012/11/03 01:19:07 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/11/03 01:19:07 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/11/03 01:19:06 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/11/03 01:19:06 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/11/03 01:19:06 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/11/03 01:19:06 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/11/03 01:19:06 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/11/03 01:19:06 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/11/03 01:19:05 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/11/03 01:19:05 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/11/03 01:19:05 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/11/03 01:19:05 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/11/03 01:19:05 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/11/03 01:19:05 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/11/03 01:19:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/11/03 01:19:05 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/11/03 01:19:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/11/03 01:19:05 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/11/03 01:19:05 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/11/03 01:19:05 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/11/03 01:19:05 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/11/03 01:19:05 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/11/03 01:19:05 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/11/03 01:19:05 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/11/03 01:19:04 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/11/03 01:19:04 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/11/03 01:19:04 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/11/03 01:19:04 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/11/03 01:19:04 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/11/03 01:19:04 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/11/03 01:19:04 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/11/03 01:19:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/11/03 01:19:04 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/11/03 01:19:04 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/11/03 01:19:04 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/11/03 01:19:04 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/11/03 01:19:04 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/11/03 01:11:52 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/11/03 00:54:08 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/11/03 00:54:08 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/11/03 00:53:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/11/03 00:53:12 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2012/11/03 00:53:11 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/11/03 00:53:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/11/03 00:53:09 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2012/11/03 00:52:00 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012/11/03 00:52:00 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012/11/03 00:51:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012/11/03 00:51:20 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/11/03 00:51:17 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012/11/03 00:50:58 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2012/11/03 00:50:57 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/11/03 00:50:55 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012/11/03 00:50:50 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/11/03 00:50:46 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2012/11/03 00:50:45 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2012/11/03 00:50:45 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2012/11/03 00:50:31 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/11/03 00:50:18 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/11/03 00:50:17 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/11/03 00:50:05 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/11/03 00:50:05 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/11/03 00:50:02 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2012/11/03 00:50:02 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2012/11/03 00:50:02 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2012/11/03 00:50:02 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2012/11/03 00:50:01 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2012/11/03 00:49:58 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/11/03 00:49:58 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/11/03 00:49:57 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/11/03 00:49:49 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/11/03 00:49:47 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2012/11/03 00:49:46 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2012/11/03 00:49:43 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/11/03 00:49:32 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2012/11/03 00:38:10 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012/11/03 00:31:44 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/11/03 00:31:44 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/11/03 00:31:25 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/11/03 00:31:25 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/11/03 00:31:25 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/11/03 00:30:59 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/11/03 00:30:59 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/11/03 00:30:25 | 000,000,000 | ---D | C] -- C:\Users\JayLi\AppData\Local\VirtualStore
[2012/11/02 23:19:49 | 000,000,000 | --SD | C] -- C:\Users\JayLi\AppData\Roaming\Microsoft
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Videos
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Saved Games
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Pictures
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Music
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Links
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Favorites
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Downloads
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Documents
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Desktop
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\AppData\Local\Temporary Internet Files
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Templates
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Start Menu
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\SendTo
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Recent
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\PrintHood
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\NetHood
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Documents\My Videos
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Documents\My Pictures
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Documents\My Music
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\My Documents
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Local Settings
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\AppData\Local\History
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Cookies
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Application Data
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\AppData\Local\Application Data
[2012/11/02 23:19:49 | 000,000,000 | -H-D | C] -- C:\Users\JayLi\AppData
[2012/11/02 23:19:49 | 000,000,000 | ---D | C] -- C:\Users\JayLi\AppData\Local\Temp
[2012/11/02 23:19:49 | 000,000,000 | ---D | C] -- C:\Users\JayLi\AppData\Local\Microsoft
[2012/11/02 23:19:49 | 000,000,000 | ---D | C] -- C:\Users\JayLi\AppData\Roaming\Media Center Programs
[2012/11/02 23:16:29 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/11/02 21:30:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012/11/02 20:52:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/11/02 20:13:40 | 000,000,000 | ---D | C] -- C:\4d8af5a9e4fb7f239f652fdd2cee
[2012/11/02 20:06:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2012/11/02 20:01:36 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/11/02 17:13:12 | 000,000,000 | ---D | C] -- C:\Users\JayLi\AppData\Roaming\Malwarebytes
[2012/11/02 17:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/02 17:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/02 17:12:58 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/11/02 17:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/02 17:04:12 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\JayLi\Desktop\mbam-setup-1.65.1.1000.exe
[2012/10/30 21:53:38 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/10/30 04:02:31 | 000,131,384 | ---- | C] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2012/10/30 04:02:29 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2012/10/28 02:53:59 | 000,000,000 | ---D | C] -- C:\Users\JayLi\AppData\Roaming\SUPERAntiSpyware.com
[2012/10/27 21:08:51 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/10/27 19:36:56 | 011,088,872 | ---- | C] (Microsoft Corporation) -- C:\Users\JayLi\Desktop\mseinstall.exe
[2012/10/27 15:48:01 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/27 15:16:46 | 000,000,000 | ---D | C] -- C:\Users\JayLi\SETAcl
[2012/10/27 02:49:12 | 000,000,000 | ---D | C] -- C:\Users\JayLi\AppData\Roaming\Ad-Aware Antivirus
[2012/10/27 01:09:43 | 000,000,000 | ---D | C] -- C:\Users\JayLi\Desktop\backups
[2012/10/26 22:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/25 21:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2012/10/25 13:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/10/23 21:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Karen's Power Tools
[2012/10/23 21:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\WinWatch
[2012/10/23 21:08:50 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2012/10/23 21:08:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2012/10/22 16:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2012/10/19 00:26:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/10/19 00:00:43 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/10/18 23:38:14 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/10/18 23:38:14 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/10/18 23:38:14 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/10/18 01:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/10/18 01:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2012/10/18 01:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2012/10/17 17:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/10/16 15:28:53 | 000,000,000 | ---D | C] -- C:\Users\JayLi\AppData\Local\SlimWare Utilities Inc
[2012/10/16 00:11:09 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/10/16 00:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

