AFP virus - malware not detecting any virus

N

nikitaTR

New Member
Thread author
Verified
Feb 13, 2013
15
As ive said above, nothing is detecting the virus so in dont know if i still have it or not. im sure i do but i dont know how to tell, and i dont want to put my pc in danger of losing files.

i have finished a full scan and again no luck,

with the OTL LOG and aswMBR LOG i have attached a OTL LOG but cant access the aswMBR LOG
 

Attachments

  • OTL.Txt
    76.9 KB · Views: 105
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
RE: AFP virus - malware not working

Hi and welcome to MalwareTips! :)

I'n Fiery and I would gladly assist you in removing the malware on your computer.

Before we start:
  • Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
  • Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
  • Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
  • Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
  • The absence of symptoms does not mean your PC is fully disinfected.
  • If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
  • Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>

Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
O2:64bit: - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\BrowserConnection.dll (iMesh, Inc)
O2 - BHO: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O2 - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\BrowserConnection.dll (iMesh, Inc)
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DA0EAE9-496A-4BDC-98C6-2864EC959B3D}: DhcpNameServer = 10.4.182.20 10.4.81.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFCF01F1-1552-4783-80B9-AD9369AA4A93}: DhcpNameServer = 10.4.176.231 10.4.85.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD3A4996-B7E2-4E07-A8B6-2461CE8BCA28}: DhcpNameServer = 10.0.0.138
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\datamngr.dll (iMesh, Inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\IEBHO.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngr.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)

:Files
C:\Users\Nikita\AppData\Roaming\Babylon
C:\ProgramData\1688311.pad
C:\Program Files (x86)\iMesh Applications
C:\Program Files (x86)\Ask.com
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[RESETHOSTS]
Click to expand...

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.



Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
  • Click delete
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt

Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select Run as Administrator to start
  • Wait until Prescan has finished, then click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click delete and wait until it saids deleting finished
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
    Exit/Close RogueKiller+
 
N

nikitaTR

New Member
Thread author
Verified
Feb 13, 2013
15
All processes killed
Error: Unable to interpret <Quote::OTL> in the current context!
Error: Unable to interpret < O2:64bit: - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\BrowserConnection.dll (iMesh, Inc)> in the current context!
Error: Unable to interpret < O2 - BHO: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()> in the current context!
Error: Unable to interpret < O2 - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\BrowserConnection.dll (iMesh, Inc)> in the current context!
Error: Unable to interpret < O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()> in the current context!
Error: Unable to interpret < O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)> in the current context!
Error: Unable to interpret < O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)> in the current context!
Error: Unable to interpret < O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)> in the current context!
Error: Unable to interpret < O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138> in the current context!
Error: Unable to interpret < O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DA0EAE9-496A-4BDC-98C6-2864EC959B3D}: DhcpNameServer = 10.4.182.20 10.4.81.103> in the current context!
Error: Unable to interpret < O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFCF01F1-1552-4783-80B9-AD9369AA4A93}: DhcpNameServer = 10.4.176.231 10.4.85.135> in the current context!
Error: Unable to interpret < O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD3A4996-B7E2-4E07-A8B6-2461CE8BCA28}: DhcpNameServer = 10.0.0.138> in the current context!
Error: Unable to interpret < O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\datamngr.dll (iMesh, Inc)> in the current context!
Error: Unable to interpret < O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\IEBHO.dll (iMesh, Inc)> in the current context!
Error: Unable to interpret < O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngr.dll (iMesh, Inc)> in the current context!
Error: Unable to interpret < O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)> in the current context!
Error: Unable to interpret < > in the current context!
========== FILES ==========
C:\Users\Nikita\AppData\Roaming\Babylon folder moved successfully.
C:\ProgramData\1688311.pad moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64 folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\components folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\searchbar folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\options folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\widgets folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\modules folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\lib folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\data\search folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\data folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr folder moved successfully.
C:\Program Files (x86)\iMesh Applications\MediaBar folder moved successfully.
C:\Program Files (x86)\iMesh Applications\iMesh\Skins\Images folder moved successfully.
C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\videosview\images folder moved successfully.
C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\videosview folder moved successfully.
C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\images folder moved successfully.
C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\colorsbubble\images folder moved successfully.
C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\colorsbubble folder moved successfully.
C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\cdripview folder moved successfully.
C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\artistsview\images folder moved successfully.
C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\artistsview folder moved successfully.
C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\albumsview\images folder moved successfully.
C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\albumsview folder moved successfully.
C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html folder moved successfully.
C:\Program Files (x86)\iMesh Applications\iMesh\Skins folder moved successfully.
C:\Program Files (x86)\iMesh Applications\iMesh\HTML\Images folder moved successfully.
C:\Program Files (x86)\iMesh Applications\iMesh\HTML folder moved successfully.
C:\Program Files (x86)\iMesh Applications\iMesh folder moved successfully.
C:\Program Files (x86)\iMesh Applications folder moved successfully.
C:\Program Files (x86)\Ask.com folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Nikita\Downloads\cmd.bat deleted successfully.
C:\Users\Nikita\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1-NIKITA-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2311556 bytes

