traderjohn
Members-
Posts
6 -
Joined
-
Last visited
Reputation
0 Neutral-
FBI Virus...Need Assistance...
traderjohn replied to traderjohn's topic in Resolved Malware Removal Logs
Here are the AdwCleaner and SecuirtyCheck results... # AdwCleaner v3.005 - Report created 23/09/2013 at 15:03:19# Updated 22/09/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Lily - LILY-PC# Running from : C:\Users\Lily\Desktop\adwcleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files (x86)\openitFolder Deleted : C:\Users\Lily\AppData\Roaming\DSite ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{4d8c0bcf-07da-4d5b-aebd-c0cbbc8fc0f4}]Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlcKey Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKCU\Software\594dadcb439b942Key Deleted : HKLM\SOFTWARE\594dadcb439b942Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\DefaultTabKey Deleted : HKCU\Software\DeltaKey Deleted : HKCU\Software\dsiteproductsKey Deleted : HKCU\Software\AppDataLow\Software\lyrixeekerKey Deleted : HKLM\Software\DataMngrKey Deleted : HKLM\Software\DefaultTabKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab ChromeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTabKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It! ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16686 -\\ Google Chrome v29.0.1547.76 [ File : C:\Users\Lily\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : search_urlDeleted : keyword ************************* AdwCleaner[R0].txt - [2644 octets] - [23/09/2013 15:01:51]AdwCleaner[s0].txt - [2479 octets] - [23/09/2013 15:03:19] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2539 octets] ########## Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.75.0.1300 JavaFX 2.1.1 Java 7 Update 5 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Google Chrome 29.0.1547.66 Google Chrome 29.0.1547.76 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Spybot Teatimer.exe is disabled! `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` -
FBI Virus...Need Assistance...
traderjohn replied to traderjohn's topic in Resolved Malware Removal Logs
Here are the results of the latest Combofix and Malwarebytes scans... ComboFix 13-09-19.01 - Lily 09/20/2013 7:46.2.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.1963 [GMT -4:00]Running from: c:\users\Lily\Desktop\ComboFix.exeCommand switches used :: c:\users\Lily\Desktop\CFScript.txtAV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::"c:\oem\Preload\Autorun\APP\Nero 10 Essentials Gateway Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe""c:\users\Lily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\60LVBKXV\web-play-product_setup[1].exe""c:\users\Lily\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\65d16ad3-5e5ab6dd""c:\users\Lily\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe""c:\users\Lily\AppData\Roaming\Zip Opener Packages\uninstaller.exe""c:\users\Lily\Downloads\Setup.exe""c:\users\Lily\Downloads\Update (1).exe""c:\users\Lily\Downloads\Update (2).exe""c:\users\Lily\Downloads\Update.exe""c:\users\Lily\Downloads\ZipOpenerSetup.exe"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\oem\Preload\Autorun\APP\Nero 10 Essentials Gateway Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exec:\users\Lily\AppData\Local\Google\Chrome\User Data\Default\Preferencesc:\users\Lily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\60LVBKXV\web-play-product_setup[1].exec:\users\Lily\AppData\Roaming\DSite\UpdateProc\UpdateTask.exec:\users\Lily\AppData\Roaming\Zip Opener Packages\uninstaller.exec:\windows\wininit.ini..((((((((((((((((((((((((( Files Created from 2013-08-20 to 2013-09-20 )))))))))))))))))))))))))))))))..2013-09-20 11:55 . 2013-09-20 11:55 -------- d-----w- c:\users\Guest Account\AppData\Local\temp2013-09-20 11:55 . 2013-09-20 11:55 -------- d-----w- c:\users\Default\AppData\Local\temp2013-09-20 11:55 . 2013-09-20 11:55 -------- d-----w- c:\users\Administrator\AppData\Local\temp2013-09-19 19:56 . 2013-09-19 19:56 -------- d-----w- c:\program files (x86)\ESET2013-09-19 14:19 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D8179790-254E-4AD1-84D0-E1D63D3A74BA}\mpengine.dll2013-09-18 19:47 . 2013-09-18 19:47 -------- d-----w- C:\FRST2013-09-18 15:11 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-09-17 20:28 . 2013-09-18 19:09 -------- d-----w- c:\users\Fun2013-09-17 19:58 . 2013-09-17 19:59 -------- d-----w- c:\users\Lily\AppData\Local\ElevatedDiagnostics2013-09-14 00:50 . 2013-09-14 00:50 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF692013-09-14 00:03 . 2013-09-18 19:08 -------- d-----w- c:\users\Guest Account\AppData\Roaming\Skype2013-09-06 12:34 . 2013-09-06 12:33 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C7D0829-AB74-4886-BC0F-EC6EEDE2E670}\gapaengine.dll2013-09-06 12:09 . 2013-09-19 11:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy2013-09-06 12:08 . 2009-01-25 17:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe2013-09-06 12:08 . 2013-09-06 12:28 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 22013-09-06 12:08 . 2013-09-06 12:08 -------- d-----w- c:\users\Lily\AppData\Local\Programs...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-09-13 19:21 . 2013-03-14 02:47 79143768 ----a-w- c:\windows\system32\MRT.exe2013-08-22 19:49 . 2012-10-06 03:02 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-08-02 01:48 . 2013-09-13 00:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-07-25 09:25 . 2013-08-14 17:37 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-07-25 08:57 . 2013-08-14 17:37 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL2013-07-19 01:58 . 2013-08-14 17:37 2048 ----a-w- c:\windows\system32\tzres.dll2013-07-19 01:41 . 2013-08-14 17:37 2048 ----a-w- c:\windows\SysWow64\tzres.dll2013-07-09 05:52 . 2013-08-14 17:37 224256 ----a-w- c:\windows\system32\wintrust.dll2013-07-09 05:51 . 2013-08-14 17:37 1217024 ----a-w- c:\windows\system32\rpcrt4.dll2013-07-09 05:46 . 2013-08-14 17:37 1472512 ----a-w- c:\windows\system32\crypt32.dll2013-07-09 05:46 . 2013-08-14 17:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll2013-07-09 05:46 . 2013-08-14 17:37 139776 ----a-w- c:\windows\system32\cryptnet.dll2013-07-09 04:52 . 2013-08-14 17:37 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll2013-07-09 04:52 . 2013-08-14 17:37 175104 ----a-w- c:\windows\SysWow64\wintrust.dll2013-07-09 04:46 . 2013-08-14 17:37 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll2013-07-09 04:46 . 2013-08-14 17:37 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll2013-07-09 04:46 . 2013-08-14 17:37 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll2013-07-06 06:03 . 2013-08-14 17:36 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-06-26 23:21 . 2013-06-26 23:21 23208 ----a-w- c:\windows\system32\drivers\Sftvollh.sys2013-06-26 23:21 . 2013-06-26 23:21 28840 ----a-w- c:\windows\system32\drivers\Sftredirlh.sys2013-06-26 23:21 . 2013-06-26 23:21 273576 ----a-w- c:\windows\system32\drivers\Sftplaylh.sys2013-06-26 23:21 . 2013-06-26 23:21 1777320 ----a-w- c:\windows\system32\sftldr.dll2013-06-26 23:21 . 2013-06-26 23:21 1130664 ----a-w- c:\windows\SysWow64\sftldr_wow64.dll2013-06-26 23:21 . 2013-06-26 23:21 767144 ----a-w- c:\windows\system32\drivers\Sftfslh.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]c:\users\Lily\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll [bU].[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\Lily\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\Lily\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\Lily\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-07-25 20684656]"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-05-16 3642312].