========== Files - Modified Within 30 Days ==========

[2012/11/13 10:41:31 | 000,618,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/13 10:41:31 | 000,104,546 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/13 10:35:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/13 10:35:46 | 1609,015,296 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/13 01:03:12 | 000,023,312 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/13 01:03:12 | 000,023,312 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/13 00:06:59 | 000,001,389 | ---- | M] () -- C:\Users\JayLi\Desktop\Internet Explorer.lnk
[2012/11/12 19:26:27 | 000,069,606 | ---- | M] () -- C:\Users\JayLi\Desktop\FLexeProperties.jpg
[2012/11/12 16:11:59 | 000,025,326 | ---- | M] () -- C:\Users\JayLi\Desktop\FLSshot4.jpg
[2012/11/12 16:11:06 | 000,037,988 | ---- | M] () -- C:\Users\JayLi\Desktop\FLSshot3.jpg
[2012/11/12 16:10:21 | 000,037,988 | ---- | M] () -- C:\Users\JayLi\Desktop\FLSshot2.jpg
[2012/11/12 16:09:30 | 000,033,873 | ---- | M] () -- C:\Users\JayLi\Desktop\FLSshot1.jpg
[2012/11/12 16:07:34 | 000,094,390 | ---- | M] () -- C:\Users\JayLi\Desktop\CompScreenShotJpg.jpg
[2012/11/08 20:27:10 | 000,002,238 | ---- | M] () -- C:\Users\Public\Desktop\VE LXi Expert 10.5.lnk
[2012/11/08 20:27:10 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Production Manager 10.5.lnk
[2012/11/08 20:15:05 | 000,000,032 | ---- | M] () -- C:\Windows\CD_Start.INI
[2012/11/08 13:46:17 | 000,347,424 | ---- | M] (Microsoft Corporation) -- C:\Users\JayLi\Desktop\MicrosoftFixit.ProgramInstallUninstall.RNP.21275827186257757.3.1.Run.exe
[2012/11/08 13:24:42 | 000,000,726 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/11/08 13:09:21 | 003,782,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/07 20:52:08 | 000,671,232 | ---- | M] () -- C:\Users\JayLi\Desktop\MicrosoftFixit50688.msi
[2012/11/07 15:30:30 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\JayLi\Desktop\tdsskiller.exe
[2012/11/07 15:08:23 | 000,000,512 | ---- | M] () -- C:\Users\JayLi\Desktop\MBR.dat
[2012/11/07 14:58:18 | 004,997,881 | R--- | M] (Swearware) -- C:\Users\JayLi\Desktop\ComboFix.exe
[2012/11/07 14:43:42 | 000,138,984 | ---- | M] () -- C:\Users\JayLi\Desktop\shexview_setup.exe
[2012/11/07 14:42:57 | 000,064,190 | ---- | M] () -- C:\Users\JayLi\Documents\shexview.zip
[2012/11/07 14:12:37 | 000,000,698 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/11/07 14:10:37 | 000,357,766 | ---- | M] () -- C:\Users\JayLi\Documents\HostsXpert.zip
[2012/11/07 14:06:03 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/11/07 12:15:55 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\JayLi\Desktop\aswMBR.exe
[2012/11/07 12:14:01 | 000,080,384 | ---- | M] () -- C:\Users\JayLi\Desktop\MBRCheck.exe
[2012/11/06 12:45:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JayLi\Desktop\OTL.exe
[2012/11/06 12:43:16 | 000,061,440 | ---- | M] ( ) -- C:\Users\JayLi\Desktop\VEW.exe
[2012/11/05 01:56:33 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012/11/04 21:25:17 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/11/04 21:25:16 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/11/03 19:49:37 | 000,000,000 | -H-- | M] () -- C:\Users\JayLi\Documents\Default.rdp
[2012/11/03 09:59:26 | 000,001,407 | ---- | M] () -- C:\Users\JayLi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/11/03 01:19:07 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/11/03 01:19:07 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/11/03 01:19:06 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/11/03 01:19:06 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/11/03 01:19:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/11/03 01:19:06 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/11/03 01:19:06 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/11/03 01:19:06 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/11/03 01:19:05 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/11/03 01:19:05 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/11/03 01:19:05 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/11/03 01:19:05 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/11/03 