User: Nikita
->Temp folder emptied: 2952424 bytes
->Temporary Internet Files folder emptied: 72184293 bytes
->Java cache emptied: 1776336 bytes
->Google Chrome cache emptied: 8190514 bytes
->Apple Safari cache emptied: 12069888 bytes
->Flash cache emptied: 74389 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32434411 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46362440 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 170.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 02142013_125911

Files\Folders moved on Reboot...
C:\Users\Nikita\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Nikita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DVVQO8UL\fastbutton[1].htm moved successfully.
C:\Users\Nikita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7P0D1MPC\private[1].htm moved successfully.
C:\Users\Nikita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7P0D1MPC\tweet_button.1360366574[1].htm moved successfully.
C:\Users\Nikita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Hi,

You didn't copy the OTL script correctly as you missed the :OTL directive. So you only got half the fix.

Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
O2:64bit: - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\BrowserConnection.dll (iMesh, Inc)
O2 - BHO: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O2 - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\BrowserConnection.dll (iMesh, Inc)
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DA0EAE9-496A-4BDC-98C6-2864EC959B3D}: DhcpNameServer = 10.4.182.20 10.4.81.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFCF01F1-1552-4783-80B9-AD9369AA4A93}: DhcpNameServer = 10.4.176.231 10.4.85.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD3A4996-B7E2-4E07-A8B6-2461CE8BCA28}: DhcpNameServer = 10.0.0.138
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\datamngr.dll (iMesh, Inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\IEBHO.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngr.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
Click to expand...

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.
 
N

nikitaTR

New Member
Thread author
Verified
Feb 13, 2013
15
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}\ not found.
File C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\BrowserConnection.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\ not found.
File C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}\ not found.
File C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\BrowserConnection.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{28387537-e3f9-4ed7-860c-11e69af4a8a0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\ not found.
File C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR not found.
File C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6DA0EAE9-496A-4BDC-98C6-2864EC959B3D}\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CFCF01F1-1552-4783-80B9-AD9369AA4A93}\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DD3A4996-B7E2-4E07-A8B6-2461CE8BCA28}\\DhcpNameServer| /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll deleted successfully.
File C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\datamngr.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll deleted successfully.
File C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\IEBHO.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll deleted successfully.
File C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngr.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll deleted successfully.
File C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\IEBHO.dll not found.

