Jump to content

New FBI Homeland Virus


Recommended Posts

Here u go

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013 02 (ATTENTION: ====> FRST version is 15 days old and could be outdated)
Ran by SYSTEM on 05-09-2013 18:36:21
Running from F:\
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] - c:\program files\realtek\audio\hda\ravcpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [iObit Malware Fighter] - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1515328 2013-06-14] (IObit)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [searchSettings] - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1360192 2013-09-02] (Spigot, Inc.)
HKU\Default User.DefaultUser-PC\...\Run: [Advanced SystemCare 6] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)
HKU\Default User.DefaultUser-PC\...\Run: [PlayNC Launcher] -  [x]
HKU\Default User.DefaultUser-PC\...\Run: [spotify Web Helper] - C:\Users\Default User.DefaultUser-PC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-21] (Spotify Ltd)
HKU\Default User.DefaultUser-PC\...\Run: [spotify] - C:\Users\Default User.DefaultUser-PC\AppData\Roaming\Spotify\Spotify.exe [4640768 2013-07-21] (Spotify Ltd)
HKU\Default User.DefaultUser-PC\...\Run: [Pando Media Booster] - c:\program files (x86)\pando networks\media booster\pmb.exe [3093624 2013-01-24] ()
HKU\Default.DefaultUser-PC\...\Run: [Advanced SystemCare 5] - "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [x]
HKU\Default.DefaultUser-PC\...\Run: [Advanced SystemCare 6] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)
HKU\Mcx1-TECK9000\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe <==== ATTENTION
HKU\Test\...\Run: [Advanced SystemCare 6] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)
Startup: C:\Users\Default User.DefaultUser-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8zoqgwlj.lnk
ShortcutTarget: 8zoqgwlj.lnk -> C:\PROGRA~3\jlwgqoz8.plz ()
Startup: C:\Users\Default User.DefaultUser-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Default.DefaultUser-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

==================== Services (Whitelisted) =================

S2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
S2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [335168 2013-04-25] (IObit)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
S2 PS3 Media Server; C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe [366872 2011-05-16] (Tanuki Software, Ltd.)
S2 Winmgmt; C:\PROGRA~3\8zoqgwlj.pzz [64604 2013-09-05] (Microsoft Corporation)
S2 Winmgmt; C:\PROGRA~3\8zoqgwlj.pzz [64604 2013-09-05] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
S3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
S2 PfFilter; C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [39504 2013-04-03] (IObit Information Technology)
S2 PfFilter; C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [39504 2013-04-03] (IObit Information Technology)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34336 2013-03-26] (IObit.com)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34336 2013-03-26] (IObit.com)
S0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2013-05-22] ()
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-03-26] (IObit.com)
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-03-26] (IObit.com)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 ALSysIO; \??\C:\Users\DEFAUL~1.DEF\AppData\Local\Temp\ALSysIO64.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-05 15:21 - 2013-09-05 15:26 - 95025368 ____T C:\ProgramData\8zoqgwlj.pff
2013-09-05 15:21 - 2013-09-05 15:26 - 00000000 _____ C:\ProgramData\8zoqgwlj.ctrl
2013-09-05 15:21 - 2013-09-05 15:21 - 00165888 _____ C:\ProgramData\jlwgqoz8.plz
2013-09-05 15:21 - 2013-09-05 15:21 - 00064604 ____T (Microsoft Corporation) C:\ProgramData\8zoqgwlj.pzz
2013-09-04 14:36 - 2013-09-04 14:36 - 00000000 ____D C:\Users\Test\AppData\Roaming\Adobe
2013-09-04 14:35 - 2013-09-04 14:36 - 00000000 ____D C:\users\Test
2013-09-04 14:35 - 2013-09-04 14:35 - 00000020 ___SH C:\Users\Test\ntuser.ini
2013-09-04 12:27 - 2013-09-04 12:27 - 00000000 ____D C:\Program Files (x86)\IObit Apps Toolbar
2013-09-04 12:27 - 2013-09-04 12:27 - 00000000 ____D C:\Program Files (x86)\Application Updater
2013-08-31 11:39 - 2013-08-31 11:39 - 00215552 _____ (Microsoft) C:\Users\Default User.DefaultUser-PC\Downloads\QuickTrack.exe
2013-08-29 15:26 - 2013-08-29 15:28 - 00000000 ____D C:\Users\Default User.DefaultUser-PC\Documents\NCIS
2013-08-24 14:22 - 2013-08-24 14:22 - 00000020 ___SH C:\Users\Mcx1-TECK9000\ntuser.ini
2013-08-24 14:22 - 2013-08-24 14:22 - 00000000 ____D C:\users\Mcx1-TECK9000
2013-08-24 11:50 - 2013-08-24 12:01 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-24 10:47 - 2013-08-24 10:47 - 415131812 _____ C:\Windows\MEMORY.DMP
2013-08-24 10:47 - 2013-08-24 10:47 - 00287680 _____ C:\Windows\Minidump\082413-22354-01.dmp
2013-08-24 10:37 - 2013-08-24 10:37 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Default User.DefaultUser-PC\Downloads\mbar-1.07.0.1005.exe
2013-08-22 15:33 - 2013-09-05 15:25 - 00004246 _____ C:\Windows\PFRO.log
2013-08-22 15:33 - 2013-09-05 15:25 - 00002016 _____ C:\Windows\setupact.log
2013-08-22 15:33 - 2013-08-22 15:33 - 00000000 _____ C:\Windows\setuperr.log
2013-08-22 15:19 - 2013-08-24 15:14 - 00000000 ____D C:\Users\Default User.DefaultUser-PC\Desktop\mbar
2013-08-22 15:19 - 2013-08-22 15:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-22 15:18 - 2013-08-22 15:18 - 12081912 _____ (Malwarebytes Corp.) C:\Users\Default User.DefaultUser-PC\Documents\mbar-1.06.1.1005.exe
2013-08-21 19:56 - 2013-08-21 19:56 - 00000000 ____D C:\FRST
2013-08-21 16:32 - 2013-08-22 15:05 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-21 15:04 - 2013-08-21 15:05 - 00000000 ____D C:\Users\Default.DefaultUser-PC\AppData\Roaming\Curse Advertising
2013-08-20 16:51 - 2013-08-20 16:51 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Default.DefaultUser-PC\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-20 16:23 - 2013-08-20 16:23 - 00000000 ____D C:\Windows\Sun
2013-08-14 00:01 - 2013-08-14 00:02 - 00000000 ____D C:\Windows\System32\MRT
2013-08-13 23:58 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-13 23:58 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-13 16:10 - 2013-08-13 16:10 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-13 16:10 - 2013-08-13 16:10 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-13 16:08 - 2013-08-13 16:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-13 16:08 - 2013-08-13 16:08 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-13 16:08 - 2013-08-13 16:08 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-13 16:08 - 2013-08-13 16:08 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-13 16:08 - 2013-08-13 16:08 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-08-13 16:07 - 2013-08-13 16:07 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-13 16:07 - 2013-08-13 16:07 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-13 16:07 - 2013-08-13 16:07 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-13 16:07 - 2013-08-13 16:07 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-13 16:07 - 2013-08-13 16:07 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-13 16:07 - 2013-08-13 16:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-13 16:06 - 2013-08-13 16:06 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-08-09 23:11 - 2013-08-09 23:11 - 00000000 ____D C:\NvidiaLogging
2013-08-09 23:10 - 2013-05-14 11:28 - 00039712 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys
2013-08-09 23:10 - 2013-05-14 11:27 - 00029984 _____ (NVIDIA Corporation) C:\Windows\System32\nvaudcap64v.dll
2013-08-09 23:10 - 2013-05-14 11:27 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-08-09 23:05 - 2013-08-09 23:08 - 00000000 ____D C:\Users\Default User.DefaultUser-PC\AppData\Local\Adobe
2013-08-09 21:57 - 2013-05-22 15:49 - 00017720 _____ C:\Windows\System32\Drivers\SmartDefragDriver.sys
2013-08-09 21:52 - 2013-08-09 21:52 - 00001289 _____ C:\Users\Default User.DefaultUser-PC\Desktop\Driver Manager.lnk
2013-08-09 21:46 - 2013-08-09 21:46 - 00903080 _____ (Oracle Corporation) C:\Users\Default User.DefaultUser-PC\Downloads\jxpiinstall(1).exe
2013-08-09 21:32 - 2013-08-21 17:48 - 00000000 ____D C:\Users\Default.DefaultUser-PC\AppData\Roaming\IObit

==================== One Month Modified Files and Folders =======

2013-09-05 15:31 - 2013-06-21 21:20 - 00196608 _____ C:\Windows\System32\Ikeext.etl
2013-09-05 15:31 - 2009-07-13 20:45 - 00017168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-05 15:31 - 2009-07-13 20:45 - 00017168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-05 15:27 - 2013-09-05 15:27 - 00000000 ____D C:\Users\Test\AppData\Roaming\IObit
2013-09-05 15:26 - 2013-09-05 15:21 - 95025368 ____T C:\ProgramData\8zoqgwlj.pff
2013-09-05 15:26 - 2013-09-05 15:21 - 00000000 _____ C:\ProgramData\8zoqgwlj.ctrl
2013-09-05 15:26 - 2013-07-21 07:54 - 00000000 ____D C:\Users\Default User.DefaultUser-PC\AppData\Roaming\Spotify
2013-09-05 15:26 - 2013-07-09 18:39 - 00000000 ____D C:\Program Files (x86)\PS3 Media Server
2013-09-05 15:26 - 2013-01-24 16:10 - 00000000 ____D C:\Users\Default User.DefaultUser-PC\AppData\Local\PMB Files
2013-09-05 15:25 - 2013-08-22 15:33 - 00004246 _____ C:\Windows\PFRO.log
2013-09-05 15:25 - 2013-08-22 15:33 - 00002016 _____ C:\Windows\setupact.log
2013-09-05 15:25 - 2012-01-18 11:31 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-05 15:25 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-05 15:21 - 2013-09-05 15:21 - 00165888 _____ C:\ProgramData\jlwgqoz8.plz
2013-09-05 15:21 - 2013-09-05 15:21 - 00064604 ____T (Microsoft Corporation) C:\ProgramData\8zoqgwlj.pzz
2013-09-05 15:06 - 2012-07-04 13:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-05 14:56 - 2012-07-29 13:51 - 00000000 ____D C:\Users\Default User.DefaultUser-PC\AppData\Local\Deployment
2013-09-04 15:49 - 2013-07-05 21:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-04 15:41 - 2013-06-16 14:55 - 00000000 ____D C:\Users\Default User.DefaultUser-PC\AppData\Roaming\uTorrent
2013-09-04 15:12 - 2009-07-13 21:13 - 00778834 _____ C:\Windows\System32\PerfStringBackup.INI
2013-09-04 14:36 - 2013-09-04 14:36 - 00000000 ____D C:\Users\Test\AppData\Roaming\Adobe
2013-09-04 14:36 - 2013-09-04 14:35 - 00000000 ____D C:\users\Test
2013-09-04 14:35 - 2013-09-04 14:35 - 00000020 ___SH C:\Users\Test\ntuser.ini
2013-09-04 12:27 - 2013-09-04 12:27 - 00000000 ____D C:\Program Files (x86)\IObit Apps Toolbar
2013-09-04 12:27 - 2013-09-04 12:27 - 00000000 ____D C:\Program Files (x86)\Application Updater
2013-09-01 10:54 - 2012-01-17 13:52 - 00000000 ____D C:\users\Default User.DefaultUser-PC
2013-08-31 11:39 - 2013-08-31 11:39 - 00215552 _____ (Microsoft) C:\Users\Default User.DefaultUser-PC\Downloads\QuickTrack.exe
2013-08-31 05:31 - 2013-07-21 07:58 - 00000000 ____D C:\Users\Default User.DefaultUser-PC\AppData\Local\Spotify
2013-08-30 07:22 - 2012-01-17 13:30 - 01706953 _____ C:\Windows\WindowsUpdate.log
2013-08-29 15:28 - 2013-08-29 15:26 - 00000000 ____D C:\Users\Default User.DefaultUser-PC\Documents\NCIS
2013-08-24 15:14 - 2013-08-22 15:19 - 00000000 ____D C:\Users\Default User.DefaultUser-PC\Desktop\mbar
2013-08-24 14:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2013-08-24 14:22 - 2013-08-24 14:22 - 00000020 ___SH C:\Users\Mcx1-TECK9000\ntuser.ini
2013-08-24 14:22 - 2013-08-24 14:22 - 00000000 ____D C:\users\Mcx1-TECK9000
2013-08-24 14:21 - 2012-04-21 09:56 - 00000362 __RSH C:\ProgramData\ntuser.pol
2013-08-24 12:06 - 2012-07-04 13:55 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-24 12:06 - 2012-07-04 13:55 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-24 12:06 - 2012-01-21 13:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-24 12:01 - 2013-08-24 11:50 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-24 10:47 - 2013-08-24 10:47 - 415131812 _____ C:\Windows\MEMORY.DMP
2013-08-24 10:47 - 2013-08-24 10:47 - 00287680 _____ C:\Windows\Minidump\082413-22354-01.dmp
2013-08-24 10:47 - 2012-02-26 07:35 - 00000000 ____D C:\Windows\Minidump
2013-08-24 10:37 - 2013-08-24 10:37 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Default User.DefaultUser-PC\Downloads\mbar-1.07.0.1005.exe
2013-08-24 10:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-08-22 16:46 - 2012-08-25 18:22 - 00000000 ____D C:\users\Mcx1-DEFAULTUSER-PC.DefaultUser-PC
2013-08-22 15:33 - 2013-08-22 15:33 - 00000000 _____ C:\Windows\setuperr.log
2013-08-22 15:19 - 2013-08-22 15:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-22 15:18 - 2013-08-22 15:18 - 12081912 _____ (Malwarebytes Corp.) C:\Users\Default User.DefaultUser-PC\Documents\mbar-1.06.1.1005.exe
2013-08-22 15:05 - 2013-08-21 16:32 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-21 19:56 - 2013-08-21 19:56 - 00000000 ____D C:\FRST
2013-08-21 18:09 - 2012-02-21 17:04 - 00000000 ____D C:\Users\Default.DefaultUser-PC\AppData\Local\Deployment
2013-08-21 17:48 - 2013-08-09 21:32 - 00000000 ____D C:\Users\Default.DefaultUser-PC\AppData\Roaming\IObit
2013-08-21 15:05 - 2013-08-21 15:04 - 00000000 ____D C:\Users\Default.DefaultUser-PC\AppData\Roaming\Curse Advertising
2013-08-20 16:51 - 2013-08-20 16:51 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Default.DefaultUser-PC\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-20 16:36 - 2012-02-21 17:00 - 00058016 _____ C:\Users\Default.DefaultUser-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-20 16:23 - 2013-08-20 16:23 - 00000000 ____D C:\Windows\Sun
2013-08-14 01:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-08-14 00:02 - 2013-08-14 00:01 - 00000000 ____D C:\Windows\System32\MRT
2013-08-14 00:00 - 2012-09-10 08:10 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-08-13 16:10 - 2013-08-13 16:10 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-13 16:10 - 2013-08-13 16:10 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-13 16:08 - 2013-08-13 16:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-13 16:08 - 2013-08-13 16:08 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-13 16:08 - 2013-08-13 16:08 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-13 16:08 - 2013-08-13 16:08 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-13 16:08 - 2013-08-13 16:08 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-08-13 16:07 - 2013-08-13 16:07 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-13 16:07 - 2013-08-13 16:07 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-13 16:07 - 2013-08-13 16:07 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-13 16:07 - 2013-08-13 16:07 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-13 16:07 - 2013-08-13 16:07 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-13 16:07 - 2013-08-13 16:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-13 16:06 - 2013-08-13 16:06 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-08-09 23:11 - 2013-08-09 23:11 - 00000000 ____D C:\NvidiaLogging
2013-08-09 23:10 - 2012-01-18 11:31 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-08-09 23:10 - 2012-01-18 11:25 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-08-09 23:08 - 2013-08-09 23:05 - 00000000 ____D C:\Users\Default User.DefaultUser-PC\AppData\Local\Adobe
2013-08-09 21:57 - 2013-06-19 17:59 - 00001170 _____ C:\Users\Public\Desktop\Smart Defrag 2.lnk
2013-08-09 21:52 - 2013-08-09 21:52 - 00001289 _____ C:\Users\Default User.DefaultUser-PC\Desktop\Driver Manager.lnk
2013-08-09 21:46 - 2013-08-09 21:46 - 00903080 _____ (Oracle Corporation) C:\Users\Default User.DefaultUser-PC\Downloads\jxpiinstall(1).exe
2013-08-09 21:38 - 2012-02-21 16:45 - 00000000 ____D C:\users\Default.DefaultUser-PC
2013-08-09 21:38 - 2009-07-13 23:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-08-09 21:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-08-31 13:38:24

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3838.49 MB
Available physical RAM: 3248.18 MB
Total Pagefile: 3836.64 MB
Available Pagefile: 3235.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:19.32 GB) NTFS
Drive f: (HITMANPRO) (Removable) (Total:1.86 GB) (Free:1.84 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 000E2092)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 2E03D442)
Partition 1: (Active) - (Size=2 GB) - (Type=0B)

LastRegBack: 2013-08-31 22:36

==================== End Of Log ============================

 

 

 

Thanks for your help in advance

Link to post
Share on other sites

Hello TwistedAce911! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please take a look at the first line:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013 02 (ATTENTION: ====> FRST version is 15 days old and could be outdated)

Please download a new fresh copy from here:

http://download.bleepingcomputer.com/farbar/FRST64.exe

Next, generate a new fresh log and post it in your next reply.

Link to post
Share on other sites

Here you go as you requested

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2013
Ran by SYSTEM on MININT-M1MKAAO on 06-09-2013 19:16:37
Running from F:\
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] - c:\program files\realtek\audio\hda\ravcpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM-x32\...\Run: [iObit Malware Fighter] - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1515328 2013-06-14] (IObit)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [searchSettings] - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1360192 2013-09-02] (Spigot, Inc.)
HKU\Default User.DefaultUser-PC\...\Run: [Advanced SystemCare 6] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)
HKU\Default User.DefaultUser-PC\...\Run: [PlayNC Launcher] -  [x]
HKU\Default User.DefaultUser-PC\...\Run: [spotify Web Helper] - C:\Users\Default User.DefaultUser-PC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-21] (Spotify Ltd)
HKU\Default User.DefaultUser-PC\...\Run: [spotify] - C:\Users\Default User.DefaultUser-PC\AppData\Roaming\Spotify\Spotify.exe [4640768 2013-07-21] (Spotify Ltd)
HKU\Default User.DefaultUser-PC\...\Run: [Pando Media Booster] - c:\program files (x86)\pando networks\media booster\pmb.exe [3093624 2013-01-24] ()
HKU\Default.DefaultUser-PC\...\Run: [Advanced SystemCare 5] - "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [x]
HKU\Default.DefaultUser-PC\...\Run: [Advanced SystemCare 6] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)
HKU\Mcx1-TECK9000\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe <==== ATTENTION
HKU\Test\...\Run: [Advanced SystemCare 6] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)
Startup: C:\Users\Default User.DefaultUser-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8zoqgwlj.lnk
ShortcutTarget: 8zoqgwlj.lnk -> C:\PROGRA~3\jlwgqoz8.plz ()
Startup: C:\Users\Default User.DefaultUser-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Default.DefaultUser-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

