Jump to content

nicole447

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

Reputation

0 Neutral
  1. nicole447
    Just an update: I have downloaded the Malwarebytes anti-malware program and am running a full scan now. It has detected 3 objects so far. Also, during the scan, a box has popped up called "IDS_ALERTS_DIALOG_CAPTION" (I think this is from my McAfee antivirus) saying that it has detected and deleted the following trojans: Exploit-CVE2012-0507 (jar_cache5232985943504537154.tmp) PWS-Zbot.gen.afr (jar_cache4045050620451761.tmp) PWS-Zbot.gen.afr (ax2h.exe) PWS-Zbot.gen.uh (1b63310b-42e94675) Is this box really my McAffee antivirus or is it a virus? Because it isn't labelled McAfee..
  2. nicole447
    Hi Kevinf80, THANK YOU SOOO much for the help!!!! My PC has just booted normally :-). Oh man I'm exstatic!!! The first thing I will do is make a back-up copy of my thesis, which I haven't done in the past 100 hrs of work on it or so :s (stupid, I know). So do I need any additional anti-virus programs on my computer? (preferrably free.. student budget here) I only have McAfee, which is free from the university. Here is the Fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-02-2013 Ran by SYSTEM at 2013-02-07 12:06:42 Run:1 Running from E:\ ============================================== HKEY_USERS\Nikki\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully. C:\Users\Nikki\AppData\Roaming\skype.dat moved successfully. C:\Users\Nikki\Application Data\skype.ini moved successfully. C:\Users\Nikki\AppData\Roaming\skype.ini not found. ==== End of Fixlog ====
  3. nicole447
    Hi there, I'm new to this forum, so I hope this is posted in the right place. Just about an hour ago, my computer screen went white and I get a screen by the Ukash virus saying that the Swiss police needs me to pay a fine to regain access to my computer :-(. It won't let me start up in safe mode or access the desktop at all, so everytime I turn the computer on, I just have the virus page and can't do anything. I don't understand what happened. I didn't even download anything earlier; I was just browsing the internet. Anywho, if someone could help me with this, I would really appreciate it as I am supposed to finish a report for school by the end of the week (*sigh* bad timing). I saw another thread about the virus on this forum from the 26th of January, and I followed the described procedures (my computer has Windows XP and is 64 bit): - I have downloaded the Farber Recovery Scan Tool and saved it to a flash drive, and plugged the flash drive into my infected PC. - I restarted the computer, pressing F8 to reach the Advanced Boot Options. I chose Repair Your Computer. I could then chose from two users to repair: Nikki (normally the only user), and HomeGroupUser$ (never seen this user before). I chose to repair Nikki and gave in my password and hit OK. (By the way, is it possible that the virus has created a separate user? How would I delete that user without the password?) - In the System Recovery Options menu, I chose Command Prompt. I knew that my flash drive letter was E, so I typed e:\frst64 and pressed Enter. I clicked yes to the disclaimer and clicked the Scan button. - This is the FRST.txt log that it saved to my flash drive: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-02-2013 Ran by SYSTEM at 07-02-2013 08:30:37 Running from E:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3179288 2010-01-06] (Dell Inc.) HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-17] (IDT, Inc.) HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1890088 2010-03-17] (Synaptics Incorporated) HKLM\...\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-03] (Dell Inc.) HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2726728 2010-03-25] (CANON INC.) HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.) HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation) HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd) HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] () HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [623992 2008-10-14] (Adobe Systems Inc.) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [1884160 2007-03-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey [136512 2008-03-13] (McAfee, Inc.) HKLM-x32\...\Run: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE [124240 2010-01-06] (McAfee, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2010-12-13] (Apple Inc.) HKLM-x32\...\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini [287 2011-03-14] () HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [599328 2010-03-24] (Sony Corporation) HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.) HKU\Nikki\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-09-22] (Google Inc.) HKU\Nikki\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3883856 2009-07-26] (Microsoft Corporation) HKU\Nikki\...\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2010-07-29] (Acresso Corporation) HKU\Nikki\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung) HKU\Nikki\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [1476104 2012-12-20] (Samsung) HKU\Nikki\...\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung) HKU\Nikki\...\Winlogon: [shell] explorer.exe,C:\Users\Nikki\AppData\Roaming\skype.dat [94208 2011-11-16] () HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-06] (Dell) Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\vpngui.exe.lnk ShortcutTarget: vpngui.exe.lnk -> C:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe () Startup: C:\Users\Nikki\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) Startup: C:\Users\Nikki\Start Menu\Programs\Startup\Update GreenWebPlayer.lnk ShortcutTarget: Update GreenWebPlayer.lnk -> C:\Games\GreenWebPlayer\Updater.exe () ==================== Services (Whitelisted) =================== 2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [89600 2010-03-17] (Andrea Electronics Corporation) 2 McAfeeEngineService; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe" [20792 2010-01-06] (McAfee, Inc.) 2 McAfeeFramework; "C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe" /ServiceStart [103744 2008-03-13] (McAfee, Inc.) 2 McShield; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe" [180968 2010-01-06] (McAfee, Inc.) 2 McTaskManager; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe" [66896 2010-01-06] (McAfee, Inc.) 2 mfevtp; C:\windows\system32\mfevtps.exe [79504 2010-01-06] (McAfee, Inc.) 2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe [244736 2010-03-17] (IDT, Inc.) ==================== Drivers (Whitelisted) ===================== 3 CVPNDRVA; C:\Windows\System32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () 3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [97576 2010-01-06] (McAfee, Inc.) 3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [120096 2010-01-06] (McAfee, Inc.) 0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [469400 2010-01-06] (McAfee, Inc.) 3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [78896 2010-01-06] (McAfee, Inc.) 1 mfetdik; C:\Windows\System32\Drivers\mfetdik.sys [84424 2010-01-06] (McAfee, Inc.) 0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [283232 2010-08-24] (McAfee, Inc.) 3 ssceserd; C:\Windows\System32\Drivers\ssceserd.sys [129024 2011-12-07] (MCCI Corporation) ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2013-02-07 01:48 - 2013-02-07 02:20 - 00000004 ____A C:\Users\Nikki\Application Data\skype.ini 2013-02-07 01:48 - 2013-02-07 02:20 - 00000004 ____A C:\Users\Nikki\AppData\Roaming\skype.ini 2013-01-27 11:30 - 2013-01-27 11:30 - 00000000 ____D C:\Users\Nikki\Desktop\2013-01-27 2013-01-24 19:23 - 2013-01-24 19:25 - 00000000 ____D C:\Users\Nikki\Desktop\2013-01-25 2013-01-12 15:31 - 2013-01-12 15:31 - 00246272 ____H C:\Users\Nikki\Desktop\~WRL1503.tmp 2013-01-09 10:33 - 2012-11-08 23:34 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-01-09 10:33 - 2012-11-08 22:49 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-01-09 10:32 - 2012-12-06 23:41 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll 2013-01-09 10:32 - 2012-12-06 23:35 - 02745856 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll 2013-01-09 10:32 - 2012-12-06 23:04 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll 2013-01-09 10:32 - 2012-12-06 22:57 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll 2013-01-09 10:32 - 2012-12-06 21:45 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs 2013-01-09 10:32 - 2012-12-06 21:45 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs 2013-01-09 10:32 - 2012-12-06 21:45 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs 2013-01-09 10:32 - 2012-12-06 21:45 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs 2013-01-09 10:32 - 2012-12-06 21:45 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs 2013-01-09 10:32 - 2012-12-06 21:45 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs 2013-01-09 10:32 - 2012-12-06 21:45 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs 2013-01-09 10:32 - 2012-12-06 21:45 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs 2013-01-09 10:32 - 2012-12-06 21:45 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs 2013-01-09 10:32 - 2012-12-06 21:45 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs 2013-01-09 10:32 - 2012-12-06 21:45 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs 2013-01-09 10:32 - 2012-12-06 21:45 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs 2013-01-09 10:32 - 2012-12-06 21:45 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs 2013-01-09 10:32 - 2012-12-06 21:45 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs 2013-01-09 10:32 - 2012-12-06 21:21 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs 2013-01-09 10:32 - 2012-12-06 21:21 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs 2013-01-09 10:32 - 2012-12-06 21:21 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs 2013-01-09 10:32 - 2012-12-06 21:21 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs 2013-01-09 10:32 - 2012-12-06 21:21 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs 2013-01-09 10:32 - 2012-12-06 21:21 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs 2013-01-09 10:32 - 2012-12-06 21:21 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs 2013-01-09 10:32 - 2012-12-06 21:21 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs 2013-01-09 10:32 - 2012-12-06 21:21 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs 2013-01-09 10:32 - 2012-12-06 21:21 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs 2013-01-09 10:32 - 2012-12-06 21:21 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs 2013-01-09 10:32 - 2012-12-06 21:21 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs 2013-01-09 10:32 - 2012-12-06 21:21 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs 2013-01-09 10:32 - 2012-12-06 21:21 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs 2013-01-09 10:32 - 2012-11-22 04:32 - 00801280 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll 2013-01-09 10:32 - 2012-11-22 03:33 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2013-01-09 10:32 - 2012-11-19 23:55 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2013-01-09 10:32 - 2012-11-19 23:10 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2013-01-09 10:32 - 2012-11-01 23:30 - 02001408 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2013-01-09 10:32 - 2012-11-01 23:30 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2013-01-09 10:32 - 2012-11-01 22:50 - 01388544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2013-01-09 10:32 - 2012-11-01 22:50 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2013-01-09 10:31 - 2012-11-29 23:50 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll 2013-01-09 10:31 - 2012-11-29 23:50 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll 2013-01-09 10:31 - 2012-11-29 23:50 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll 2013-01-09 10:31 - 2012-11-29 23:49 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2013-01-09 10:31 - 2012-11-29 23:46 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll 2013-01-09 10:31 - 2012-11-29 23:43 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2013-01-09 10:31 - 2012-11-29 23:43 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll 2013-01-09 10:31 - 2012-11-29 23:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 23:41 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 23:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 23:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 23:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 23:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 23:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 23:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 23:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 23:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 23:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 23:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 23:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 23:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 23:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 23:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 23:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 23:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 23:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 23:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 23:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 23:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 23:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 23:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 23:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 23:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 23:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 23:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 23:06 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-01-09 10:31 - 2012-11-29 23:06 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-01-09 10:31 - 2012-11-29 23:06 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-01-09 10:31 - 2012-11-29 22:56 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 22:56 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 22:56 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 22:56 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 22:56 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 22:56 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 22:56 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 22:56 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 22:56 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 22:56 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 22:56 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 22:56 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 22:56 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 22:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 22:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 22:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 22:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 22:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 22:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 22:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 22:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 22:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 22:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 22:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 21:33 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe 2013-01-09 10:31 - 2012-11-29 20:56 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-01-09 10:31 - 2012-11-29 20:56 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-01-09 10:31 - 2012-11-29 20:56 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-01-09 10:31 - 2012-11-29 20:56 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-01-09 10:31 - 2012-11-29 20:51 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 20:51 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 20:51 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 20:51 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-01-09 10:31 - 2012-11-29 17:21 - 00420032 ____A C:\Windows\SysWOW64\locale.nls 2013-01-09 10:31 - 2012-11-29 17:19 - 00420032 ____A C:\Windows\System32\locale.nls 2013-01-09 10:30 - 2012-11-22 21:45 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys ==================== One Month Modified Files and Folders ======= 2013-02-07 02:20 - 2013-02-07 01:48 - 00000004 ____A C:\Users\Nikki\Application Data\skype.ini 2013-02-07 02:20 - 2013-02-07 01:48 - 00000004 ____A C:\Users\Nikki\AppData\Roaming\skype.ini 2013-02-07 02:13 - 2009-07-13 22:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-02-07 02:13 - 2009-07-13 22:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-02-07 02:10 - 2009-07-13 23:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI 2013-02-07 02:08 - 2010-09-22 06:22 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-02-07 02:07 - 2011-09-23 07:14 - 00000000 ___RD C:\Users\Nikki\Dropbox 2013-02-07 02:07 - 2011-09-23 