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]"Lexmark 6500 Series"="c:\program files (x86)\Lexmark 6500 Series\fm3032.exe" [2007-06-11 308144]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]"BackupManagerTray"="c:\program files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" [2011-03-09 290112]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720].c:\users\Guest Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Lily\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968].c:\users\Lily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Lily\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux2"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdfserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxdfserv.exe [x]R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]S2 ePowerSvc;ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [x]S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]S2 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe;c:\windows\SYSNATIVE\lxdfcoms.exe [x]S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-09-04 01:17 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-09-06 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-09-06 14:58].2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-19 00:50].2013-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-19 00:50].2013-09-19 c:\windows\Tasks\Norton Security Scan for Lily.job- c:\progra~2\NORTON~2\Engine\400~1.46\Nss.exe [2013-03-22 09:59].2013-09-06 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-09-06 14:57].2013-09-06 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-09-06 14:58]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\Lily\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\Lily\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\Lily\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\Lily\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]"Power Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2011-08-02 1831016]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]"lxdfmon.exe"="c:\program files (x86)\Lexmark 6500 Series\lxdfmon.exe" [2007-06-11 455600]"lxdfamon"="c:\program files (x86)\Lexmark 6500 Series\lxdfamon.exe" [2007-06-01 20480]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.1.1.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Notify-SDWinLogon - SDWinLogon.dllAddRemove-DefaultTab - c:\users\Lily\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exeAddRemove-DefaultTab Chrome - c:\program files (x86)\DefaultTab\uninstaller.exeAddRemove-DSite - c:\users\Lily\AppData\Roaming\DSite\UpdateProc\UpdateTask.exeAddRemove-Zip Opener Packages - c:\users\Lily\AppData\Roaming\Zip Opener Packages\uninstaller.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-09-20 08:05:22ComboFix-quarantined-files.txt 2013-09-20 12:05ComboFix2.txt 2013-09-19 12:45.Pre-Run: 239,171,973,120 bytes freePost-Run: 240,030,109,696 bytes free.- - End Of File - - 29AE8BE3DDB9C7113C793462933A9AE3 Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.09.20.04 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16686Lily :: LILY-PC [administrator] 9/20/2013 8:11:11 AMmbam-log-2013-09-20 (08-11-11).txt Scan type: Full scan (C:\|Q:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 407816Time elapsed: 38 minute(s), 2 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 19HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.HKCR\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.HKCR\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.HKCR\DefaultTabBHO.DefaultTabBrowserActiveX.1 (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.HKCR\DefaultTabBHO.DefaultTabBrowserActiveX (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.HKCR\AppID\DefaultTabBHO.DLL (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.HKCU\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.HKCU\Software\AppDataLow\Software\DefaultTab (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully. Registry Values Detected: 3HKCU\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Data: 2.2.8.0 -> Quarantined and deleted successfully.HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0L1N1H2O1S -> Quarantined and deleted successfully.HKLM\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Data: 2.2.8.0 -> Quarantined and deleted successfully. Registry Data Items Detected: 1HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bad: (http://www1.delta-search.com/?babsrc=HP_ss&mntrId=22459CB70D995A33&affID=119351&tsp=4954) Good: (http://www.google.com) -> Quarantined and repaired successfully. Folders Detected: 0(No malicious items detected) Files Detected: 12C:\FRST\Quarantine\iLividSetup-r559-n-bc.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.C:\FRST\Quarantine\APtC8QSj\O1zy81jua.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.C:\FRST\Quarantine\APtC8QSj\O1zy81jua.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.C:\FRST\Quarantine\DefaultTab\DefaultTab\DefaultTabBHO.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.C:\FRST\Quarantine\DefaultTab\DefaultTab\DefaultTabStart.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.C:\FRST\Quarantine\DefaultTab\DefaultTab\DefaultTabStart64.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.C:\FRST\Quarantine\DefaultTab\DefaultTab\DefaultTabWrap.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.C:\FRST\Quarantine\DefaultTab\DefaultTab\DefaultTabWrap64.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.C:\FRST\Quarantine\DefaultTab\DefaultTab\DTUpdate.exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.C:\FRST\Quarantine\DefaultTab\DefaultTab\update.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.C:\Qoobox\Quarantine\C\Users\Lily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\60LVBKXV\web-play-product_setup[1].exe.vir (PUP.Downware) -> Quarantined and deleted successfully.C:\Users\Guest Account\Downloads\rcpsetup_dcomnew_sec_728_dcomnew_sec_728.exe (PUP.Optional.RegCleanerPro) -> Quarantined and deleted successfully. (end) -
FBI Virus...Need Assistance...
traderjohn replied to traderjohn's topic in Resolved Malware Removal Logs
Here are the results of the eset scan... C:\FRST\Quarantine\APtC8QSj\O1zy81jua.dll a variant of Win32/Kryptik.BJTJ trojanC:\FRST\Quarantine\APtC8QSj\O1zy81jua.exe a variant of Win32/Kryptik.BJTJ trojanC:\FRST\Quarantine\DefaultTab\DefaultTab\DefaultTabBHO.dll a variant of Win32/Toolbar.DefaultTab.B applicationC:\FRST\Quarantine\DefaultTab\DefaultTab\DefaultTabSearch.exe a variant of Win32/Toolbar.DefaultTab.B applicationC:\FRST\Quarantine\DefaultTab\DefaultTab\DefaultTabStart.exe a variant of Win32/Toolbar.DefaultTab.B applicationC:\FRST\Quarantine\DefaultTab\DefaultTab\DefaultTabWrap.dll a variant of Win32/Toolbar.DefaultTab.B applicationC:\FRST\Quarantine\DefaultTab\DefaultTab\DTUpdate.exe Win32/Toolbar.DefaultTab.A applicationC:\FRST\Quarantine\DefaultTab\DefaultTab\update.exe multiple threatsC:\OEM\Preload\Autorun\APP\Nero 10 Essentials Gateway Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe a variant of Win32/Bundled.Toolbar.Ask.A applicationC:\Users\Lily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\60LVBKXV\web-play-product_setup[1].exe Win32/DownWare.G applicationC:\Users\Lily\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\65d16ad3-5e5ab6dd a variant of Win32/Kryptik.BJTJ trojanC:\Users\Lily\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe Win32/DownWare.E applicationC:\Users\Lily\AppData\Roaming\Zip Opener Packages\uninstaller.exe a variant of Win32/InstallCore.AZ applicationC:\Users\Lily\Downloads\Setup.exe a variant of Win32/Adware.iBryte.D applicationC:\Users\Lily\Downloads\Update (1).exe a variant of Win32/AirAdInstaller.A applicationC:\Users\Lily\Downloads\Update (2).exe a variant of Win32/AirAdInstaller.A applicationC:\Users\Lily\Downloads\Update.exe a variant of Win32/AirAdInstaller.A applicationC:\Users\Lily\Downloads\ZipOpenerSetup.exe Win32/InstallCore.BN application -
FBI Virus...Need Assistance...
traderjohn replied to traderjohn's topic in Resolved Malware Removal Logs
The machine seems to be working properly now...thank-you very much! Here are the results from FRST and Combofix... Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-09-2013 03Ran by SYSTEM at 2013-09-19 07:41:36 Run:1Running from G:\Boot Mode: Recovery============================================== Content of fixlist:*****************HKU\Lily\...\Run: [O1zy81jua.exe] - C:\Users\Lily\AppData\Local\APtC8QSj\O1zy81jua.exe [123256 2013-09-05] (Microsoft Corporation)HKU\Lily\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTIONHKU\Lily\...\Command Processor: "C:\Users\Lily\AppData\Local\APtC8QSj\O1zy81jua.exe" <===== ATTENTION!Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) S2 DefaultTabUpdate; C:\Users\Lily\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-07-25] () C:\Users\Lily\AppData\Roaming\DefaultTabC:\Users\Lily\AppData\Roaming\hFLtNviPFC:\Users\Lily\AppData\Local\h9txidqcC:\ProgramData\RW7S8MJOC:\Users\Lily\AppData\Roaming\4vX7znEub4fC:\Users\Lily\AppData\Local\XEHZrne4SC:\ProgramData\58Rd0RCTC:\Users\Lily\AppData\Roaming\oHXXE2vitVC:\Users\Lily\AppData\Local\5QZKzNh64NC:\ProgramData\eiHt3SbtEilC:\Users\Lily\AppData\Roaming\tgrpLYMpC:\Users\Lily\AppData\Local\lje0cnuizC:\ProgramData\28BAxRijF7C:\Users\Lily\AppData\Roaming\JzTaO0P22LC:\Users\Lily\AppData\Local\NTlPI07YC:\ProgramData\raDu2xeEaovC:\Users\Lily\AppData\Roaming\76nCTjzgXC:\Users\Lily\AppData\Local\V8pCKgTWGmLC:\ProgramData\r6wgwT9OdGGC:\Users\Lily\AppData\Roaming\NA3w6m8odOgC:\Users\Lily\AppData\Local\ZdAKxfzkSq0C:\ProgramData\b03asjazC:\Users\Lily\AppData\Roaming\zRuchjFoqUzC:\Users\Lily\AppData\Local\tpRgZvnlAaZC:\ProgramData\KKaU3tzDwH4C:\Users\Lily\AppData\Roaming\r7yFJMgN7IsC:\Users\Lily\AppData\Local\rUMkaOuQQbC:\ProgramData\UoEr4cVES5C:\Users\Lily\AppData\Local\APtC8QSjC:\Users\Lily\AppData\Roaming\DFFkfriYhvC:\Users\Lily\AppData\Local\rMlHOkD7UFC:\ProgramData\2mFE7uo7i8nC:\Users\Lily\AppData\Local\iLividC:\ProgramData\DatamngrC:\Users\Lily\Downloads\iLividSetup-r559-n-bc.exeC:\ProgramData\Best Buy pc appC:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkC:\Users\Lily\AppData\Local\APtC8QSjC:\Program Files (x86)\DefaultTabC:\Users\Lily\ntuser.pol***************** HKU\Lily\Software\Microsoft\Windows\CurrentVersion\Run\\O1zy81jua.exe => Value deleted successfully.HKU\Lily\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.HKU\Lily\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => Moved successfully.C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe => Moved successfully.C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk not found.C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.DefaultTabUpdate => Service deleted successfully.C:\Users\Lily\AppData\Roaming\DefaultTab => Moved successfully.C:\Users\Lily\AppData\Roaming\hFLtNviPF => Moved successfully.C:\Users\Lily\AppData\Local\h9txidqc => Moved successfully.C:\ProgramData\RW7S8MJO => Moved successfully.C:\Users\Lily\AppData\Roaming\4vX7znEub4f => Moved successfully.C:\Users\Lily\AppData\Local\XEHZrne4S => Moved successfully.C:\ProgramData\58Rd0RCT => Moved successfully.C:\Users\Lily\AppData\Roaming\oHXXE2vitV => Moved successfully.C:\Users\Lily\AppData\Local\5QZKzNh64N => Moved successfully.C:\ProgramData\eiHt3SbtEil => Moved successfully.C:\Users\Lily\AppData\Roaming\tgrpLYMp => Moved successfully.C:\Users\Lily\AppData\Local\lje0cnuiz => Moved successfully.C:\ProgramData\28BAxRijF7 => Moved successfully.C:\Users\Lily\AppData\Roaming\JzTaO0P22L => Moved successfully.C:\Users\Lily\AppData\Local\NTlPI07Y => Moved successfully.C:\ProgramData\raDu2xeEaov => Moved successfully.C:\Users\Lily\AppData\Roaming\76nCTjzgX => Moved successfully.C:\Users\Lily\AppData\Local\V8pCKgTWGmL => Moved successfully.C:\ProgramData\r6wgwT9OdGG => Moved successfully.C:\Users\Lily\AppData\Roaming\NA3w6m8odOg => Moved successfully.C:\Users\Lily\AppData\Local\ZdAKxfzkSq0 => Moved successfully.C:\ProgramData\b03asjaz => Moved successfully.C:\Users\Lily\AppData\Roaming\zRuchjFoqUz => Moved successfully.C:\Users\Lily\AppData\Local\tpRgZvnlAaZ => Moved successfully.C:\ProgramData\KKaU3tzDwH4 => Moved successfully.C:\Users\Lily\AppData\Roaming\r7yFJMgN7Is => Moved successfully.C:\Users\Lily\AppData\Local\rUMkaOuQQb => Moved successfully.C:\ProgramData\UoEr4cVES5 => Moved successfully.C:\Users\Lily\AppData\Local\APtC8QSj => Moved successfully.C:\Users\Lily\AppData\Roaming\DFFkfriYhv => Moved successfully.C:\Users\Lily\AppData\Local\rMlHOkD7UF => Moved successfully.C:\ProgramData\2mFE7uo7i8n => Moved successfully.C:\Users\Lily\AppData\Local\iLivid => Moved successfully.C:\ProgramData\Datamngr => Moved successfully.C:\Users\Lily\Downloads\iLividSetup-r559-n-bc.exe => Moved successfully.C:\ProgramData\Best Buy pc app => Moved successfully."C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk" => File/Directory not found."C:\Users\Lily\AppData\Local\APtC8QSj" => File/Directory not found.C:\Program Files (x86)\DefaultTab => Moved successfully.C:\Users\Lily\ntuser.pol => Moved successfully. ==== End of Fixlog ==== ComboFix 13-09-19.01 - Lily 09/19/2013 8:01.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.1844 [GMT -4:00]Running from: c:\users\Lily\Downloads\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\BrowserDefenderc:\users\Guest Account\AppData\Local\Google\Chrome\User Data\Default\Preferencesc:\users\Guest Account\AppData\Local\Microsoft\Windows\Temporary Internet Files\{048EBD3C-8CBD-4F95-A3EB-1B9D475B7D46}.xpsc:\users\Guest Account\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4BD9FA21-ECFD-4E5A-8384-B297F53E0578}.xpsc:\users\Guest Account\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8AFC1EDA-3A1D-41CA-942F-9A1694621464}.xpsc:\users\Guest Account\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D280B94A-794A-4A90-B424-8FD6A9B25B12}.xpsc:\users\Lily\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Datac:\users\Lily\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferencesc:\users\Lily\AppData\Local\Google\Chrome\User Data\Default\Preferencesc:\users\Lily\AppData\Roaming\technic-launcher.jarc:\windows\wininit.ini..((((((((((((((((((((((((( Files Created from 2013-08-19 to 2013-09-19 )))))))))))))))))))))))))))))))..2013-09-19 12:34 . 2013-09-19 12:34 -------- d-----w- c:\users\Default\AppData\Local\temp2013-09-19 12:34 . 2013-09-19 12:34 -------- d-----w- c:\users\Guest Account\AppData\Local\temp2013-09-19 11:58 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3A098FB0-F572-4961-A038-D034006AEA89}\mpengine.dll2013-09-18 19:47 . 2013-09-18 19:47 -------- d-----w- C:\FRST2013-09-18 15:11 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-09-17 20:28 . 2013-09-18 19:09 -------- d-----w- c:\users\Fun2013-09-17 19:58 . 2013-09-17 19:59 -------- d-----w- c:\users\Lily\AppData\Local\ElevatedDiagnostics2013-09-14 00:50 . 2013-09-14 00:50 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF692013-09-14 00:03 . 2013-09-18 19:08 -------- d-----w- c:\users\Guest Account\AppData\Roaming\Skype2013-09-06 12:34 . 2013-09-06 12:33 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C7D0829-AB74-4886-BC0F-EC6EEDE2E670}\gapaengine.dll2013-09-06 12:09 . 2013-09-19 11:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy2013-09-06 12:08 . 2009-01-25 17:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe2013-09-06 12:08 . 2013-09-06 12:28 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 22013-09-06 12:08 . 2013-09-06 12:08 -------- d-----w- c:\users\Lily\AppData\Local\Programs...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-09-13 19:21 . 2013-03-14 02:47 79143768 ----a-w- c:\windows\system32\MRT.exe2013-08-22 19:49 . 2012-10-06 03:02 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-08-02 01:48 . 2013-09-13 00:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-07-25 09:25 . 2013-08-14 17:37 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-07-25 08:57 . 2013-08-14 17:37 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL2013-07-19 01:58 . 2013-08-14 17:37 2048 ----a-w- c:\windows\system32\tzres.dll2013-07-19 01:41 . 2013-08-14 17:37 2048 ----a-w- c:\windows\SysWow64\tzres.dll2013-07-09 05:52 . 2013-08-14 17:37 224256 ----a-w- c:\windows\system32\wintrust.dll2013-07-09 05:51 . 2013-08-14 17:37 1217024 ----a-w- c:\windows\system32\rpcrt4.dll2013-07-09 05:46 . 2013-08-14 17:37 1472512 ----a-w- c:\windows\system32\crypt32.dll2013-07-09 05:46 . 2013-08-14 17:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll2013-07-09 05:46 . 2013-08-14 17:37 139776 ----a-w- c:\windows\system32\cryptnet.dll2013-07-09 04:52 . 2013-08-14 17:37 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll2013-07-09 04:52 . 2013-08-14 17:37 175104 ----a-w- c:\windows\SysWow64\wintrust.dll2013-07-09 04:46 . 2013-08-14 17:37 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll2013-07-09 04:46 . 2013-08-14 17:37 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll2013-07-09 04:46 . 2013-08-14 17:37 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll2013-07-06 06:03 . 2013-08-14 17:36 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-06-26 23:21 . 2013-06-26 23:21 23208 ----a-w- c:\windows\system32\drivers\Sftvollh.sys2013-06-26 23:21 . 2013-06-26 23:21 28840 ----a-w- c:\windows\system32\drivers\Sftredirlh.sys2013-06-26 23:21 . 2013-06-26 23:21 273576 ----a-w- c:\windows\system32\drivers\Sftplaylh.sys2013-06-26 23:21 . 2013-06-26 23:21 1777320 ----a-w- c:\windows\system32\sftldr.dll2013-06-26 23:21 . 2013-06-26 23:21 1130664 ----a-w- c:\windows\SysWow64\sftldr_wow64.dll2013-06-26 23:21 . 2013-06-26 23:21 767144 ----a-w- c:\windows\system32\drivers\Sftfslh.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\Lily\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\Lily\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\Lily\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-07-25 20684656]"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-05-16 3642312].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]"Lexmark 6500 Series"="c:\program files (x86)\Lexmark 6500 Series\fm3032.exe" [2007-06-11 308144]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]"BackupManagerTray"="c:\program files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" [2011-03-09 290112]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720].c:\users\Guest Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Lily\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968].c:\users\Lily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Lily\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux2"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdfserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxdfserv.exe [x]R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]S2 ePowerSvc;ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [x]S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]S2 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe;c:\windows\SYSNATIVE\lxdfcoms.exe [x]S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-09-04 01:17 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-09-06 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-09-06 14:58].2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-19 00:50].2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-19 00:50].2013-09-15 c:\windows\Tasks\Norton Security Scan for Lily.job- c:\progra~2\NORTON~2\Engine\400~1.46\Nss.exe [2013-03-22 09:59].2013-09-06 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-09-06 14:57].2013-09-06 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-09-06 14:58]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\Lily\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\Lily\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\Lily\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\Lily\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]"Power Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2011-08-02 1831016]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]"lxdfmon.exe"="c:\program files (x86)\Lexmark 6500 Series\lxdfmon.exe" [2007-06-11 455600]"lxdfamon"="c:\program files (x86)\Lexmark 6500 Series\lxdfamon.exe" [2007-06-01 20480]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.1.1.- - - - ORPHANS REMOVED - - - -.BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\Lily\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dllToolbar-Locked - (no file)Notify-SDWinLogon - SDWinLogon.dllHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exeAddRemove-DefaultTab - c:\users\Lily\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exeAddRemove-DefaultTab Chrome - c:\program files (x86)\DefaultTab\uninstaller.exeAddRemove-e55b814e55744b76 - c:\programdata\Best Buy pc app\ClickOnceUninstaller.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-09-19 08:45:46ComboFix-quarantined-files.txt 2013-09-19 12:45.Pre-Run: 234,674,999,296 bytes freePost-Run: 236,487,016,448 bytes free.- - End Of File - - D55407ECC36F2ADE7C2FB94D4C26950C -
FBI Virus...Need Assistance...