OTL by OldTimer - Version 3.2.69.0 log created on 02142013_132401
 
N

nikitaTR

New Member
Thread author
Verified
Feb 13, 2013
15
adwcleaner




# AdwCleaner v2.112 - Logfile created 02/14/2013 at 13:17:38
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Nikita - NIKITA-PC
# Boot Mode : Normal
# Running from : C:\Users\Nikita\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Nikita\AppData\Local\Babylon
Folder Deleted : C:\Users\Nikita\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\Nikita\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Nikita\AppData\LocalLow\mediabarim
Folder Deleted : C:\Users\Nikita\AppData\Roaming\OpenCandy
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll
Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{950F80EF-32C2-47DD-9C35-9576E21EE66E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{950F80EF-32C2-47DD-9C35-9576E21EE66E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Nikita\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.8] : homepage = "hxxp://search.imesh.net",
Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://search.imesh.net" ]
Deleted [l.1315] : homepage = "hxxp://search.imesh.net",
Deleted [l.1568] : urls_to_restore_on_startup = [ "hxxp://search.imesh.net" ]

*************************

AdwCleaner[S1].txt - [12210 octets] - [14/02/2013 13:17:38]

########## EOF - C:\AdwCleaner[S1].txt - [12271 octets] ##########
 
N

nikitaTR

New Member
Thread author
Verified
Feb 13, 2013
15
RogueKiller V8.5.1 [Feb 12 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Nikita [Admin rights]
Mode : Remove -- Date : 02/14/2013 13:35:56
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Free Download Manager (C:\Users\Nikita\AppData\Roaming\Free Download Manager\fdm.exe -autorun) [x] -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500418AS ATA Device +++++
--- User ---
[MBR] 3a8d6de86cc22c819a9338137e04c56c
[BSP] 3cfc57663abb2195f66e045b394cdbf0 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 461478 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_02142013_02d1335.txt >>
RKreport[1]_S_02142013_02d1334.txt ; RKreport[2]_D_02142013_02d1335.txt
 
N

nikitaTR

New Member
Thread author
Verified
Feb 13, 2013
15
its running fine. just like it always is.

the virus doesnt appear anymore since yesterday when i did the step in the "remove AFP" were i restored point previous.

is there a way of checking if i have it still??
 
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Ok, let's do a few more checks.

Download TDSSkiller from here
  • Double-Click on TDSSKiller.exe to run the application
  • When TDSSkiller opens, click change parameters , check the box next to Loaded modules . A reboot will be required.
  • After reboot, TDSSKiller will run again. Click Change parameters again and make sure everything is checked.
    clip.jpg
  • click Start scan .
  • If a suspicious object is detected, the default action will be Skip, click on Continue. (If it saids TDL4/TDSS file system, select delete)
  • If malicious objects are found, ensure Cure (default) is selected, then click Continue and Reboot now to finish the cleaning process.

Post the log after (usually C:\ folder in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt



Run Eset NOD32 Online AntiVirus

Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
    • Scan unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log in your next reply to this topic.
  • The log can also be found in logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
 
N

nikitaTR

New Member
Thread author
Verified
Feb 13, 2013
15
TDSSkiller turned up nothing.

Im doing the other one now.

is it at all suspicious that nothing is coming up? or should i still be on alert incase one day it does pop up again?
 
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Something did show up in the OTL log and we removed it. TDSSkiller detects rootkits drivers, not malware files so it is not unusual for TDSSkiller to not detect anything.
 
N

nikitaTR

New Member
Thread author
Verified
Feb 13, 2013
15
C:\Downloads\Software\iLividSetup.exe Win32/Toolbar.SearchSuite application
C:\Users\Nikita\Downloads\frostwire-5.3.5.windows.exe multiple threats
C:\_OTL\MovedFiles\02142013_125911\C_Program Files (x86)\iMesh Applications\MediaBar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\02142013_125911\C_Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\02142013_125911\C_Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\02142013_125911\C_Program Files (x86)\iMesh Applications\MediaBar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\02142013_125911\C_Program Files (x86)\iMesh Applications\MediaBar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite application
 
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Almost done. 2 more scans, these won't take nearly as long as the ESET scan.

Please download Junkware Removal Tool to your desktop from here
  • Turn off your antivirus software now to avoid potential conflicts
  • Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
  • The tool will open and start scanning your system
  • Please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
  • Post the contents of JRT.txt into your next reply



Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 32 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST.exe" rel="nofollow external"><>Farbar Recovery Scan Tool</></a> and save it to a flash drive.
For 64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a flash drive.</li>

Also download List Parts 32bit or Listparts 64 bit and save it to the flash drive also.

<li>Plug the flashdrive into the infected PC.</li>

<li>Enter <>System Recovery Options</>.</li>

<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>
<>To enter System Recovery Options by using Windows installation disc:</>
<ul>
<li>Insert the installation disc.</li>
<li>Restart your computer.</li>
<li>If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.</li>
<li>Click <>Repair your computer</>.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account and click <>Next</>.</li>
</ul>
<li>On the System Recovery Options menu you will get the following options:</span>
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst.exe</> (for x64 bit version type <><span style="color: #ff0000;">e</span>:\frst64</>) and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Back in the command prompt, type <><span style="color: #ff0000;">e</span>:\listparts.exe</> (for x64 bit version type <><span style="color: #ff0000;">e</span>:\listparts64.exe</>) and press <>Enter</>
<li>ListParts will start to run. Check the box beside List BCD and click Scan
<li>When finished scanning it will make a log Result.txt on the flash drive
<li>Type exit</li>
<li>Please copy and paste both FRST.txt and Result.txt logs in your next reply</li></li>
</ol>
</ul>
 
Last edited by a moderator:
N

nikitaTR

New Member
Thread author
Verified
Feb 13, 2013
15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.3 (02.12.2013:1)
OS: Windows 7 Home Premium x64
Ran by Nikita on Thu 14/02/2013 at 16:58:46.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Nikita\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Program Files (x86)\wiseconvert"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 14/02/2013 at 17:15:53.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
N

nikitaTR

New Member
Thread author
Verified
Feb 13, 2013
15
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2013
Ran by SYSTEM at 14-02-2013 17:27:34
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8081952 2009-08-24] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [588648 2009-07-24] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [563744 2010-03-25] ()
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s [171104 2010-02-24] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-09-07] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-13] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-26] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-08] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] ()
HKU\Mcx1-NIKITA-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
HKU\Nikita\...\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]
HKU\Nikita\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-04-21] (Google Inc.)
HKU\Nikita\...\Run: [AdobeBridge] [x]
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
AppInit_DLLs:
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Services (Whitelisted) ===================

2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [108904 2013-02-13] (SurfRight B.V.)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-13] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-13] (Malwarebytes Corporation)
2 N360; "C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\diMaster.dll" /prefetch:1 [535416 2012-12-05] (Symantec Corporation)

