also @ TechSpot: Microsoft launches YouTube app, Google demands it taken down

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

PRS for music virus

Discussion in 'Virus and Malware Removal' started by Dan James, Sep 30, 2012.

Post New Reply

Page 3 of 4

Dan James Newcomer, in training Posts: 80

# AdwCleaner v2.005 - Logfile created 10/22/2012 at 20:54:17
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Alex Skittery - DM-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Alex Skittery\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\Users\Alex Skittery\AppData\Roaming\Mozilla\Firefox\Profiles\sk4g8nvv.default\searchplugins\Search_Results.xml
Folder Deleted : C:\Program Files (x86)\Ilivid
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\Alex Skittery\AppData\Local\Ilivid Player

***** [Registry] *****

Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-GB)

Profile name : default
File : C:\Users\Alex Skittery\AppData\Roaming\Mozilla\Firefox\Profiles\sk4g8nvv.default\prefs.js

C:\Users\Alex Skittery\AppData\Roaming\Mozilla\Firefox\Profiles\sk4g8nvv.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "Search Results");
Deleted : user_pref("browser.search.order.1", "Search Results");

*************************

AdwCleaner[S1].txt - [2236 octets] - [22/10/2012 20:54:17]

########## EOF - C:\AdwCleaner[S1].txt - [2296 octets] ##########

Dan James, Oct 22, 2012

#41
Dan James Newcomer, in training Posts: 80

On the last ESET scanner it says "can not get update. Is proxy configured?" and stops scanning at 4%. What should I do Broni?

Dan James, Oct 22, 2012

#42
Broni Malware Annihilator Posts: 39,189 +175

Try different browser.

Broni, Oct 22, 2012

#43
Dan James Newcomer, in training Posts: 80

C:\FRST\Quarantine\wsf3CmCT.exe Win32/LockScreen.AKG trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Alex Skittery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk.vir Win32/Reveton.J trojan cleaned by deleting - quarantined

Dan James, Oct 23, 2012

#44
Dan James Newcomer, in training Posts: 80

OK I think that is every scan now!

Dan James, Oct 23, 2012

#45

Broni Malware Annihilator Posts: 39,189 +175

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

Do NOT post JavaRa log.

=============================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

13. Please, let me know, how your computer is doing.

Broni, Oct 23, 2012

#46

Dan James Newcomer, in training Posts: 80

Oh no! As I was installing the latest Adobe the police message came up again, this time with a webcam window showing what is on my webcam! I can only start in safemode, which is what I am on now.... do I have to start all over again?

Dan James, Oct 23, 2012

#47
Broni Malware Annihilator Posts: 39,189 +175

Go ahead and post new FRST log.

Broni, Oct 23, 2012

#48
Dan James Newcomer, in training Posts: 80

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-10-2012
Ran by Alex Skittery at 23-10-2012 19:35:21
Running from C:\Users\Alex Skittery\Downloads
(X64) OS Language: English(US)
Attention: Could not load system hive.ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