==================== Services (Whitelisted) =================

S2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
S2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [335168 2013-04-25] (IObit)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
S2 PS3 Media Server; C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe [366872 2011-05-16] (Tanuki Software, Ltd.)
S2 Winmgmt; C:\PROGRA~3\8zoqgwlj.pzz [64604 2013-09-05] (Microsoft Corporation)
S2 Winmgmt; C:\PROGRA~3\8zoqgwlj.pzz [64604 2013-09-05] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
S3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
S2 PfFilter; C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [39504 2013-04-03] (IObit Information Technology)
S2 PfFilter; C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [39504 2013-04-03] (IObit Information Technology)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34336 2013-03-26] (IObit.com)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34336 2013-03-26] (IObit.com)
S0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2013-05-22] ()
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-03-26] (IObit.com)
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-03-26] (IObit.com)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 ALSysIO; \??\C:\Users\DEFAUL~1.DEF\AppData\Local\Temp\ALSysIO64.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-05 15:27 - 2013-09-05 15:27 - 00000000 ____D C:\Users\Test\AppData\Roaming\IObit
2013-09-05 15:21 - 2013-09-05 15:26 - 95025368 ____T C:\ProgramData\8zoqgwlj.pff
2013-09-05 15:21 - 2013-09-05 15:26 - 00000000 _____ C:\ProgramData\8zoqgwlj.ctrl
2013-09-05 15:21 - 2013-09-05 15:21 - 00165888 _____ C:\ProgramData\jlwgqoz8.plz
2013-09-05 15:21 - 2013-09-05 15:21 - 00064604 ____T (Microsoft Corporation) C:\ProgramData\8zoqgwlj.pzz
2013-09-04 14:36 - 2013-09-04 14:36 - 00000000 ____D C:\Users\Test\AppData\Roaming\Adobe
2013-09-04 14:35 - 2013-09-04 14:36 - 00000000 ____D C:\users\Test
2013-09-04 14:35 - 2013-09-04 14:35 - 00000020 ___SH C:\Users\Test\ntuser.ini
2013-09-04 12:27 - 2013-09-04 12:27 - 00000000 ____D C:\Program Files (x86)\IObit Apps Toolbar
2013-09-04 12:27 - 2013-09-04 12:27 - 00000000 ____D C:\Program Files (x86)\Application Updater
2013-08-31 11:39 - 2013-08-31 11:39 - 00215552 _____ (Microsoft) C:\Users\Default User.DefaultUser-PC\Downloads\QuickTrack.exe
2013-08-29 15:26 - 2013-08-29 15:28 - 00000000 ____D C:\Users\Default User.DefaultUser-PC\Documents\NCIS
2013-08-24 14:22 - 2013-08-24 14:22 - 00000020 ___SH C:\Users\Mcx1-TECK9000\ntuser.ini
2013-08-24 14:22 - 2013-08-24 14:22 - 00000000 ____D C:\users\Mcx1-TECK9000
2013-08-24 11:50 - 2013-08-24 12:01 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-24 10:47 - 2013-08-24 10:47 - 415131812 _____ C:\Windows\MEMORY.DMP
2013-08-24 10:47 - 2013-08-24 10:47 - 00287680 _____ C:\Windows\Minidump\082413-22354-01.dmp
2013-08-24 10:37 - 2013-08-24 10:37 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Default User.DefaultUser-PC\Downloads\mbar-1.07.0.1005.exe
2013-08-22 15:33 - 2013-09-06 16:14 - 00002352 _____ C:\Windows\setupact.log
2013-08-22 15:33 - 2013-09-05 15:42 - 00004598 _____ C:\Windows\PFRO.log
2013-08-22 15:33 - 2013-08-22 15:33 - 00000000 _____ C:\Windows\setuperr.log
2013-08-22 15:19 - 2013-08-24 15:14 - 00000000 ____D C:\Users\Default User.DefaultUser-PC\Desktop\mbar
2013-08-22 15:19 - 2013-08-22 15:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-22 15:18 - 2013-08-22 15:18 - 12081912 _____ (Malwarebytes Corp.) C:\Users\Default User.DefaultUser-PC\Documents\mbar-1.06.1.1005.exe
2013-08-21 19:56 - 2013-08-21 19:56 - 00000000 ____D C:\FRST
2013-08-21 16:32 - 2013-08-22 15:05 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-21 15:04 - 2013-08-21 15:05 - 00000000 ____D C:\Users\Default.DefaultUser-PC\AppData\Roaming\Curse Advertising
2013-08-20 16:51 - 2013-08-20 16:51 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Default.DefaultUser-PC\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-20 16:23 - 2013-08-20 16:23 - 00000000 ____D C:\Windows\Sun
2013-08-14 00:01 - 2013-08-14 00:02 - 00000000 ____D C:\Windows\System32\MRT
2013-08-13 23:58 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-13 23:58 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-13 16:10 - 2013-08-13 16:10 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-13 16:10 - 2013-08-13 16:10 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-13 16:08 - 2013-08-13 16:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-13 16:08 - 2013-08-13 16:08 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-13 16:08 - 2013-08-13 16:08 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-13 16:08 - 2013-08-13 16:08 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-13 16:08 - 2013-08-13 16:08 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-08-13 16:07 - 2013-08-13 16:07 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-13 16:07 - 2013-08-13 16:07 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-13 16:07 - 2013-08-13 16:07 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-13 16:07 - 2013-08-13 16:07 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-13 16:07 - 2013-08-13 16:07 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-13 16:07 - 2013-08-13 16:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-13 16:06 - 2013-08-13 16:06 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-08-09 23:11 - 2013-08-09 23:11 - 00000000 ____D C:\NvidiaLogging
2013-08-09 23:10 - 2013-05-14 11:28 - 00039712 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys
2013-08-09 23:10 - 2013-05-14 11:27 - 00029984 _____ (NVIDIA Corporation) C:\Windows\System32\nvaudcap64v.dll
2013-08-09 23:10 - 2013-05-14 11:27 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-08-09 23:05 - 2013-08-09 23:08 - 00000000 ____D C:\Users\Default User.DefaultUser-PC\AppData\Local\Adobe
2013-08-09 21:57 - 2013-05-22 15:49 - 00017720 _____ C:\Windows\System32\Drivers\SmartDefragDriver.sys
2013-08-09 21:52 - 2013-08-09 21:52 - 00001289 _____ C:\Users\Default User.DefaultUser-PC\Desktop\Driver Manager.lnk
2013-08-09 21:46 - 2013-08-09 21:46 - 00903080 _____ (Oracle Corporation) C:\Users\Default User.DefaultUser-PC\Downloads\jxpiinstall(1).exe
2013-08-09 21:32 - 2013-09-05 15:45 - 00000000 ____D C:\Users\Default.DefaultUser-PC\AppData\Roaming\IObit

==================== One Month Modified Files and Folders =======

2013-09-06 16:14 - 2013-08-22 15:33 - 00002352 _____ C:\Windows\setupact.log
2013-09-06 16:14 - 2013-07-09 18:39 - 00000000 ____D C:\Program Files (x86)\PS3 Media Server
2013-09-06 16:14 - 2013-06-21 21:20 - 00196608 _____ C:\Windows\System32\Ikeext.etl
2013-09-06 16:14 - 2012-01-18 11:31 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-06 16:14 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-05 15:47 - 2009-07-13 20:45 - 00017168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-05 15:47 - 2009-07-13 20:45 - 00017168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-05 15:45 - 2013-08-09 21:32 - 00000000 ____D C:\Users\Default.DefaultUser-PC\AppData\Roaming\IObit
2013-09-05 15:45 - 2012-02-21 17:04 - 00000000 ____D C:\Users\Default.DefaultUser-PC\AppData\Local\Deployment
2013-09-05 15:42 - 2013-08-22 15:33 - 00004598 _____ C:\Windows\PFRO.log
2013-09-05 15:27 - 2013-09-05 15:27 - 00000000 ____D C:\Users\Test\AppData\Roaming\IObit
2013-09-05 15:26 - 2013-09-05 15:21 - 95025368 ____T C:\ProgramData\8zoqgwlj.pff
2013-09-05 15:26 - 2013-09-05 15:21 - 00000000 _____ C:\ProgramData\8zoqgwlj.ctrl
2013-09-05 15:26 - 2013-07-21 07:54 - 00000000 ____D C:\Users\Default User.DefaultUser-PC\AppData\Roaming\Spotify
2013-09-05 15:26 - 2013-01-24 16:10 - 00000000 ____D C:\Users\Default User.DefaultUser-PC\AppData\Local\PMB Files
2013-09-05 15:21 - 2013-09-05 15:21 - 00165888 _____ C:\ProgramData\jlwgqoz8.plz
2013-09-05 15:21 - 2013-09-05 15:21 - 00064604 ____T (Microsoft Corporation) C:\ProgramData\8zoqgwlj.pzz
2013-09-05 15:06 - 2012-07-04 13:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-05 14:56 - 2012-07-29 13:51 - 00000000 ____D C:\Users\Default User.DefaultUser-PC\AppData\Local\Deployment
2013-09-04 15:49 - 2013-07-05 21:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-04 15:41 - 2013-06-16 14:55 - 00000000 ____D C:\Users\Default User.DefaultUser-PC\AppData\Roaming\uTorrent
2013-09-04 15:12 - 2009-07-13 21:13 - 00778834 _____ C:\Windows\System32\PerfStringBackup.INI
2013-09-04 14:36 - 2013-09-04 14:36 - 00000000 ____D C:\Users\Test\AppData\Roaming\Adobe
2013-09-04 14:36 - 2013-09-04 14:35 - 00000000 ____D C:\users\Test
2013-09-04 14:35 - 2013-09-04 14:35 - 00000020 ___SH C:\Users\Test\ntuser.ini
2013-09-04 12:27 - 2013-09-04 12:27 - 00000000 ____D C:\Program Files (x86)\IObit Apps Toolbar
2013-09-04 12:27 - 2013-09-04 12:27 - 00000000 ____D C:\Program Files (x86)\Application Updater
2013-09-01 10:54 - 2012-01-17 13:52 - 00000000 ____D C:\users\Default User.DefaultUser-PC
2013-08-31 11:39 - 2013-08-31 11:39 - 00215552 _____ (Microsoft) C:\Users\Default User.DefaultUser-PC\Downloads\QuickTrack.exe
2013-08-31 05:31 - 2013-07-21 07:58 - 00000000 ____D C:\Users\Default User.DefaultUser-PC\AppData\Local\Spotify
2013-08-30 07:22 - 2012-01-17 13:30 - 01706953 _____ C:\Windows\WindowsUpdate.log
2013-08-29 15:28 - 2013-08-29 15:26 - 00000000 ____D C:\Users\Default User.DefaultUser-PC\Documents\NCIS
2013-08-24 15:14 - 2013-08-22 15:19 - 00000000 ____D C:\Users\Default User.DefaultUser-PC\Desktop\mbar
2013-08-24 14:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2013-08-24 14:22 - 2013-08-24 14:22 - 00000020 ___SH C:\Users\Mcx1-TECK9000\ntuser.ini
2013-08-24 14:22 - 2013-08-24 14:22 - 00000000 ____D C:\users\Mcx1-TECK9000
2013-08-24 14:21 - 2012-04-21 09:56 - 00000362 __RSH C:\ProgramData\ntuser.pol
2013-08-24 12:06 - 2012-07-04 13:55 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-24 12:06 - 2012-07-04 13:55 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-24 12:06 - 2012-01-21 13:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-24 12:01 - 2013-08-24 11:50 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-24 10:47 - 2013-08-24 10:47 - 415131812 _____ C:\Windows\MEMORY.DMP