07:12 - 00000000 ____D C:\Users\Nikki\Application Data\Dropbox 2013-02-07 02:07 - 2011-09-23 07:12 - 00000000 ____D C:\Users\Nikki\AppData\Roaming\Dropbox 2013-02-07 02:07 - 2011-02-09 15:14 - 00000000 ____D C:\Users\Nikki\Tracing 2013-02-07 02:06 - 2010-09-18 08:58 - 00000000 ____D C:\Users\Nikki\Local Settings\SoftThinks 2013-02-07 02:06 - 2010-09-18 08:58 - 00000000 ____D C:\Users\Nikki\Local Settings\Application Data\SoftThinks 2013-02-07 02:06 - 2010-09-18 08:58 - 00000000 ____D C:\Users\Nikki\AppData\Local\SoftThinks 2013-02-07 02:06 - 2010-09-18 08:58 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks 2013-02-07 02:06 - 2010-09-18 08:58 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks 2013-02-07 02:06 - 2010-09-18 08:58 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2013-02-07 02:06 - 2010-09-18 08:58 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks 2013-02-07 02:06 - 2010-09-18 08:58 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks 2013-02-07 02:06 - 2010-09-18 08:58 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2013-02-07 02:06 - 2010-07-08 04:22 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2013-02-07 02:05 - 2010-09-22 06:22 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-02-07 02:05 - 2009-07-13 23:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-02-07 02:05 - 2009-07-13 22:51 - 00082203 ____A C:\Windows\setupact.log 2013-02-07 01:35 - 2012-05-27 09:31 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-02-06 15:37 - 2012-10-16 00:54 - 00000584 ____A C:\Users\Nikki\My Documents\grstyles.stl 2013-02-06 15:37 - 2012-10-16 00:54 - 00000584 ____A C:\Users\Nikki\Documents\grstyles.stl 2013-02-05 06:58 - 2010-07-08 03:42 - 01640234 ____A C:\Windows\WindowsUpdate.log 2013-01-31 15:16 - 2010-09-22 12:38 - 00000000 ____D C:\Users\Nikki\Application Data\Skype 2013-01-31 15:16 - 2010-09-22 12:38 - 00000000 ____D C:\Users\Nikki\AppData\Roaming\Skype 2013-01-31 14:08 - 2011-09-23 07:14 - 00001021 ____A C:\Users\Nikki\Desktop\Dropbox.lnk 2013-01-31 09:55 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\NDF 2013-01-31 09:29 - 2012-10-16 00:52 - 00000010 ____A C:\Users\Nikki\My Documents\LastLab.sk 2013-01-31 09:29 - 2012-10-16 00:52 - 00000010 ____A C:\Users\Nikki\Documents\LastLab.sk 2013-01-27 11:30 - 2013-01-27 11:30 - 00000000 ____D C:\Users\Nikki\Desktop\2013-01-27 2013-01-27 00:55 - 2011-01-08 14:22 - 00000000 ____D C:\Users\Nikki\Local Settings\Microsoft Games 2013-01-27 00:55 - 2011-01-08 14:22 - 00000000 ____D C:\Users\Nikki\Local Settings\Application Data\Microsoft Games 2013-01-27 00:55 - 2011-01-08 14:22 - 00000000 ____D C:\Users\Nikki\AppData\Local\Microsoft Games 2013-01-24 19:25 - 2013-01-24 19:23 - 00000000 ____D C:\Users\Nikki\Desktop\2013-01-25 2013-01-16 18:28 - 2010-09-22 05:31 - 00273840 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2013-01-16 06:46 - 2010-09-19 14:42 - 00000000 ____D C:\Users\Nikki\My Documents\1 UZH 2013-01-16 06:46 - 2010-09-19 14:42 - 00000000 ____D C:\Users\Nikki\Documents\1 UZH 2013-01-16 06:44 - 2011-03-21 13:09 - 00000000 ____D C:\Users\Nikki\Desktop\Alain 2013-01-15 15:17 - 2010-10-12 14:57 - 00000000 ____D C:\Users\Nikki\Application Data\Canon 2013-01-15 15:17 - 2010-10-12 14:57 - 00000000 ____D C:\Users\Nikki\AppData\Roaming\Canon 2013-01-12 15:31 - 2013-01-12 15:31 - 00246272 ____H C:\Users\Nikki\Desktop\~WRL1503.tmp 2013-01-10 04:02 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache 2013-01-09 20:35 - 2009-07-13 22:45 - 02293112 ____A C:\Windows\System32\FNTCACHE.DAT 2013-01-09 20:16 - 2009-07-13 20:34 - 00000531 ____A C:\Windows\win.ini 2013-01-09 07:35 - 2012-05-27 09:31 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-01-09 07:35 - 2011-12-15 04:22 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2012-12-12 00:02] - [2012-09-06 11:38] - 0295792 ____A (Microsoft Corporation) 9E425AC5C9A5A973273D169F43B4F5E1 ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-01-15 00:19:14 Restore point made on: 2013-01-24 18:22:22 Restore point made on: 2013-01-28 11:01:04 Restore point made on: 2013-02-05 06:57:42 ==================== Memory info =========================== Percentage of memory in use: 20% Total physical RAM: 2934.56 MB Available physical RAM: 2341.47 MB Total Pagefile: 2932.71 MB Available Pagefile: 2335.21 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 1 Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:134.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] 2 Drive d: (Recovery) (Fixed) (Total:14.65 GB) (Free:7.46 GB) NTFS ==>[system with boot components (obtained from reading drive)] 3 Drive e: () (Removable) (Total:3.61 GB) (Free:0.07 GB) FAT32 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 Online 3700 MB 0 B Partitions of Disk 0: =============== Disk ID: 36AC85F9 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 100 MB 1024 KB Partition 2 Primary 14 GB 101 MB Partition 3 Primary 283 GB 14 GB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 DELLUTILITY FAT Partition 100 MB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 D Recovery NTFS Partition 14 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 283 GB Healthy ========================================================= Partitions of Disk 1: =============== Disk ID: C449D1B5 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3699 MB 31 KB ================================================================================== Disk: 1 Partition 1 Type : 06 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E FAT32 Removable 3699 MB Healthy ========================================================= Last Boot: 2013-01-24 18:14 ==================== End Of Log =============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.