01:19:05 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/11/03 01:19:05 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/11/03 01:19:05 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/11/03 01:19:05 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/11/03 01:19:05 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/11/03 01:19:05 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/11/03 01:19:05 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/11/03 01:19:05 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/11/03 01:19:05 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/11/03 01:19:05 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/11/03 01:19:05 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/11/03 01:19:05 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/11/03 01:19:05 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/11/03 01:19:04 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/11/03 01:19:04 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/11/03 01:19:04 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/11/03 01:19:04 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/11/03 01:19:04 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/11/03 01:19:04 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/11/03 01:19:04 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/11/03 01:19:04 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/11/03 01:19:04 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/11/03 01:19:04 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/11/03 01:19:04 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/11/03 01:19:04 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/11/03 01:19:04 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/11/03 00:30:25 | 000,001,382 | RHS- | M] () -- C:\Users\JayLi\ntuser.pol
[2012/11/03 00:23:19 | 000,116,385 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/11/03 00:12:17 | 000,021,316 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat
[2012/11/02 23:18:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
[2012/11/02 21:56:22 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/11/02 21:56:22 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/11/02 17:13:01 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/02 17:04:20 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\JayLi\Desktop\mbam-setup-1.65.1.1000.exe
[2012/11/02 15:21:59 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/30 19:39:25 | 000,444,442 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_512
[2012/10/30 17:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/10/30 17:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/10/30 17:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/10/30 17:51:57 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/10/30 17:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/10/30 17:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/30 17:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/10/30 07:12:32 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/30 04:13:15 | 000,131,384 | ---- | M] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2012/10/30 04:02:29 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2012/10/27 19:37:05 | 011,088,872 | ---- | M] (Microsoft Corporation) -- C:\Users\JayLi\Desktop\mseinstall.exe
[2012/10/27 17:53:43 | 000,033,588 | ---- | M] () -- C:\Users\JayLi\Documents\cc_20121027_185311_10262012.reg
[2012/10/25 21:49:19 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2012/10/23 21:24:43 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2012/10/23 21:24:43 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2012/10/17 18:11:56 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/10/17 18:08:08 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20121030-203925.backup
[2012/10/17 12:39:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_793
[2012/10/17 02:51:41 | 000,000,000 | ---- | M] () -- C:\Windows\System32\edit
[2012/10/16 00:11:09 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/10/15 11:59:28 | 000,044,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys

========== Files Created - No Company Name ==========

[2012/11/12 19:26:27 | 000,069,606 | ---- | C] () -- C:\Users\JayLi\Desktop\FLexeProperties.jpg
[2012/11/12 16:11:59 | 000,025,326 | ---- | C] () -- C:\Users\JayLi\Desktop\FLSshot4.jpg
[2012/11/12 16:11:06 | 000,037,988 | ---- | C] () -- C:\Users\JayLi\Desktop\FLSshot3.jpg
[2012/11/12 16:10:21 | 000,037,988 | ---- | C] () -- C:\Users\JayLi\Desktop\FLSshot2.jpg
[2012/11/12 16:09:30 | 000,033,873 | ---- | C] () -- C:\Users\JayLi\Desktop\FLSshot1.jpg
[2012/11/12 16:07:34 | 000,094,390 | ---- | C] () -- C:\Users\JayLi\Desktop\CompScreenShotJpg.jpg
[2012/11/08 20:25:45 | 000,002,238 | ---- | C] () -- C:\Users\Public\Desktop\VE LXi Expert 10.5.lnk
[2012/11/07 20:52:04 | 000,671,232 | ---- | C] () -- C:\Users\JayLi\Desktop\MicrosoftFixit50688.msi
[2012/11/07 15:14:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/07 15:14:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/07 15:14:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/07 15:14:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/07 15:14:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/07 15:08:23 | 000,000,512 | ---- | C] () -- C:\Users\JayLi\Desktop\MBR.dat
[2012/11/07 14:43:41 | 000,138,984 | ---- | C] () -- C:\Users\JayLi\Desktop\shexview_setup.exe
[2012/11/07 14:42:55 | 000,064,190 | ---- | C] () -- C:\Users\JayLi\Documents\shexview.zip
[2012/11/07 14:10:34 | 000,357,766 | ---- | C] () -- C:\Users\JayLi\Documents\HostsXpert.zip
[2012/11/07 12:13:59 | 000,080,384 | ---- | C] () -- C:\Users\JayLi\Desktop\MBRCheck.exe
[2012/11/06 12:43:13 | 000,061,440 | ---- | C] ( ) -- C:\Users\JayLi\Desktop\VEW.exe
[2012/11/03 19:49:37 | 000,000,000 | -H-- | C] () -- C:\Users\JayLi\Documents\Default.rdp
[2012/11/03 16:03:35 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Production Manager 10.5.lnk
[2012/11/03 01:19:05 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/11/03 00:31:36 | 000,001,413 | ---- | C] () -- C:\Users\JayLi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/11/03 00:30:24 | 000,001,382 | RHS- | C] () -- C:\Users\JayLi\ntuser.pol
[2012/11/03 00:24:42 | 1609,015,296 | -HS- | C] () -- C:\hiberfil.sys
[2012/11/03 00:12:17 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2012/11/02 23:19:49 | 000,000,290 | ---- | C] () -- C:\Users\JayLi\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/11/02 23:19:49 | 000,000,272 | ---- | C] () -- C:\Users\JayLi\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/11/02 23:19:24 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/11/02 23:19:19 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/11/02 23:18:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
[2012/11/02 17:13:01 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/30 07:45:15 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/10/30 07:45:15 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/10/27 19:37:57 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/10/27 17:53:36 | 000,033,588 | ---- | C] () -- C:\Users\JayLi\Documents\cc_20121027_185311_10262012.reg
[2012/10/25 21:49:19 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2012/10/17 17:02:06 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/17 02:51:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\edit
[2012/10/14 02:59:18 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-LISETTEMILLER-Microsoft-Windows-7-Ultimate-(32-bit).dat
[2012/09/23 18:45:16 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2012/09/08 18:04:43 | 000,000,726 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/09/05 16:53:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2012/09/05 16:53:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2012/09/05 16:53:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2012/09/05 16:53:17 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2012/09/05 15:17:23 | 000,000,144 | ---- | C] () -- C:\Windows\System32\lkfl.dat
[2010/11/20 16:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010/11/20 16:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 16:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< MD5 for: FL.EXE >
[2009/07/25 11:22:36 | 000,376,320 | ---- | M] (Image-Line) MD5=37117836D23F388E9D8427AC5FE4986E -- C:\Program Files\Image-Line\FL Studio 9\FL.exe

