Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Alureon Trojan infection causing multiple problems with computer


  • This topic is locked This topic is locked
40 replies to this topic

#1 mania12

mania12

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:16 AM

Posted 14 April 2012 - 11:21 AM

I've been told to post in this section after I spoke with an advisor in the "Am I Infected? What do I do?" section. I had run TDSSKiller and nothing was found. GMER was the next step but I did not do this step since I do have a 64 bit OS. I then proceeded with trying to run aswMBR but that had failed since the scan would crash everytime it reached a certain point (I even tried this in safe mode and the same thing happened). I was told to run FIXTDSS later and no infections were found. Lastly I ran Autoruns, but the advisor did not find anythng suspicious from the file I posted and had told me we needed to take a deeper look.

This is my computer problem history:

I've always had issues with AVG anti-virus and Windows Defender. Upon a series of fights with the two programs, I somehow stopped the conflict. This may be irrelevant, but I thought it might be good to include since Windows Dfender is now unable to start and AVG doesn't seem to catch evrything/anything. About a month ago Windows Defender caught a Trojan (I can't remember correctly but I believe it was called Alureon) and said to have contained it. It further instructed me to restart and remove traces of the trojan. I restarted and was going to follow instructions which I found online to remove any of it's traces but I never got to that after restarting.

Now I am faced with many other problems which I think the trojan is responsible for. I was recently attacked by the UKash virus which held me ransom from my computer. I went through multiple manual ways of removing the virus but had no luck since I was unable to locate the virus files to delete them or did any files on my system look suspicious (I am not computer expert though). I resorted to system restore which I believe will give me temporary relief. Also, last week I was trying to open internet explorer and load the google search page, but my computer froze up on me. I had to force my computer to shut down since I could not even open task manager. That's when the mess started and my computer told me my Windows OS was unable to start properly. I had to repair my computer through "system recovery" and the identified problem was that I had installed or updated something which was preventing my computer from starting. I suspect that was the trojan's doing. Before all this I had been suffering from bad internet connectivity and was troubled by network drivers which kept becomming corrupt(which I then had to download and reinstall manually). I've got my computer working again but I do feel as if something is still pumping in spyware since I am sometimes being redirected from my google searches to different pages and random pop-ups. Also sometimes when a page loads it would go to googledoubleclick.com (which shows as blank) then load the correct page.

I can feel as if something is wrong with my computer, but I just don't know how to go about dealing with it. I ran malwarebytes to try and remove the UKash virus but that did not work. Instead I found 3 other infections which I was able to remove. How can I find the root of all this trouble? I have pasted the DDS file and attached the attach file to this post. Thank you in advance!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by Mei Ling at 11:54:28 on 2012-04-14
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3962.1453 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Sony\VAIO Care\collsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Mei Ling\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Google Update] "C:\Users\Mei Ling\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
uRun: [dicror] rundll32.exe "C:\Users\MEILIN~1\AppData\Local\Temp\dicror.dll",GetLastError
mRun: [SmartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [VAIOSurvey] "C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\MEILIN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Mei Ling\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\MEILIN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CB09B296-E789-4499-8D36-C314C64EC8E2} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D609E5C3-4A8E-4C43-A407-F5CE132FA5EC} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: VESWinlogon - VESWinlogon.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [SmartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun-x64: [VAIOSurvey] "C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe"
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mei Ling\AppData\Roaming\Mozilla\Firefox\Profiles\n64sdpfe.default\
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Mei Ling\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Mei Ling\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Mei Ling\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NACAgent;Cisco NAC Agent;C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2010-2-5 742144]
R2 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-2-17 167424]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2010-2-17 104960]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-4-16 411496]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-1-14 5184872]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 NETwNv64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETwNv64.sys --> C:\Windows\system32\DRIVERS\NETwNv64.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1cab0312c51a695;Google Update Service (gupdate1cab0312c51a695);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-17 133104]
S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 253088]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-17 133104]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-2-17 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2010-2-17 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-2-17 390440]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-2-17 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2010-2-17 91432]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-11-26 155344]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-2-17 394536]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-2-17 110376]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-2-19 89920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-04-12 02:41:59 3765288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-04-12 02:41:35 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{63536A70-A3F9-44DC-813D-55F7CEB6699F}\mpengine.dll
2012-04-12 02:41:29 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-04-11 23:19:40 -------- d-----w- C:\Users\Mei Ling\AppData\Roaming\gizza
2012-04-07 01:04:13 -------- d-----w- C:\Users\Mei Ling\AppData\Local\{3954D756-976B-4AC0-BE23-A4A61DD802F7}
2012-04-07 01:03:46 -------- d-----w- C:\Users\Mei Ling\AppData\Local\{FC2270EC-E541-4412-B083-7FB134912FF0}
2012-04-04 00:10:22 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-03 23:46:26 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-03 23:38:02 -------- d-----w- C:\Users\Mei Ling\AppData\Local\{0974A238-7DE6-11E1-826D-B8AC6F996F26}
2012-04-01 03:33:31 -------- d-----w- C:\Users\Mei Ling\AppData\Local\{BFD305AF-0186-44FC-8805-C2312965129C}
2012-03-29 03:46:48 -------- d-----w- C:\Temp
2012-03-26 01:27:55 -------- d-----w- C:\Users\Mei Ling\AppData\Local\{0D981281-93BA-445C-9E39-A9765D10D3DB}
2012-03-26 01:27:34 -------- d-----w- C:\Users\Mei Ling\AppData\Local\{8EEFA306-F255-4E1F-8161-8C17B6310312}
2012-03-25 16:01:34 -------- d-----w- C:\Users\Mei Ling\AppData\Local\{B2B3110D-5123-4068-A4E5-8C2FA0350A97}
2012-03-25 16:01:07 -------- d-----w- C:\Users\Mei Ling\AppData\Local\{99B4934C-702F-46E2-A280-0E3570AB0157}
2012-03-23 16:09:44 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-23 16:09:44 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
.
==================== Find3M ====================
.
2012-04-14 05:12:57 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-17 06:13:39 525792 ----a-w- C:\Windows\DIFxAPI.dll
2012-01-17 06:13:30 319488 ----a-w- C:\Windows\HideWin.exe
2012-01-17 05:12:49 1698408 ----a-w- C:\Windows\RtlExUpd.dll
2006-05-03 16:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 17:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 19:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
.
============= FINISH: 11:55:43.25 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:16 AM

Posted 14 April 2012 - 01:00 PM

Hi,

Please do the following:


For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 mania12

mania12
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:16 AM

Posted 14 April 2012 - 04:46 PM

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 14-04-2012 17:39:01
Running from F:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] RAVCpl64.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1674536 2009-02-09] (Synaptics, Inc.)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [15959584 2009-01-06] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [82464 2009-01-06] (NVIDIA Corporation)
HKLM\...\Run: [Unattend0000000001{2BA9322D-D12D-4C0F-916F-079F4F16B6CF}] %PROGRAMFILES%\Sony\First Experience\VAIOWelcome.exe [x]
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2184520 2009-03-23] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] "C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" /logon [767312 2009-03-17] (CANON INC.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM-x32\...\Run: [SmartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup [77824 2009-03-05] (Sony Electronics Corporation)
HKLM-x32\...\Run: [VAIOSurvey] "C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe" [385024 2008-07-25] ()
HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [317288 2008-12-18] (Sony Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [36272 2010-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [952768 2010-03-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe [454400 2010-02-05] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2010-07-12] (Nullsoft, Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1226608 2010-12-09] ()
HKLM-x32\...\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start [63360 2010-12-08] (DivX, LLC)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2416480 2012-01-24] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKU\Mei Ling\...\Run: [Google Update] "C:\Users\Mei Ling\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-03-18] (Google Inc.)
HKU\Mei Ling\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Mei Ling\...\Run: [Sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background [433360 2011-07-25] (Sony Ericsson)
HKU\Mei Ling\...\Run: [dicror] rundll32.exe "C:\Users\MEILIN~1\AppData\Local\Temp\dicror.dll",GetLastError [244224 2012-04-03] (Voyetra Turtle Beach, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) ======

3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253088 2012-04-13] (Adobe Systems Incorporated)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [4433248 2011-10-12] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [192776 2011-08-02] (AVG Technologies CZ, s.r.o.)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 gupdate1cab0312c51a695; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [133104 2010-02-17] (Google Inc.)
2 NACAgent; "C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe" [742144 2010-02-05] (Cisco Systems, Inc.)
3 p2pimsvc; C:\Windows\SysWow64\p2psvc.dll [644608 2009-04-10] (Microsoft Corporation)
3 p2psvc; C:\Windows\SysWow64\p2psvc.dll [644608 2009-04-10] (Microsoft Corporation)
3 PACSPTISVR; "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe" [114688 2009-01-08] (Sony Corporation)
3 PNRPAutoReg; C:\Windows\SysWow64\p2psvc.dll [644608 2009-04-10] (Microsoft Corporation)
3 PNRPsvc; C:\Windows\SysWow64\p2psvc.dll [644608 2009-04-10] (Microsoft Corporation)
2 SampleCollector; "C:\Program Files\Sony\VAIO Care\collsvc.exe" "/service" "/counter=\Processor(_Total)\% Processor Time:5" "/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5" "/counter=\Network Interface(*)\Bytes Total/sec:5" "/directory=inteldata" [167424 2008-09-29] (Intel Corporation)
3 SCardSvr; C:\Windows\SysWow64\SCardSvr.dll [95232 2009-04-10] (Microsoft Corporation)
3 SOHCImp; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe" [120104 2009-01-20] (Sony Corporation)
3 SOHDBSvr; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe" [70952 2009-01-20] (Sony Corporation)
3 SOHDms; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe" [390440 2009-01-20] (Sony Corporation)
3 SOHDs; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe" [75048 2009-01-20] (Sony Corporation)
3 SOHPlMgr; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe" [91432 2009-01-20] (Sony Corporation)
3 Sony Ericsson PCCompanion; "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe" [155344 2011-06-29] (Avanquest Software)
2 Themes; C:\Windows\SysWow64\shsvcs.dll [247808 2009-07-10] (Microsoft Corporation)
2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
3 VAIO Entertainment TV Device Arbitration Service; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe" [69632 2009-01-21] (Sony Corporation)
2 VAIO Event Service; "C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe" [203624 2009-01-19] (Sony Corporation)
2 VAIO Power Management; "C:\Program Files\Sony\VAIO Power Management\SPMService.exe" [411496 2008-12-19] (Sony Corporation)
2 VCFw; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe" [5184872 2009-01-14] (Sony Corporation)
3 VcmIAlzMgr; "C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [394536 2009-01-19] (Sony Corporation)
3 VcmXmlIfHelper; "C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe" [110376 2009-01-16] (Sony Corporation)
3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -RunBySCM [313264 2009-01-21] (Sony Corporation)
2 VzCdbSvc; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe" [192512 2009-01-21] (Sony Corporation)
2 IviRegMgr; "c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe" [x]
3 msiserver; C:\Windows\System32\msiexec /V [x]
2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 [x]