==================== One Month Created Files and Folders ========

2012-10-23 19:32 - 2012-10-23 19:32 - 01459119 ____A (Farbar) C:\Users\Alex Skittery\Downloads\FRST64.exe
2012-10-23 19:20 - 2012-10-23 19:20 - 00003224 ____N C:\bootsqm.dat
2012-10-23 19:05 - 2012-10-23 19:16 - 83023306 ___AT C:\Users\All Users\0tbpw.pad
2012-10-23 19:05 - 2012-10-23 19:05 - 00044544 ____A (Microsoft Corporation) C:\Users\All Users\lsass.exe
2012-10-23 18:52 - 2012-10-23 18:52 - 00000165 ___AH C:\Users\Alex Skittery\Desktop\~$work.xlsx
2012-10-23 17:23 - 2012-10-23 17:23 - 00000273 ____A C:\Users\Alex Skittery\Desktop\ESETScan.txt
2012-10-23 10:53 - 2012-10-23 19:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-10-23 08:33 - 2012-10-23 08:33 - 02322184 ____A (ESET) C:\Users\Alex Skittery\Downloads\esetsmartinstaller_enu(1).exe
2012-10-22 21:44 - 2012-10-22 21:44 - 02322184 ____A (ESET) C:\Users\Alex Skittery\Downloads\esetsmartinstaller_enu.exe
2012-10-22 21:44 - 2012-10-22 21:44 - 00000000 ____D C:\Program Files (x86)\ESET
2012-10-22 21:33 - 2012-10-22 21:33 - 00448512 ____A (OldTimer Tools) C:\Users\Alex Skittery\Downloads\TFC(1).exe
2012-10-22 21:00 - 2012-10-22 21:00 - 00448512 ____A (OldTimer Tools) C:\Users\Alex Skittery\Downloads\TFC.exe
2012-10-22 20:26 - 2012-10-22 20:27 - 00002908 ____A C:\Users\Alex Skittery\Downloads\FSS.txt
2012-10-22 20:26 - 2012-10-22 20:26 - 00694323 ____A (Farbar) C:\Users\Alex Skittery\Downloads\FSS.exe
2012-10-22 20:22 - 2012-10-22 20:22 - 00881773 ____A C:\Users\Alex Skittery\Downloads\SecurityCheck.exe
2012-10-22 20:05 - 2012-10-22 20:05 - 00000000 ____D C:\_OTL
2012-10-14 20:29 - 2012-10-14 20:57 - 00000000 ____D C:\Users\Alex Skittery\Desktop\wall pics
2012-10-13 19:57 - 2012-10-13 19:57 - 03177840 ____A (McAfee, Inc.) C:\Users\Alex Skittery\Downloads\MCPR.exe
2012-10-10 18:11 - 2012-10-10 18:11 - 00064656 ____A C:\Users\Alex Skittery\Desktop\Extras.Txt
2012-10-10 18:09 - 2012-10-16 18:12 - 00097622 ____A C:\Users\Alex Skittery\Desktop\OTL.Txt
2012-10-10 18:00 - 2012-10-10 18:00 - 00602112 ____A (OldTimer Tools) C:\Users\Alex Skittery\Downloads\OTL.exe
2012-10-10 18:00 - 2012-10-10 18:00 - 00602112 ____A (OldTimer Tools) C:\Users\Alex Skittery\Desktop\OTL.exe
2012-10-10 17:23 - 2012-08-31 19:02 - 01656688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-10 17:23 - 2012-08-30 19:11 - 05505904 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-10 17:23 - 2012-08-30 18:18 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-10 17:23 - 2012-08-30 18:18 - 03902832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-10-10 17:23 - 2012-08-24 19:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-10 17:23 - 2012-08-24 18:10 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-10 17:22 - 2012-09-14 20:23 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-10 17:22 - 2012-09-14 19:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-10 17:22 - 2012-08-18 16:43 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-10-10 17:22 - 2012-08-18 16:43 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-10-10 17:22 - 2012-08-18 16:43 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-10-10 17:22 - 2012-08-18 16:42 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-10 17:22 - 2012-08-18 16:40 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-10-10 17:22 - 2012-08-18 16:37 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-10 17:22 - 2012-08-18 16:37 - 00425984 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-10 17:22 - 2012-08-18 16:34 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-10 17:22 - 2012-08-18 16:22 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 16:22 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 16:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 16:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 16:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 16:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 16:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 16:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 16:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 16:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 16:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 16:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 16:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 16:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 16:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 16:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 16:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 16:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 16:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 16:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 16:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 16:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 16:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 16:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 16:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 16:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 16:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 16:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 12:22 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-10-10 17:22 - 2012-08-18 12:19 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-10-10 17:22 - 2012-08-18 12:17 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-10-10 17:22 - 2012-08-18 12:17 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-10-10 17:22 - 2012-08-18 12:17 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-10-10 17:22 - 2012-08-18 12:09 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 12:09 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 12:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 12:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 12:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 12:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 12:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 12:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 12:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 12:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 12:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 12:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 12:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 12:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 12:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 12:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 12:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 12:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 12:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 12:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 12:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 12:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 12:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 12:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 10:12 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-10-10 17:22 - 2012-08-18 10:12 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-10-10 17:22 - 2012-08-18 10:07 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 10:07 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 10:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 17:22 - 2012-08-18 10:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-10 17:22 - 2012-08-11 01:53 - 00714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-10 17:22 - 2012-08-11 00:54 - 00541184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-10 17:21 - 2012-06-02 06:25 - 01462784 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-10 17:21 - 2012-06-02 06:25 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-10 17:21 - 2012-06-02 06:25 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-10 17:21 - 2012-06-02 05:45 - 01157632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-10 17:21 - 2012-06-02 05:45 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-10 17:21 - 2012-06-02 05:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-10-07 19:02 - 2012-10-07 19:02 - 00021449 ____A C:\ComboFix.txt
2012-10-07 18:28 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe
2012-10-07 18:28 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe
2012-10-07 18:28 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-10-07 18:28 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-10-07 18:28 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-10-07 18:28 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe
2012-10-07 18:28 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe
2012-10-07 18:28 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe
2012-10-07 18:25 - 2012-10-07 19:03 - 00000000 ____D C:\Qoobox
2012-10-07 18:24 - 2012-10-07 18:24 - 04762471 ____R (Swearware) C:\Users\Alex Skittery\Desktop\ComboFix.exe
2012-10-07 18:24 - 2012-10-07 18:24 - 04762471 ____A (Swearware) C:\Users\Alex Skittery\Downloads\ComboFix.exe
2012-10-04 17:20 - 2012-10-04 17:20 - 04731392 ____A (AVAST Software) C:\Users\Alex Skittery\Desktop\aswMBR.exe
2012-10-04 17:19 - 2012-10-04 17:20 - 04731392 ____A (AVAST Software) C:\Users\Alex Skittery\Downloads\aswMBR.exe
2012-10-04 16:55 - 2012-10-04 16:55 - 00001878 ____A C:\Users\Alex Skittery\Desktop\RKreport[2].txt
2012-10-04 16:54 - 2012-10-04 16:54 - 00001889 ____A C:\Users\Alex Skittery\Desktop\RKreport[1].txt
2012-10-04 16:53 - 2012-10-04 16:55 - 00000000 ____D C:\Users\Alex Skittery\Desktop\RK_Quarantine
2012-10-04 16:52 - 2012-10-04 16:51 - 01422336 ____A C:\Users\Alex Skittery\Desktop\RogueKiller.exe
2012-10-04 16:51 - 2012-10-04 16:51 - 01422336 ____A C:\Users\Alex Skittery\Downloads\RogueKiller.exe
2012-10-04 16:48 - 2012-10-04 16:48 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\76671082.sys
2012-10-04 16:47 - 2012-10-04 16:47 - 00000000 ____D C:\Users\Alex Skittery\Desktop\tdsskiller
2012-10-04 16:47 - 2012-10-04 16:46 - 02193278 ____A C:\Users\Alex Skittery\Desktop\tdsskiller.zip
2012-10-04 16:45 - 2012-10-04 16:46 - 02193278 ____A C:\Users\Alex Skittery\Downloads\tdsskiller.zip
2012-10-04 13:38 - 2012-10-04 13:38 - 00001945 ____A C:\Windows\epplauncher.mif
2012-10-04 13:34 - 2012-10-04 13:33 - 197642182 ____A C:\Users\Alex Skittery\Desktop\EmsisoftEmergencyKit.zip
2012-10-04 13:25 - 2012-10-04 13:33 - 197642182 ____A C:\Users\Alex Skittery\Downloads\EmsisoftEmergencyKit.zip
2012-10-04 12:45 - 2012-10-04 12:45 - 00002330 ____A C:\Users\Alex Skittery\Desktop\aswMBR.txt
2012-10-04 12:27 - 2012-10-04 12:45 - 00000512 ____A C:\Users\Alex Skittery\Desktop\MBR.dat
2012-09-30 13:17 - 2012-09-30 20:21 - 00000000 ____D C:\29588b5f190039290a92
2012-09-26 08:43 - 2012-09-26 08:44 - 00711432 ____A C:\Windows\Minidump\092612-21793-01.dmp
2012-09-25 11:16 - 2012-09-25 11:17 - 06135536 ____A C:\Users\Alex Skittery\Downloads\aGUP4870.part
2012-09-25 10:51 - 2012-09-25 10:58 - 78574576 ____A C:\Users\Alex Skittery\Downloads\Tokyo Police Club - 10x10x10 (2011).rar
2012-09-25 09:56 - 2012-08-24 11:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-25 09:56 - 2012-08-24 11:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-25 09:56 - 2012-08-24 11:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-25 09:56 - 2012-08-24 11:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-25 09:56 - 2012-08-24 11:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-25 09:56 - 2012-08-24 11:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-25 09:56 - 2012-08-24 11:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-25 09:56 - 2012-08-24 07:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-09-25 09:56 - 2012-08-24 07:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-25 09:56 - 2012-08-24 07:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-25 09:56 - 2012-08-24 07:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-09-25 09:56 - 2012-08-24 07:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-09-25 09:56 - 2012-08-24 07:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-25 09:56 - 2012-08-24 07:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-25 09:56 - 2012-08-24 07:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-25 09:55 - 2012-08-24 12:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-25 09:55 - 2012-08-24 11:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-25 09:55 - 2012-08-24 11:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-25 09:55 - 2012-08-24 11:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-25 09:55 - 2012-08-24 11:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-25 09:55 - 2012-08-24 11:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-25 09:55 - 2012-08-24 11:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-25 09:55 - 2012-08-24 11:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-25 09:55 - 2012-08-24 11:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-25 09:55 - 2012-08-24 08:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-25 09:55 - 2012-08-24 08:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-25 09:55 - 2012-08-24 07:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-09-25 09:55 - 2012-08-24 07:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-25 09:55 - 2012-08-24 07:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-25 09:55 - 2012-08-24 07:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-09-25 09:55 - 2012-08-24 07:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-09-25 09:55 - 2012-08-24 07:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