==================== Drivers (Whitelisted) =====================

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130208.001_a52\BHDrvx64.sys [1388120 2013-02-07] (Symantec Corporation)
1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1402010.016\ccSetx64.sys [168096 2012-08-20] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-12-18] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130213.001\IDSvia64.sys [513184 2012-12-17] (Symantec Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-13] (Malwarebytes Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130213.033\ENG64.SYS [126192 2013-02-12] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130213.033\EX64.SYS [2087664 2013-02-12] (Symantec Corporation)
3 SRTSP; C:\Windows\System32\Drivers\N360x64\1402010.016\SRTSP64.SYS [776864 2012-10-08] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360x64\1402010.016\SRTSPX64.SYS [37496 2012-05-24] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360x64\1402010.016\SYMDS64.SYS [493216 2012-10-03] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\1402010.016\SYMEFA64.SYS [1133216 2012-10-03] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2012-12-18] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\N360x64\1402010.016\Ironx64.SYS [224416 2012-09-06] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\N360x64\1402010.016\SYMNETS.SYS [432800 2012-09-06] (Symantec Corporation)
3 massfilter; C:\Windows\System32\drivers\massfilter.sys [x]
3 ZTEusbmdm6k; C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys [x]
3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [x]
3 ZTEusbnmea; C:\Windows\System32\DRIVERS\ZTEusbnmea.sys [x]
3 ZTEusbser6k; C:\Windows\System32\DRIVERS\ZTEusbser6k.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-02-13 22:15 - 2013-02-13 22:15 - 00001204 ____A C:\Users\Nikita\Desktop\JRT.txt
2013-02-13 21:58 - 2013-02-13 21:58 - 00000000 ____D C:\Windows\ERUNT
2013-02-13 21:58 - 2013-02-13 21:58 - 00000000 ____D C:\JRT
2013-02-13 21:30 - 2013-02-13 21:30 - 00000898 ____A C:\Users\Nikita\Desktop\ESET.txt
2013-02-13 18:58 - 2013-02-13 18:58 - 00000000 ____D C:\Program Files (x86)\ESET
2013-02-13 18:35 - 2013-02-13 18:35 - 00001628 ____A C:\Users\Nikita\Desktop\RKreport[2]_D_02142013_02d1335.txt
2013-02-13 18:34 - 2013-02-13 18:34 - 00001762 ____A C:\Users\Nikita\Desktop\RKreport[1]_S_02142013_02d1334.txt
2013-02-13 18:32 - 2013-02-13 18:35 - 00000000 ____D C:\Users\Nikita\Desktop\RK_Quarantine
2013-02-13 18:32 - 2013-02-13 18:32 - 00798208 ____A C:\Users\Nikita\Desktop\RogueKiller.exe
2013-02-13 18:17 - 2013-02-13 18:17 - 00012305 ____A C:\AdwCleaner[S1].txt
2013-02-13 18:15 - 2013-02-13 18:17 - 00587671 ____A C:\Users\Nikita\Desktop\AdwCleaner.exe
2013-02-13 17:59 - 2013-02-13 17:59 - 00000000 ____D C:\_OTL
2013-02-13 17:12 - 2013-02-13 17:12 - 00078756 ____A C:\Users\Nikita\Desktop\OTL.Txt
2013-02-13 17:11 - 2013-02-13 17:11 - 00073068 ____A C:\Users\Nikita\Downloads\Extras.Txt
2013-02-13 17:09 - 2013-02-13 17:09 - 00078756 ____A C:\Users\Nikita\Downloads\OTL.Txt
2013-02-13 16:08 - 2013-02-13 17:17 - 00602112 ____A (OldTimer Tools) C:\Users\Nikita\Downloads\OTL.exe
2013-02-13 15:09 - 2013-02-13 15:15 - 00001904 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-02-13 15:09 - 2013-02-13 15:15 - 00000000 ____D C:\Program Files\HitmanPro
2013-02-13 14:47 - 2013-01-08 17:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-02-13 14:47 - 2013-01-08 17:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-02-13 14:47 - 2013-01-08 17:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-02-13 14:47 - 2013-01-08 17:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-02-13 14:47 - 2013-01-08 17:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-02-13 14:47 - 2013-01-08 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-02-13 14:47 - 2013-01-08 17:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-02-13 14:47 - 2013-01-08 17:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-02-13 14:47 - 2013-01-08 17:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-02-13 14:47 - 2013-01-08 17:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-02-13 14:47 - 2013-01-08 17:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-02-13 14:47 - 2013-01-08 17:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-02-13 14:47 - 2013-01-08 17:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-02-13 14:47 - 2013-01-08 17:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-02-13 14:47 - 2013-01-08 14:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-02-13 14:47 - 2013-01-08 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-02-13 14:47 - 2013-01-08 14:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-02-13 14:47 - 2013-01-08 14:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-02-13 14:47 - 2013-01-08 14:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-02-13 14:47 - 2013-01-08 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-02-13 14:47 - 2013-01-08 14:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-02-13 14:47 - 2013-01-08 13:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-02-13 14:47 - 2013-01-08 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-02-13 14:47 - 2013-01-08 13:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-02-13 14:47 - 2013-01-08 13:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-02-13 