traderjohn replied to traderjohn's topic in Resolved Malware Removal Logs
Thanks very much for your help...here is the scan log... Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 03Ran by SYSTEM on MININT-J8HTKPU on 18-09-2013 11:48:06Running from G:\Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Recovery The current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor)HKLM\...\Run: [Power Management] - C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)HKLM\...\Run: [lxdfmon.exe] - C:\Program Files (x86)\Lexmark 6500 Series\lxdfmon.exe [455600 2007-06-11] ()HKLM\...\Run: [lxdfamon] - C:\Program Files (x86)\Lexmark 6500 Series\lxdfamon.exe [20480 2007-06-01] ()HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)HKLM-x32\...\Run: [sDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-02] (CyberLink Corp.)HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-06-30] (Dritek System Inc.)HKLM-x32\...\Run: [Lexmark 6500 Series] - C:\Program Files (x86)\Lexmark 6500 Series\fm3032.exe [308144 2007-06-11] ()HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)HKLM-x32\...\Run: [backupManagerTray] - C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe [290112 2011-03-09] (NTI Corporation)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKU\Default\...\RunOnce: [scrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [154144 2010-07-29] ()HKU\Default User\...\RunOnce: [scrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [154144 2010-07-29] ()HKU\Fun\...\RunOnce: [scrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [154144 2010-07-29] ()HKU\Fun\...\Policies\system: [LogonHoursAction] 2HKU\Fun\...\Policies\system: [DontDisplayLogonHoursWarnings] 1HKU\Guest Account\...\Policies\system: [LogonHoursAction] 2HKU\Guest Account\...\Policies\system: [DontDisplayLogonHoursWarnings] 1HKU\Lily\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20684656 2013-07-25] (Skype Technologies S.A.)HKU\Lily\...\Run: [O1zy81jua.exe] - C:\Users\Lily\AppData\Local\APtC8QSj\O1zy81jua.exe [123256 2013-09-05] (Microsoft Corporation)HKU\Lily\...\Run: [spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)HKU\Lily\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe [243360 2011-08-18] (Adobe Systems, Inc.)HKU\Lily\...\Policies\system: [LogonHoursAction] 2HKU\Lily\...\Policies\system: [DontDisplayLogonHoursWarnings] 1HKU\Lily\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION HKU\Lily\...\Command Processor: "C:\Users\Lily\AppData\Local\APtC8QSj\O1zy81jua.exe" <===== ATTENTION!Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)Startup: C:\Users\Guest Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> (No File)Startup: C:\Users\Lily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> (No File)BootExecute: autocheck autochk * sdnclean64.exe ==================== Services (Whitelisted) ================= S2 DefaultTabUpdate; C:\Users\Lily\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-07-25] ()S2 lxdfCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdfserv.exe [33712 2007-05-28] (Lexmark International, Inc.)S2 lxdf_device; C:\Windows\system32\lxdfcoms.exe [1053104 2007-05-28] ( )S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [257344 2011-03-09] (NTI Corporation)S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.) ==================== Drivers (Whitelisted) ==================== S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-18 11:47 - 2013-09-18 11:47 - 00000000 ____D C:\FRST2013-09-18 07:12 - 2013-09-18 07:12 - 00183296 _____ C:\Users\Lily\AppData\Roaming\hFLtNviPF2013-09-18 07:12 - 2013-09-18 07:12 - 00183296 _____ C:\Users\Lily\AppData\Local\h9txidqc2013-09-18 07:12 - 2013-09-18 07:12 - 00183296 _____ C:\ProgramData\RW7S8MJO2013-09-17 12:28 - 2013-09-18 11:09 - 00000000 ____D C:\users\Fun2013-09-17 12:28 - 2013-09-17 12:28 - 00000000 ____D C:\Users\Fun\AppData\Local\VirtualStore2013-09-17 12:28 - 2012-08-26 10:12 - 00000000 ____D C:\Users\Fun\AppData\Local\Microsoft Help2013-09-17 11:32 - 2013-09-17 11:32 - 00183296 _____ C:\Users\Lily\AppData\Roaming\4vX7znEub4f2013-09-17 11:32 - 2013-09-17 11:32 - 00183296 _____ C:\Users\Lily\AppData\Local\XEHZrne4S2013-09-17 11:32 - 2013-09-17 11:32 - 00183296 _____ C:\ProgramData\58Rd0RCT2013-09-17 11:17 - 2013-09-17 11:17 - 00183296 _____ C:\Users\Lily\AppData\Roaming\oHXXE2vitV2013-09-17 11:17 - 2013-09-17 11:17 - 00183296 _____ C:\Users\Lily\AppData\Local\5QZKzNh64N2013-09-17 11:17 - 2013-09-17 11:17 - 00183296 _____ C:\ProgramData\eiHt3SbtEil2013-09-13 16:50 - 2013-09-13 16:50 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-09-13 16:03 - 2013-09-18 11:08 - 00000000 ____D C:\Users\Guest Account\AppData\Roaming\Skype2013-09-13 16:02 - 2013-09-13 16:02 - 01492848 _____ (Skype Technologies S.A.) C:\Users\Guest Account\Downloads\SkypeSetup.exe2013-09-13 11:25 - 2013-08-09 21:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-09-13 11:25 - 2013-08-09 21:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-09-13 11:25 - 2013-08-09 21:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2013-09-13 11:25 - 2013-08-09 21:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-09-13 11:25 - 2013-08-09 21:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-09-13 11:25 - 2013-08-09 21:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-09-13 11:25 - 2013-08-09 21:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-09-13 11:25 - 2013-08-09 21:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-09-13 11:25 - 2013-08-09 21:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-09-13 11:25 - 2013-08-09 21:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-09-13 11:25 - 2013-08-09 21:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-09-13 11:25 - 2013-08-09 21:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll2013-09-13 11:25 - 2013-08-09 21:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll2013-09-13 11:25 - 2013-08-09 21:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll2013-09-13 11:25 - 2013-08-09 19:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-09-13 11:25 - 2013-08-09 19:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-09-13 11:25 - 2013-08-09 19:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-09-13 11:25 - 2013-08-09 19:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-09-13 11:25 - 2013-08-09 19:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-09-13 11:25 - 2013-08-09 19:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-09-13 11:25 - 2013-08-09 19:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-09-13 11:25 - 2013-08-09 19:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-09-13 11:25 - 2013-08-09 19:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-09-13 