========================== Drivers (Whitelisted) =============

3 ArcSoftKsUFilter; C:\Windows\System32\Drivers\ArcSoftKsUFilter.sys [19968 2008-04-24] (ArcSoft, Inc.)
3 AVGIDSDriver; C:\Windows\System32\Drivers\AVGIDSDriver.sys [120400 2011-07-10] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\Drivers\AVGIDSEH.sys [26704 2011-07-10] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\Drivers\AVGIDSFilter.sys [29776 2011-07-10] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [283728 2011-10-07] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [46672 2011-08-08] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [37456 2011-09-13] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [375376 2011-07-10] (AVG Technologies CZ, s.r.o.)
1 DMICall; C:\Windows\SysWow64\Drivers\DMICall.sys [10216 2008-11-24] (Sony Corporation)
3 NETwNv64; C:\Windows\System32\Drivers\NETwNv64.sys [8388096 2011-08-03] (Intel Corporation)
3 rimsptsk; C:\Windows\System32\DRIVERS\rimssn64.sys [85504 2008-10-22] (REDC)
2 risdptsk; C:\Windows\System32\DRIVERS\risdsn64.sys [76288 2008-10-22] (REDC)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\ENG64.SYS [x]
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\EX64.SYS [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [x]
1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [x]

========================== NetSvcs (Whitelisted) ===========
NETSVCx32: Themes

============ One Month Created Files and Folders ==============

2012-04-14 17:38 - 2012-04-14 17:38 - 0000000 ____D C:\FRST
2012-04-14 08:02 - 2012-04-14 08:02 - 0026586 ____A C:\Users\Mei Ling\Desktop\DDS.txt
2012-04-14 08:02 - 2012-04-14 08:02 - 0019987 ____A C:\Users\Mei Ling\Desktop\Attach.txt
2012-04-14 07:53 - 2012-04-14 07:53 - 0607260 ____R (Swearware) C:\Users\Mei Ling\Desktop\dds.scr
2012-04-14 07:51 - 2012-04-14 07:51 - 0000478 ____A C:\Users\Mei Ling\Downloads\defogger_disable.log
2012-04-14 07:51 - 2012-04-14 07:51 - 0000000 ____A C:\Users\Mei Ling\defogger_reenable
2012-04-14 07:50 - 2012-04-14 07:50 - 0050477 ____A C:\Users\Mei Ling\Downloads\Defogger.exe
2012-04-13 21:12 - 2012-04-13 21:14 - 0090652 ____A C:\Users\Mei Ling\Desktop\AutoRuns.txt
2012-04-13 18:37 - 2012-04-13 18:37 - 1932256 ____A (Symantec Corporation) C:\Users\Mei Ling\Downloads\FixTDSS.exe
2012-04-13 08:39 - 2012-04-13 18:45 - 4155482112 __ASH C:\hiberfil.sys
2012-04-13 08:09 - 2012-04-13 08:21 - 0223784 ____A C:\Windows\ntbtlog.txt
2012-04-12 15:47 - 2012-04-12 16:31 - 0000000 ____D C:\Users\Mei Ling\Desktop\Recordings
2012-04-12 14:15 - 2012-04-12 14:15 - 4731392 ____A (AVAST Software) C:\Users\Mei Ling\Downloads\aswMBR.exe
2012-04-12 14:12 - 2012-04-12 14:14 - 0124854 ____A C:\TDSSKiller.2.7.28.0_12.04.2012_18.12.37_log.txt
2012-04-12 14:11 - 2012-04-12 14:11 - 0000350 ____A C:\TDSSKiller.2.7.20.0_12.04.2012_18.11.49_log.txt
2012-04-12 14:11 - 2012-04-12 14:11 - 0000000 ____D C:\Users\Mei Ling\Desktop\rty74we
2012-04-11 18:41 - 2012-02-23 06:18 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-04-11 15:19 - 2012-04-11 15:20 - 0000000 ____D C:\Users\Mei Ling\AppData\Roaming\gizza
2012-04-09 22:08 - 2012-04-09 22:08 - 8074607 ____A C:\Users\Mei Ling\Desktop\Ch12-9%20revised.pdf
2012-04-06 17:04 - 2012-04-06 17:05 - 0000000 ____D C:\Users\Mei Ling\AppData\Local\{3954D756-976B-4AC0-BE23-A4A61DD802F7}
2012-04-06 17:03 - 2012-04-06 17:04 - 0000000 ____D C:\Users\Mei Ling\AppData\Local\{FC2270EC-E541-4412-B083-7FB134912FF0}
2012-04-04 13:08 - 2012-04-13 21:13 - 0000000 ____D C:\Users\Mei Ling\Desktop\PCK
2012-04-03 19:38 - 2012-04-03 19:38 - 0009983 ____A C:\Users\Mei Ling\Downloads\protein-ladder.jpg
2012-04-03 19:26 - 2012-04-03 23:13 - 0025088 ____A C:\Users\Mei Ling\Downloads\plate1&times (1).xls
2012-04-03 19:23 - 2012-04-03 23:13 - 0024576 ____A C:\Users\Mei Ling\Downloads\expt 18 plate1 succinate strains 13-03-12 (1).xls
2012-04-03 19:23 - 2012-04-03 19:23 - 0024064 ____A C:\Users\Mei Ling\Downloads\expt 18 plate3 glucose strains 13-03-12 (1).xls
2012-04-03 19:09 - 2012-04-03 19:09 - 0022016 ____A C:\Users\Mei Ling\Downloads\plate1&times.xls
2012-04-03 19:06 - 2012-04-03 23:13 - 0020480 ____A C:\Users\Mei Ling\Downloads\expt 18 plate2 extract 13-03-12.xls
2012-04-03 19:06 - 2012-04-03 19:06 - 0014848 ____A C:\Users\Mei Ling\Downloads\expt 18 plate4 extract 13-03-12.xls
2012-04-03 19:06 - 2012-04-03 19:06 - 0014848 ____A C:\Users\Mei Ling\Downloads\expt 18 plate3 glucose strains 13-03-12.xls
2012-04-03 19:06 - 2012-04-03 19:06 - 0014848 ____A C:\Users\Mei Ling\Downloads\expt 18 plate1 succinate strains 13-03-12.xls
2012-04-03 16:10 - 2012-04-13 21:12 - 8741536 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-03 15:46 - 2012-04-14 13:29 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-03 15:46 - 2012-04-13 21:12 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-03 15:46 - 2012-04-03 15:46 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-03 15:38 - 2012-04-03 15:38 - 0000000 ____D C:\Users\Mei Ling\AppData\Local\{0974A238-7DE6-11E1-826D-B8AC6F996F26}
2012-04-03 11:35 - 2012-04-03 11:35 - 0572459 ____A C:\Users\Mei Ling\Desktop\18017.full.pdf
2012-04-02 23:59 - 2012-04-02 23:59 - 0024064 ____A C:\Users\Mei Ling\Documents\plate1&times.xls
2012-04-02 23:57 - 2012-04-02 23:57 - 0025088 ____A C:\Users\Mei Ling\Desktop\Exp 18 Times.xls
2012-04-02 23:12 - 2012-04-03 23:13 - 0037037 ____A C:\Users\Mei Ling\Desktop\L4L5.xlsx
2012-04-02 22:35 - 2012-04-02 22:35 - 0012503 ____A C:\Users\Mei Ling\.recently-used.xbel
2012-04-02 21:28 - 2012-04-05 10:51 - 0715989 ____A C:\Users\Mei Ling\Documents\3V03_Lab4Lab5.docx
2012-04-02 18:26 - 2012-04-02 18:26 - 0000162 ___AH C:\Users\Mei Ling\Desktop\~$osophila Figure.docx
2012-03-31 19:33 - 2012-03-31 19:33 - 0000000 ____D C:\Users\Mei Ling\AppData\Local\{BFD305AF-0186-44FC-8805-C2312965129C}
2012-03-30 20:39 - 2012-03-30 20:39 - 2832123 ____A C:\Users\Mei Ling\Downloads\vs - the voice 8 - YouTube .mp3
2012-03-29 11:08 - 2012-03-29 11:08 - 219785216 ____A C:\Users\Mei Ling\Downloads\FAMSPECIAL6.avi
2012-03-29 11:04 - 2012-03-29 11:07 - 62498816 ____A C:\Users\Mei Ling\Downloads\FAMSPECIAL6.avi.002
2012-03-29 10:46 - 2012-03-29 10:57 - 157286400 ____A C:\Users\Mei Ling\Downloads\FAMSPECIAL6.avi.001
2012-03-29 10:13 - 2012-03-29 10:14 - 243306496 ____A C:\Users\Mei Ling\Downloads\FAMSPECIAL3.avi
2012-03-29 09:49 - 2012-03-29 10:04 - 86020096 ____A C:\Users\Mei Ling\Downloads\FAMSPECIAL3.avi.002
2012-03-29 09:48 - 2012-03-29 10:13 - 157286400 ____A C:\Users\Mei Ling\Downloads\FAMSPECIAL3.avi.001
2012-03-26 17:49 - 2012-03-26 17:49 - 0069424 ____A C:\Users\Mei Ling\Downloads\DNA ladder.jpg
2012-03-26 17:44 - 2012-03-26 17:44 - 0449384 ____A C:\Users\Mei Ling\Downloads\SDS_PAGE_1.JPG
2012-03-26 17:44 - 2012-03-26 17:44 - 0136291 ____A C:\Users\Mei Ling\Downloads\2012_03_13_BIO3V03_Gel1.jpg
2012-03-26 17:43 - 2012-03-26 17:44 - 0056806 ____A C:\Users\Mei Ling\Downloads\Experiment 17.pdf
2012-03-25 17:27 - 2012-03-25 17:28 - 0000000 ____D C:\Users\Mei Ling\AppData\Local\{0D981281-93BA-445C-9E39-A9765D10D3DB}
2012-03-25 17:27 - 2012-03-25 17:27 - 0000000 ____D C:\Users\Mei Ling\AppData\Local\{8EEFA306-F255-4E1F-8161-8C17B6310312}
2012-03-25 08:01 - 2012-03-25 08:01 - 0000000 ____D C:\Users\Mei Ling\AppData\Local\{B2B3110D-5123-4068-A4E5-8C2FA0350A97}
2012-03-25 08:01 - 2012-03-25 08:01 - 0000000 ____D C:\Users\Mei Ling\AppData\Local\{99B4934C-702F-46E2-A280-0E3570AB0157}
2012-03-24 18:47 - 2012-03-30 17:22 - 0013636 ____A C:\Users\Mei Ling\Documents\Progress.docx
2012-03-21 20:10 - 2012-03-21 20:10 - 0000000 ____D C:\Users\Mei Ling\Desktop\Campos1
2012-03-21 12:48 - 2012-03-21 12:48 - 0107109 ____A C:\Users\Mei Ling\Desktop\MolBiol%203II3%20Quiz%204%20with%20answers.pdf
2012-03-21 12:08 - 2012-03-21 12:09 - 0000000 ____D C:\Users\Mei Ling\Desktop\Larva
2012-03-18 12:25 - 2012-03-18 12:25 - 1339003 ____A C:\Users\Mei Ling\Desktop\LBD_maxi_skirt_pattern_FULL.pdf
2012-03-15 21:28 - 2012-03-15 21:29 - 0000000 ____D C:\Users\Mei Ling\Desktop\New Folder

============ 3 Months Modified Files and Folders =============

2012-04-14 17:38 - 2012-04-14 17:38 - 0000000 ____D C:\FRST
2012-04-14 13:33 - 2009-04-16 16:37 - 0005332 ____A C:\Windows\bthservsdp.dat
2012-04-14 13:32 - 2010-02-17 16:14 - 1899316 ____A C:\Windows\WindowsUpdate.log
2012-04-14 13:32 - 2006-11-02 07:42 - 0032634 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-14 13:32 - 2006-11-02 07:42 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-14 13:29 - 2012-04-03 15:46 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-14 13:29 - 2010-09-10 19:32 - 0000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2308557584-2256772184-915271366-1002UA.job
2012-04-14 13:29 - 2010-02-21 13:38 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-14 13:28 - 2010-02-21 13:38 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-14 13:28 - 2006-11-02 07:22 - 0003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-14 13:28 - 2006-11-02 07:22 - 0003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-14 08:02 - 2012-04-14 08:02 - 0026586 ____A C:\Users\Mei Ling\Desktop\DDS.txt
2012-04-14 08:02 - 2012-04-14 08:02 - 0019987 ____A C:\Users\Mei Ling\Desktop\Attach.txt
2012-04-14 07:53 - 2012-04-14 07:53 - 0607260 ____R (Swearware) C:\Users\Mei Ling\Desktop\dds.scr
2012-04-14 07:51 - 2012-04-14 07:51 - 0000478 ____A C:\Users\Mei Ling\Downloads\defogger_disable.log
2012-04-14 07:51 - 2012-04-14 07:51 - 0000000 ____A C:\Users\Mei Ling\defogger_reenable
2012-04-14 07:51 - 2010-02-19 11:28 - 0000000 ____D C:\users\Mei Ling
2012-04-14 07:50 - 2012-04-14 07:50 - 0050477 ____A C:\Users\Mei Ling\Downloads\Defogger.exe
2012-04-14 07:44 - 2011-03-18 19:20 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2012-04-14 07:44 - 2010-11-30 14:31 - 0000000 ____D C:\Users\All Users\MFAData
2012-04-14 07:44 - 2010-11-30 14:31 - 0000000 ____D C:\ProgramData\MFAData
2012-04-13 21:14 - 2012-04-13 21:12 - 0090652 ____A C:\Users\Mei Ling\Desktop\AutoRuns.txt
2012-04-13 21:13 - 2012-04-04 13:08 - 0000000 ____D C:\Users\Mei Ling\Desktop\PCK
2012-04-13 21:12 - 2012-04-03 16:10 - 8741536 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-13 21:12 - 2012-04-03 15:46 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-13 21:12 - 2011-08-27 06:47 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-13 19:12 - 2006-11-02 04:46 - 0703388 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-13 18:48 - 2011-05-26 11:29 - 0000000 ___RD C:\Users\Mei Ling\Dropbox
2012-04-13 18:48 - 2011-05-26 11:25 - 0000000 ____D C:\Users\Mei Ling\AppData\Roaming\Dropbox
2012-04-13 18:46 - 2010-12-29 20:01 - 0000386 ____A C:\Windows\Tasks\RegistryReviver64-Mei Ling-Startup.job
2012-04-13 18:45 - 2012-04-13 08:39 - 4155482112 __ASH C:\hiberfil.sys
2012-04-13 18:37 - 2012-04-13 18:37 - 1932256 ____A (Symantec Corporation) C:\Users\Mei Ling\Downloads\FixTDSS.exe
2012-04-13 14:46 - 2010-09-10 19:32 - 0000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2308557584-2256772184-915271366-1002Core.job
2012-04-13 08:21 - 2012-04-13 08:09 - 0223784 ____A C:\Windows\ntbtlog.txt
2012-04-13 08:18 - 2006-11-02 07:21 - 0333840 ____A C:\Windows\System32\FNTCACHE.DAT
2012-04-12 16:31 - 2012-04-12 15:47 - 0000000 ____D C:\Users\Mei Ling\Desktop\Recordings
2012-04-12 14:15 - 2012-04-12 14:15 - 4731392 ____A (AVAST Software) C:\Users\Mei Ling\Downloads\aswMBR.exe
2012-04-12 14:14 - 2012-04-12 14:12 - 0124854 ____A C:\TDSSKiller.2.7.28.0_12.04.2012_18.12.37_log.txt
2012-04-12 14:11 - 2012-04-12 14:11 - 0000350 ____A C:\TDSSKiller.2.7.20.0_12.04.2012_18.11.49_log.txt
2012-04-12 14:11 - 2012-04-12 14:11 - 0000000 ____D C:\Users\Mei Ling\Desktop\rty74we
2012-04-11 18:10 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-11 17:52 - 2010-03-01 21:13 - 0000000 ____D C:\Users\Mei Ling\Documents\WebCam Albums
2012-04-11 17:52 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\spool
2012-04-11 17:52 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\Msdtc
2012-04-11 17:52 - 2006-11-02 04:33 - 75235328 ____A C:\Windows\System32\config\software_previous
2012-04-11 17:52 - 2006-11-02 04:33 - 46661632 ____A C:\Windows\System32\config\components_previous
2012-04-11 17:52 - 2006-11-02 04:33 - 21495808 ____A C:\Windows\System32\config\system_previous
2012-04-11 17:52 - 2006-11-02 04:33 - 0524288 ____A C:\Windows\System32\config\default_previous
2012-04-11 17:52 - 2006-11-02 04:33 - 0262144 ____A C:\Windows\System32\config\security_previous
2012-04-11 17:52 - 2006-11-02 04:33 - 0262144 ____A C:\Windows\System32\config\sam_previous
2012-04-11 17:51 - 2011-12-09 20:28 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-11 17:51 - 2011-12-09 20:28 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-11 17:51 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\registration
2012-04-11 17:29 - 2010-11-28 22:32 - 0000000 ____D C:\Windows\pss
2012-04-11 16:36 - 2008-01-20 19:26 - 0284622 ____A C:\Windows\PFRO.log
2012-04-11 16:25 - 2010-06-21 20:23 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-11 15:20 - 2012-04-11 15:19 - 0000000 ____D C:\Users\Mei Ling\AppData\Roaming\gizza
2012-04-09 22:13 - 2012-01-09 13:21 - 0000000 ____D C:\Users\Mei Ling\Desktop\MOL BIO 3M03
2012-04-09 22:08 - 2012-04-09 22:08 - 8074607 ____A C:\Users\Mei Ling\Desktop\Ch12-9%20revised.pdf
2012-04-09 22:07 - 2012-01-09 13:14 - 0000000 ____D C:\Users\Mei Ling\Desktop\MOL BIO 3V03
2012-04-09 20:26 - 2012-02-29 06:10 - 0000000 ____D C:\Users\Mei Ling\Desktop\New Folder (3)
2012-04-09 20:26 - 2012-01-09 13:33 - 0000000 ____D C:\Users\Mei Ling\Desktop\MOL BIO 4P03
2012-04-07 11:34 - 2012-01-09 13:14 - 0000000 ____D C:\Users\Mei Ling\Desktop\MOL BIO 3Y03
2012-04-06 17:05 - 2012-04-06 17:04 - 0000000 ____D C:\Users\Mei Ling\AppData\Local\{3954D756-976B-4AC0-BE23-A4A61DD802F7}
2012-04-06 17:04 - 2012-04-06 17:03 - 0000000 ____D C:\Users\Mei Ling\AppData\Local\{FC2270EC-E541-4412-B083-7FB134912FF0}
2012-04-06 17:03 - 2010-02-19 17:07 - 0000000 ____D C:\Users\Mei Ling\Tracing
2012-04-05 10:51 - 2012-04-02 21:28 - 0715989 ____A C:\Users\Mei Ling\Documents\3V03_Lab4Lab5.docx
2012-04-05 08:15 - 2006-11-02 07:27 - 0063101 ____A C:\Windows\setupact.log
2012-04-04 02:46 - 2010-02-23 09:14 - 0000000 ____D C:\Users\Mei Ling\AppData\Roaming\Mozilla
2012-04-04 02:04 - 2011-08-08 19:29 - 0000000 ____D C:\Users\Mei Ling\.gimp-2.6
2012-04-03 23:13 - 2012-04-03 19:26 - 0025088 ____A C:\Users\Mei Ling\Downloads\plate1&times (1).xls
2012-04-03 23:13 - 2012-04-03 19:23 - 0024576 ____A C:\Users\Mei Ling\Downloads\expt 18 plate1 succinate strains 13-03-12 (1).xls
2012-04-03 23:13 - 2012-04-03 19:06 - 0020480 ____A C:\Users\Mei Ling\Downloads\expt 18 plate2 extract 13-03-12.xls
2012-04-03 23:13 - 2012-04-02 23:12 - 0037037 ____A C:\Users\Mei Ling\Desktop\L4L5.xlsx
2012-04-03 19:38 - 2012-04-03 19:38 - 0009983 ____A C:\Users\Mei Ling\Downloads\protein-ladder.jpg
2012-04-03 19:23 - 2012-04-03 19:23 - 0024064 ____A C:\Users\Mei Ling\Downloads\expt 18 plate3 glucose strains 13-03-12 (1).xls
2012-04-03 19:09 - 2012-04-03 19:09 - 0022016 ____A C:\Users\Mei Ling\Downloads\plate1&times.xls
2012-04-03 19:06 - 2012-04-03 19:06 - 0014848 ____A C:\Users\Mei Ling\Downloads\expt 18 plate4 extract 13-03-12.xls
2012-04-03 19:06 - 2012-04-03 19:06 - 0014848 ____A C:\Users\Mei Ling\Downloads\expt 18 plate3 glucose strains 13-03-12.xls
2012-04-03 19:06 - 2012-04-03 19:06 - 0014848 ____A C:\Users\Mei Ling\Downloads\expt 18 plate1 succinate strains 13-03-12.xls
2012-04-03 15:46 - 2012-04-03 15:46 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-03 15:43 - 2011-10-13 08:08 - 0000000 ____D C:\Users\All Users\AVG2012
2012-04-03 15:43 - 2011-10-13 08:08 - 0000000 ____D C:\ProgramData\AVG2012
2012-04-03 15:38 - 2012-04-03 15:38 - 0000000 ____D C:\Users\Mei Ling\AppData\Local\{0974A238-7DE6-11E1-826D-B8AC6F996F26}
2012-04-03 11:35 - 2012-04-03 11:35 - 0572459 ____A C:\Users\Mei Ling\Desktop\18017.full.pdf
2012-04-02 23:59 - 2012-04-02 23:59 - 0024064 ____A C:\Users\Mei Ling\Documents\plate1&times.xls
2012-04-02 23:57 - 2012-04-02 23:57 - 0025088 ____A C:\Users\Mei Ling\Desktop\Exp 18 Times.xls
2012-04-02 22:35 - 2012-04-02 22:35 - 0012503 ____A C:\Users\Mei Ling\.recently-used.xbel
2012-04-02 18:26 - 2012-04-02 18:26 - 0000162 ___AH C:\Users\Mei Ling\Desktop\~$osophila Figure.docx
2012-04-02 18:19 - 2012-01-09 13:18 - 0000000 ____D C:\Users\Mei Ling\Desktop\MOL BIO 3II3
2012-03-31 19:33 - 2012-03-31 19:33 - 0000000 ____D C:\Users\Mei Ling\AppData\Local\{BFD305AF-0186-44FC-8805-C2312965129C}
2012-03-30 20:41 - 2010-02-22 04:46 - 0000000 ____D C:\Users\Mei Ling\AppData\Roaming\vlc
2012-03-30 20:39 - 2012-03-30 20:39 - 2832123 ____A C:\Users\Mei Ling\Downloads\vs - the voice 8 - YouTube .mp3
2012-03-30 17:22 - 2012-03-24 18:47 - 0013636 ____A C:\Users\Mei Ling\Documents\Progress.docx
2012-03-29 11:08 - 2012-03-29 11:08 - 219785216 ____A C:\Users\Mei Ling\Downloads\FAMSPECIAL6.avi
2012-03-29 11:07 - 2012-03-29 11:04 - 62498816 ____A C:\Users\Mei Ling\Downloads\FAMSPECIAL6.avi.002
2012-03-29 10:57 - 2012-03-29 10:46 - 157286400 ____A C:\Users\Mei Ling\Downloads\FAMSPECIAL6.avi.001
2012-03-29 10:14 - 2012-03-29 10:13 - 243306496 ____A C:\Users\Mei Ling\Downloads\FAMSPECIAL3.avi
2012-03-29 10:13 - 2012-03-29 09:48 - 157286400 ____A C:\Users\Mei Ling\Downloads\FAMSPECIAL3.avi.001
2012-03-29 10:04 - 2012-03-29 09:49 - 86020096 ____A C:\Users\Mei Ling\Downloads\FAMSPECIAL3.avi.002
2012-03-28 20:05 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-03-26 17:49 - 2012-03-26 17:49 - 0069424 ____A C:\Users\Mei Ling\Downloads\DNA ladder.jpg
2012-03-26 17:44 - 2012-03-26 17:44 - 0449384 ____A C:\Users\Mei Ling\Downloads\SDS_PAGE_1.JPG
2012-03-26 17:44 - 2012-03-26 17:44 - 0136291 ____A C:\Users\Mei Ling\Downloads\2012_03_13_BIO3V03_Gel1.jpg
2012-03-26 17:44 - 2012-03-26 17:43 - 0056806 ____A C:\Users\Mei Ling\Downloads\Experiment 17.pdf
2012-03-25 17:28 - 2012-03-25 17:27 - 0000000 ____D C:\Users\Mei Ling\AppData\Local\{0D981281-93BA-445C-9E39-A9765D10D3DB}
2012-03-25 17:27 - 2012-03-25 17:27 - 0000000 ____D C:\Users\Mei Ling\AppData\Local\{8EEFA306-F255-4E1F-8161-8C17B6310312}
2012-03-25 08:01 - 2012-03-25 08:01 - 0000000 ____D C:\Users\Mei Ling\AppData\Local\{B2B3110D-5123-4068-A4E5-8C2FA0350A97}
2012-03-25 08:01 - 2012-03-25 08:01 - 0000000 ____D C:\Users\Mei Ling\AppData\Local\{99B4934C-702F-46E2-A280-0E3570AB0157}
2012-03-23 21:56 - 2011-11-17 16:12 - 0000000 ____D C:\Users\Mei Ling\Desktop\New Folder (2)
2012-03-23 08:09 - 2010-03-31 19:28 - 0001356 ____A C:\Users\Mei Ling\AppData\Local\d3d9caps.dat
2012-03-23 08:09 - 2010-02-23 09:11 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-03-23 06:08 - 2011-05-26 11:27 - 0000908 ____A C:\Users\Mei Ling\Start Menu\Programs\Startup\Dropbox.lnk
2012-03-23 06:08 - 2011-05-26 11:27 - 0000908 ____A C:\Users\Mei Ling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-03-21 20:10 - 2012-03-21 20:10 - 0000000 ____D C:\Users\Mei Ling\Desktop\Campos1
2012-03-21 12:48 - 2012-03-21 12:48 - 0107109 ____A C:\Users\Mei Ling\Desktop\MolBiol%203II3%20Quiz%204%20with%20answers.pdf
2012-03-21 12:09 - 2012-03-21 12:08 - 0000000 ____D C:\Users\Mei Ling\Desktop\Larva
2012-03-18 12:25 - 2012-03-18 12:25 - 1339003 ____A C:\Users\Mei Ling\Desktop\LBD_maxi_skirt_pattern_FULL.pdf
2012-03-17 17:31 - 2012-03-10 10:53 - 0735175 ____A C:\Users\Mei Ling\Documents\F21 High low hem skirt.docx
2012-03-16 21:08 - 2010-09-08 07:37 - 0000000 ____D C:\Users\Mei Ling\AppData\Roaming\Skype
2012-03-16 20:05 - 2010-09-08 07:38 - 0000000 ____D C:\Users\Mei Ling\AppData\Roaming\skypePM
2012-03-16 13:24 - 2012-03-04 17:50 - 0052729 ____A C:\Users\Mei Ling\Documents\plants pbl.docx
2012-03-15 21:29 - 2012-03-15 21:28 - 0000000 ____D C:\Users\Mei Ling\Desktop\New Folder
2012-03-15 07:12 - 2012-03-14 20:04 - 3340928 ____A C:\Users\Mei Ling\Downloads\ppt (nunu + aki).pptx
2012-03-14 19:02 - 2012-03-14 19:01 - 0000000 ____D C:\Users\Mei Ling\AppData\Local\{A1AC8EE7-5C34-46BA-A83F-65CE0620C672}
2012-03-14 18:40 - 2010-02-17 17:37 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-03-14 18:38 - 2010-10-22 18:16 - 0000000 ____D C:\Program Files\Windows Live
2012-03-14 18:37 - 2006-11-02 05:33 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-03-14 18:33 - 2010-02-17 17:00 - 0238093 ____A C:\Windows\DirectX.log
2012-03-14 18:29 - 2010-10-22 18:10 - 0000000 ____D C:\Users\Mei Ling\AppData\Local\Windows Live
2012-03-14 17:47 - 2012-03-14 17:46 - 0000000 ____D C:\Users\Mei Ling\Downloads\BB-A5MA
2012-03-14 17:46 - 2012-03-14 17:41 - 53894965 ____A C:\Users\Mei Ling\Downloads\BB-A5MA.rar
2012-03-13 05:38 - 2012-03-13 05:38 - 0043444 ____A C:\Users\Mei Ling\Desktop\tranml.pdf
2012-03-13 04:07 - 2012-03-13 04:07 - 2044822 ____A C:\Users\Mei Ling\Desktop\rty74we.zip
2012-03-13 03:57 - 2012-03-13 03:57 - 0396041 ____A C:\Users\Mei Ling\Downloads\MiniToolBox.exe
2012-03-12 20:21 - 2012-03-12 20:21 - 0345369 ____A C:\Users\Mei Ling\Desktop\3497500661809371112.pdf
2012-03-10 11:13 - 2012-03-10 11:13 - 5327505 ____A C:\Users\Mei Ling\Desktop\Wrap%20Around%20Skirt.pdf
2012-03-08 11:02 - 2012-02-27 22:26 - 0124712 ____A C:\Users\Mei Ling\Documents\3V03_Lab3.docx
2012-03-08 02:05 - 2012-03-04 18:43 - 0041472 ____A C:\Users\Mei Ling\Downloads\Mar01-GFP&template.xls
2012-03-06 01:04 - 2012-03-06 01:04 - 0144431 ____A C:\Users\Mei Ling\Desktop\TB011761.pdf
2012-03-05 14:34 - 2011-06-10 14:10 - 0000000 ____D C:\Users\Mei Ling\Documents\Careers
2012-03-04 21:58 - 2012-03-04 21:58 - 0000000 ____D C:\Users\Mei Ling\Downloads\mfold_B27830107316017
2012-03-04 21:57 - 2012-03-04 21:57 - 0157353 ____A C:\Users\Mei Ling\Downloads\mfold_B27830107316017.zip
2012-03-04 18:21 - 2012-03-04 18:21 - 0028672 ____A C:\Users\Mei Ling\Downloads\Expt 10 - template At.xls
2012-03-04 18:06 - 2012-03-04 18:06 - 0119295 ____A C:\Users\Mei Ling\Downloads\2012_03_01_SriretnakumarTran.jpg
2012-03-03 13:43 - 2012-03-03 13:43 - 0063919 ____A C:\Users\Mei Ling\Downloads\QS.The.Moon.That.Embraces.the.Sun.2012-E18_HanRel-darksmurfsub_100-FANS-Translated__100-FANS-Edited__13-Elite-QC-Edited.srt
2012-03-02 18:30 - 2012-03-02 18:29 - 367378170 ____A C:\Users\Mei Ling\Downloads\TMTETS.E18.450p-HANrel [re-encoded to MQ].avi
2012-03-02 09:22 - 2012-03-02 09:22 - 0573507 ____A C:\Users\Mei Ling\Desktop\fieldcorn_e.pdf
2012-03-02 09:04 - 2012-03-02 09:02 - 64996052 ____A C:\Users\Mei Ling\Downloads\[Eng Sub] Wild Romance EP3 55.mp4
2012-03-02 09:01 - 2012-03-02 08:57 - 62475347 ____A C:\Users\Mei Ling\Downloads\[Eng Sub] Wild Romance EP3 45.mp4
2012-03-02 08:55 - 2012-03-02 08:51 - 62805503 ____A C:\Users\Mei Ling\Downloads\[Eng Sub] Wild Romance EP3 35.mp4
2012-03-02 08:51 - 2012-03-02 08:48 - 64197020 ____A C:\Users\Mei Ling\Downloads\[Eng Sub] Wild Romance EP3 25.mp4
2012-03-02 08:49 - 2012-03-02 08:49 - 0043906 ____A C:\Users\Mei Ling\Downloads\QS.The.Moon.That.Embraces.the.Sun.2012-E17_HanRel-darksmurfsub_100-FANS-Translated__100-FANS-Edited__46-Elite-QC-Edited.srt
2012-03-01 21:11 - 2012-03-01 21:09 - 366965812 ____A C:\Users\Mei Ling\Downloads\TMTETS.E17.450p-HANrel [re-encoded to MQ].avi
2012-03-01 21:08 - 2012-03-01 21:00 - 157662970 ____A C:\Users\Mei Ling\Downloads\TMTETS.E18.450p-HANrel [re-encoded to MQ].avi.002
2012-03-01 20:59 - 2012-03-01 20:48 - 209715200 ____A C:\Users\Mei Ling\Downloads\TMTETS.E18.450p-HANrel [re-encoded to MQ].avi.001
2012-03-01 20:39 - 2012-03-01 20:19 - 157250612 ____A C:\Users\Mei Ling\Downloads\TMTETS.E17.450p-HANrel [re-encoded to MQ].avi.002
2012-03-01 20:12 - 2012-03-01 19:46 - 209715200 ____A C:\Users\Mei Ling\Downloads\TMTETS.E17.450p-HANrel [re-encoded to MQ].avi.001
2012-02-27 22:39 - 2012-02-27 22:39 - 0019290 ____A C:\Users\Mei Ling\Downloads\3vo3.4smaller.jpeg
2012-02-27 22:38 - 2012-02-27 22:37 - 0014232 ____A C:\Users\Mei Ling\Downloads\Experiment 8 results.docx
2012-02-27 22:36 - 2012-02-27 22:36 - 0115895 ____A C:\Users\Mei Ling\Desktop\GoTaq%20Green%20Master%20Mix-%20From%20Amplification%20to%20Analysis.pdf
2012-02-27 22:36 - 2012-02-27 22:36 - 0056409 ____A C:\Users\Mei Ling\Desktop\GoTaq%20Green%20Master%20Mix%20Protocol.pdf
2012-02-26 12:53 - 2012-02-26 09:32 - 6173189 ____A C:\Users\Mei Ling\Desktop\videoplayback.mp4
2012-02-25 09:02 - 2010-07-08 08:39 - 0001460 ____A C:\Users\Mei Ling\AppData\Local\d3d9caps64.dat
2012-02-24 18:50 - 2012-02-24 18:50 - 0000000 ____D C:\Users\Mei Ling\Downloads\plants
2012-02-24 18:49 - 2012-02-24 18:47 - 67905229 ____A C:\Users\Mei Ling\Downloads\plants.rar
2012-02-24 14:42 - 2010-08-24 13:27 - 0000000 ____D C:\Users\Mei Ling\AppData\Roaming\gtk-2.0
2012-02-24 14:08 - 2012-02-24 14:08 - 0015827 ____A C:\Users\Mei Ling\Documents\Base HTML.docx
2012-02-23 13:38 - 2012-02-23 13:38 - 0000000 ____D C:\Users\Mei Ling\Downloads\Big Bang - Blue [www.k2nblog.com]
2012-02-23 13:33 - 2012-02-23 13:32 - 9247969 ____A C:\Users\Mei Ling\Downloads\Big Bang - Blue [www.k2nblog.com].rar
2012-02-23 06:18 - 2012-04-11 18:41 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-22 14:16 - 2012-02-22 14:15 - 367146490 ____A C:\Users\Mei Ling\Downloads\Silenced.2011.720p.HDR.WMV3.WMA-Mbaro_0.mkv
2012-02-22 14:10 - 2012-02-22 14:03 - 157431290 ____A C:\Users\Mei Ling\Downloads\Silenced.2011.720p.HDR.WMV3.WMA-Mbaro_0.mkv.002
2012-02-22 14:02 - 2012-02-22 13:52 - 209715200 ____A C:\Users\Mei Ling\Downloads\Silenced.2011.720p.HDR.WMV3.WMA-Mbaro_0.mkv.001
2012-02-22 13:51 - 2012-02-22 13:51 - 0091568 ____A C:\Users\Mei Ling\Downloads\KM.Silenced.2012-E01_720p-Mbaro-darksmurfsub_100-FANS-Translated__94-FANS-Edited__7-Elite-QC-Edited.srt
2012-02-19 19:27 - 2012-02-19 19:27 - 1681750 ____A C:\Users\Mei Ling\Desktop\pattern132_spring-bunny.pdf
2012-02-19 17:05 - 2012-02-19 17:05 - 0000000 ____D C:\Users\Mei Ling\Downloads\Ailee - Heaven (320kbps) [www.k2nblog.com]
2012-02-19 17:04 - 2012-02-19 17:03 - 16489630 ____A C:\Users\Mei Ling\Downloads\Ailee - Heaven (320kbps) [www.k2nblog.com].rar
2012-02-19 11:49 - 2012-02-19 11:49 - 0138199 ____A C:\Users\Mei Ling\Documents\Tumblr.docx
2012-02-18 05:52 - 2012-02-18 05:52 - 368150532 ____A C:\Users\Mei Ling\Downloads\TMTETS.E14.450p-HANrel [re-encoded to MQ].avi
2012-02-17 20:43 - 2012-02-17 20:15 - 158435332 ____A C:\Users\Mei Ling\Downloads\TMTETS.E14.450p-HANrel [re-encoded to MQ].avi.002
2012-02-17 20:29 - 2012-02-17 20:29 - 0060264 ____A C:\Users\Mei Ling\Downloads\QS.The.Moon.That.Embraces.the.Sun.2012-E13_HanRel-darksmurfsub_99-FANS-Translated__84-FANS-Edited__3-Elite-QC-Edited.srt
2012-02-17 20:29 - 2012-02-17 20:29 - 0047669 ____A C:\Users\Mei Ling\Downloads\QS.The.Moon.That.Embraces.the.Sun.2012-E14_HanRel-darksmurfsub_100-FANS-Translated__81-FANS-Edited__15-Elite-QC-Edited.srt
2012-02-17 06:04 - 2012-02-17 05:53 - 209715200 ____A C:\Users\Mei Ling\Downloads\TMTETS.E14.450p-HANrel [re-encoded to MQ].avi.001
2012-02-16 22:04 - 2012-02-16 22:04 - 367852396 ____A C:\Users\Mei Ling\Downloads\TMTETS.E13.450p-HANrel [re-encoded to MQ].avi
2012-02-16 21:55 - 2012-02-16 21:41 - 158137196 ____A C:\Users\Mei Ling\Downloads\TMTETS.E13.450p-HANrel [re-encoded to MQ].avi.002
2012-02-16 21:27 - 2012-02-16 21:14 - 209715200 ____A C:\Users\Mei Ling\Downloads\TMTETS.E13.450p-HANrel [re-encoded to MQ].avi.001
2012-02-16 20:56 - 2012-02-13 19:51 - 0254286 ____A C:\Users\Mei Ling\Documents\3V03_Lab2.docx
2012-02-13 18:19 - 2012-02-13 18:19 - 0056745 ____A C:\Users\Mei Ling\Downloads\QS.The.Moon.That.Embraces.the.Sun.2012-E12_HanRel-darksmurfsub_100-FANS-Translated__91-FANS-Edited__32-Elite-QC-Edited.srt
2012-02-12 13:13 - 2012-02-12 13:13 - 1542656 ____A C:\Users\Mei Ling\Desktop\m62-abstract-sky.pot
2012-02-12 13:05 - 2012-02-12 13:05 - 0723456 ____A C:\Users\Mei Ling\Desktop\m62-dynamic-light.pot
2012-02-11 12:25 - 2010-03-01 21:13 - 0000000 ____D C:\Users\Mei Ling\Documents\WebCam Media
2012-02-10 23:00 - 2010-02-23 20:24 - 0000000 ____D C:\Program Files (x86)\Refworks
2012-02-10 18:57 - 2012-02-10 18:56 - 367844154 ____A C:\Users\Mei Ling\Downloads\TMTETS.E12.450p-HANrel [re-encoded to MQ].avi
2012-02-10 12:11 - 2012-02-10 12:10 - 367519266 ____A C:\Users\Mei Ling\Downloads\TMTETS.E11.450p-HANrel [re-encoded to MQ].avi
2012-02-10 12:09 - 2012-02-10 12:09 - 0062339 ____A C:\Users\Mei Ling\Downloads\QS.The.Moon.That.Embraces.the.Sun.2012-E11_HanRel-darksmurfsub_100-FANS-Translated__71-FANS-Edited__0-Elite-QC-Edited.srt
2012-02-10 00:17 - 2012-02-10 00:10 - 158128954 ____A C:\Users\Mei Ling\Downloads\TMTETS.E12.450p-HANrel [re-encoded to MQ].avi.002
2012-02-09 23:28 - 2012-02-09 23:19 - 209715200 ____A C:\Users\Mei Ling\Downloads\TMTETS.E12.450p-HANrel [re-encoded to MQ].avi.001
2012-02-09 23:18 - 2012-02-09 23:10 - 157804066 ____A C:\Users\Mei Ling\Downloads\TMTETS.E11.450p-HANrel [re-encoded to MQ].avi.002
2012-02-09 23:08 - 2012-02-09 22:55 - 209715200 ____A C:\Users\Mei Ling\Downloads\TMTETS.E11.450p-HANrel [re-encoded to MQ].avi.001
2012-02-09 10:53 - 2012-02-09 10:53 - 4642816 ____A C:\Users\Mei Ling\Downloads\Topic 5_Feb. 9_posting.ppt
2012-02-07 14:08 - 2012-01-30 22:17 - 0010600 ____A C:\Users\Mei Ling\Documents\Killing me softly.docx
2012-02-06 22:40 - 2012-02-06 22:40 - 11294263 ____A C:\Users\Mei Ling\Desktop\L10-SA%20JA.pdf
2012-02-06 20:16 - 2012-02-06 20:16 - 2428884 ____A C:\Users\Mei Ling\Desktop\1962.full.pdf
2012-02-06 20:16 - 2012-02-06 20:16 - 0332325 ____A C:\Users\Mei Ling\Desktop\14455.full.pdf
2012-02-06 20:16 - 2012-02-06 20:16 - 0198988 ____A C:\Users\Mei Ling\Desktop\15082540.pdf
2012-02-06 20:15 - 2012-02-06 20:15 - 1496082 ____A C:\Users\Mei Ling\Desktop\pnas00636-0234.pdf
2012-02-06 20:15 - 2012-02-06 20:15 - 1231087 ____A C:\Users\Mei Ling\Desktop\4831.full.pdf
2012-02-05 13:19 - 2012-02-05 13:19 - 0675347 ____A C:\Users\Mei Ling\Desktop\success.pdf
2012-02-03 17:41 - 2012-02-03 17:40 - 367614334 ____A C:\Users\Mei Ling\Downloads\TMTETS.E10.450p-HANrel [re-encoded to MQ].avi
2012-02-03 17:17 - 2012-02-03 17:03 - 157899134 ____A C:\Users\Mei Ling\Downloads\TMTETS.E10.450p-HANrel [re-encoded to MQ].avi.002
2012-02-03 17:02 - 2012-02-03 16:51 - 209715200 ____A C:\Users\Mei Ling\Downloads\TMTETS.E10.450p-HANrel [re-encoded to MQ].avi.001
2012-02-03 16:56 - 2012-02-03 16:53 - 366863160 ____A C:\Users\Mei Ling\Downloads\TMTETS.E09.450p-HANrel [re-encoded to MQ].avi
2012-02-03 16:51 - 2012-02-03 16:51 - 0059385 ____A C:\Users\Mei Ling\Downloads\QS.The.Moon.That.Embraces.the.Sun.2012-E09_HanRel-darksmurfsub_100-FANS-Translated__97-FANS-Edited__85-Elite-QC-Edited.srt
2012-02-02 19:03 - 2012-02-02 18:46 - 157147960 ____A C:\Users\Mei Ling\Downloads\TMTETS.E09.450p-HANrel [re-encoded to MQ].avi.002
2012-02-02 18:39 - 2012-02-02 18:30 - 209715200 ____A C:\Users\Mei Ling\Downloads\TMTETS.E09.450p-HANrel [re-encoded to MQ].avi.001
2012-02-01 18:00 - 2012-01-30 23:47 - 0000000 ____D C:\Users\Mei Ling\Desktop\plant