< MD5 for: FLENGINE.DLL >
[2012/04/30 08:48:44 | 005,144,576 | ---- | M] (Image-Line) MD5=8B1DC84868447B6BB781F9EE78E440F3 -- C:\Program Files\ASIO4ALL v2\FLEngine.dll
[2012/04/30 08:48:44 | 005,144,576 | ---- | M] (Image-Line) MD5=8B1DC84868447B6BB781F9EE78E440F3 -- C:\Program Files\Image-Line\FL Studio 9\FLEngine.dll

< MD5 for: TITLE.PNG >
[2012/11/12 22:59:01 | 000,015,581 | ---- | M] () MD5=01E2A20AF4EC48E1388924F85C220EC3 -- C:\Program Files\Image-Line\FL Studio 9\Artwork\FL Studio XXL\Title.png

< End of report >

Edited by Jayli, 13 November 2012 - 10:09 AM.

  • 0

#154
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
I doubt there is any way to recover the files.

Go ahead and use notepad to create MP3Genres.txt and put it in the two places where it should be. It's just a text file so it shouldn't be important what it says.
  • 0

#155
Jayli

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Added the txt file. That error is now gone. Copied error code from next error.

Problem signature:
Problem Event Name: APPCRASH
Application Name: FL.exe
Application Version: 0.0.0.0
Application Timestamp: 4a6b314c
Fault Module Name: KERNELBASE.dll
Fault Module Version: 6.1.7601.17932
Fault Module Timestamp: 503275ba
Exception Code: 0eedfade
Exception Offset: 0000d3cf
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 1033
Additional Information 1: 9ab4
Additional Information 2: 9ab40796bca4286818bf1c63b881e38f
Additional Information 3: c17e
Additional Information 4: c17e3336da26e152d5f25bc147e14885

Read our privacy statement online:
http://go.microsoft....88&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

Edited by Jayli, 13 November 2012 - 11:24 AM.

  • 0

#156
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Right click on fl.exe and run as admin. Does that make any difference?
  • 0

#157
Jayli

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Same result. Ran as Admin directly from the FL.exe file. Thanks. .
  • 0

#158
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
You might try logging in as another user with admin rights and see if that makes a difference.
  • 0

#159
Jayli

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Already tried that. No good. Same result. I just downloaded the FL Studios demo to my other computer. Compaired files with this computer and lots of files are missing on this computer. Thanks.
  • 0

#160
Jayli

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Hey Ron. How are we going to proceed? Thanks.
  • 0

Advertisements


#161
Jayli

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Hello???? Anybody home??? It's been 4 days since a response on this issue.
  • 0

#162
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Wasn't anybody home. Had to make a trip and forgot my netbook.

I don't know what to do with the two programs that don't work other than reinstall them. Personally I have no use for Office 2007. Prefer the free Open Office. FL Studio is now up to version 10 so copying files from the demo to the the sick PC is not going to work.

I'm going to have to give on them. You can try posting in the Win 7 part of our forum if you want. Perhaps one of them will have an idea.

You have had massive loss of hard drive data. This is not something we usually see with malware so either a bad spot on the hard drive, bad RAM, or perhaps a third party program like a registry cleaner or a defragger.

I'm going to give you the cleanup routine:

I think we are done and can clean up

Clear System Restore:
(This removes all old System Restore points)

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter. (If we renamed combofix or you saved it to a different location change the above to match.)

OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox or Chrome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow to start.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Make sure you have: Java 7 Version 9 or newer and that there are no older versions of Java on your PC.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works. http://support.microsoft.com/kb/294871

You definitely need to have KB2744842. This patches a major flaw in IE.

My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron
  • 0

#163
Jayli

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Ok. Thanks. Please close this or marked as SOLVED. I'll move to a different part of the forum for assistance with correcting the things that are still not fixed on my laptop.
  • 0

#164
Jayli

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Don't know what it takes to get this marked as SOLVED and closed. Asked 8 days ago. I would be happy to do it myself if I knew how. Thanks.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP