Jump to content

traderjohn

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Here are the AdwCleaner and SecuirtyCheck results... # AdwCleaner v3.005 - Report created 23/09/2013 at 15:03:19# Updated 22/09/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Lily - LILY-PC# Running from : C:\Users\Lily\Desktop\adwcleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files (x86)\openitFolder Deleted : C:\Users\Lily\AppData\Roaming\DSite ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{4d8c0bcf-07da-4d5b-aebd-c0cbbc8fc0f4}]Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlcKey Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKCU\Software\594dadcb439b942Key Deleted : HKLM\SOFTWARE\594dadcb439b942Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\DefaultTabKey Deleted : HKCU\Software\DeltaKey Deleted : HKCU\Software\dsiteproductsKey Deleted : HKCU\Software\AppDataLow\Software\lyrixeekerKey Deleted : HKLM\Software\DataMngrKey Deleted : HKLM\Software\DefaultTabKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab ChromeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTabKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It! ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16686 -\\ Google Chrome v29.0.1547.76 [ File : C:\Users\Lily\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : search_urlDeleted : keyword ************************* AdwCleaner[R0].txt - [2644 octets] - [23/09/2013 15:01:51]AdwCleaner[s0].txt - [2479 octets] - [23/09/2013 15:03:19] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2539 octets] ########## Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.75.0.1300 JavaFX 2.1.1 Java 7 Update 5 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Google Chrome 29.0.1547.66 Google Chrome 29.0.1547.76 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Spybot Teatimer.exe is disabled! `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
  2. Here are the results of the latest Combofix and Malwarebytes scans... ComboFix 13-09-19.01 - Lily 09/20/2013 7:46.2.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.1963 [GMT -4:00]Running from: c:\users\Lily\Desktop\ComboFix.exeCommand switches used :: c:\users\Lily\Desktop\CFScript.txtAV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::"c:\oem\Preload\Autorun\APP\Nero 10 Essentials Gateway Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe""c:\users\Lily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\60LVBKXV\web-play-product_setup[1].exe""c:\users\Lily\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\65d16ad3-5e5ab6dd""c:\users\Lily\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe""c:\users\Lily\AppData\Roaming\Zip Opener Packages\uninstaller.exe""c:\users\Lily\Downloads\Setup.exe""c:\users\Lily\Downloads\Update (1).exe""c:\users\Lily\Downloads\Update (2).exe""c:\users\Lily\Downloads\Update.exe""c:\users\Lily\Downloads\ZipOpenerSetup.exe"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\oem\Preload\Autorun\APP\Nero 10 Essentials Gateway Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exec:\users\Lily\AppData\Local\Google\Chrome\User Data\Default\Preferencesc:\users\Lily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\60LVBKXV\web-play-product_setup[1].exec:\users\Lily\AppData\Roaming\DSite\UpdateProc\UpdateTask.exec:\users\Lily\AppData\Roaming\Zip Opener Packages\uninstaller.exec:\windows\wininit.ini..((((((((((((((((((((((((( Files Created from 2013-08-20 to 2013-09-20 )))))))))))))))))))))))))))))))..2013-09-20 11:55 . 2013-09-20 11:55 -------- d-----w- c:\users\Guest Account\AppData\Local\temp2013-09-20 11:55 . 2013-09-20 11:55 -------- d-----w- c:\users\Default\AppData\Local\temp2013-09-20 11:55 . 2013-09-20 11:55 -------- d-----w- c:\users\Administrator\AppData\Local\temp2013-09-19 19:56 . 2013-09-19 19:56 -------- d-----w- c:\program files (x86)\ESET2013-09-19 14:19 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D8179790-254E-4AD1-84D0-E1D63D3A74BA}\mpengine.dll2013-09-18 19:47 . 2013-09-18 19:47 -------- d-----w- C:\FRST2013-09-18 15:11 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-09-17 20:28 . 2013-09-18 19:09 -------- d-----w- c:\users\Fun2013-09-17 19:58 . 2013-09-17 19:59 -------- d-----w- c:\users\Lily\AppData\Local\ElevatedDiagnostics2013-09-14 00:50 . 2013-09-14 00:50 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF692013-09-14 00:03 . 2013-09-18 19:08 -------- d-----w- c:\users\Guest Account\AppData\Roaming\Skype2013-09-06 12:34 . 2013-09-06 12:33 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C7D0829-AB74-4886-BC0F-EC6EEDE2E670}\gapaengine.dll2013-09-06 12:09 . 2013-09-19 11:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy2013-09-06 12:08 . 2009-01-25 17:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe2013-09-06 12:08 . 2013-09-06 12:28 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 22013-09-06 12:08 . 2013-09-06 12:08 -------- d-----w- c:\users\Lily\AppData\Local\Programs...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-09-13 19:21 . 2013-03-14 02:47 79143768 ----a-w- c:\windows\system32\MRT.exe2013-08-22 19:49 . 2012-10-06 03:02 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-08-02 01:48 . 2013-09-13 00:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-07-25 09:25 . 2013-08-14 17:37 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-07-25 08:57 . 2013-08-14 17:37 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL2013-07-19 01:58 . 2013-08-14 17:37 2048 ----a-w- c:\windows\system32\tzres.dll2013-07-19 01:41 . 2013-08-14 17:37 2048 ----a-w- c:\windows\SysWow64\tzres.dll2013-07-09 05:52 . 2013-08-14 17:37 224256 ----a-w- c:\windows\system32\wintrust.dll2013-07-09 05:51 . 2013-08-14 17:37 1217024 ----a-w- c:\windows\system32\rpcrt4.dll2013-07-09 05:46 . 2013-08-14 17:37 1472512 ----a-w- c:\windows\system32\crypt32.dll2013-07-09 05:46 . 2013-08-14 17:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll2013-07-09 05:46 . 2013-08-14 17:37 139776 ----a-w- c:\windows\system32\cryptnet.dll2013-07-09 04:52 . 2013-08-14 17:37 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll2013-07-09 04:52 . 2013-08-14 17:37 175104 ----a-w- c:\windows\SysWow64\wintrust.dll2013-07-09 04:46 . 2013-08-14 17:37 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll2013-07-09 04:46 . 2013-08-14 17:37 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll2013-07-09 04:46 . 2013-08-14 17:37 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll2013-07-06 06:03 . 2013-08-14 17:36 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-06-26 23:21 . 2013-06-26 23:21 23208 ----a-w- c:\windows\system32\drivers\Sftvollh.sys2013-06-26 23:21 . 2013-06-26 23:21 28840 ----a-w- c:\windows\system32\drivers\Sftredirlh.sys2013-06-26 23:21 . 2013-06-26 23:21 273576 ----a-w- c:\windows\system32\drivers\Sftplaylh.sys2013-06-26 23:21 . 2013-06-26 23:21 1777320 ----a-w- c:\windows\system32\sftldr.dll2013-06-26 23:21 . 