==================== 3 Months Modified Files ==================

2012-10-23 19:32 - 2012-10-23 19:32 - 01459119 ____A (Farbar) C:\Users\Alex Skittery\Downloads\FRST64.exe
2012-10-23 19:20 - 2012-10-23 19:20 - 00003224 ____N C:\bootsqm.dat
2012-10-23 19:20 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-23 19:20 - 2009-07-14 05:51 - 00066391 ____A C:\Windows\setupact.log
2012-10-23 19:16 - 2012-10-23 19:05 - 83023306 ___AT C:\Users\All Users\0tbpw.pad
2012-10-23 19:05 - 2012-10-23 19:05 - 00044544 ____A (Microsoft Corporation) C:\Users\All Users\lsass.exe
2012-10-23 19:04 - 2012-06-16 21:08 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-23 18:52 - 2012-10-23 18:52 - 00000165 ___AH C:\Users\Alex Skittery\Desktop\~$work.xlsx
2012-10-23 18:52 - 2012-09-20 17:32 - 00010478 ____A C:\Users\Alex Skittery\Desktop\work.xlsx
2012-10-23 18:46 - 2009-07-14 06:10 - 01897689 ____A C:\Windows\WindowsUpdate.log
2012-10-23 17:23 - 2012-10-23 17:23 - 00000273 ____A C:\Users\Alex Skittery\Desktop\ESETScan.txt
2012-10-23 08:33 - 2012-10-23 08:33 - 02322184 ____A (ESET) C:\Users\Alex Skittery\Downloads\esetsmartinstaller_enu(1).exe
2012-10-22 22:27 - 2009-07-14 06:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-22 21:45 - 2009-07-14 05:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-22 21:45 - 2009-07-14 05:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-22 21:44 - 2012-10-22 21:44 - 02322184 ____A (ESET) C:\Users\Alex Skittery\Downloads\esetsmartinstaller_enu.exe
2012-10-22 21:33 - 2012-10-22 21:33 - 00448512 ____A (OldTimer Tools) C:\Users\Alex Skittery\Downloads\TFC(1).exe
2012-10-22 21:00 - 2012-10-22 21:00 - 00448512 ____A (OldTimer Tools) C:\Users\Alex Skittery\Downloads\TFC.exe
2012-10-22 20:27 - 2012-10-22 20:26 - 00002908 ____A C:\Users\Alex Skittery\Downloads\FSS.txt
2012-10-22 20:26 - 2012-10-22 20:26 - 00694323 ____A (Farbar) C:\Users\Alex Skittery\Downloads\FSS.exe
2012-10-22 20:22 - 2012-10-22 20:22 - 00881773 ____A C:\Users\Alex Skittery\Downloads\SecurityCheck.exe
2012-10-16 18:12 - 2012-10-10 18:09 - 00097622 ____A C:\Users\Alex Skittery\Desktop\OTL.Txt
2012-10-13 22:14 - 2010-12-30 21:34 - 00054468 ____A C:\Windows\PFRO.log
2012-10-13 20:13 - 2011-01-04 22:16 - 00090624 ____A C:\Users\Alex Skittery\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-13 19:57 - 2012-10-13 19:57 - 03177840 ____A (McAfee, Inc.) C:\Users\Alex Skittery\Downloads\MCPR.exe
2012-10-11 18:04 - 2012-06-16 21:08 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-10-11 18:04 - 2011-11-29 22:49 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-10-10 18:11 - 2012-10-10 18:11 - 00064656 ____A C:\Users\Alex Skittery\Desktop\Extras.Txt
2012-10-10 18:00 - 2012-10-10 18:00 - 00602112 ____A (OldTimer Tools) C:\Users\Alex Skittery\Downloads\OTL.exe
2012-10-10 18:00 - 2012-10-10 18:00 - 00602112 ____A (OldTimer Tools) C:\Users\Alex Skittery\Desktop\OTL.exe
2012-10-10 17:21 - 2012-03-20 19:33 - 02155915 ____A C:\Windows\System32\Drivers\Cat.DB
2012-10-07 19:02 - 2012-10-07 19:02 - 00021449 ____A C:\ComboFix.txt
2012-10-07 18:42 - 2009-07-14 03:34 - 00000215 ____A C:\Windows\system.ini
2012-10-07 18:24 - 2012-10-07 18:24 - 04762471 ____R (Swearware) C:\Users\Alex Skittery\Desktop\ComboFix.exe
2012-10-07 18:24 - 2012-10-07 18:24 - 04762471 ____A (Swearware) C:\Users\Alex Skittery\Downloads\ComboFix.exe
2012-10-04 17:20 - 2012-10-04 17:20 - 04731392 ____A (AVAST Software) C:\Users\Alex Skittery\Desktop\aswMBR.exe
2012-10-04 17:20 - 2012-10-04 17:19 - 04731392 ____A (AVAST Software) C:\Users\Alex Skittery\Downloads\aswMBR.exe
2012-10-04 16:57 - 2012-06-16 21:03 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-04 16:55 - 2012-10-04 16:55 - 00001878 ____A C:\Users\Alex Skittery\Desktop\RKreport[2].txt
2012-10-04 16:54 - 2012-10-04 16:54 - 00001889 ____A C:\Users\Alex Skittery\Desktop\RKreport[1].txt
2012-10-04 16:51 - 2012-10-04 16:52 - 01422336 ____A C:\Users\Alex Skittery\Desktop\RogueKiller.exe
2012-10-04 16:51 - 2012-10-04 16:51 - 01422336 ____A C:\Users\Alex Skittery\Downloads\RogueKiller.exe
2012-10-04 16:48 - 2012-10-04 16:48 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\76671082.sys
2012-10-04 16:46 - 2012-10-04 16:47 - 02193278 ____A C:\Users\Alex Skittery\Desktop\tdsskiller.zip
2012-10-04 16:46 - 2012-10-04 16:45 - 02193278 ____A C:\Users\Alex Skittery\Downloads\tdsskiller.zip
2012-10-04 13:38 - 2012-10-04 13:38 - 00001945 ____A C:\Windows\epplauncher.mif
2012-10-04 13:33 - 2012-10-04 13:34 - 197642182 ____A C:\Users\Alex Skittery\Desktop\EmsisoftEmergencyKit.zip
2012-10-04 13:33 - 2012-10-04 13:25 - 197642182 ____A C:\Users\Alex Skittery\Downloads\EmsisoftEmergencyKit.zip
2012-10-04 12:45 - 2012-10-04 12:45 - 00002330 ____A C:\Users\Alex Skittery\Desktop\aswMBR.txt
2012-10-04 12:45 - 2012-10-04 12:27 - 00000512 ____A C:\Users\Alex Skittery\Desktop\MBR.dat
2012-09-26 08:44 - 2012-09-26 08:43 - 00711432 ____A C:\Windows\Minidump\092612-21793-01.dmp
2012-09-26 08:43 - 2011-12-03 17:17 - 670479582 ____A C:\Windows\MEMORY.DMP
2012-09-25 11:17 - 2012-09-25 11:16 - 06135536 ____A C:\Users\Alex Skittery\Downloads\aGUP4870.part
2012-09-25 10:58 - 2012-09-25 10:51 - 78574576 ____A C:\Users\Alex Skittery\Downloads\Tokyo Police Club - 10x10x10 (2011).rar
2012-09-14 20:23 - 2012-10-10 17:22 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 19:30 - 2012-10-10 17:22 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-09-10 20:37 - 2012-07-26 11:02 - 00009473 ____A C:\Users\Alex Skittery\Desktop\job search.xlsx
2012-09-07 17:04 - 2012-06-16 21:03 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-31 19:02 - 2012-10-10 17:23 - 01656688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-30 22:03 - 2012-08-30 22:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-30 22:03 - 2012-03-20 20:44 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-08-30 19:11 - 2012-10-10 17:23 - 05505904 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-30 18:18 - 2012-10-10 17:23 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-30 18:18 - 2012-10-10 17:23 - 03902832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-24 19:05 - 2012-10-10 17:23 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 18:10 - 2012-10-10 17:23 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-24 12:15 - 2012-09-25 09:55 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 11:39 - 2012-09-25 09:55 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 11:31 - 2012-09-25 09:55 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 11:22 - 2012-09-25 09:56 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 11:21 - 2012-09-25 09:55 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 11:20 - 2012-09-25 09:56 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 11:18 - 2012-09-25 09:56 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 11:17 - 2012-09-25 09:55 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 11:14 - 2012-09-25 09:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 11:14 - 2012-09-25 09:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 11:13 - 2012-09-25 09:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 11:12 - 2012-09-25 09:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 11:11 - 2012-09-25 09:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 11:10 - 2012-09-25 09:56 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 11:09 - 2012-09-25 09:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 11:04 - 2012-09-25 09:56 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-24 08:27 - 2012-09-25 09:55 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-24 08:03 - 2012-09-25 09:55 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-24 07:59 - 2012-09-25 09:55 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-24 07:51 - 2012-09-25 09:56 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-24 07:51 - 2012-09-25 09:56 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-24 07:51 - 2012-09-25 09:55 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-24 07:49 - 2012-09-25 09:56 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-24 07:48 - 2012-09-25 09:55 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-24 07:47 - 2012-09-25 09:56 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-24 07:47 - 2012-09-25 09:56 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-24 07:47 - 2012-09-25 09:55 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-24 07:45 - 2012-09-25 09:55 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-24 07:44 - 2012-09-25 09:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-24 07:44 - 2012-09-25 09:55 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-24 07:43 - 2012-09-25 09:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-24 07:40 - 2012-09-25 09:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-21 17:33 - 2012-08-21 17:33 - 00285760 ____A C:\Windows\Minidump\082112-32619-01.dmp
2012-08-18 16:43 - 2012-10-10 17:22 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-08-18 16:43 - 2012-10-10 17:22 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-08-18 16:43 - 2012-10-10 17:22 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-08-18 16:42 - 2012-10-10 17:22 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-18 16:40 - 2012-10-10 17:22 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-08-18 16:37 - 2012-10-10 17:22 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-18 16:37 - 2012-10-10 17:22 - 00425984 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-18 16:34 - 2012-10-10 17:22 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-18 16:22 - 2012-10-10 17:22 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-18 16:22 - 2012-10-10 17:22 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-18 16:22 - 2012-10-10 17:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 16:22 - 2012-10-10 17:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-18 16:22 - 2012-10-10 17:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-18 16:22 - 2012-10-10 17:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-18 16:22 - 2012-10-10 17:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-18 16:22 - 2012-10-10 17:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-18 16:22 - 2012-10-10 17:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-18 16:22 - 2012-10-10 17:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-18 16:22 - 2012-10-10 17:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-18 16:22 - 2012-10-10 17:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-18 16:22 - 2012-10-10 17:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-18 16:22 - 2012-10-10 17:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-18 16:22 - 2012-10-10 17:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-18 16:22 - 2012-10-10 17:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 16:22 - 2012-10-10 17:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-18 16:22 - 2012-10-10 17:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-18 16:22 - 2012-10-10 17:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-18 16:22 - 2012-10-10 17:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-18 16:22 - 2012-10-10 17:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-18 16:22 - 2012-10-10 17:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-18 16:22 - 2012-10-10 17:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-18 16:22 - 2012-10-10 17:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-18 16:22 - 2012-10-10 17:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-18 16:22 - 2012-10-10 17:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-18 16:22 - 2012-10-10 17:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-18 16:22 - 2012-10-10 17:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-18 12:22 - 2012-10-10 17:22 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-08-18 12:19 - 2012-10-10 17:22 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-08-18 12:17 - 2012-10-10 17:22 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-08-18 12:17 - 2012-10-10 17:22 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-08-18 12:17 - 2012-10-10 17:22 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-08-18 12:09 - 2012-10-10 17:22 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-18 12:09 - 2012-10-10 17:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-18 12:09 - 2012-10-10 17:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-18 12:09 - 2012-10-10 17:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-18 12:09 - 2012-10-10 17:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-18 12:09 - 2012-10-10 17:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-18 12:09 - 2012-10-10 17:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-18 12:09 - 2012-10-10 17:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-18 12:09 - 2012-10-10 17:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-18 12:09 - 2012-10-10 17:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-18 12:09 - 2012-10-10 17:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-18 12:09 - 2012-10-10 17:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-18 12:09 - 2012-10-10 17:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-18 12:09 - 2012-10-10 17:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-18 12:09 - 2012-10-10 17:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-18 12:09 - 2012-10-10 17:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-18 12:09 - 2012-10-10 17:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-18 12:09 - 2012-10-10 17:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-18 12:09 - 2012-10-10 17:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-18 12:09 - 2012-10-10 17:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-18 12:09 - 2012-10-10 17:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-18 12:09 - 2012-10-10 17:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-18 12:09 - 2012-10-10 17:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-18 12:09 - 2012-10-10 17:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-18 10:41 - 2009-07-14 05:45 - 00355392 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-18 10:12 - 2012-10-10 17:22 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-08-18 10:12 - 2012-10-10 17:22 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-08-18 10:07 - 2012-10-10 17:22 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-18 10:07 - 2012-10-10 17:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 10:07 - 2012-10-10 17:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 10:07 - 2012-10-10 17:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 01:53 - 2012-10-10 17:22 - 00714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-11 00:54 - 2012-10-10 17:22 - 00541184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-08-02 18:55 - 2012-09-12 07:55 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 18:05 - 2012-09-12 07:55 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-08-01 14:11 - 2012-08-01 14:11 - 00000165 ___AH C:\Users\Alex Skittery\Desktop\~$job search.xlsx

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

Restore point made on: 2012-10-11 03:01:09
Restore point made on: 2012-10-14 09:17:24
Restore point made on: 2012-10-18 20:44:06
Restore point made on: 2012-10-22 20:27:42

==================== Memory info ===========================

Percentage of memory in use: 21%
Total physical RAM: 3828.3 MB
Available physical RAM: 2994.68 MB
Total Pagefile: 7654.74 MB
Available Pagefile: 6887.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:581.48 GB) (Free:426.18 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 39 MB
Partition 3 Primary 581 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 RECOVERY NTFS Partition 14 GB Healthy System (partition with boot components)

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 581 GB Healthy Boot

=========================================================

Last Boot: 2012-10-16 08:48

==================== End Of Log =============================

Dan James, Oct 23, 2012

#49
Dan James Newcomer, in training Posts: 80

Farbar Recovery Scan Tool (x64) Version: 21-10-2012
Ran by Alex Skittery at 2012-10-23 19:37:15
Running from C:\Users\Alex Skittery\Downloads

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\ERDNT\cache64\services.exe
[2012-06-14 09:47] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

Dan James, Oct 23, 2012

#50
Broni Malware Annihilator Posts: 39,189 +175

You ran it from within Windows.
Re-read my reply #9 how to run it.

Broni, Oct 23, 2012

#51
Dan James Newcomer, in training Posts: 80

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-10-2012 01 (ATTENTION: FRST version is 21 days old)
Ran by SYSTEM at 23-10-2012 21:07:09
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2247976 2010-07-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6486120 2010-09-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 [2120808 2010-09-03] (Realtek Semiconductor)
HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [283240 2010-08-12] (NVIDIA Corporation)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1928976 2010-03-05] (Intel(R) Corporation)
HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-09-24] ()
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807680 2010-02-09] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [487562 2010-08-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-09-04] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [518640 2010-09-03] ()
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [86184 2010-10-08] (Absolute Software)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 194.74.65.68 194.74.65.69
AppInit_DLLs: C:\Windows\System32\nvinitx.dll
Startup: C:\Users\Alex Skittery\Start Menu\Programs\Startup\ctfmon.lnk
ShortcutTarget: ctfmon.lnk -> C:\ProgramData\lsass.exe (Microsoft Corporation)
Startup: C:\Users\Alex Skittery\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
==================== Services (Whitelisted) ===================
2 AbsoluteNotifier; "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe" [10408 2010-10-08] (Microsoft)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
2 Secunia PSI Agent; "C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service [1301088 2012-05-29] (Secunia)
2 Secunia Update Agent; "C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service [681056 2012-05-29] (Secunia)
==================== Drivers (Whitelisted) =====================
0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [367912 2011-11-14] (PC Tools)
0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [453896 2011-12-01] (PC Tools)
0 pctEFA; C:\Windows\System32\drivers\pctEFA64.sys [1096688 2011-12-01] (PC Tools)
1 PCTSD; C:\Windows\System32\Drivers\PCTSD64.sys [230952 2012-02-24] (PC Tools)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] ()
3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========
2012-10-23 13:37 - 2012-10-23 13:39 - 00000793 ____A C:\Users\Alex Skittery\Downloads\Search.txt
2012-10-23 13:33 - 2012-10-23 13:35 - 00043395 ____A C:\Users\Alex Skittery\Downloads\FRST.txt
2012-10-23 13:32 - 2012-10-23 13:32 - 01459119 ____A (Farbar) C:\Users\Alex Skittery\Downloads\FRST64.exe
2012-10-23 13:20 - 2012-10-23 13:20 - 00003224 ____N C:\bootsqm.dat
2012-10-23 13:05 - 2012-10-23 13:16 - 83023306 ___AT C:\Users\All Users\Application Data\0tbpw.pad
2012-10-23 13:05 - 2012-10-23 13:16 - 83023306 ___AT C:\Users\All Users\0tbpw.pad
2012-10-23 13:05 - 2012-10-23 13:05 - 00044544 ____A (Microsoft Corporation) C:\Users\All Users\lsass.exe
2012-10-23 13:05 - 2012-10-23 13:05 - 00044544 ____A (Microsoft Corporation) C:\Users\All Users\Application Data\lsass.exe
2012-10-23 12:52 - 2012-10-23 12:52 - 00000165 ___AH C:\Users\Alex Skittery\Desktop\~$work.xlsx
2012-10-23 11:23 - 2012-10-23 11:23 - 00000273 ____A C:\Users\Alex Skittery\Desktop\ESETScan.txt
2012-10-23 04:53 - 2012-10-23 13:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-10-23 02:33 - 2012-10-23 02:33 - 02322184 ____A (ESET) C:\Users\Alex Skittery\Downloads\esetsmartinstaller_enu(1).exe
2012-10-22 15:44 - 2012-10-22 15:44 - 02322184 ____A (ESET) C:\Users\Alex Skittery\Downloads\esetsmartinstaller_enu.exe
2012-10-22 15:44 - 2012-10-22 15:44 - 00000000 ____D C:\Program Files (x86)\ESET
2012-10-22 15:33 - 2012-10-22 15:33 - 00448512 ____A (OldTimer Tools) C:\Users\Alex Skittery\Downloads\TFC(1).exe
2012-10-22 15:00 - 2012-10-22 15:00 - 00448512 ____A (OldTimer Tools) C:\Users\Alex Skittery\Downloads\TFC.exe
2012-10-22 14:26 - 2012-10-22 14:27 - 00002908 ____A C:\Users\Alex Skittery\Downloads\FSS.txt
2012-10-22 14:26 - 2012-10-22 14:26 - 00694323 ____A (Farbar) C:\Users\Alex Skittery\Downloads\FSS.exe
2012-10-22 14:22 - 2012-10-22 14:22 - 00881773 ____A C:\Users\Alex Skittery\Downloads\SecurityCheck.exe
2012-10-22 14:05 - 2012-10-22 14:05 - 00000000 ____D C:\_OTL
2012-10-14 14:29 - 2012-10-14 14:57 - 00000000 ____D C:\Users\Alex Skittery\Desktop\wall pics
2012-10-13 13:57 - 2012-10-13 13:57 - 03177840 ____A (McAfee, Inc.) C:\Users\Alex Skittery\Downloads\MCPR.exe
2012-10-10 12:11 - 2012-10-10 12:11 - 00064656 ____A C:\Users\Alex Skittery\Desktop\Extras.Txt
2012-10-10 12:09 - 2012-10-16 12:12 - 00097622 ____A C:\Users\Alex Skittery\Desktop\OTL.Txt
2012-10-10 12:00 - 2012-10-10 12:00 - 00602112 ____A (OldTimer Tools) C:\Users\Alex Skittery\Downloads\OTL.exe
2012-10-10 12:00 - 2012-10-10 12:00 - 00602112 ____A (OldTimer Tools) C:\Users\Alex Skittery\Desktop\OTL.exe
2012-10-10 11:23 - 2012-08-31 13:02 - 01656688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-10 11:23 - 2012-08-30 13:11 - 05505904 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-10 11:23 - 2012-08-30 12:18 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-10 11:23 - 2012-08-30 12:18 - 03902832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-10-10 11:23 - 2012-08-24 13:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-10 11:23 - 2012-08-24 12:10 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-10 11:22 - 2012-09-14 14:23 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-10 11:22 - 2012-09-14 13:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-10 11:22 - 2012-08-18 10:43 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-10-10 11:22 - 2012-08-18 10:43 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-10-10 11:22 - 2012-08-18 10:43 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-10-10 11:22 - 2012-08-18 10:42 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-10 11:22 - 2012-08-18 10:40 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-10-10 11:22 - 2012-08-18 10:37 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-10 11:22 - 2012-08-18 10:37 - 00425984 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-10 11:22 - 2012-08-18 10:34 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-10 11:22 - 2012-08-18 10:22 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 10:22 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 10:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 10:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 10:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 10:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 10:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 10:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 10:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 10:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 10:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 10:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 10:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 10:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 10:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 06:22 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-10-10 11:22 - 2012-08-18 06:19 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-10-10 11:22 - 2012-08-18 06:17 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-10-10 11:22 - 2012-08-18 06:17 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-10-10 11:22 - 2012-08-18 06:17 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-10-10 11:22 - 2012-08-18 06:09 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 06:09 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 06:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 06:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 06:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 06:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 06:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 06:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 06:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 06:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 06:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 06:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 06:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 06:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 06:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 06:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 06:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 06:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 06:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 06:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 06:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 06:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 06:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 06:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 04:12 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-10-10 11:22 - 2012-08-18 04:12 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-10-10 11:22 - 2012-08-18 04:07 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 04:07 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 04:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 11:22 - 2012-08-18 04:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-10 11:22 - 2012-08-10 19:53 - 00714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-10 11:22 - 2012-08-10 18:54 - 00541184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-10 11:21 - 2012-06-02 00:25 - 01462784 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-10 11:21 - 2012-06-02 00:25 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-10 11:21 - 2012-06-02 00:25 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-10 11:21 - 2012-06-01 23:45 - 01157632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-10 11:21 - 2012-06-01 23:45 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-10 11:21 - 2012-06-01 23:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-10-07 13:02 - 2012-10-07 13:02 - 00021449 ____A C:\ComboFix.txt
2012-10-07 12:28 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe
2012-10-07 12:28 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe
2012-10-07 12:28 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-10-07 12:28 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-10-07 12:28 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-10-07 12:28 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe
2012-10-07 12:28 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe
2012-10-07 12:28 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe
2012-10-07 12:25 - 2012-10-07 13:03 - 00000000 ____D C:\Qoobox
2012-10-07 12:24 - 2012-10-07 12:24 - 04762471 ____R (Swearware) C:\Users\Alex Skittery\Desktop\ComboFix.exe
2012-10-07 12:24 - 2012-10-07 12:24 - 04762471 ____A (Swearware) C:\Users\Alex Skittery\Downloads\ComboFix.exe
2012-10-04 11:20 - 2012-10-04 11:20 - 04731392 ____A (AVAST Software) C:\Users\Alex Skittery\Desktop\aswMBR.exe
2012-10-04 11:19 - 2012-10-04 11:20 - 04731392 ____A (AVAST Software) C:\Users\Alex Skittery\Downloads\aswMBR.exe
2012-10-04 10:55 - 2012-10-04 10:55 - 00001878 ____A C:\Users\Alex Skittery\Desktop\RKreport[2].txt
2012-10-04 10:54 - 2012-10-04 10:54 - 00001889 ____A C:\Users\Alex Skittery\Desktop\RKreport[1].txt
2012-10-04 10:53 - 2012-10-04 10:55 - 00000000 ____D C:\Users\Alex Skittery\Desktop\RK_Quarantine
2012-10-04 10:52 - 2012-10-04 10:51 - 01422336 ____A C:\Users\Alex Skittery\Desktop\RogueKiller.exe
2012-10-04 10:51 - 2012-10-04 10:51 - 01422336 ____A C:\Users\Alex Skittery\Downloads\RogueKiller.exe
2012-10-04 10:48 - 2012-10-04 10:48 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\76671082.sys
2012-10-04 10:47 - 2012-10-04 10:47 - 00000000 ____D C:\Users\Alex Skittery\Desktop\tdsskiller
2012-10-04 10:47 - 2012-10-04 10:46 - 02193278 ____A C:\Users\Alex Skittery\Desktop\tdsskiller.zip
2012-10-04 10:45 - 2012-10-04 10:46 - 02193278 ____A C:\Users\Alex Skittery\Downloads\tdsskiller.zip
2012-10-04 07:38 - 2012-10-04 07:38 - 00001945 ____A C:\Windows\epplauncher.mif
2012-10-04 07:34 - 2012-10-04 07:33 - 197642182 ____A C:\Users\Alex Skittery\Desktop\EmsisoftEmergencyKit.zip
2012-10-04 07:25 - 2012-10-04 07:33 - 197642182 ____A C:\Users\Alex Skittery\Downloads\EmsisoftEmergencyKit.zip
2012-10-04 06:45 - 2012-10-04 06:45 - 00002330 ____A C:\Users\Alex Skittery\Desktop\aswMBR.txt
2012-10-04 06:27 - 2012-10-04 06:45 - 00000512 ____A C:\Users\Alex Skittery\Desktop\MBR.dat
2012-09-30 07:17 - 2012-09-30 14:21 - 00000000 ____D C:\29588b5f190039290a92
2012-09-26 02:43 - 2012-09-26 02:44 - 00711432 ____A C:\Windows\Minidump\092612-21793-01.dmp
2012-09-25 05:16 - 2012-09-25 05:17 - 06135536 ____A C:\Users\Alex Skittery\Downloads\aGUP4870.part
2012-09-25 04:51 - 2012-09-25 04:58 - 78574576 ____A C:\Users\Alex Skittery\Downloads\Tokyo Police Club - 10x10x10 (2011).rar
2012-09-25 03:56 - 2012-08-24 05:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-25 03:56 - 2012-08-24 05:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-25 03:56 - 2012-08-24 05:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-25 03:56 - 2012-08-24 05:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-25 03:56 - 2012-08-24 05:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-25 03:56 - 2012-08-24 05:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-25 03:56 - 2012-08-24 05:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-25 03:56 - 2012-08-24 01:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-09-25 03:56 - 2012-08-24 01:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-25 03:56 - 2012-08-24 01:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-25 03:56 - 2012-08-24 01:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-09-25 03:56 - 2012-08-24 01:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-09-25 03:56 - 2012-08-24 01:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-25 03:56 - 2012-08-24 01:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-25 03:56 - 2012-08-24 01:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-25 03:55 - 2012-08-24 06:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-25 03:55 - 2012-08-24 05:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-25 03:55 - 2012-08-24 05:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-25 03:55 - 2012-08-24 05:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-25 03:55 - 2012-08-24 05:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-25 03:55 - 2012-08-24 05:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-25 03:55 - 2012-08-24 05:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-25 03:55 - 2012-08-24 05:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-25 03:55 - 2012-08-24 05:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-25 03:55 - 2012-08-24 02:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-25 03:55 - 2012-08-24 02:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-25 03:55 - 2012-08-24 01:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

Dan James, Oct 23, 2012

#52
Dan James Newcomer, in training Posts: 80

2012-09-25 03:55 - 2012-08-24 01:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-25 03:55 - 2012-08-24 01:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-25 03:55 - 2012-08-24 01:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-09-25 03:55 - 2012-08-24 01:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-09-25 03:55 - 2012-08-24 01:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
==================== 3 Months Modified Files ==================
2012-10-23 14:05 - 2009-07-14 00:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-23 13:39 - 2012-10-23 13:37 - 00000793 ____A C:\Users\Alex Skittery\Downloads\Search.txt
2012-10-23 13:35 - 2012-10-23 13:33 - 00043395 ____A C:\Users\Alex Skittery\Downloads\FRST.txt
2012-10-23 13:32 - 2012-10-23 13:32 - 01459119 ____A (Farbar) C:\Users\Alex Skittery\Downloads\FRST64.exe
2012-10-23 13:20 - 2012-10-23 13:20 - 00003224 ____N C:\bootsqm.dat
2012-10-23 13:20 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-23 13:20 - 2009-07-13 23:51 - 00066391 ____A C:\Windows\setupact.log
2012-10-23 13:16 - 2012-10-23 13:05 - 83023306 ___AT C:\Users\All Users\Application Data\0tbpw.pad
2012-10-23 13:16 - 2012-10-23 13:05 - 83023306 ___AT C:\Users\All Users\0tbpw.pad
2012-10-23 13:05 - 2012-10-23 13:05 - 00044544 ____A (Microsoft Corporation) C:\Users\All Users\lsass.exe
2012-10-23 13:05 - 2012-10-23 13:05 - 00044544 ____A (Microsoft Corporation) C:\Users\All Users\Application Data\lsass.exe
2012-10-23 13:04 - 2012-06-16 15:08 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-23 12:52 - 2012-10-23 12:52 - 00000165 ___AH C:\Users\Alex Skittery\Desktop\~$work.xlsx
2012-10-23 12:52 - 2012-09-20 11:32 - 00010478 ____A C:\Users\Alex Skittery\Desktop\work.xlsx
2012-10-23 12:46 - 2009-07-14 00:10 - 01897689 ____A C:\Windows\WindowsUpdate.log
2012-10-23 11:23 - 2012-10-23 11:23 - 00000273 ____A C:\Users\Alex Skittery\Desktop\ESETScan.txt
2012-10-23 02:33 - 2012-10-23 02:33 - 02322184 ____A (ESET) C:\Users\Alex Skittery\Downloads\esetsmartinstaller_enu(1).exe
2012-10-22 15:45 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-22 15:45 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-22 15:44 - 2012-10-22 15:44 - 02322184 ____A (ESET) C:\Users\Alex Skittery\Downloads\esetsmartinstaller_enu.exe
2012-10-22 15:33 - 2012-10-22 15:33 - 00448512 ____A (OldTimer Tools) C:\Users\Alex Skittery\Downloads\TFC(1).exe
2012-10-22 15:00 - 2012-10-22 15:00 - 00448512 ____A (OldTimer Tools) C:\Users\Alex Skittery\Downloads\TFC.exe
2012-10-22 14:27 - 2012-10-22 14:26 - 00002908 ____A C:\Users\Alex Skittery\Downloads\FSS.txt
2012-10-22 14:26 - 2012-10-22 14:26 - 00694323 ____A (Farbar) C:\Users\Alex Skittery\Downloads\FSS.exe
2012-10-22 14:22 - 2012-10-22 14:22 - 00881773 ____A C:\Users\Alex Skittery\Downloads\SecurityCheck.exe
2012-10-16 12:12 - 2012-10-10 12:09 - 00097622 ____A C:\Users\Alex Skittery\Desktop\OTL.Txt
2012-10-13 16:14 - 2010-12-30 15:34 - 00054468 ____A C:\Windows\PFRO.log
2012-10-13 14:13 - 2011-01-04 16:16 - 00090624 ____A C:\Users\Alex Skittery\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-13 14:13 - 2011-01-04 16:16 - 00090624 ____A C:\Users\Alex Skittery\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-13 14:13 - 2011-01-04 16:16 - 00090624 ____A C:\Users\Alex Skittery\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-13 13:57 - 2012-10-13 13:57 - 03177840 ____A (McAfee, Inc.) C:\Users\Alex Skittery\Downloads\MCPR.exe
2012-10-11 12:04 - 2012-06-16 15:08 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-10-11 12:04 - 2011-11-29 16:49 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-10-10 12:11 - 2012-10-10 12:11 - 00064656 ____A C:\Users\Alex Skittery\Desktop\Extras.Txt
2012-10-10 12:00 - 2012-10-10 12:00 - 00602112 ____A (OldTimer Tools) C:\Users\Alex Skittery\Downloads\OTL.exe
2012-10-10 12:00 - 2012-10-10 12:00 - 00602112 ____A (OldTimer Tools) C:\Users\Alex Skittery\Desktop\OTL.exe
2012-10-10 11:21 - 2012-03-20 13:33 - 02155915 ____A C:\Windows\System32\Drivers\Cat.DB
2012-10-07 13:02 - 2012-10-07 13:02 - 00021449 ____A C:\ComboFix.txt
2012-10-07 12:42 - 2009-07-13 21:34 - 00000215 ____A C:\Windows\system.ini
2012-10-07 12:24 - 2012-10-07 12:24 - 04762471 ____R (Swearware) C:\Users\Alex Skittery\Desktop\ComboFix.exe
2012-10-07 12:24 - 2012-10-07 12:24 - 04762471 ____A (Swearware) C:\Users\Alex Skittery\Downloads\ComboFix.exe
2012-10-04 11:20 - 2012-10-04 11:20 - 04731392 ____A (AVAST Software) C:\Users\Alex Skittery\Desktop\aswMBR.exe
2012-10-04 11:20 - 2012-10-04 11:19 - 04731392 ____A (AVAST Software) C:\Users\Alex Skittery\Downloads\aswMBR.exe
2012-10-04 10:57 - 2012-06-16 15:03 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-04 10:57 - 2012-06-16 15:03 - 00001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-04 10:55 - 2012-10-04 10:55 - 00001878 ____A C:\Users\Alex Skittery\Desktop\RKreport[2].txt
2012-10-04 10:54 - 2012-10-04 10:54 - 00001889 ____A C:\Users\Alex Skittery\Desktop\RKreport[1].txt
2012-10-04 10:51 - 2012-10-04 10:52 - 01422336 ____A C:\Users\Alex Skittery\Desktop\RogueKiller.exe
2012-10-04 10:51 - 2012-10-04 10:51 - 01422336 ____A C:\Users\Alex Skittery\Downloads\RogueKiller.exe
2012-10-04 10:48 - 2012-10-04 10:48 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\76671082.sys
2012-10-04 10:46 - 2012-10-04 10:47 - 02193278 ____A C:\Users\Alex Skittery\Desktop\tdsskiller.zip
2012-10-04 10:46 - 2012-10-04 10:45 - 02193278 ____A C:\Users\Alex Skittery\Downloads\tdsskiller.zip
2012-10-04 07:38 - 2012-10-04 07:38 - 00001945 ____A C:\Windows\epplauncher.mif
2012-10-04 07:33 - 2012-10-04 07:34 - 197642182 ____A C:\Users\Alex Skittery\Desktop\EmsisoftEmergencyKit.zip
2012-10-04 07:33 - 2012-10-04 07:25 - 197642182 ____A C:\Users\Alex Skittery\Downloads\EmsisoftEmergencyKit.zip
2012-10-04 06:45 - 2012-10-04 06:45 - 00002330 ____A C:\Users\Alex Skittery\Desktop\aswMBR.txt
2012-10-04 06:45 - 2012-10-04 06:27 - 00000512 ____A C:\Users\Alex Skittery\Desktop\MBR.dat
2012-09-26 02:44 - 2012-09-26 02:43 - 00711432 ____A C:\Windows\Minidump\092612-21793-01.dmp
2012-09-26 02:43 - 2011-12-03 11:17 - 670479582 ____A C:\Windows\MEMORY.DMP
2012-09-25 05:17 - 2012-09-25 05:16 - 06135536 ____A C:\Users\Alex Skittery\Downloads\aGUP4870.part
2012-09-25 04:58 - 2012-09-25 04:51 - 78574576 ____A C:\Users\Alex Skittery\Downloads\Tokyo Police Club - 10x10x10 (2011).rar
2012-09-14 14:23 - 2012-10-10 11:22 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 13:30 - 2012-10-10 11:22 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-09-10 14:37 - 2012-07-26 05:02 - 00009473 ____A C:\Users\Alex Skittery\Desktop\job search.xlsx
2012-09-07 11:04 - 2012-06-16 15:03 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-31 13:02 - 2012-10-10 11:23 - 01656688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-30 16:03 - 2012-08-30 16:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-30 16:03 - 2012-03-20 14:44 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-08-30 13:11 - 2012-10-10 11:23 - 05505904 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-30 12:18 - 2012-10-10 11:23 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-30 12:18 - 2012-10-10 11:23 - 03902832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-24 13:05 - 2012-10-10 11:23 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 12:10 - 2012-10-10 11:23 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-24 06:15 - 2012-09-25 03:55 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 05:39 - 2012-09-25 03:55 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 05:31 - 2012-09-25 03:55 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 05:22 - 2012-09-25 03:56 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 05:21 - 2012-09-25 03:55 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 05:20 - 2012-09-25 03:56 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 05:18 - 2012-09-25 03:56 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 05:17 - 2012-09-25 03:55 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 05:14 - 2012-09-25 03:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 05:14 - 2012-09-25 03:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 05:13 - 2012-09-25 03:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 05:12 - 2012-09-25 03:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 05:11 - 2012-09-25 03:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 05:10 - 2012-09-25 03:56 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 05:09 - 2012-09-25 03:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 05:04 - 2012-09-25 03:56 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-24 02:27 - 2012-09-25 03:55 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-24 02:03 - 2012-09-25 03:55 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-24 01:59 - 2012-09-25 03:55 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-24 01:51 - 2012-09-25 03:56 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-24 01:51 - 2012-09-25 03:56 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-24 01:51 - 2012-09-25 03:55 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-24 01:49 - 2012-09-25 03:56 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-24 01:48 - 2012-09-25 03:55 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-24 01:47 - 2012-09-25 03:56 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-24 01:47 - 2012-09-25 03:56 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-24 01:47 - 2012-09-25 03:55 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-24 01:45 - 2012-09-25 03:55 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-24 01:44 - 2012-09-25 03:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-24 01:44 - 2012-09-25 03:55 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-24 01:43 - 2012-09-25 03:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-24 01:40 - 2012-09-25 03:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-21 11:33 - 2012-08-21 11:33 - 00285760 ____A C:\Windows\Minidump\082112-32619-01.dmp
2012-08-18 10:43 - 2012-10-10 11:22 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-08-18 10:43 - 2012-10-10 11:22 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-08-18 10:43 - 2012-10-10 11:22 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-08-18 10:42 - 2012-10-10 11:22 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-18 10:40 - 2012-10-10 11:22 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-08-18 10:37 - 2012-10-10 11:22 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-18 10:37 - 2012-10-10 11:22 - 00425984 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-18 10:34 - 2012-10-10 11:22 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-18 10:22 - 2012-10-10 11:22 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-18 10:22 - 2012-10-10 11:22 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-18 10:22 - 2012-10-10 11:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 10:22 - 2012-10-10 11:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-18 10:22 - 2012-10-10 11:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-18 10:22 - 2012-10-10 11:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-18 10:22 - 2012-10-10 11:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-18 10:22 - 2012-10-10 11:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-18 10:22 - 2012-10-10 11:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-18 10:22 - 2012-10-10 11:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-18 10:22 - 2012-10-10 11:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-18 10:22 - 2012-10-10 11:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-18 10:22 - 2012-10-10 11:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-18 10:22 - 2012-10-10 11:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-18 10:22 - 2012-10-10 11:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-18 10:22 - 2012-10-10 11:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 10:22 - 2012-10-10 11:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-18 10:22 - 2012-10-10 11:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-18 10:22 - 2012-10-10 11:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-18 10:22 - 2012-10-10 11:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-18 10:22 - 2012-10-10 11:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-18 10:22 - 2012-10-10 11:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-18 10:22 - 2012-10-10 11:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-18 10:22 - 2012-10-10 11:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-18 10:22 - 2012-10-10 11:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-18 10:22 - 2012-10-10 11:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-18 10:22 - 2012-10-10 11:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-18 10:22 - 2012-10-10 11:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-18 06:22 - 2012-10-10 11:22 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-08-18 06:19 - 2012-10-10 11:22 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-08-18 06:17 - 2012-10-10 11:22 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-08-18 06:17 - 2012-10-10 11:22 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-08-18 06:17 - 2012-10-10 11:22 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-08-18 06:09 - 2012-10-10 11:22 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-18 06:09 - 2012-10-10 11:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-18 06:09 - 2012-10-10 11:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-18 06:09 - 2012-10-10 11:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-18 06:09 - 2012-10-10 11:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-18 06:09 - 2012-10-10 11:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-18 06:09 - 2012-10-10 11:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-18 06:09 - 2012-10-10 11:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-18 06:09 - 2012-10-10 11:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-18 06:09 - 2012-10-10 11:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-18 06:09 - 2012-10-10 11:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-18 06:09 - 2012-10-10 11:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-18 06:09 - 2012-10-10 11:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-18 06:09 - 2012-10-10 11:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-18 06:09 - 2012-10-10 11:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-18 06:09 - 2012-10-10 11:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-18 06:09 - 2012-10-10 11:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-18 06:09 - 2012-10-10 11:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-18 06:09 - 2012-10-10 11:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-18 06:09 - 2012-10-10 11:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-18 06:09 - 2012-10-10 11:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-18 06:09 - 2012-10-10 11:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-18 06:09 - 2012-10-10 11:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-18 06:09 - 2012-10-10 11:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-18 04:41 - 2009-07-13 23:45 - 00355392 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-18 04:12 - 2012-10-10 11:22 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-08-18 04:12 - 2012-10-10 11:22 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-08-18 04:07 - 2012-10-10 11:22 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-18 04:07 - 2012-10-10 11:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 04:07 - 2012-10-10 11:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 04:07 - 2012-10-10 11:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-10 19:53 - 2012-10-10 11:22 - 00714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-10 18:54 - 2012-10-10 11:22 - 00541184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-08-02 12:55 - 2012-09-12 01:55 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 12:05 - 2012-09-12 01:55 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-08-01 08:11 - 2012-08-01 08:11 - 00000165 ___AH C:\Users\Alex Skittery\Desktop\~$job search.xlsx
==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-10-10 21:01:09
Restore point made on: 2012-10-14 03:17:24
Restore point made on: 2012-10-18 14:44:06
Restore point made on: 2012-10-22 14:27:42
==================== Memory info ===========================
Percentage of memory in use: 15%
Total physical RAM: 3828.3 MB
Available physical RAM: 3227.76 MB
Total Pagefile: 3826.45 MB
Available Pagefile: 3221.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
==================== Partitions =============================
1 Drive c: (OS) (Fixed) (Total:581.48 GB) (Free:426.17 GB) NTFS
3 Drive e: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
4 Drive f: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 Online 960 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 39 MB
Partition 3 Primary 581 GB 14 GB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 F RECOVERY NTFS Partition 14 GB Healthy
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 581 GB Healthy
=========================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 960 MB 16 KB
==================================================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E FAT Removable 960 MB Healthy
=========================================================
Last Boot: 2012-10-16 02:48
==================== End Of Log =============================

Dan James, Oct 23, 2012

#53
Dan James Newcomer, in training Posts: 80

Farbar Recovery Scan Tool (x64) Version: 02-10-2012 01
Ran by SYSTEM at 2012-10-23 21:08:48
Running from E:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\ERDNT\cache64\services.exe
[2012-06-14 03:47] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
====== End Of Search ======

Dan James, Oct 23, 2012

#54
Broni Malware Annihilator Posts: 39,189 +175
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can start normally and report on any issues.
Attached Files:
- fixlist.txt
  
  File size:
  
  241 bytes
  
  Views:
  
  3
Broni, Oct 23, 2012

#55
Dan James Newcomer, in training Posts: 80

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2012 01
Ran by SYSTEM at 2012-10-24 19:32:44 Run:3
Running from F:\
==============================================
C:\Users\Alex Skittery\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
C:\ProgramData\lsass.exe moved successfully.
C:\Users\Alex Skittery\Start Menu\Programs\Startup\ctfmon.lnk not found.
C:\ProgramData\lsass.exe not found.
==== End of Fixlog ====

Dan James, Oct 24, 2012

#56
Dan James Newcomer, in training Posts: 80

Things seem to be working ok at the moment!

Dan James, Oct 24, 2012

#57
Broni Malware Annihilator Posts: 39,189 +175

Good

Continue with my reply #46.

Broni, Oct 24, 2012

#58
Dan James Newcomer, in training Posts: 80

After I ran OTL and it restarted I didn't get a log and there are some translucent items and the desktop such as: desktop.ini. Should I ignore it and carry on?

Dan James, Oct 25, 2012

#59
Broni Malware Annihilator Posts: 39,189 +175

there are some translucent items and the desktop such as: desktop.ini

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Hide protected operating system files.

As for OTL re-run the fix from safe mode.

Broni, Oct 25, 2012

#60

Page 3 of 4

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.