14:47 - 2013-01-08 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-02-13 14:47 - 2013-01-08 13:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-02-13 14:47 - 2013-01-08 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-02-13 14:47 - 2013-01-08 13:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-02-13 14:46 - 2013-01-08 17:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-02-13 14:46 - 2013-01-08 17:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-02-13 14:46 - 2013-01-08 14:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-02-12 21:44 - 2013-01-03 21:41 - 01893224 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-02-12 21:44 - 2013-01-03 21:40 - 00287576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-02-12 21:44 - 2013-01-03 21:37 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-02-12 21:44 - 2013-01-03 21:37 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-02-12 21:44 - 2013-01-03 21:37 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-02-12 21:44 - 2013-01-03 21:36 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-02-12 21:44 - 2013-01-03 21:33 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-02-12 21:44 - 2013-01-03 21:30 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-02-12 21:44 - 2013-01-03 21:30 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-02-12 21:44 - 2013-01-03 21:27 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 21:27 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 21:27 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 21:27 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 21:27 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 21:27 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 21:27 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 21:27 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 21:27 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 21:27 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 21:27 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 21:26 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 21:26 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 21:26 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 21:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 21:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 21:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 21:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 21:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 20:51 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-02-12 21:44 - 2013-01-03 20:51 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-02-12 21:44 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-02-12 21:44 - 2013-01-03 20:43 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 20:43 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 19:22 - 03150848 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-02-12 21:44 - 2013-01-03 19:19 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-02-12 21:44 - 2013-01-03 18:48 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-02-12 21:44 - 2013-01-03 18:48 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-02-12 21:44 - 2013-01-03 18:48 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-02-12 21:44 - 2013-01-03 18:48 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-02-12 21:44 - 2013-01-03 18:43 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 18:43 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 18:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-02-12 21:44 - 2013-01-03 18:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-02-12 21:38 - 2013-02-12 21:38 - 01900544 ____A C:\Users\Nikita\Downloads\HitmanPro (1).exe.bhj04mn.partial
2013-02-12 21:37 - 2013-02-12 21:47 - 00000000 ____D C:\Users\All Users\HitmanPro
2013-02-12 21:37 - 2013-02-12 21:38 - 09754024 ____A (SurfRight B.V.) C:\Users\Nikita\Downloads\HitmanPro_x64.exe
2013-02-12 21:36 - 2013-02-12 21:37 - 08984048 ____A (SurfRight B.V.) C:\Users\Nikita\Downloads\HitmanPro.exe
2013-02-12 21:17 - 2013-02-12 21:17 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-02-12 21:17 - 2013-02-12 21:17 - 00000000 ____D C:\Users\Nikita\AppData\Roaming\Malwarebytes
2013-02-12 21:17 - 2013-02-12 21:17 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-02-12 21:17 - 2013-02-12 21:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-02-12 21:17 - 2012-12-13 21:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-02-12 21:16 - 2013-02-12 21:17 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Nikita\Downloads\mbam-setup-1.70.0.1100.exe
2013-02-04 23:22 - 2013-02-04 23:23 - 00000000 ____D C:\Users\Nikita\Desktop\Charles Sturt University
2013-02-03 22:44 - 2013-02-03 22:44 - 01734239 ____A C:\Users\Nikita\Downloads\wood swallow chick_
2013-02-03 19:20 - 2013-02-03 19:31 - 00000000 ____D C:\Users\Nikita\Desktop\print
2013-02-03 01:57 - 2013-02-03 01:58 - 00000000 ____D C:\Users\Nikita\Desktop\orbost
2013-02-03 01:23 - 2013-02-03 01:24 - 00000000 ____D C:\Users\Nikita\Desktop\put back on usb
2013-01-24 15:17 - 2013-01-24 15:18 - 00000000 ____D C:\Users\Nikita\Desktop\New folder
2013-01-23 23:21 - 2013-01-23 23:21 - 00000000 ____D C:\Users\Nikita\Desktop\2013
2013-01-15 19:22 - 2013-01-15 19:30 - 00000000 ____D C:\Users\Nikita\Desktop\Untitled Export