2013-06-26 23:21 1130664 ----a-w- c:\windows\SysWow64\sftldr_wow64.dll2013-06-26 23:21 . 2013-06-26 23:21 767144 ----a-w- c:\windows\system32\drivers\Sftfslh.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]c:\users\Lily\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll [bU].[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\Lily\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\Lily\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\Lily\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-07-25 20684656]"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-05-16 3642312].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]"Lexmark 6500 Series"="c:\program files (x86)\Lexmark 6500 Series\fm3032.exe" [2007-06-11 308144]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]"BackupManagerTray"="c:\program files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" [2011-03-09 290112]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720].c:\users\Guest Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Lily\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968].c:\users\Lily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Lily\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux2"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdfserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxdfserv.exe [x]R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]S2 ePowerSvc;ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [x]S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]S2 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe;c:\windows\SYSNATIVE\lxdfcoms.exe [x]S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-09-04 01:17 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-09-06 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-09-06 14:58].2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-19 00:50].2013-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-19 00:50].2013-09-19 c:\windows\Tasks\Norton Security Scan for Lily.job- c:\progra~2\NORTON~2\Engine\400~1.46\Nss.exe [2013-03-22 09:59].2013-09-06 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-09-06 14:57].2013-09-06 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-09-06 14:58]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\Lily\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\Lily\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\Lily\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\Lily\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]"Power Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2011-08-02 1831016]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]"lxdfmon.exe"="c:\program files (x86)\Lexmark 6500 Series\lxdfmon.exe" [2007-06-11 455600]"lxdfamon"="c:\program files (x86)\Lexmark 6500 Series\lxdfamon.exe" [2007-06-01 20480]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.1.1.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Notify-SDWinLogon - SDWinLogon.dllAddRemove-DefaultTab - c:\users\Lily\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exeAddRemove-DefaultTab Chrome - c:\program files (x86)\DefaultTab\uninstaller.exeAddRemove-DSite - c:\users\Lily\AppData\Roaming\DSite\UpdateProc\UpdateTask.exeAddRemove-Zip Opener Packages - c:\users\Lily\AppData\Roaming\Zip Opener Packages\uninstaller.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-09-20 08:05:22ComboFix-quarantined-files.txt 2013-09-20 12:05ComboFix2.txt 2013-09-19 12:45.Pre-Run: 239,171,973,120 bytes freePost-Run: 240,030,109,696 bytes free.- - End Of File - - 29AE8BE3DDB9C7113C793462933A9AE3 Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.09.20.04 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16686Lily :: LILY-PC [administrator] 9/20/2013 8:11:11 AMmbam-log-2013-09-20 (08-11-11).txt Scan type: Full scan (C:\|Q:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 407816Time elapsed: 38 minute(s), 2 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 19HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.HKCR\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.HKCR\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.HKCR\DefaultTabBHO.DefaultTabBrowserActiveX.1 (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.HKCR\DefaultTabBHO.DefaultTabBrowserActiveX (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.HKCR\AppID\DefaultTabBHO.DLL (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.HKCU\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.HKCU\Software\AppDataLow\Software\DefaultTab (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully. Registry Values Detected: 3HKCU\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Data: 2.2.8.0 -> Quarantined and deleted successfully.HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0L1N1H2O1S -> Quarantined and deleted successfully.HKLM\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Data: 2.2.8.0 -> Quarantined and deleted successfully. Registry Data Items Detected: 1HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bad: (http://www1.delta-search.com/?babsrc=HP_ss&mntrId=22459CB70D995A33&affID=119351&tsp=4954) Good: (http://www.google.com) -> Quarantined and repaired successfully. Folders Detected: 0(No malicious items detected) Files Detected: 12C:\FRST\Quarantine\iLividSetup-r559-n-bc.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.C:\FRST\Quarantine\APtC8QSj\O1zy81jua.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.C:\FRST\Quarantine\APtC8QSj\O1zy81jua.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.C:\FRST\Quarantine\DefaultTab\DefaultTab\DefaultTabBHO.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.C:\FRST\Quarantine\DefaultTab\DefaultTab\DefaultTabStart.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.C:\FRST\Quarantine\DefaultTab\DefaultTab\DefaultTabStart64.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.C:\FRST\Quarantine\DefaultTab\DefaultTab\DefaultTabWrap.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.C:\FRST\Quarantine\DefaultTab\DefaultTab\DefaultTabWrap64.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.C:\FRST\Quarantine\DefaultTab\DefaultTab\DTUpdate.exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.C:\FRST\Quarantine\DefaultTab\DefaultTab\update.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.C:\Qoobox\Quarantine\C\Users\Lily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\60LVBKXV\web-play-product_setup[1].exe.vir (PUP.Downware) -> Quarantined and deleted successfully.C:\Users\Guest Account\Downloads\rcpsetup_dcomnew_sec_728_dcomnew_sec_728.exe (PUP.Optional.RegCleanerPro) -> Quarantined and deleted successfully. (end)