11:25 - 2013-08-09 19:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-09-13 11:25 - 2013-08-09 19:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-09-13 11:25 - 2013-08-09 19:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-09-13 11:25 - 2013-08-09 19:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-09-13 11:25 - 2013-08-09 19:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-09-13 11:25 - 2013-08-09 18:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe2013-09-13 11:25 - 2013-08-09 18:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2013-09-13 11:24 - 2013-08-09 19:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-09-12 16:06 - 2013-08-07 17:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys2013-09-12 16:06 - 2013-08-04 18:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys2013-09-12 16:06 - 2013-08-01 18:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe2013-09-12 16:06 - 2013-08-01 18:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll2013-09-12 16:06 - 2013-08-01 18:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll2013-09-12 16:06 - 2013-08-01 18:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll2013-09-12 16:06 - 2013-08-01 18:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll2013-09-12 16:06 - 2013-08-01 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll2013-09-12 16:06 - 2013-08-01 18:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll2013-09-12 16:06 - 2013-08-01 18:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll2013-09-12 16:06 - 2013-08-01 18:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2013-09-12 16:06 - 2013-08-01 17:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2013-09-12 16:06 - 2013-08-01 17:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2013-09-12 16:06 - 2013-08-01 17:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2013-09-12 16:06 - 2013-08-01 17:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2013-09-12 16:06 - 2013-08-01 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe2013-09-12 16:06 - 2013-08-01 16:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe2013-09-12 16:06 - 2013-08-01 16:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2013-09-12 16:06 - 2013-08-01 16:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2013-09-12 16:06 - 2013-08-01 16:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2013-09-12 16:06 - 2013-08-01 16:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2013-09-12 16:06 - 2013-08-01 16:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 16:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 16:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 16:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2013-09-12 16:06 - 2013-07-25 18:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll2013-09-12 16:06 - 2013-07-25 18:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll2013-09-12 16:06 - 2013-07-25 17:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2013-09-12 16:06 - 2013-07-25 17:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll2013-09-12 13:24 - 2013-09-12 13:24 - 00183296 _____ C:\Users\Lily\AppData\Roaming\tgrpLYMp2013-09-12 13:24 - 2013-09-12 13:24 - 00183296 _____ C:\Users\Lily\AppData\Local\lje0cnuiz2013-09-12 13:24 - 2013-09-12 13:24 - 00183296 _____ C:\ProgramData\28BAxRijF72013-09-06 05:27 - 2013-09-06 05:27 - 00183296 _____ C:\Users\Lily\AppData\Roaming\JzTaO0P22L2013-09-06 05:27 - 2013-09-06 05:27 - 00183296 _____ C:\Users\Lily\AppData\Local\NTlPI07Y2013-09-06 05:27 - 2013-09-06 05:27 - 00183296 _____ C:\ProgramData\raDu2xeEaov2013-09-06 04:29 - 2013-09-06 04:29 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking2013-09-06 04:09 - 2013-09-06 05:23 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy2013-09-06 04:08 - 2013-09-06 04:28 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 22013-09-06 04:08 - 2013-09-06 04:08 - 00001386 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk2013-09-06 04:08 - 2013-09-06 04:08 - 00000656 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job2013-09-06 04:08 - 2013-09-06 04:08 - 00000628 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job2013-09-06 04:08 - 2013-09-06 04:08 - 00000458 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job2013-09-06 04:08 - 2009-01-25 09:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe2013-09-06 04:07 - 2013-09-06 04:07 - 37672592 _____ (Safer-Networking Ltd. ) C:\Users\Guest Account\Downloads\spybotsd-2.1.21-SR2.exe2013-09-06 04:04 - 2013-09-06 04:04 - 05709144 _____ (Systweak Inc ) C:\Users\Guest Account\Downloads\rcpsetup_dcomnew_sec_728_dcomnew_sec_728.exe2013-09-06 04:03 - 2013-09-06 04:03 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Guest Account\Downloads\mbam-setup-1.75.0.1300 (2).exe2013-09-06 04:02 - 2013-09-06 04:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Guest Account\Downloads\mbam-setup-1.75.0.1300 (1).exe2013-09-06 04:00 - 2013-09-06 04:00 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Guest Account\Downloads\mbam-setup-1.75.0.1300.exe2013-09-06 03:44 - 2013-09-06 03:44 - 00183296 _____ C:\Users\Lily\AppData\Roaming\76nCTjzgX2013-09-06 03:44 - 2013-09-06 03:44 - 00183296 _____ C:\Users\Lily\AppData\Local\V8pCKgTWGmL2013-09-06 03:44 - 2013-09-06 03:44 - 00183296 _____ C:\ProgramData\r6wgwT9OdGG2013-09-06 03:42 - 2013-09-06 04:21 - 00000000 ____D C:\Windows\pss2013-09-05 12:44 - 2013-09-05 12:44 - 00183296 _____ C:\Users\Lily\AppData\Roaming\NA3w6m8odOg2013-09-05 12:44 - 2013-09-05 12:44 - 00183296 _____ C:\Users\Lily\AppData\Local\ZdAKxfzkSq02013-09-05 12:44 - 2013-09-05 12:44 - 00183296 _____ C:\ProgramData\b03asjaz2013-09-05 11:35 - 2013-09-05 11:35 - 00183296 _____ C:\Users\Lily\AppData\Roaming\zRuchjFoqUz2013-09-05 11:35 - 2013-09-05 11:35 - 00183296 _____ C:\Users\Lily\AppData\Local\tpRgZvnlAaZ2013-09-05 11:35 - 2013-09-05 11:35 - 00183296 _____ C:\ProgramData\KKaU3tzDwH42013-09-05 11:25 - 2013-09-05 11:25 - 00183296 _____ C:\Users\Lily\AppData\Roaming\r7yFJMgN7Is2013-09-05 11:25 - 2013-09-05 11:25 - 00183296 _____ C:\Users\Lily\AppData\Local\rUMkaOuQQb2013-09-05 11:25 - 2013-09-05 11:25 - 00183296 _____ C:\ProgramData\UoEr4cVES52013-09-05 11:22 - 2013-09-18 11:09 - 00000000 ____D C:\Users\Lily\AppData\Local\APtC8QSj2013-09-05 11:22 - 2013-09-05 11:22 - 00183296 _____ C:\Users\Lily\AppData\Roaming\DFFkfriYhv2013-09-05 11:22 - 2013-09-05 11:22 - 00183296 _____ C:\Users\Lily\AppData\Local\rMlHOkD7UF2013-09-05 11:22 - 2013-09-05 11:22 - 00183296 _____ C:\ProgramData\2mFE7uo7i8n2013-09-04 17:39 - 2013-09-04 17:39 - 00000000 ____D C:\Users\Lily\AppData\Local\iLivid2013-09-04 17:39 - 2013-09-04 17:39 - 00000000 ____D C:\ProgramData\Datamngr2013-09-04 17:38 - 2013-09-04 17:39 - 01624064 _____ (Bandoo Media Inc) C:\Users\Lily\Downloads\iLividSetup-r559-n-bc.exe2013-09-02 16:53 - 2013-09-02 16:53 - 13831831 _____ C:\Users\Lily\Downloads\CHM 131 Exam 1 PowerPoint Slides 4th Ed. New.pptx2013-08-24 10:46 - 2013-08-24 10:46 - 00003584 _____ C:\Users\Lily\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-08-24 10:23 - 2013-08-24 10:48 - 04936704 _____ C:\Users\Lily\Downloads\Guess_Louie-v2.ppt2013-08-24 10:22 - 2013-08-24 10:22 - 02497024 _____ C:\Users\Lily\Downloads\Align-the-Starsv3.ppt2013-08-24 10:19 - 2013-08-24 10:19 - 04560896 _____ C:\Users\Lily\Downloads\sunken-Treasure-v2.ppt2013-08-24 10:19 - 2013-08-24 10:19 - 02562560 _____ C:\Users\Lily\Downloads\BigWheel-Elementary-v2.ppt2013-08-24 10:17 - 2013-08-24 10:17 - 00998400 _____ C:\Users\Lily\Downloads\-mnt-target02-343621-541328-www.makemegenius.com-web-content-uploads-education-Fruits_for_Kids.ppt2013-08-23 08:23 - 2013-08-23 08:25 - 00020563 _____ C:\Users\Guest Account\Downloads\Simpson Mat 151-01 Proj 1A.xlsx2013-08-20 17:24 - 2013-08-20 17:26 - 00020758 _____ C:\Users\Lily\Desktop\Simpson Mat 151-01 Proj 1A.xlsx2013-08-19 18:58 - 2013-08-19 18:58 - 00000000 ____D C:\Users\Lily\AppData\Local\Adobe ==================== One Month Modified Files and Folders ======= 2013-09-18 11:47 - 2013-09-18 11:47 - 00000000 ____D C:\FRST2013-09-18 11:09 - 2013-09-17 12:28 - 00000000 ____D C:\users\Fun2013-09-18 11:09 - 2013-09-05 11:22 - 00000000 ____D C:\Users\Lily\AppData\Local\APtC8QSj2013-09-18 11:09 - 2012-10-03 14:10 - 00000000 ____D C:\users\Guest Account2013-09-18 11:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration2013-09-18 11:08 - 2013-09-13 16:03 - 00000000 ____D C:\Users\Guest Account\AppData\Roaming\Skype2013-09-18 11:08 - 2011-08-18 07:34 - 00000000 ____D C:\ProgramData\Adobe2013-09-18 07:24 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-09-18 07:24 - 2009-07-13 20:51 - 00064293 _____ C:\Windows\setupact.log2013-09-18 07:17 - 2012-12-18 16:50 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-09-18 07:17 - 2012-12-18 16:50 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-09-18 07:12 - 2013-09-18 07:12 - 00183296 _____ C:\Users\Lily\AppData\Roaming\hFLtNviPF2013-09-18 07:12 - 2013-09-18 07:12 - 00183296 _____ C:\Users\Lily\AppData\Local\h9txidqc2013-09-18 07:12 - 2013-09-18 07:12 - 00183296 _____ C:\ProgramData\RW7S8MJO2013-09-18 07:12 - 2012-07-31 17:14 - 00000000 ____D C:\users\Lily2013-09-17 12:28 - 2013-09-17 12:28 - 00000000 ____D C:\Users\Fun\AppData\Local\VirtualStore2013-09-17 11:32 - 2013-09-17 11:32 - 00183296 _____ C:\Users\Lily\AppData\Roaming\4vX7znEub4f2013-09-17 11:32 - 2013-09-17 11:32 - 00183296 _____ C:\Users\Lily\AppData\Local\XEHZrne4S2013-09-17 11:32 - 2013-09-17 11:32 - 00183296 _____ C:\ProgramData\58Rd0RCT2013-09-17 11:25 - 2012-12-18 16:45 - 00000000 ____D C:\Users\Guest Account\AppData\Roaming\Apple Computer2013-09-17 11:17 - 2013-09-17 11:17 - 00183296 _____ C:\Users\Lily\AppData\Roaming\oHXXE2vitV2013-09-17 11:17 - 2013-09-17 11:17 - 00183296 _____ C:\Users\Lily\AppData\Local\5QZKzNh64N2013-09-17 11:17 - 2013-09-17 11:17 - 00183296 _____ C:\ProgramData\eiHt3SbtEil2013-09-15 07:23 - 2013-07-25 13:26 - 00000282 _____ C:\Windows\Tasks\DSite.job2013-09-15 07:23 - 2012-03-27 03:06 - 01147321 _____ C:\Windows\WindowsUpdate.log2013-09-14 20:41 - 2013-03-22 12:17 - 00000404 ____H C:\Windows\Tasks\Norton Security Scan for Lily.job2013-09-13 16:50 - 2013-09-13 16:50 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-09-13 16:03 - 2013-03-26 15:06 - 00000000 ___RD C:\Program Files (x86)\Skype2013-09-13 16:03 - 2013-03-26 15:06 - 00000000 ____D C:\ProgramData\Skype2013-09-13 16:02 - 2013-09-13 16:02 - 01492848 _____ (Skype Technologies S.A.) C:\Users\Guest Account\Downloads\SkypeSetup.exe2013-09-13 15:53 - 2013-05-28 09:23 - 00000000 ____D C:\Users\Guest Account\AppData\Roaming\CyberLink2013-09-13 11:52 - 2009-07-13 20:45 - 00016976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-09-13 11:52 - 2009-07-13 20:45 - 00016976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-09-13 11:45 - 2013-02-18 08:59 - 00000000 ___RD C:\Users\Guest Account\Dropbox2013-09-13 11:45 - 2013-02-18 08:56 - 00000000 ____D C:\Users\Guest Account\AppData\Roaming\Dropbox2013-09-13 11:44 - 2009-07-13 20:45 - 00430056 _____ C:\Windows\System32\FNTCACHE.DAT2013-09-13 11:43 - 2010-11-20 19:47 - 00538304 _____ C:\Windows\PFRO.log2013-09-13 11:24 - 2012-08-23 14:30 - 00744030 _____ C:\Windows\SysWOW64\PerfStringBackup.INI2013-09-13 11:24 - 2012-08-23 14:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client2013-09-13 11:21 - 2013-08-16 11:29 - 00000000 ____D C:\Windows\System32\MRT2013-09-13 11:21 - 2013-03-13 18:47 - 79143768 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe2013-09-13 11:21 - 2012-08-25 17:14 - 00000000 ____D C:\ProgramData\Microsoft Help2013-09-12 13:29 - 2012-08-25 17:09 - 00000000 ____D C:\ProgramData\Lx_cats2013-09-12 13:25 - 2012-10-03 14:10 - 00001248 __RSH C:\Users\Guest Account\ntuser.pol2013-09-12 13:24 - 2013-09-12 13:24 - 00183296 _____ C:\Users\Lily\AppData\Roaming\tgrpLYMp2013-09-12 13:24 - 2013-09-12 13:24 - 00183296 _____ C:\Users\Lily\AppData\Local\lje0cnuiz2013-09-12 13:24 - 2013-09-12 13:24 - 00183296 _____ C:\ProgramData\28BAxRijF72013-09-12 13:24 - 2013-07-25 13:26 - 00000000 ____D C:\Program Files (x86)\DefaultTab2013-09-12 13:24 - 2012-07-31 17:38 - 00000632 __RSH C:\Users\Lily\ntuser.pol2013-09-06 05:27 - 2013-09-06 05:27 - 00183296 _____ C:\Users\Lily\AppData\Roaming\JzTaO0P22L2013-09-06 05:27 - 2013-09-06 05:27 - 00183296 _____ C:\Users\Lily\AppData\Local\NTlPI07Y2013-09-06 05:27 - 2013-09-06 05:27 - 00183296 _____ C:\ProgramData\raDu2xeEaov2013-09-06 05:24 - 2013-03-26 14:30 - 00010286 _____ C:\Windows\wininit.ini2013-09-06 05:23 - 2013-09-06 04:09 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy2013-09-06 04:29 - 2013-09-06 04:29 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking2013-09-06 04:28 - 2013-09-06 04:08 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 22013-09-06 04:21 - 2013-09-06 03:42 - 00000000 ____D C:\Windows\pss2013-09-06 04:08 - 2013-09-06 04:08 - 00001386 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk2013-09-06 04:08 - 2013-09-06 04:08 - 00000656 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job2013-09-06 04:08 - 2013-09-06 04:08 - 00000628 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job2013-09-06 04:08 - 2013-09-06 04:08 - 00000458 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job2013-09-06 04:07 - 2013-09-06 04:07 - 37672592 _____ (Safer-Networking Ltd. ) C:\Users\Guest