==================== One Month Modified Files and Folders =======

2013-02-13 22:15 - 2013-02-13 22:15 - 00001204 ____A C:\Users\Nikita\Desktop\JRT.txt
2013-02-13 22:08 - 2012-07-18 01:03 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-13 22:02 - 2010-10-08 21:54 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-13 21:58 - 2013-02-13 21:58 - 00000000 ____D C:\Windows\ERUNT
2013-02-13 21:58 - 2013-02-13 21:58 - 00000000 ____D C:\JRT
2013-02-13 21:30 - 2013-02-13 21:30 - 00000898 ____A C:\Users\Nikita\Desktop\ESET.txt
2013-02-13 21:03 - 2010-10-08 21:54 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-13 18:58 - 2013-02-13 18:58 - 00000000 ____D C:\Program Files (x86)\ESET
2013-02-13 18:57 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-13 18:57 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-13 18:53 - 2010-07-18 21:40 - 01432590 ____A C:\Windows\WindowsUpdate.log
2013-02-13 18:50 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-13 18:50 - 2009-07-13 20:51 - 00063381 ____A C:\Windows\setupact.log
2013-02-13 18:35 - 2013-02-13 18:35 - 00001628 ____A C:\Users\Nikita\Desktop\RKreport[2]_D_02142013_02d1335.txt
2013-02-13 18:35 - 2013-02-13 18:32 - 00000000 ____D C:\Users\Nikita\Desktop\RK_Quarantine
2013-02-13 18:34 - 2013-02-13 18:34 - 00001762 ____A C:\Users\Nikita\Desktop\RKreport[1]_S_02142013_02d1334.txt
2013-02-13 18:32 - 2013-02-13 18:32 - 00798208 ____A C:\Users\Nikita\Desktop\RogueKiller.exe
2013-02-13 18:17 - 2013-02-13 18:17 - 00012305 ____A C:\AdwCleaner[S1].txt
2013-02-13 18:17 - 2013-02-13 18:15 - 00587671 ____A C:\Users\Nikita\Desktop\AdwCleaner.exe
2013-02-13 18:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-02-13 18:06 - 2009-07-13 20:45 - 05045800 ____A C:\Windows\System32\FNTCACHE.DAT
2013-02-13 17:59 - 2013-02-13 17:59 - 00000000 ____D C:\_OTL
2013-02-13 17:17 - 2013-02-13 16:08 - 00602112 ____A (OldTimer Tools) C:\Users\Nikita\Downloads\OTL.exe
2013-02-13 17:12 - 2013-02-13 17:12 - 00078756 ____A C:\Users\Nikita\Desktop\OTL.Txt
2013-02-13 17:11 - 2013-02-13 17:11 - 00073068 ____A C:\Users\Nikita\Downloads\Extras.Txt
2013-02-13 17:09 - 2013-02-13 17:09 - 00078756 ____A C:\Users\Nikita\Downloads\OTL.Txt
2013-02-13 15:30 - 2010-04-21 16:10 - 00000000 ____D C:\Users\All Users\Microsoft Help
2013-02-13 15:15 - 2013-02-13 15:09 - 00001904 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-02-13 15:15 - 2013-02-13 15:09 - 00000000 ____D C:\Program Files\HitmanPro
2013-02-13 15:06 - 2009-07-13 21:13 - 00731722 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-12 21:49 - 2010-04-21 16:29 - 00306396 ____A C:\Windows\PFRO.log
2013-02-12 21:47 - 2013-02-12 21:37 - 00000000 ____D C:\Users\All Users\HitmanPro
2013-02-12 21:38 - 2013-02-12 21:38 - 01900544 ____A C:\Users\Nikita\Downloads\HitmanPro (1).exe.bhj04mn.partial
2013-02-12 21:38 - 2013-02-12 21:37 - 09754024 ____A (SurfRight B.V.) C:\Users\Nikita\Downloads\HitmanPro_x64.exe
2013-02-12 21:37 - 2013-02-12 21:36 - 08984048 ____A (SurfRight B.V.) C:\Users\Nikita\Downloads\HitmanPro.exe
2013-02-12 21:32 - 2010-10-11 21:26 - 00000000 ____D C:\Users\Nikita\AppData\Local\Adobe
2013-02-12 21:17 - 2013-02-12 21:17 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-02-12 21:17 - 2013-02-12 21:17 - 00000000 ____D C:\Users\Nikita\AppData\Roaming\Malwarebytes
2013-02-12 21:17 - 2013-02-12 21:17 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-02-12 21:17 - 2013-02-12 21:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-02-12 21:17 - 2013-02-12 21:16 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Nikita\Downloads\mbam-setup-1.70.0.1100.exe
2013-02-12 21:15 - 2010-10-07 19:10 - 00000000 ____D C:\users\Nikita
2013-02-12 21:14 - 2012-12-28 16:19 - 00000000 ____D C:\users\Mcx1-NIKITA-PC
2013-02-12 21:14 - 2010-04-21 16:28 - 00000000 ____D C:\Users\All Users\Norton
2013-02-12 21:14 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-02-11 16:23 - 2010-11-13 00:14 - 00000000 ____D C:\Users\Nikita\AppData\Local\CrashDumps
2013-02-10 19:34 - 2010-10-08 22:27 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2013-02-07 23:09 - 2012-05-28 18:39 - 00697712 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-02-07 23:09 - 2012-05-28 18:39 - 00074096 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-02-04 23:23 - 2013-02-04 23:22 - 00000000 ____D C:\Users\Nikita\Desktop\Charles Sturt University
2013-02-03 22:44 - 2013-02-03 22:44 - 01734239 ____A C:\Users\Nikita\Downloads\wood swallow chick_
2013-02-03 19:31 - 2013-02-03 19:20 - 00000000 ____D C:\Users\Nikita\Desktop\print
2013-02-03 19:01 - 2010-10-11 21:28 - 00000000 ____D C:\Users\Nikita\Documents\Nikita
2013-02-03 01:58 - 2013-02-03 01:57 - 00000000 ____D C:\Users\Nikita\Desktop\orbost
2013-02-03 01:24 - 2013-02-03 01:23 - 00000000 ____D C:\Users\Nikita\Desktop\put back on usb
2013-02-02 18:50 - 2012-08-06 16:14 - 00000000 ____D C:\Users\Nikita\Documents\WIRES
2013-02-01 01:04 - 2010-11-21 15:11 - 00002109 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-01-24 15:18 - 2013-01-24 15:17 - 00000000 ____D C:\Users\Nikita\Desktop\New folder
2013-01-23 23:21 - 2013-01-23 23:21 - 00000000 ____D C:\Users\Nikita\Desktop\2013
2013-01-15 19:30 - 2013-01-15 19:22 - 00000000 ____D C:\Users\Nikita\Desktop\Untitled Export