  3. Here are the results of the eset scan... C:\FRST\Quarantine\APtC8QSj\O1zy81jua.dll a variant of Win32/Kryptik.BJTJ trojanC:\FRST\Quarantine\APtC8QSj\O1zy81jua.exe a variant of Win32/Kryptik.BJTJ trojanC:\FRST\Quarantine\DefaultTab\DefaultTab\DefaultTabBHO.dll a variant of Win32/Toolbar.DefaultTab.B applicationC:\FRST\Quarantine\DefaultTab\DefaultTab\DefaultTabSearch.exe a variant of Win32/Toolbar.DefaultTab.B applicationC:\FRST\Quarantine\DefaultTab\DefaultTab\DefaultTabStart.exe a variant of Win32/Toolbar.DefaultTab.B applicationC:\FRST\Quarantine\DefaultTab\DefaultTab\DefaultTabWrap.dll a variant of Win32/Toolbar.DefaultTab.B applicationC:\FRST\Quarantine\DefaultTab\DefaultTab\DTUpdate.exe Win32/Toolbar.DefaultTab.A applicationC:\FRST\Quarantine\DefaultTab\DefaultTab\update.exe multiple threatsC:\OEM\Preload\Autorun\APP\Nero 10 Essentials Gateway Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe a variant of Win32/Bundled.Toolbar.Ask.A applicationC:\Users\Lily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\60LVBKXV\web-play-product_setup[1].exe Win32/DownWare.G applicationC:\Users\Lily\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\65d16ad3-5e5ab6dd a variant of Win32/Kryptik.BJTJ trojanC:\Users\Lily\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe Win32/DownWare.E applicationC:\Users\Lily\AppData\Roaming\Zip Opener Packages\uninstaller.exe a variant of Win32/InstallCore.AZ applicationC:\Users\Lily\Downloads\Setup.exe a variant of Win32/Adware.iBryte.D applicationC:\Users\Lily\Downloads\Update (1).exe a variant of Win32/AirAdInstaller.A applicationC:\Users\Lily\Downloads\Update (2).exe a variant of Win32/AirAdInstaller.A applicationC:\Users\Lily\Downloads\Update.exe a variant of Win32/AirAdInstaller.A applicationC:\Users\Lily\Downloads\ZipOpenerSetup.exe Win32/InstallCore.BN application
  4. The machine seems to be working properly now...thank-you very much! Here are the results from FRST and Combofix... Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-09-2013 03Ran by SYSTEM at 2013-09-19 07:41:36 Run:1Running from G:\Boot Mode: Recovery============================================== Content of fixlist:*****************HKU\Lily\...\Run: [O1zy81jua.exe] - C:\Users\Lily\AppData\Local\APtC8QSj\O1zy81jua.exe [123256 2013-09-05] (Microsoft Corporation)HKU\Lily\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTIONHKU\Lily\...\Command Processor: "C:\Users\Lily\AppData\Local\APtC8QSj\O1zy81jua.exe" <===== ATTENTION!Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) S2 DefaultTabUpdate; C:\Users\Lily\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-07-25] () C:\Users\Lily\AppData\Roaming\DefaultTabC:\Users\Lily\AppData\Roaming\hFLtNviPFC:\Users\Lily\AppData\Local\h9txidqcC:\ProgramData\RW7S8MJOC:\Users\Lily\AppData\Roaming\4vX7znEub4fC:\Users\Lily\AppData\Local\XEHZrne4SC:\ProgramData\58Rd0RCTC:\Users\Lily\AppData\Roaming\oHXXE2vitVC:\Users\Lily\AppData\Local\5QZKzNh64NC:\ProgramData\eiHt3SbtEilC:\Users\Lily\AppData\Roaming\tgrpLYMpC:\Users\Lily\AppData\Local\lje0cnuizC:\ProgramData\28BAxRijF7C:\Users\Lily\AppData\Roaming\JzTaO0P22LC:\Users\Lily\AppData\Local\NTlPI07YC:\ProgramData\raDu2xeEaovC:\Users\Lily\AppData\Roaming\76nCTjzgXC:\Users\Lily\AppData\Local\V8pCKgTWGmLC:\ProgramData\r6wgwT9OdGGC:\Users\Lily\AppData\Roaming\NA3w6m8odOgC:\Users\Lily\AppData\Local\ZdAKxfzkSq0C:\ProgramData\b03asjazC:\Users\Lily\AppData\Roaming\zRuchjFoqUzC:\Users\Lily\AppData\Local\tpRgZvnlAaZC:\ProgramData\KKaU3tzDwH4C:\Users\Lily\AppData\Roaming\r7yFJMgN7IsC:\Users\Lily\AppData\Local\rUMkaOuQQbC:\ProgramData\UoEr4cVES5C:\Users\Lily\AppData\Local\APtC8QSjC:\Users\Lily\AppData\Roaming\DFFkfriYhvC:\Users\Lily\AppData\Local\rMlHOkD7UFC:\ProgramData\2mFE7uo7i8nC:\Users\Lily\AppData\Local\iLividC:\ProgramData\DatamngrC:\Users\Lily\Downloads\iLividSetup-r559-n-bc.exeC:\ProgramData\Best Buy pc appC:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkC:\Users\Lily\AppData\Local\APtC8QSjC:\Program Files (x86)\DefaultTabC:\Users\Lily\ntuser.pol***************** HKU\Lily\Software\Microsoft\Windows\CurrentVersion\Run\\O1zy81jua.exe => Value deleted successfully.HKU\Lily\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.HKU\Lily\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => Moved successfully.C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe => Moved successfully.C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk not found.C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.DefaultTabUpdate => Service deleted successfully.C:\Users\Lily\AppData\Roaming\DefaultTab => Moved successfully.C:\Users\Lily\AppData\Roaming\hFLtNviPF => Moved successfully.C:\Users\Lily\AppData\Local\h9txidqc => Moved successfully.C:\ProgramData\RW7S8MJO => Moved successfully.C:\Users\Lily\AppData\Roaming\4vX7znEub4f => Moved successfully.C:\Users\Lily\AppData\Local\XEHZrne4S => Moved successfully.C:\ProgramData\58Rd0RCT => Moved successfully.C:\Users\Lily\AppData\Roaming\oHXXE2vitV => Moved successfully.C:\Users\Lily\AppData\Local\5QZKzNh64N => Moved successfully.C:\ProgramData\eiHt3SbtEil => Moved successfully.C:\Users\Lily\AppData\Roaming\tgrpLYMp => Moved successfully.C:\Users\Lily\AppData\Local\lje0cnuiz => Moved successfully.C:\ProgramData\28BAxRijF7 => Moved successfully.C:\Users\Lily\AppData\Roaming\JzTaO0P22L => Moved successfully.C:\Users\Lily\AppData\Local\NTlPI07Y => Moved successfully.C:\ProgramData\raDu2xeEaov => Moved successfully.C:\Users\Lily\AppData\Roaming\76nCTjzgX => Moved successfully.C:\Users\Lily\AppData\Local\V8pCKgTWGmL => Moved successfully.C:\ProgramData\r6wgwT9OdGG => Moved successfully.C:\Users\Lily\AppData\Roaming\NA3w6m8odOg => Moved successfully.C:\Users\Lily\AppData\Local\ZdAKxfzkSq0 => Moved successfully.C:\ProgramData\b03asjaz => Moved successfully.C:\Users\Lily\AppData\Roaming\zRuchjFoqUz => Moved successfully.C:\Users\Lily\AppData\Local\tpRgZvnlAaZ => Moved successfully.C:\ProgramData\KKaU3tzDwH4 => Moved successfully.C:\Users\Lily\AppData\Roaming\r7yFJMgN7Is => Moved successfully.C:\Users\Lily\AppData\Local\rUMkaOuQQb => Moved successfully.C:\ProgramData\UoEr4cVES5 => Moved successfully.C:\Users\Lily\AppData\Local\APtC8QSj => Moved successfully.C:\Users\Lily\AppData\Roaming\DFFkfriYhv => Moved successfully.C:\Users\Lily\AppData\Local\rMlHOkD7UF => Moved successfully.C:\ProgramData\2mFE7uo7i8n => Moved successfully.C:\Users\Lily\AppData\Local\iLivid => Moved successfully.C:\ProgramData\Datamngr => Moved successfully.C:\Users\Lily\Downloads\iLividSetup-r559-n-bc.exe => Moved successfully.C:\ProgramData\Best Buy pc app => Moved successfully."C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk" => File/Directory not found."C:\Users\Lily\AppData\Local\APtC8QSj" => File/Directory not found.C:\Program Files (x86)\DefaultTab => Moved successfully.C:\Users\Lily\ntuser.pol => Moved successfully. ==== End of Fixlog ==== ComboFix 13-09-19.01 - Lily 09/19/2013 8:01.