2012-02-01 07:47 - 2011-10-13 09:54 - 0000872 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-01-31 21:58 - 2012-01-31 21:58 - 0407542 ____A C:\Users\Mei Ling\Desktop\11498.full.pdf
2012-01-31 21:29 - 2012-01-31 21:29 - 1487687 ____A C:\Users\Mei Ling\Desktop\17179792998957355461.pdf
2012-01-29 14:17 - 2012-01-29 14:17 - 0015911 ____A C:\Users\Mei Ling\Documents\tab.docx
2012-01-29 10:24 - 2012-01-29 10:24 - 2223124 ____A C:\Users\Mei Ling\Downloads\Christine Glass - My Love Will Get You Home.mp3
2012-01-28 22:58 - 2012-01-26 21:27 - 0043008 ____A C:\Users\Mei Ling\Downloads\PBL Instructions-12.doc
2012-01-28 22:11 - 2012-01-28 22:11 - 3412096 ____A C:\Users\Mei Ling\Downloads\James Blunt - You're Beautiful.mp3
2012-01-28 19:07 - 2012-01-28 19:05 - 608484883 ____A C:\Users\Mei Ling\Downloads\Always 2011 720p HDRip x264 AC3-ENT.mkv
2012-01-28 19:03 - 2012-01-28 18:48 - 189054483 ____A C:\Users\Mei Ling\Downloads\Always 2011 720p HDRip x264 AC3-ENT.mkv.003
2012-01-28 18:46 - 2012-01-28 18:33 - 209715200 ____A C:\Users\Mei Ling\Downloads\Always 2011 720p HDRip x264 AC3-ENT.mkv.002
2012-01-28 18:30 - 2012-01-28 18:21 - 209715200 ____A C:\Users\Mei Ling\Downloads\Always 2011 720p HDRip x264 AC3-ENT.mkv.001
2012-01-28 18:21 - 2012-01-28 18:21 - 0067245 ____A C:\Users\Mei Ling\Downloads\KM.Always.2012-E02_720p-AC3-ENT-darksmurfsub_100-FANS-Translated__100-FANS-Edited__100-Elite-QC-Edited.srt
2012-01-28 08:41 - 2012-01-28 08:41 - 0057917 ____A C:\Users\Mei Ling\Downloads\QS.The.Moon.That.Embraces.the.Sun.2012-E08_HanRel-darksmurfsub_100-FANS-Translated__51-FANS-Edited__5-Elite-QC-Edited.srt
2012-01-27 22:59 - 2012-01-27 22:58 - 9764083 ____A C:\Users\Mei Ling\Downloads\1.mp3
2012-01-27 22:59 - 2010-06-20 10:58 - 0000000 ____D C:\Users\Mei Ling\AppData\Roaming\dvdcss
2012-01-27 22:50 - 2012-01-27 22:50 - 3987385 ____A C:\Users\Mei Ling\Downloads\[MP3] [A Thousand Days' Promise OST] It hurts here - Baek Ji Young.mp3
2012-01-27 22:09 - 2012-01-27 22:08 - 367324362 ____A C:\Users\Mei Ling\Downloads\TMTETS.E08.450p-HANrel [re-encoded to MQ].avi
2012-01-27 21:58 - 2012-01-27 21:51 - 157609162 ____A C:\Users\Mei Ling\Downloads\TMTETS.E08.450p-HANrel [re-encoded to MQ].avi.002
2012-01-27 21:44 - 2012-01-27 21:34 - 209715200 ____A C:\Users\Mei Ling\Downloads\TMTETS.E08.450p-HANrel [re-encoded to MQ].avi.001
2012-01-27 19:05 - 2012-01-27 19:04 - 367725424 ____A C:\Users\Mei Ling\Downloads\TMTETS.E07.450p-HANrel [re-encoded to MQ].avi
2012-01-27 19:04 - 2012-01-27 19:04 - 0052238 ____A C:\Users\Mei Ling\Downloads\QS.The.Moon.That.Embraces.the.Sun.2012-E06_HanRel-darksmurfsub_100-FANS-Translated__72-FANS-Edited__28-Elite-QC-Edited.srt
2012-01-27 19:00 - 2012-01-27 18:59 - 367178462 ____A C:\Users\Mei Ling\Downloads\TMTETS.E06.450p-HANrel [re-encoded to MQ].avi
2012-01-27 18:17 - 2012-01-27 18:17 - 0058640 ____A C:\Users\Mei Ling\Downloads\QS.The.Moon.That.Embraces.the.Sun.2012-E07_HanRel-darksmurfsub_100-FANS-Translated__35-FANS-Edited__2-Elite-QC-Edited.srt
2012-01-26 22:13 - 2012-01-26 22:06 - 158010224 ____A C:\Users\Mei Ling\Downloads\TMTETS.E07.450p-HANrel [re-encoded to MQ].avi.002
2012-01-26 21:27 - 2012-01-26 21:15 - 209715200 ____A C:\Users\Mei Ling\Downloads\TMTETS.E07.450p-HANrel [re-encoded to MQ].avi.001
2012-01-26 21:25 - 2012-01-26 21:25 - 0028160 ____A C:\Users\Mei Ling\Downloads\PBL Assignment-12.doc
2012-01-26 21:24 - 2012-01-26 21:24 - 0052261 ____A C:\Users\Mei Ling\Downloads\QS.The.Moon.That.Embraces.the.Sun.2012-E06_HanRel-darksmurfsub_100-FANS-Translated__71-FANS-Edited__28-Elite-QC-Edited.srt
2012-01-26 21:09 - 2012-01-23 22:32 - 0105631 ____A C:\Users\Mei Ling\Documents\3v03 lab 1.docx
2012-01-26 09:54 - 2012-01-26 09:54 - 10218898 ____A C:\Users\Mei Ling\Desktop\microrev00022-0281.pdf
2012-01-26 08:29 - 2012-01-26 08:29 - 1738144 ____A C:\Users\Mei Ling\Desktop\jbacter00206-0076.pdf
2012-01-26 01:22 - 2012-01-24 20:42 - 0000000 ____D C:\Users\Mei Ling\Desktop\LAB1
2012-01-24 17:04 - 2012-01-24 17:04 - 0000000 ____D C:\Users\Mei Ling\AppData\Roaming\Windows Search
2012-01-24 17:04 - 2010-02-19 11:28 - 0000000 ____D C:\Users\Mei Ling\AppData\Roaming\Media Center Programs
2012-01-23 17:12 - 2012-01-23 16:56 - 157463262 ____A C:\Users\Mei Ling\Downloads\TMTETS.E06.450p-HANrel [re-encoded to MQ].avi.002
2012-01-23 16:41 - 2012-01-23 16:33 - 209715200 ____A C:\Users\Mei Ling\Downloads\TMTETS.E06.450p-HANrel [re-encoded to MQ].avi.001
2012-01-23 16:18 - 2012-01-23 16:18 - 0010578 ____A C:\Users\Mei Ling\Documents\????.docx
2012-01-21 15:10 - 2012-01-21 15:09 - 367408376 ____A C:\Users\Mei Ling\Downloads\TMTETS.E05.450p-HANrel [re-encoded to MQ].avi
2012-01-21 15:07 - 2012-01-21 15:04 - 367933478 ____A C:\Users\Mei Ling\Downloads\TMTETS.E04.450p-HANrel [re-encoded to MQ].avi
2012-01-21 15:02 - 2012-01-21 15:02 - 0062725 ____A C:\Users\Mei Ling\Downloads\QS.The.Moon.That.Embraces.the.Sun.2012-E04_HanRel-darksmurfsub_100-FANS-Translated__100-FANS-Edited__98-Elite-QC-Edited.srt
2012-01-21 15:02 - 2012-01-21 15:02 - 0047755 ____A C:\Users\Mei Ling\Downloads\QS.The.Moon.That.Embraces.the.Sun.2012-E05_HanRel-darksmurfsub_100-FANS-Translated__96-FANS-Edited__91-Elite-QC-Edited.srt
2012-01-19 15:26 - 2012-01-19 15:19 - 157693176 ____A C:\Users\Mei Ling\Downloads\TMTETS.E05.450p-HANrel [re-encoded to MQ].avi.002
2012-01-19 15:07 - 2012-01-19 14:53 - 209715200 ____A C:\Users\Mei Ling\Downloads\TMTETS.E05.450p-HANrel [re-encoded to MQ].avi.001
2012-01-17 21:08 - 2012-01-17 20:55 - 158218278 ____A C:\Users\Mei Ling\Downloads\TMTETS.E04.450p-HANrel [re-encoded to MQ].avi.002
2012-01-17 20:37 - 2012-01-17 20:37 - 2300928 ____A C:\Users\Mei Ling\Downloads\Sea Urchin Egg Fertilization Slideshow.ppt
2012-01-17 07:46 - 2012-01-17 07:27 - 209715200 ____A C:\Users\Mei Ling\Downloads\TMTETS.E04.450p-HANrel [re-encoded to MQ].avi.001
2012-01-16 22:38 - 2011-12-14 20:54 - 0000000 ____D C:\Users\Mei Ling\Desktop\mei ling
2012-01-16 22:33 - 2009-04-16 17:53 - 0223828 ____A C:\Windows\DPINST.LOG
2012-01-16 22:30 - 2012-01-16 22:09 - 0000022 ____A C:\Windows\Model.txt
2012-01-16 22:30 - 2010-07-08 09:21 - 0000000 ____A C:\Windows\Model.log
2012-01-16 22:20 - 2009-04-16 17:51 - 0000650 ____A C:\RHDSetup.log
2012-01-16 22:18 - 2009-04-16 17:52 - 0000000 ____D C:\Windows\SysWOW64\RTCOM
2012-01-16 22:13 - 2012-01-16 22:13 - 0319488 ____A (Realtek Semiconductor Corp.) C:\Windows\HideWin.exe
2012-01-16 22:13 - 2009-04-16 17:51 - 0525792 ____A (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2012-01-16 21:12 - 2009-04-16 17:51 - 1698408 ____A (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2012-01-16 20:45 - 2006-11-02 04:35 - 54008112 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-01-16 19:43 - 2010-02-19 11:28 - 0000000 ____D C:\Users\Mei Ling\AppData\Local\Microsoft Help
2012-01-16 19:43 - 2009-04-16 17:51 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3962.05 MB
Available physical RAM: 3369.64 MB
Total Pagefile: 3690.86 MB
Available Pagefile: 3343.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:288.37 GB) (Free:160.37 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
3 Drive e: (Recovery) (Fixed) (Total:9.72 GB) (Free:0.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:3.73 GB) (Free:0.62 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 3824 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 10 GB 1024 KB
Partition 2 Primary 288 GB 10 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 10 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 288 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3824 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 F FAT32 Removable 3824 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-13 18:52

======================= End Of Log ==========================

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:16 AM

Posted 14 April 2012 - 07:39 PM

Hi

Please do the following:



Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
HKU\Mei Ling\...\Run: [dicror] rundll32.exe "C:\Users\MEILIN~1\AppData\Local\Temp\dicror.dll",GetLastError [244224 2012-04-03] (Voyetra Turtle Beach, Inc.)
end

Now please enter System Recovery Options as you did before.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 mania12

mania12
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:16 AM

Posted 14 April 2012 - 08:44 PM

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-04-14 20:52:19 R:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
HKEY_USERS\Mei Ling\Software\Microsoft\Windows\CurrentVersion\Run\\dicror Value deleted successfully.

==== End of Fixlog ====



ComboFix 12-04-14.03 - Mei Ling 04/14/2012 21:15:03.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3962.2432 [GMT -4:00]
Running from: c:\users\Mei Ling\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Mei Ling\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\Mei Ling\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Mei Ling\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Mei Ling\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Mei Ling\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\users\Mei Ling\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Mei Ling\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2)
c:\users\Mei Ling\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
.
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-15 01:38 . 2012-04-15 01:40 -------- d-----w- C:\FRST
2012-04-15 01:30 . 2012-04-15 01:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-12 02:41 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{63536A70-A3F9-44DC-813D-55F7CEB6699F}\mpengine.dll
2012-04-12 02:41 . 2012-02-23 14:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-04-11 23:19 . 2012-04-11 23:20 -------- d-----w- c:\users\Mei Ling\AppData\Roaming\gizza
2012-04-04 00:10 . 2012-04-14 05:12 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-03 23:46 . 2012-04-14 05:12 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-03 23:46 . 2012-04-03 23:46 -------- d-----w- c:\windows\system32\Macromed
2012-04-03 23:38 . 2012-04-03 23:38 -------- d-----w- c:\users\Mei Ling\AppData\Local\{0974A238-7DE6-11E1-826D-B8AC6F996F26}
2012-03-29 03:46 . 2012-03-29 03:46 -------- d-----w- C:\Temp
2012-03-23 16:09 . 2012-03-23 16:09 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-23 16:09 . 2012-03-23 16:09 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 05:12 . 2011-08-27 14:47 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-15 02:37 . 2012-03-15 02:37 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-17 06:13 . 2009-04-17 01:51 525792 ----a-w- c:\windows\DIFxAPI.dll
2012-01-17 06:13 . 2012-01-17 06:13 319488 ----a-w- c:\windows\HideWin.exe
2012-01-17 05:12 . 2009-04-17 01:51 1698408 ----a-w- c:\windows\RtlExUpd.dll
2006-05-03 16:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 17:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 19:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mei Ling\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mei Ling\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mei Ling\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-07-25 433360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmartWiHelper"="c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" [2009-03-06 77824]
"VAIOSurvey"="c:\program files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe" [2008-07-25 385024]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2008-12-18 317288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2010-02-05 454400]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-07-12 74752]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\users\Mei Ling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mei Ling\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-1-24 1069608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-01-19 20:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 05:12]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-18 00:27]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-18 00:27]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2308557584-2256772184-915271366-1002Core.job
- c:\users\Mei Ling\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-11 14:48]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2308557584-2256772184-915271366-1002UA.job
- c:\users\Mei Ling\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-11 14:48]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mei Ling\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mei Ling\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mei Ling\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mei Ling\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-16 6430208]
"Skytel"="Skytel.exe" [2008-09-16 1826816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-09 1674536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-06 15959584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-06 82464]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Mei Ling\AppData\Roaming\Mozilla\Firefox\Profiles\n64sdpfe.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-Unattend0000000001{2BA9322D-D12D-4C0F-916F-079F4F16B6CF} - c:\program files (x86)\Sony\First Experience\VAIOWelcome.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2012-04-14 21:39:59
ComboFix-quarantined-files.txt 2012-04-15 01:39
.
Pre-Run: 173,496,589,312 bytes free
Post-Run: 174,032,798,720 bytes free
.
- - End Of File - - 31DE04FA94157E7D3A8FF6D9AD9B4849

After following the instructions and doing these two scans, I now get a pop-up message in internet explorer when I try to go on gmail and leave the gmail site. It says:

You are about to view pages over a secure connection.
Any information you exchange with this site cannot be viewed by anyone else on the web.
There's a check box for --> In the future, do not show this warning

and when I leave gmail I get this pop-up:

You are about to leave a secure Internet connection.
It will be possible for others to view information you send.
Do you want to continue?
There's a check box for --> In the future, do not show this warning

Why do I get this pop-up and may I check the box to not show the message again?

Edited by mania12, 14 April 2012 - 09:12 PM.


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:16 AM

Posted 15 April 2012 - 10:56 AM

it's a security setting and yes, you may check the box not to warn you again, that's quite normal.

Please run the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish


NEXT



Please advise how the computer is running now and if there are any outstanding issues.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 mania12

mania12
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:16 AM

Posted 15 April 2012 - 03:42 PM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.15.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Mei Ling :: MEILING-PC [administrator]

4/15/2012 1:07:33 PM
mbam-log-2012-04-15 (13-07-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205687
Time elapsed: 10 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Mei Ling\Downloads\SoftonicDownloader_for_tvants.exe (PUP.BundleOffer.Downloader.S) -> Quarantined and deleted successfully.

(end)


I have attached the scan results from ESET to this post. Currently there seems to be nothing overtly wrong with my computer. When I do encounter problems, they tend to creep up on me one by one slowly, therefore my infection might just be incubating for the time being. If I encounter anymore problems I will ask again for help. What should I do with the 5 infections found by ESET? Thanks again for your help!

Attached Files



#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:16 AM

Posted 15 April 2012 - 03:46 PM

Hi,

Please run the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Users\Mei Ling\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LM1EWOXI\9retuaos_info[1].htm	
C:\Users\Mei Ling\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\61958162-6dc96980	
C:\Users\Mei Ling\AppData\Roaming\OpenCandy\OpenCandy_4822BD7AEA74422592ED9DCAC9A6EF9F\DLMgr_3_1.6.87.exe	
C:\Users\Mei Ling\AppData\Roaming\OpenCandy\OpenCandy_4822BD7AEA74422592ED9DCAC9A6EF9F\PPIRegistryReviverSetup.exe	
C:\Users\Mei Ling\AppData\Roaming\OpenCandy\OpenCandy_4822BD7AEA74422592ED9DCAC9A6EF9F\PPIRegRevSilent_p22v1.exe

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says Java SE 6 Update 31
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u31-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT


please advise if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 mania12

mania12
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:16 AM

Posted 15 April 2012 - 05:04 PM

ComboFix 12-04-14.03 - Mei Ling 04/15/2012 16:59:31.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3962.2082 [GMT -4:00]
Running from: c:\users\Mei Ling\Desktop\ComboFix.exe
Command switches used :: c:\users\Mei Ling\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Mei Ling\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LM1EWOXI\9retuaos_info[1].htm"
"c:\users\Mei Ling\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\61958162-6dc96980"
"c:\users\Mei Ling\AppData\Roaming\OpenCandy\OpenCandy_4822BD7AEA74422592ED9DCAC9A6EF9F\DLMgr_3_1.6.87.exe"
"c:\users\Mei Ling\AppData\Roaming\OpenCandy\OpenCandy_4822BD7AEA74422592ED9DCAC9A6EF9F\PPIRegistryReviverSetup.exe"
"c:\users\Mei Ling\AppData\Roaming\OpenCandy\OpenCandy_4822BD7AEA74422592ED9DCAC9A6EF9F\PPIRegRevSilent_p22v1.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mei Ling\AppData\Roaming\Local
c:\users\Mei Ling\AppData\Roaming\Local\Temp\DDM\Settings\q6atxgfp8616y.avi.ddr
c:\users\Mei Ling\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\q6atxgfp8616y.avi.ddp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-15 21:13 . 2012-04-15 21:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-15 17:31 . 2012-04-15 17:31 -------- d-----w- c:\program files (x86)\ESET
2012-04-15 17:06 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-15 01:38 . 2012-04-15 01:40 -------- d-----w- C:\FRST
2012-04-12 02:41 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{63536A70-A3F9-44DC-813D-55F7CEB6699F}\mpengine.dll
2012-04-12 02:41 . 2012-02-23 14:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-04-11 23:19 . 2012-04-11 23:20 -------- d-----w- c:\users\Mei Ling\AppData\Roaming\gizza
2012-04-04 00:10 . 2012-04-14 05:12 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-03 23:46 . 2012-04-14 05:12 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-03 23:46 . 2012-04-03 23:46 -------- d-----w- c:\windows\system32\Macromed
2012-04-03 23:38 . 2012-04-03 23:38 -------- d-----w- c:\users\Mei Ling\AppData\Local\{0974A238-7DE6-11E1-826D-B8AC6F996F26}
2012-03-29 03:46 . 2012-03-29 03:46 -------- d-----w- C:\Temp
2012-03-23 16:09 . 2012-03-23 16:09 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-23 16:09 . 2012-03-23 16:09 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 05:12 . 2011-08-27 14:47 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-15 02:37 . 2012-03-15 02:37 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-17 06:13 . 2009-04-17 01:51 525792 ----a-w- c:\windows\DIFxAPI.dll
2012-01-17 06:13 . 2012-01-17 06:13 319488 ----a-w- c:\windows\HideWin.exe
2012-01-17 05:12 . 2009-04-17 01:51 1698408 ----a-w- c:\windows\RtlExUpd.dll
2006-05-03 16:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 17:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 19:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-15_01.32.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2012-04-15 17:24 64732 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-04-15 17:24 88472 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2010-02-20 17:53 . 2012-04-15 00:56 20846 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2308557584-2256772184-915271366-1002_UserData.bin
+ 2010-02-20 17:53 . 2012-04-15 17:24 20846 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2308557584-2256772184-915271366-1002_UserData.bin
- 2010-02-18 00:15 . 2012-04-14 22:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-18 00:15 . 2012-04-15 19:43 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-18 00:15 . 2012-04-14 22:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-18 00:15 . 2012-04-15 19:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-18 00:15 . 2012-04-15 19:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-18 00:15 . 2012-04-14 22:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 12:40 . 2012-04-15 00:55 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 12:40 . 2012-04-15 17:21 51200 c:\windows\inf\infpub.dat
+ 2012-04-15 17:21 . 2012-04-15 17:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-15 00:54 . 2012-04-15 00:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-15 00:54 . 2012-04-15 00:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-15 17:21 . 2012-04-15 17:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-17 00:37 . 2012-04-15 17:19 4268 c:\windows\bthservsdp.dat
- 2010-02-19 18:01 . 2012-04-14 21:28 325852 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-02-19 18:01 . 2012-04-15 16:58 325852 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2006-11-02 12:46 . 2012-04-15 01:01 604502 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-04-15 17:28 604502 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-04-15 01:01 104170 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2012-04-15 17:28 104170 c:\windows\system32\perfc009.dat
- 2010-10-29 00:37 . 2012-04-15 00:49 313884 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-10-29 00:37 . 2012-04-15 17:19 313884 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2006-11-02 12:40 . 2012-04-15 17:21 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 12:40 . 2012-04-15 00:55 143360 c:\windows\inf\infstrng.dat
+ 2010-02-18 14:37 . 2012-04-15 17:19 3712176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-02-18 14:37 . 2012-04-15 00:49 3712176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-10-29 00:37 . 2012-04-15 17:19 3444300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2308557584-2256772184-915271366-1002-8192.dat
- 2010-10-29 00:37 . 2012-04-15 00:49 3444300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2308557584-2256772184-915271366-1002-8192.dat
+ 2011-06-07 21:59 . 2012-04-15 17:19 19652464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2308557584-2256772184-915271366-1002-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mei Ling\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mei Ling\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mei Ling\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-07-25 433360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmartWiHelper"="c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" [2009-03-06 77824]
"VAIOSurvey"="c:\program files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe" [2008-07-25 385024]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2008-12-18 317288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2010-02-05 454400]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-07-12 74752]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\users\Mei Ling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mei Ling\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-1-24 1069608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-01-19 20:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 05:12]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-18 00:27]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-18 00:27]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2308557584-2256772184-915271366-1002Core.job
- c:\users\Mei Ling\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-11 14:48]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2308557584-2256772184-915271366-1002UA.job
- c:\users\Mei Ling\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-11 14:48]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mei Ling\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mei Ling\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mei Ling\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mei Ling\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-16 6430208]
"Skytel"="Skytel.exe" [2008-09-16 1826816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-09 1674536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-06 15959584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-06 82464]
"Unattend0000000001{2BA9322D-D12D-4C0F-916F-079F4F16B6CF}"="c:\program files (x86)\Sony\First Experience\VAIOWelcome.exe" [BU]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Mei Ling\AppData\Roaming\Mozilla\Firefox\Profiles\n64sdpfe.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2012-04-15 17:17:23
ComboFix-quarantined-files.txt 2012-04-15 21:17
ComboFix2.txt 2012-04-15 01:40
.
Pre-Run: 172,875,149,824 bytes free
Post-Run: 172,837,370,880 bytes free
.
- - End Of File - - ACB0FE3E7617995F6952AF3F3FF8C134

After installing a newer version of Java and rebooting, I cannot find the Java icon in my control pannel even when I changed to classic view. I could not proceed with the rest of the steps.

Edited by mania12, 15 April 2012 - 05:07 PM.


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:16 AM

Posted 15 April 2012 - 05:23 PM

Hi,

yes, that is a bug with Java and Vista,

see if this will open your control panel

press the WinKey +R to open a run box > type cmd to open a command window

now type the following at the command prompt:

javaws -viewer

that should open your Java control panel

are there any other outstanding issues?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 mania12

mania12
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:16 AM

Posted 15 April 2012 - 08:39 PM

After I typed that in and pressed enter, I was given a message:

'javaws'is not recognized as an internal or external command,
operable command or batch file.

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:16 AM

Posted 15 April 2012 - 08:40 PM

hmm

Please try the following:

Please download JavaRa to your desktop and unzip it to its own folder.
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Oracle Java's Website then click Search and click on the Open Webpage button.
  • Scroll down to the Java SE Runtime Environment (JRE) option.
  • Download and install the latest Java Runtime Environment (JRE) version for your computer.(version 6, update 31)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 mania12

mania12
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:16 AM

Posted 15 April 2012 - 09:00 PM

Hmmmm.. this is kind of weird. I downloaded JavaRa and followed through with the steps but I don't think I removed Java. It told me that it had removed all previous versions of Java and a log file was created in C:\ under the name JavaRa.log. It told me it will now open the log file for me to view, but that never happened. I went to try and find the log file in C:\ but it wasn't there. I further confirmed my suspicion that I sitll have Java installed by going on the Java site and it said my Java was working fine and it is installed.

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:16 AM

Posted 15 April 2012 - 09:49 PM

strange

what version do you have running?

You could try uninstalling all versions of Java through Programs and Features. then delete the Java folder in you programs folder and start again with a fresh download

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 mania12

mania12
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:16 AM

Posted 15 April 2012 - 10:35 PM

I've uninstalled the Java which I installed earlier and I deleted the folder in Programs. I then went to reinstall it. I have Java SE 6 Update 31. I've also tried getting to the Java control panel through command prompt again using the instructions given earlier, but I still get the same message. This must not be a good sign :blink:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users