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-01-27 05:00:25
Restore point made on: 2013-02-04 05:00:25
Restore point made on: 2013-02-12 05:00:26
Restore point made on: 2013-02-13 14:46:29

==================== Memory info ===========================

Percentage of memory in use: 30%
Total physical RAM: 2012.1 MB
Available physical RAM: 1394.74 MB
Total Pagefile: 2012.1 MB
Available Pagefile: 1385 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (Gateway) (Fixed) (Total:450.66 GB) (Free:283.25 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:4.11 GB) NTFS
4 Drive g: () (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7633 MB 0 B

Partitions of Disk 0:
===============

Disk ID: 97BE5B6A

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 15 GB 1024 KB
Partition 2 Primary 100 MB 15 GB
Partition 3 Primary 450 GB 15 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 15 GB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Gateway NTFS Partition 450 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Disk ID: 00000000

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 7633 MB Healthy

=========================================================

Last Boot: 2013-02-12 05:41

==================== End Of Log =============================
 

Similar threads

M
  • Locked
BBWC not detected by malwarebytes and rkill but is there?
Replies
13
Views
509
Windows Malware Removal Help & Support
icotonev
icotonev
mbs5380
  • Locked
Lingering malware after removal of Chromestera.
Replies
4
Views
558
Windows Malware Removal Help & Support
nasdaq
nasdaq
L
  • Locked
Waiting for reply I have my first virus
Replies
1
Views
154
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top