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.1844 [GMT -4:00]Running from: c:\users\Lily\Downloads\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\BrowserDefenderc:\users\Guest Account\AppData\Local\Google\Chrome\User Data\Default\Preferencesc:\users\Guest Account\AppData\Local\Microsoft\Windows\Temporary Internet Files\{048EBD3C-8CBD-4F95-A3EB-1B9D475B7D46}.xpsc:\users\Guest Account\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4BD9FA21-ECFD-4E5A-8384-B297F53E0578}.xpsc:\users\Guest Account\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8AFC1EDA-3A1D-41CA-942F-9A1694621464}.xpsc:\users\Guest Account\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D280B94A-794A-4A90-B424-8FD6A9B25B12}.xpsc:\users\Lily\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Datac:\users\Lily\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferencesc:\users\Lily\AppData\Local\Google\Chrome\User Data\Default\Preferencesc:\users\Lily\AppData\Roaming\technic-launcher.jarc:\windows\wininit.ini..((((((((((((((((((((((((( Files Created from 2013-08-19 to 2013-09-19 )))))))))))))))))))))))))))))))..2013-09-19 12:34 . 2013-09-19 12:34 -------- d-----w- c:\users\Default\AppData\Local\temp2013-09-19 12:34 . 2013-09-19 12:34 -------- d-----w- c:\users\Guest Account\AppData\Local\temp2013-09-19 11:58 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3A098FB0-F572-4961-A038-D034006AEA89}\mpengine.dll2013-09-18 19:47 . 2013-09-18 19:47 -------- d-----w- C:\FRST2013-09-18 15:11 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-09-17 20:28 . 2013-09-18 19:09 -------- d-----w- c:\users\Fun2013-09-17 19:58 . 2013-09-17 19:59 -------- d-----w- c:\users\Lily\AppData\Local\ElevatedDiagnostics2013-09-14 00:50 . 2013-09-14 00:50 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF692013-09-14 00:03 . 2013-09-18 19:08 -------- d-----w- c:\users\Guest Account\AppData\Roaming\Skype2013-09-06 12:34 . 2013-09-06 12:33 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C7D0829-AB74-4886-BC0F-EC6EEDE2E670}\gapaengine.dll2013-09-06 12:09 . 2013-09-19 11:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy2013-09-06 12:08 . 2009-01-25 17:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe2013-09-06 12:08 . 2013-09-06 12:28 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 22013-09-06 12:08 . 2013-09-06 12:08 -------- d-----w- c:\users\Lily\AppData\Local\Programs...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-09-13 19:21 . 2013-03-14 02:47 79143768 ----a-w- c:\windows\system32\MRT.exe2013-08-22 19:49 . 2012-10-06 03:02 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-08-02 01:48 . 2013-09-13 00:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-07-25 09:25 . 2013-08-14 17:37 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-07-25 08:57 . 2013-08-14 17:37 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL2013-07-19 01:58 . 2013-08-14 17:37 2048 ----a-w- c:\windows\system32\tzres.dll2013-07-19 01:41 . 2013-08-14 17:37 2048 ----a-w- c:\windows\SysWow64\tzres.dll2013-07-09 05:52 . 2013-08-14 17:37 224256 ----a-w- c:\windows\system32\wintrust.dll2013-07-09 05:51 . 2013-08-14 17:37 1217024 ----a-w- c:\windows\system32\rpcrt4.dll2013-07-09 05:46 . 2013-08-14 17:37 1472512 ----a-w- c:\windows\system32\crypt32.dll2013-07-09 05:46 . 2013-08-14 17:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll2013-07-09 05:46 . 2013-08-14 17:37 139776 ----a-w- c:\windows\system32\cryptnet.dll2013-07-09 04:52 . 2013-08-14 17:37 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll2013-07-09 04:52 . 2013-08-14 17:37 175104 ----a-w- c:\windows\SysWow64\wintrust.dll2013-07-09 04:46 . 2013-08-14 17:37 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll2013-07-09 04:46 . 2013-08-14 17:37 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll2013-07-09 04:46 . 2013-08-14 17:37 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll2013-07-06 06:03 . 2013-08-14 17:36 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-06-26 23:21 . 2013-06-26 23:21 23208 ----a-w- c:\windows\system32\drivers\Sftvollh.sys2013-06-26 23:21 . 2013-06-26 23:21 28840 ----a-w- c:\windows\system32\drivers\Sftredirlh.sys2013-06-26 23:21 . 2013-06-26 23:21 273576 ----a-w- c:\windows\system32\drivers\Sftplaylh.sys2013-06-26 23:21 . 2013-06-26 23:21 1777320 ----a-w- c:\windows\system32\sftldr.dll2013-06-26 23:21 . 2013-06-26 23:21 1130664 ----a-w- c:\windows\SysWow64\sftldr_wow64.dll2013-06-26 23:21 . 2013-06-26 23:21 767144 ----a-w- c:\windows\system32\drivers\Sftfslh.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\Lily\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\Lily\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\Lily\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-07-25 20684656]"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-05-16 3642312].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]"Lexmark 6500 Series"="c:\program files (x86)\Lexmark 6500 Series\fm3032.exe" [2007-06-11 308144]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]"BackupManagerTray"="c:\program files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" [2011-03-09 290112]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720].c:\users\Guest Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Lily\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968].c:\users\Lily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Lily\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux2"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdfserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxdfserv.exe [x]R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]S2 ePowerSvc;ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [x]S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]S2 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe;c:\windows\SYSNATIVE\lxdfcoms.exe [x]S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-09-04 01:17 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-09-06 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-09-06 14:58].2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-19 00:50].2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-19 00:50].2013-09-15 c:\windows\Tasks\Norton Security Scan for Lily.job- c:\progra~2\NORTON~2\Engine\400~1.46\Nss.exe [2013-03-22 09:59].2013-09-06 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-09-06 14:57].2013-09-06 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-09-06 14:58]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\Lily\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\Lily\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\Lily\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\Lily\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]"Power Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2011-08-02 1831016]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]"lxdfmon.exe"="c:\program files (x86)\Lexmark 6500 Series\lxdfmon.exe" [2007-06-11 455600]"lxdfamon"="c:\program files (x86)\Lexmark 6500 Series\lxdfamon.exe" [2007-06-01 20480]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.1.1.- - - - ORPHANS REMOVED - - - -.BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\Lily\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dllToolbar-Locked - (no file)Notify-SDWinLogon - SDWinLogon.dllHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exeAddRemove-DefaultTab - c:\users\Lily\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exeAddRemove-DefaultTab Chrome - c:\program files (x86)\DefaultTab\uninstaller.exeAddRemove-e55b814e55744b76 - c:\programdata\Best Buy pc app\ClickOnceUninstaller.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-09-19 08:45:46ComboFix-quarantined-files.txt 2013-09-19 12:45.Pre-Run: 234,674,999,296 bytes freePost-Run: 236,487,016,448 bytes free.- - End Of File - - D55407ECC36F2ADE7C2FB94D4C26950C