Account\Downloads\spybotsd-2.1.21-SR2.exe2013-09-06 04:04 - 2013-09-06 04:04 - 05709144 _____ (Systweak Inc ) C:\Users\Guest Account\Downloads\rcpsetup_dcomnew_sec_728_dcomnew_sec_728.exe2013-09-06 04:03 - 2013-09-06 04:03 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Guest Account\Downloads\mbam-setup-1.75.0.1300 (2).exe2013-09-06 04:02 - 2013-09-06 04:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Guest Account\Downloads\mbam-setup-1.75.0.1300 (1).exe2013-09-06 04:00 - 2013-09-06 04:00 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Guest Account\Downloads\mbam-setup-1.75.0.1300.exe2013-09-06 03:44 - 2013-09-06 03:44 - 00183296 _____ C:\Users\Lily\AppData\Roaming\76nCTjzgX2013-09-06 03:44 - 2013-09-06 03:44 - 00183296 _____ C:\Users\Lily\AppData\Local\V8pCKgTWGmL2013-09-06 03:44 - 2013-09-06 03:44 - 00183296 _____ C:\ProgramData\r6wgwT9OdGG2013-09-06 03:41 - 2009-07-13 21:13 - 00727310 _____ C:\Windows\System32\PerfStringBackup.INI2013-09-05 12:44 - 2013-09-05 12:44 - 00183296 _____ C:\Users\Lily\AppData\Roaming\NA3w6m8odOg2013-09-05 12:44 - 2013-09-05 12:44 - 00183296 _____ C:\Users\Lily\AppData\Local\ZdAKxfzkSq02013-09-05 12:44 - 2013-09-05 12:44 - 00183296 _____ C:\ProgramData\b03asjaz2013-09-05 11:35 - 2013-09-05 11:35 - 00183296 _____ C:\Users\Lily\AppData\Roaming\zRuchjFoqUz2013-09-05 11:35 - 2013-09-05 11:35 - 00183296 _____ C:\Users\Lily\AppData\Local\tpRgZvnlAaZ2013-09-05 11:35 - 2013-09-05 11:35 - 00183296 _____ C:\ProgramData\KKaU3tzDwH42013-09-05 11:25 - 2013-09-05 11:25 - 00183296 _____ C:\Users\Lily\AppData\Roaming\r7yFJMgN7Is2013-09-05 11:25 - 2013-09-05 11:25 - 00183296 _____ C:\Users\Lily\AppData\Local\rUMkaOuQQb2013-09-05 11:25 - 2013-09-05 11:25 - 00183296 _____ C:\ProgramData\UoEr4cVES52013-09-05 11:24 - 2009-07-13 21:08 - 00032600 _____ C:\Windows\Tasks\SCHEDLGU.TXT2013-09-05 11:22 - 2013-09-05 11:22 - 00183296 _____ C:\Users\Lily\AppData\Roaming\DFFkfriYhv2013-09-05 11:22 - 2013-09-05 11:22 - 00183296 _____ C:\Users\Lily\AppData\Local\rMlHOkD7UF2013-09-05 11:22 - 2013-09-05 11:22 - 00183296 _____ C:\ProgramData\2mFE7uo7i8n2013-09-05 11:12 - 2013-03-26 15:06 - 00000000 ____D C:\Users\Lily\AppData\Roaming\Skype2013-09-05 11:12 - 2013-01-23 14:16 - 00000000 ___RD C:\Users\Lily\Dropbox2013-09-05 11:12 - 2013-01-23 14:14 - 00000000 ____D C:\Users\Lily\AppData\Roaming\Dropbox2013-09-04 17:39 - 2013-09-04 17:39 - 00000000 ____D C:\Users\Lily\AppData\Local\iLivid2013-09-04 17:39 - 2013-09-04 17:39 - 00000000 ____D C:\ProgramData\Datamngr2013-09-04 17:39 - 2013-09-04 17:38 - 01624064 _____ (Bandoo Media Inc) C:\Users\Lily\Downloads\iLividSetup-r559-n-bc.exe2013-09-04 11:22 - 2013-07-27 08:15 - 00000076 _____ C:\Users\Lily\AppData\Roaming\WB.CFG2013-09-04 11:22 - 2013-07-25 14:26 - 00000005 _____ C:\Users\Lily\AppData\Roaming\WBPU-TTL.DAT2013-09-04 06:29 - 2012-08-25 17:10 - 00000000 ____D C:\Users\Lily\AppData\Local\CrashDumps2013-09-02 16:53 - 2013-09-02 16:53 - 13831831 _____ C:\Users\Lily\Downloads\CHM 131 Exam 1 PowerPoint Slides 4th Ed. New.pptx2013-08-27 12:25 - 2013-03-16 17:33 - 00000000 ____D C:\Users\Guest Account\AppData\Local\CrashDumps2013-08-26 14:18 - 2013-07-25 13:26 - 00000000 ____D C:\Windows\SysWOW64\Extensions2013-08-24 10:48 - 2013-08-24 10:23 - 04936704 _____ C:\Users\Lily\Downloads\Guess_Louie-v2.ppt2013-08-24 10:46 - 2013-08-24 10:46 - 00003584 _____ C:\Users\Lily\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-08-24 10:22 - 2013-08-24 10:22 - 02497024 _____ C:\Users\Lily\Downloads\Align-the-Starsv3.ppt2013-08-24 10:19 - 2013-08-24 10:19 - 04560896 _____ C:\Users\Lily\Downloads\sunken-Treasure-v2.ppt2013-08-24 10:19 - 2013-08-24 10:19 - 02562560 _____ C:\Users\Lily\Downloads\BigWheel-Elementary-v2.ppt2013-08-24 10:17 - 2013-08-24 10:17 - 00998400 _____ C:\Users\Lily\Downloads\-mnt-target02-343621-541328-www.makemegenius.com-web-content-uploads-education-Fruits_for_Kids.ppt2013-08-23 08:25 - 2013-08-23 08:23 - 00020563 _____ C:\Users\Guest Account\Downloads\Simpson Mat 151-01 Proj 1A.xlsx2013-08-21 16:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache2013-08-20 17:26 - 2013-08-20 17:24 - 00020758 _____ C:\Users\Lily\Desktop\Simpson Mat 151-01 Proj 1A.xlsx2013-08-19 18:58 - 2013-08-19 18:58 - 00000000 ____D C:\Users\Lily\AppData\Local\Adobe2013-08-19 18:58 - 2012-07-31 17:45 - 00000000 ____D C:\Users\Lily\AppData\Roaming\Adobe Files to move or delete:====================C:\Users\Lily\AppData\Local\APtC8QSj\O1zy81jua.exe Some content of TEMP:====================C:\Users\Lily\AppData\Local\Temp\AutoRun.exeC:\Users\Lily\AppData\Local\Temp\AutoRunGUI.dllC:\Users\Lily\AppData\Local\Temp\COMAP.EXEC:\Users\Lily\AppData\Local\Temp\contentDATs.exeC:\Users\Lily\AppData\Local\Temp\drm_dialogs.dllC:\Users\Lily\AppData\Local\Temp\drm_dyndata_7360010.dllC:\Users\Lily\AppData\Local\Temp\mssinstaller.exeC:\Users\Lily\AppData\Local\Temp\rjfxsyuexolehqbfqxu.dllC:\Users\Lily\AppData\Local\Temp\rjfxsyuexolehqbfqxu.exeC:\Users\Lily\AppData\Local\Temp\SecurityScan_Release.exeC:\Users\Lily\AppData\Local\Temp\SkypeSetup.exeC:\Users\Lily\AppData\Local\Temp\uninst1.exeC:\Users\Lily\AppData\Local\Temp\VP6Install.exeC:\Users\Lily\AppData\Local\Temp\VP6VFW.dll ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= 8Restore point made on: 2013-08-23 08:20:24Restore point made on: 2013-08-24 12:55:14Restore point made on: 2013-08-27 17:32:40Restore point made on: 2013-08-31 16:12:18Restore point made on: 2013-09-04 17:13:07Restore point made on: 2013-09-12 16:11:59Restore point made on: 2013-09-13 11:14:35Restore point made on: 2013-09-15 07:23:42 ==================== Memory info =========================== Percentage of memory in use: 16%Total physical RAM: 3947.86 MBAvailable physical RAM: 3298.46 MBTotal Pagefile: 3946.06 MBAvailable Pagefile: 3287.25 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (Gateway) (Fixed) (Total:284.99 GB) (Free:218.98 GB) NTFSDrive e: (PQSERVICE) (Fixed) (Total:13 GB) (Free:3.41 GB) NTFSDrive g: () (Removable) (Total:7.45 GB) (Free:7.29 GB) FAT32Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFSDrive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E2A7882E)Partition 1: (Not Active) - (Size=13 GB) - (Type=27)Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS) ========================================================Disk: 1 (Size: 7 GB) (Disk ID: 6F20736B)No partition Table on disk 1.Disk 1 is a removable device. LastRegBack: 2013-09-14 20:43 ==================== End Of Log ============================ -
My daughter now has the FBI virus on her computer...her main profile is completely hijacked, however, I can still access her guess profile...she is running Windows 7...please help me get rid of this problem...