  5. Thanks very much for your help...here is the scan log... Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 03Ran by SYSTEM on MININT-J8HTKPU on 18-09-2013 11:48:06Running from G:\Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Recovery The current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor)HKLM\...\Run: [Power Management] - C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)HKLM\...\Run: [lxdfmon.exe] - C:\Program Files (x86)\Lexmark 6500 Series\lxdfmon.exe [455600 2007-06-11] ()HKLM\...\Run: [lxdfamon] - C:\Program Files (x86)\Lexmark 6500 Series\lxdfamon.exe [20480 2007-06-01] ()HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)HKLM-x32\...\Run: [sDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-02] (CyberLink Corp.)HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-06-30] (Dritek System Inc.)HKLM-x32\...\Run: [Lexmark 6500 Series] - C:\Program Files (x86)\Lexmark 6500 Series\fm3032.exe [308144 2007-06-11] ()HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)HKLM-x32\...\Run: [backupManagerTray] - C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe [290112 2011-03-09] (NTI Corporation)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKU\Default\...\RunOnce: [scrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [154144 2010-07-29] ()HKU\Default User\...\RunOnce: [scrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [154144 2010-07-29] ()HKU\Fun\...\RunOnce: [scrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [154144 2010-07-29] ()HKU\Fun\...\Policies\system: [LogonHoursAction] 2HKU\Fun\...\Policies\system: [DontDisplayLogonHoursWarnings] 1HKU\Guest Account\...\Policies\system: [LogonHoursAction] 2HKU\Guest Account\...\Policies\system: [DontDisplayLogonHoursWarnings] 1HKU\Lily\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20684656 2013-07-25] (Skype Technologies S.A.)HKU\Lily\...\Run: [O1zy81jua.exe] - C:\Users\Lily\AppData\Local\APtC8QSj\O1zy81jua.exe [123256 2013-09-05] (Microsoft Corporation)HKU\Lily\...\Run: [spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)HKU\Lily\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe [243360 2011-08-18] (Adobe Systems, Inc.)HKU\Lily\...\Policies\system: [LogonHoursAction] 2HKU\Lily\...\Policies\system: [DontDisplayLogonHoursWarnings] 1HKU\Lily\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION HKU\Lily\...\Command Processor: "C:\Users\Lily\AppData\Local\APtC8QSj\O1zy81jua.exe" <===== ATTENTION!Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)Startup: C:\Users\Guest Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> (No File)Startup: C:\Users\Lily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> (No File)BootExecute: autocheck autochk * sdnclean64.exe ==================== Services (Whitelisted) ================= S2 DefaultTabUpdate; C:\Users\Lily\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-07-25] ()S2 lxdfCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdfserv.exe [33712 2007-05-28] (Lexmark International, Inc.)S2 lxdf_device; C:\Windows\system32\lxdfcoms.exe [1053104 2007-05-28] ( )S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [257344 2011-03-09] (NTI Corporation)S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.) ==================== Drivers (Whitelisted) ==================== S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-18 11:47 - 2013-09-18 11:47 - 00000000 ____D C:\FRST2013-09-18 07:12 - 2013-09-18 07:12 - 00183296 _____ C:\Users\Lily\AppData\Roaming\hFLtNviPF2013-09-18 07:12 - 2013-09-18 07:12 - 00183296 _____ C:\Users\Lily\AppData\Local\h9txidqc2013-09-18 07:12 - 2013-09-18 07:12 - 00183296 _____ C:\ProgramData\RW7S8MJO2013-09-17 12:28 - 2013-09-18 11:09 - 00000000 ____D C:\users\Fun2013-09-17 12:28 - 2013-09-17 12:28 - 00000000 ____D C:\Users\Fun\AppData\Local\VirtualStore2013-09-17 12:28 - 2012-08-26 10:12 - 00000000 ____D C:\Users\Fun\AppData\Local\Microsoft Help2013-09-17 11:32 - 2013-09-17 11:32 - 00183296 _____ C:\Users\Lily\AppData\Roaming\4vX7znEub4f2013-09-17 11:32 - 2013-09-17 11:32 - 00183296 _____ C:\Users\Lily\AppData\Local\XEHZrne4S2013-09-17 11:32 - 2013-09-17 11:32 - 00183296 _____ C:\ProgramData\58Rd0RCT2013-09-17 11:17 - 2013-09-17 11:17 - 00183296 _____ C:\Users\Lily\AppData\Roaming\oHXXE2vitV2013-09-17 11:17 - 2013-09-17 11:17 - 00183296 _____ C:\Users\Lily\AppData\Local\5QZKzNh64N2013-09-17 11:17 - 2013-09-17 11:17 - 00183296 _____ C:\ProgramData\eiHt3SbtEil2013-09-13 16:50 - 2013-09-13 16:50 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-09-13 16:03 - 2013-09-18 11:08 - 00000000 ____D C:\Users\Guest Account\AppData\Roaming\Skype2013-09-13 16:02 - 2013-09-13 16:02 - 01492848 _____ (Skype Technologies S.A.) C:\Users\Guest Account\Downloads\SkypeSetup.exe2013-09-13 11:25 - 2013-08-09 21:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-09-13 11:25 - 2013-08-09 21:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-09-13 11:25 - 2013-08-09 21:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2013-09-13 11:25 - 2013-08-09 21:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-09-13 11:25 - 2013-08-09 21:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-09-13 11:25 - 2013-08-09 21:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-09-13 11:25 - 2013-08-09 21:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-09-13 11:25 - 2013-08-09 21:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-09-13 11:25 - 2013-08-09 21:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-09-13 11:25 - 2013-08-09 21:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-09-13 11:25 - 2013-08-09 21:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-09-13 11:25 - 2013-08-09 21:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll2013-09-13 11:25 - 2013-08-09 21:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll2013-09-13 11:25 - 2013-08-09 21:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll2013-09-13 11:25 - 2013-08-09 19:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-09-13 11:25 - 2013-08-09 19:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-09-13 11:25 - 2013-08-09 19:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-09-13 11:25 - 2013-08-09 19:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-09-13 11:25 - 2013-08-09 19:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-09-13 11:25 - 2013-08-09 19:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-09-13 11:25 - 2013-08-09 19:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-09-13 11:25 - 2013-08-09 19:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-09-13 11:25 - 2013-08-09 19:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-09-13 11:25 - 2013-08-09 19:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-09-13 11:25 - 2013-08-09 19:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-09-13 11:25 - 2013-08-09 19:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-09-13 11:25 - 2013-08-09 19:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-09-13 11:25 - 2013-08-09 19:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-09-13 11:25 - 2013-08-09 18:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe2013-09-13 11:25 - 2013-08-09 18:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2013-09-13 11:24 - 2013-08-09 19:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-09-12 16:06 - 2013-08-07 17:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys2013-09-12 16:06 - 2013-08-04 18:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys2013-09-12 16:06 - 2013-08-01 18:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe2013-09-12 16:06 - 2013-08-01 18:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll2013-09-12 16:06 - 2013-08-01 18:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll2013-09-12 16:06 - 2013-08-01 18:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll2013-09-12 16:06 - 2013-08-01 18:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll2013-09-12 16:06 - 2013-08-01 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll2013-09-12 16:06 - 2013-08-01 18:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll2013-09-12 16:06 - 2013-08-01 18:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll2013-09-12 16:06 - 2013-08-01 18:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2013-09-12 16:06 - 2013-08-01 17:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2013-09-12 16:06 - 2013-08-01 17:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2013-09-12 16:06 - 2013-08-01 17:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2013-09-12 16:06 - 2013-08-01 17:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2013-09-12 16:06 - 2013-08-01 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 17:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe2013-09-12 16:06 - 2013-08-01 16:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe2013-09-12 16:06 - 2013-08-01 16:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2013-09-12 16:06 - 2013-08-01 16:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2013-09-12 16:06 - 2013-08-01 16:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2013-09-12 16:06 - 2013-08-01 16:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2013-09-12 16:06 - 2013-08-01 16:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 16:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 16:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2013-09-12 16:06 - 2013-08-01 16:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2013-09-12 16:06 - 2013-07-25 18:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll2013-09-12 16:06 - 2013-07-25 18:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll2013-09-12 16:06 - 2013-07-25 17:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2013-09-12 16:06 - 2013-07-25 17:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll2013-09-12 13:24 - 2013-09-12 13:24 - 00183296 _____ C:\Users\Lily\AppData\Roaming\tgrpLYMp2013-09-12 13:24 - 2013-09-12 13:24 - 00183296 _____ C:\Users\Lily\AppData\Local\lje0cnuiz2013-09-12 13:24 - 2013-09-12 13:24 - 00183296 _____ C:\ProgramData\28BAxRijF72013-09-06 05:27 - 2013-09-06 05:27 - 00183296 _____ C:\Users\Lily\AppData\Roaming\JzTaO0P22L2013-09-06 05:27 - 2013-09-06 05:27 - 00183296 _____ C:\Users\Lily\AppData\Local\NTlPI07Y2013-09-06 05:27 - 2013-09-06 05:27 - 00183296 _____ C:\ProgramData\raDu2xeEaov2013-09-06 04:29 - 2013-09-06 04:29 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking2013-09-06 04:09 - 2013-09-06 05:23 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy2013-09-06 04:08 - 2013-09-06 04:28 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 22013-09-06 04:08 - 2013-09-06 04:08 - 00001386 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk2013-09-06 04:08 - 2013-09-06 04:08 - 00000656 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job2013-09-06 04:08 - 2013-09-06 04:08 - 00000628 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job2013-09-06 04:08 - 2013-09-06 04:08 - 00000458 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job2013-09-06 04:08 - 2009-01-25 09:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe2013-09-06 04:07 - 2013-09-06 04:07 - 37672592 _____ (Safer-Networking Ltd. ) C:\Users\Guest Account\Downloads\spybotsd-2.1.21-SR2.exe2013-09-06 04:04 - 2013-09-06 04:04 - 05709144 _____ (Systweak Inc ) C:\Users\Guest Account\Downloads\rcpsetup_dcomnew_sec_728_dcomnew_sec_728.exe2013-09-06 04:03 - 2013-09-06 04:03 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Guest Account\Downloads\mbam-setup-1.75.0.1300 (2).exe2013-09-06 04:02 - 2013-09-06 04:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Guest Account\Downloads\mbam-setup-1.75.0.1300 (1).exe2013-09-06 04:00 - 2013-09-06 04:00 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Guest Account\Downloads\mbam-setup-1.75.0.1300.exe2013-09-06 03:44 - 2013-09-06 03:44 - 00183296 _____ C:\Users\Lily\AppData\Roaming\76nCTjzgX2013-09-06 03:44 - 2013-09-06 03:44 - 00183296 _____ C:\Users\Lily\AppData\Local\V8pCKgTWGmL2013-09-06 03:44 - 2013-09-06 03:44 - 00183296 _____ C:\ProgramData\r6wgwT9OdGG2013-09-06 03:42 - 2013-09-06 04:21 - 00000000 ____D C:\Windows\pss2013-09-05 12:44 - 2013-09-05 12:44 - 00183296 _____ C:\Users\Lily\AppData\Roaming\NA3w6m8odOg2013-09-05 12:44 - 2013-09-05 12:44 - 00183296 _____ C:\Users\Lily\AppData\Local\ZdAKxfzkSq02013-09-05 12:44 - 2013-09-05 12:44 - 00183296 _____ C:\ProgramData\b03asjaz2013-09-05 11:35 - 2013-09-05 11:35 - 00183296 _____ C:\Users\Lily\AppData\Roaming\zRuchjFoqUz2013-09-05 11:35 - 2013-09-05 11:35 - 00183296 _____ C:\Users\Lily\AppData\Local\tpRgZvnlAaZ2013-09-05 11:35 - 2013-09-05 11:35 - 00183296 _____ C:\ProgramData\KKaU3tzDwH42013-09-05 11:25 - 2013-09-05 11:25 - 00183296 _____ C:\Users\Lily\AppData\Roaming\r7yFJMgN7Is2013-09-05 11:25 - 2013-09-05 11:25 - 00183296 _____ C:\Users\Lily\AppData\Local\rUMkaOuQQb2013-09-05 11:25 - 2013-09-05 11:25 - 00183296 _____ C:\ProgramData\UoEr4cVES52013-09-05 11:22 - 2013-09-18 11:09 - 00000000 ____D C:\Users\Lily\AppData\Local\APtC8QSj2013-09-05 11:22 - 2013-09-05 11:22 - 00183296 _____ C:\Users\Lily\AppData\Roaming\DFFkfriYhv2013-09-05 11:22 - 2013-09-05 11:22 - 00183296 _____ C:\Users\Lily\AppData\Local\rMlHOkD7UF2013-09-05 11:22 - 2013-09-05 11:22 - 00183296 _____ C:\ProgramData\2mFE7uo7i8n2013-09-04 17:39 - 2013-09-04 17:39 - 00000000 ____D C:\Users\Lily\AppData\Local\iLivid2013-09-04 17:39 - 2013-09-04 17:39 - 00000000 ____D C:\ProgramData\Datamngr2013-09-04 17:38 - 2013-09-04 17:39 - 01624064 _____ (Bandoo Media Inc) C:\Users\Lily\Downloads\iLividSetup-r559-n-bc.exe2013-09-02 16:53 - 2013-09-02 16:53 - 13831831 _____ C:\Users\Lily\Downloads\CHM 131 Exam 1 PowerPoint Slides 4th Ed. New.pptx2013-08-24 10:46 - 2013-08-24 10:46 - 00003584 _____ C:\Users\Lily\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-08-24 10:23 - 2013-08-24 10:48 - 04936704 _____ C:\Users\Lily\Downloads\Guess_Louie-v2.ppt2013-08-24 10:22 - 2013-08-24 10:22 - 02497024 _____ C:\Users\Lily\Downloads\Align-the-Starsv3.ppt2013-08-24 10:19 - 2013-08-24 10:19 - 04560896 _____ C:\Users\Lily\Downloads\sunken-Treasure-v2.ppt2013-08-24 10:19 - 2013-08-24 10:19 - 02562560 _____ C:\Users\Lily\Downloads\BigWheel-Elementary-v2.ppt2013-08-24 10:17 - 2013-08-24 10:17 - 00998400 _____ C:\Users\Lily\Downloads\-mnt-target02-343621-541328-www.makemegenius.com-web-content-uploads-education-Fruits_for_Kids.ppt2013-08-23 08:23 - 2013-08-23 08:25 - 00020563 _____ C:\Users\Guest Account\Downloads\Simpson Mat 151-01 Proj 1A.xlsx2013-08-20 17:24 - 2013-08-20 17:26 - 00020758 _____ C:\Users\Lily\Desktop\Simpson Mat 151-01 Proj 1A.xlsx2013-08-19 18:58 - 2013-08-19 18:58 - 00000000 ____D C:\Users\Lily\AppData\Local\Adobe ==================== One Month Modified Files and Folders ======= 2013-09-18 11:47 - 2013-09-18 11:47 - 00000000 ____D C:\FRST2013-09-18 11:09 - 2013-09-17 12:28 - 00000000 ____D C:\users\Fun2013-09-18 11:09 - 2013-09-05 11:22 - 00000000 ____D C:\Users\Lily\AppData\Local\APtC8QSj2013-09-18 11:09 - 2012-10-03 14:10 - 00000000 ____D C:\users\Guest Account2013-09-18 11:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration2013-09-18 11:08 - 2013-09-13 16:03 - 00000000 ____D C:\Users\Guest Account\AppData\Roaming\Skype2013-09-18 11:08 - 2011-08-18 07:34 - 00000000 ____D C:\ProgramData\Adobe2013-09-18 07:24 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-09-18 07:24 - 2009-07-13 20:51 - 00064293 _____ C:\Windows\setupact.log2013-09-18 07:17 - 2012-12-18 16:50 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-09-18 07:17 - 2012-12-18 16:50 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-09-18 07:12 - 2013-09-18 07:12 - 00183296 _____ C:\Users\Lily\AppData\Roaming\hFLtNviPF2013-09-18 07:12 - 2013-09-18 07:12 - 00183296 _____ C:\Users\Lily\AppData\Local\h9txidqc2013-09-18 07:12 - 2013-09-18 07:12 - 00183296 _____ C:\ProgramData\RW7S8MJO2013-09-18 07:12 - 2012-07-31 17:14 - 00000000 ____D C:\users\Lily2013-09-17 12:28 - 2013-09-17 12:28 - 00000000 ____D C:\Users\Fun\AppData\Local\VirtualStore2013-09-17 11:32 - 2013-09-17 11:32 - 00183296 _____ C:\Users\Lily\AppData\Roaming\4vX7znEub4f2013-09-17 11:32 - 2013-09-17 11:32 - 00183296 _____ C:\Users\Lily\AppData\Local\XEHZrne4S2013-09-17 11:32 - 2013-09-17 11:32 - 00183296 _____ C:\ProgramData\58Rd0RCT2013-09-17 11:25 - 2012-12-18 16:45 - 00000000 ____D C:\Users\Guest Account\AppData\Roaming\Apple Computer2013-09-17 11:17 - 2013-09-17 11:17 - 00183296 _____ C:\Users\Lily\AppData\Roaming\oHXXE2vitV2013-09-17 11:17 - 2013-09-17 11:17 - 00183296 _____ C:\Users\Lily\AppData\Local\5QZKzNh64N2013-09-17 11:17 - 2013-09-17 11:17 - 00183296 _____ C:\ProgramData\eiHt3SbtEil2013-09-15 07:23 - 2013-07-25 13:26 - 00000282 _____ C:\Windows\Tasks\DSite.job2013-09-15 07:23 - 2012-03-27 03:06 - 01147321 _____ C:\Windows\WindowsUpdate.log2013-09-14 20:41 - 2013-03-22 12:17 - 00000404 ____H C:\Windows\Tasks\Norton Security Scan for Lily.job2013-09-13 16:50 - 2013-09-13 16:50 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-09-13 16:03 - 2013-03-26 15:06 - 00000000 ___RD C:\Program Files (x86)\Skype2013-09-13 16:03 - 2013-03-26 15:06 - 00000000 ____D C:\ProgramData\Skype2013-09-13 16:02 - 2013-09-13 16:02 - 01492848 _____ (Skype Technologies S.A.) C:\Users\Guest Account\Downloads\SkypeSetup.exe2013-09-13 15:53 - 2013-05-28 09:23 - 00000000 ____D C:\Users\Guest Account\AppData\Roaming\CyberLink2013-09-13 11:52 - 2009-07-13 20:45 - 00016976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-09-13 11:52 - 2009-07-13 20:45 - 00016976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-09-13 11:45 - 2013-02-18 08:59 - 00000000 ___RD C:\Users\Guest Account\Dropbox2013-09-13 11:45 - 2013-02-18 08:56 - 00000000 ____D C:\Users\Guest Account\AppData\Roaming\Dropbox2013-09-13 11:44 - 2009-07-13 20:45 - 00430056 _____ C:\Windows\System32\FNTCACHE.DAT2013-09-13 11:43 - 2010-11-20 19:47 - 00538304 _____ C:\Windows\PFRO.log2013-09-13 11:24 - 2012-08-23 14:30 - 00744030 _____ C:\Windows\SysWOW64\PerfStringBackup.INI2013-09-13 11:24 - 2012-08-23 14:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client2013-09-13 11:21 - 2013-08-16 11:29 - 00000000 ____D C:\Windows\System32\MRT2013-09-13 11:21 - 2013-03-13 18:47 - 79143768 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe2013-09-13 11:21 - 2012-08-25 17:14 - 00000000 ____D C:\ProgramData\Microsoft Help2013-09-12 13:29 - 2012-08-25 17:09 - 00000000 ____D C:\ProgramData\Lx_cats2013-09-12 13:25 - 2012-10-03 14:10 - 00001248 __RSH C:\Users\Guest Account\ntuser.pol2013-09-12 13:24 - 2013-09-12 13:24 - 00183296 _____ C:\Users\Lily\AppData\Roaming\tgrpLYMp2013-09-12 13:24 - 2013-09-12 13:24 - 00183296 _____ C:\Users\Lily\AppData\Local\lje0cnuiz2013-09-12 13:24 - 2013-09-12 13:24 - 00183296 _____ C:\ProgramData\28BAxRijF72013-09-12 13:24 - 2013-07-25 13:26 - 00000000 ____D C:\Program Files (x86)\DefaultTab2013-09-12 13:24 - 2012-07-31 17:38 - 00000632 __RSH C:\Users\Lily\ntuser.pol2013-09-06 05:27 - 2013-09-06 05:27 - 00183296 _____ C:\Users\Lily\AppData\Roaming\JzTaO0P22L2013-09-06 05:27 - 2013-09-06 05:27 - 00183296 _____ C:\Users\Lily\AppData\Local\NTlPI07Y2013-09-06 05:27 - 2013-09-06 05:27 - 00183296 _____ C:\ProgramData\raDu2xeEaov2013-09-06 05:24 - 2013-03-26 14:30 - 00010286 _____ C:\Windows\wininit.ini2013-09-06 05:23 - 2013-09-06 04:09 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy2013-09-06 04:29 - 2013-09-06 04:29 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking2013-09-06 04:28 - 2013-09-06 04:08 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 22013-09-06 04:21 - 2013-09-06 03:42 - 00000000 ____D C:\Windows\pss2013-09-06 04:08 - 2013-09-06 04:08 - 00001386 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk2013-09-06 04:08 - 2013-09-06 04:08 - 00000656 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job2013-09-06 04:08 - 2013-09-06 04:08 - 00000628 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job2013-09-06 04:08 - 2013-09-06 04:08 - 00000458 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job2013-09-06 04:07 - 2013-09-06 04:07 - 37672592 _____ (Safer-Networking Ltd. ) C:\Users\Guest Account\Downloads\spybotsd-2.1.21-SR2.exe2013-09-06 04:04 - 2013-09-06 04:04 - 05709144 _____ (Systweak Inc ) C:\Users\Guest Account\Downloads\rcpsetup_dcomnew_sec_728_dcomnew_sec_728.exe2013-09-06 04:03 - 2013-09-06 04:03 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Guest Account\Downloads\mbam-setup-1.75.0.1300 (2).exe2013-09-06 04:02 - 2013-09-06 04:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Guest Account\Downloads\mbam-setup-1.75.0.1300 (1).exe2013-09-06 04:00 - 2013-09-06 04:00 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Guest Account\Downloads\mbam-setup-1.75.0.1300.exe2013-09-06 03:44 - 2013-09-06 03:44 - 00183296 _____ C:\Users\Lily\AppData\Roaming\76nCTjzgX2013-09-06 03:44 - 2013-09-06 03:44 - 00183296 _____ C:\Users\Lily\AppData\Local\V8pCKgTWGmL2013-09-06 03:44 - 2013-09-06 03:44 - 00183296 _____ C:\ProgramData\r6wgwT9OdGG2013-09-06 03:41 - 2009-07-13 21:13 - 00727310 _____ C:\Windows\System32\PerfStringBackup.INI2013-09-05 12:44 - 2013-09-05 12:44 - 00183296 _____ C:\Users\Lily\AppData\Roaming\NA3w6m8odOg2013-09-05 12:44 - 2013-09-05 12:44 - 00183296 _____ C:\Users\Lily\AppData\Local\ZdAKxfzkSq02013-09-05 12:44 - 2013-09-05 12:44 - 00183296 _____ C:\ProgramData\b03asjaz2013-09-05 11:35 - 2013-09-05 11:35 - 00183296 _____ C:\Users\Lily\AppData\Roaming\zRuchjFoqUz2013-09-05 11:35 - 2013-09-05 11:35 - 00183296 _____ C:\Users\Lily\AppData\Local\tpRgZvnlAaZ2013-09-05 11:35 - 2013-09-05 11:35 - 00183296 _____ C:\ProgramData\KKaU3tzDwH42013-09-05 11:25 - 2013-09-05 11:25 - 00183296 _____ C:\Users\Lily\AppData\Roaming\r7yFJMgN7Is2013-09-05 11:25 - 2013-09-05 11:25 - 00183296 _____ C:\Users\Lily\AppData\Local\rUMkaOuQQb2013-09-05 11:25 - 2013-09-05 11:25 - 00183296 _____ C:\ProgramData\UoEr4cVES52013-09-05 11:24 - 2009-07-13 21:08 - 00032600 _____ C:\Windows\Tasks\SCHEDLGU.TXT2013-09-05 11:22 - 2013-09-05 11:22 - 00183296 _____ C:\Users\Lily\AppData\Roaming\DFFkfriYhv2013-09-05 11:22 - 2013-09-05 11:22 - 00183296 _____ C:\Users\Lily\AppData\Local\rMlHOkD7UF2013-09-05 11:22 - 2013-09-05 11:22 - 00183296 _____ C:\ProgramData\2mFE7uo7i8n2013-09-05 11:12 - 2013-03-26 15:06 - 00000000 ____D C:\Users\Lily\AppData\Roaming\Skype2013-09-05 11:12 - 2013-01-23 14:16 - 00000000 ___RD C:\Users\Lily\Dropbox2013-09-05 11:12 - 2013-01-23 14:14 - 00000000 ____D C:\Users\Lily\AppData\Roaming\Dropbox2013-09-04 17:39 - 2013-09-04 17:39 - 00000000 ____D C:\Users\Lily\AppData\Local\iLivid2013-09-04 17:39 - 2013-09-04 17:39 - 00000000 ____D C:\ProgramData\Datamngr2013-09-04 17:39 - 2013-09-04 17:38 - 01624064 _____ (Bandoo Media Inc) C:\Users\Lily\Downloads\iLividSetup-r559-n-bc.exe2013-09-04 11:22 - 2013-07-27 08:15 - 00000076 _____ C:\Users\Lily\AppData\Roaming\WB.CFG2013-09-04 11:22 - 2013-07-25 14:26 - 00000005 _____ C:\Users\Lily\AppData\Roaming\WBPU-TTL.DAT2013-09-04 06:29 - 2012-08-25 17:10 - 00000000 ____D C:\Users\Lily\AppData\Local\CrashDumps2013-09-02 16:53 - 2013-09-02 16:53 - 13831831 _____ C:\Users\Lily\Downloads\CHM 131 Exam 1 PowerPoint Slides 4th Ed. New.pptx2013-08-27 12:25 - 2013-03-16 17:33 - 00000000 ____D C:\Users\Guest Account\AppData\Local\CrashDumps2013-08-26 14:18 - 2013-07-25 13:26 - 00000000 ____D C:\Windows\SysWOW64\Extensions2013-08-24 10:48 - 2013-08-24 10:23 - 04936704 _____ C:\Users\Lily\Downloads\Guess_Louie-v2.ppt2013-08-24 10:46 - 2013-08-24 10:46 - 00003584 _____ C:\Users\Lily\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-08-24 10:22 - 2013-08-24 10:22 - 02497024 _____ C:\Users\Lily\Downloads\Align-the-Starsv3.ppt2013-08-24 10:19 - 2013-08-24 10:19 - 04560896 _____ C:\Users\Lily\Downloads\sunken-Treasure-v2.ppt2013-08-24 10:19 - 2013-08-24 10:19 - 02562560 _____ C:\Users\Lily\Downloads\BigWheel-Elementary-v2.ppt2013-08-24 10:17 - 2013-08-24 10:17 - 00998400 _____ C:\Users\Lily\Downloads\-mnt-target02-343621-541328-www.makemegenius.com-web-content-uploads-education-Fruits_for_Kids.ppt2013-08-23 08:25 - 2013-08-23 08:23 - 00020563 _____ C:\Users\Guest Account\Downloads\Simpson Mat 151-01 Proj 1A.xlsx2013-08-21 16:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache2013-08-20 17:26 - 2013-08-20 17:24 - 00020758 _____ C:\Users\Lily\Desktop\Simpson Mat 151-01 Proj 1A.xlsx2013-08-19 18:58 - 2013-08-19 18:58 - 00000000 ____D C:\Users\Lily\AppData\Local\Adobe2013-08-19 18:58 - 2012-07-31 17:45 - 00000000 ____D C:\Users\Lily\AppData\Roaming\Adobe Files to move or delete:====================C:\Users\Lily\AppData\Local\APtC8QSj\O1zy81jua.exe Some content of TEMP:====================C:\Users\Lily\AppData\Local\Temp\AutoRun.exeC:\Users\Lily\AppData\Local\Temp\AutoRunGUI.dllC:\Users\Lily\AppData\Local\Temp\COMAP.EXEC:\Users\Lily\AppData\Local\Temp\contentDATs.exeC:\Users\Lily\AppData\Local\Temp\drm_dialogs.dllC:\Users\Lily\AppData\Local\Temp\drm_dyndata_7360010.dllC:\Users\Lily\AppData\Local\Temp\mssinstaller.exeC:\Users\Lily\AppData\Local\Temp\rjfxsyuexolehqbfqxu.dllC:\Users\Lily\AppData\Local\Temp\rjfxsyuexolehqbfqxu.exeC:\Users\Lily\AppData\Local\Temp\SecurityScan_Release.exeC:\Users\Lily\AppData\Local\Temp\SkypeSetup.exeC:\Users\Lily\AppData\Local\Temp\uninst1.exeC:\Users\Lily\AppData\Local\Temp\VP6Install.exeC:\Users\Lily\AppData\Local\Temp\VP6VFW.dll ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= 8Restore point made on: 2013-08-23 08:20:24Restore point made on: 2013-08-24 12:55:14Restore point made on: 2013-08-27 17:32:40Restore point made on: 2013-08-31 16:12:18Restore point made on: 2013-09-04 17:13:07Restore point made on: 2013-09-12 16:11:59Restore point made on: 2013-09-13 11:14:35Restore point made on: 2013-09-15 07:23:42 ==================== Memory info =========================== Percentage of memory in use: 16%Total physical RAM: 3947.86 MBAvailable physical RAM: 3298.46 MBTotal Pagefile: 3946.06 MBAvailable Pagefile: 3287.25 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (Gateway) (Fixed) (Total:284.99 GB) (Free:218.98 GB) NTFSDrive e: (PQSERVICE) (Fixed) (Total:13 GB) (Free:3.41 GB) NTFSDrive g: () (Removable) (Total:7.45 GB) (Free:7.29 GB) FAT32Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFSDrive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E2A7882E)Partition 1: (Not Active) - (Size=13 GB) - (Type=27)Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS) ========================================================Disk: 1 (Size: 7 GB) (Disk ID: 6F20736B)No partition Table on disk 1.Disk 1 is a removable device. LastRegBack: 2013-09-14 20:43 ==================== End Of Log ============================
  6. My daughter now has the FBI virus on her computer...her main profile is completely hijacked, however, I can still access her guess profile...she is running Windows 7...please help me get rid of this problem...
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.