2013-08-24 10:47 - 2013-08-24 10:47 - 00287680 _____ C:\Windows\Minidump\082413-22354-01.dmp
2013-08-24 10:47 - 2012-02-26 07:35 - 00000000 ____D C:\Windows\Minidump
2013-08-24 10:37 - 2013-08-24 10:37 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Default User.DefaultUser-PC\Downloads\mbar-1.07.0.1005.exe
2013-08-24 10:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-08-22 16:46 - 2012-08-25 18:22 - 00000000 ____D C:\users\Mcx1-DEFAULTUSER-PC.DefaultUser-PC
2013-08-22 15:33 - 2013-08-22 15:33 - 00000000 _____ C:\Windows\setuperr.log
2013-08-22 15:19 - 2013-08-22 15:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-22 15:18 - 2013-08-22 15:18 - 12081912 _____ (Malwarebytes Corp.) C:\Users\Default User.DefaultUser-PC\Documents\mbar-1.06.1.1005.exe
2013-08-22 15:05 - 2013-08-21 16:32 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-21 19:56 - 2013-08-21 19:56 - 00000000 ____D C:\FRST
2013-08-21 15:05 - 2013-08-21 15:04 - 00000000 ____D C:\Users\Default.DefaultUser-PC\AppData\Roaming\Curse Advertising
2013-08-20 16:51 - 2013-08-20 16:51 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Default.DefaultUser-PC\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-20 16:36 - 2012-02-21 17:00 - 00058016 _____ C:\Users\Default.DefaultUser-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-20 16:23 - 2013-08-20 16:23 - 00000000 ____D C:\Windows\Sun
2013-08-14 01:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-08-14 00:02 - 2013-08-14 00:01 - 00000000 ____D C:\Windows\System32\MRT
2013-08-14 00:00 - 2012-09-10 08:10 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-08-13 16:10 - 2013-08-13 16:10 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-13 16:10 - 2013-08-13 16:10 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-13 16:08 - 2013-08-13 16:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-13 16:08 - 2013-08-13 16:08 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-13 16:08 - 2013-08-13 16:08 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-13 16:08 - 2013-08-13 16:08 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-13 16:08 - 2013-08-13 16:08 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-13 16:08 - 2013-08-13 16:08 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-08-13 16:07 - 2013-08-13 16:07 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-13 16:07 - 2013-08-13 16:07 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-13 16:07 - 2013-08-13 16:07 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-13 16:07 - 2013-08-13 16:07 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-13 16:07 - 2013-08-13 16:07 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-13 16:07 - 2013-08-13 16:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-13 16:07 - 2013-08-13 16:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-13 16:06 - 2013-08-13 16:06 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-13 16:06 - 2013-08-13 16:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-08-09 23:11 - 2013-08-09 23:11 - 00000000 ____D C:\NvidiaLogging
2013-08-09 23:10 - 2012-01-18 11:31 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-08-09 23:10 - 2012-01-18 11:25 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-08-09 23:08 - 2013-08-09 23:05 - 00000000 ____D C:\Users\Default User.DefaultUser-PC\AppData\Local\Adobe
2013-08-09 21:57 - 2013-06-19 17:59 - 00001170 _____ C:\Users\Public\Desktop\Smart Defrag 2.lnk
2013-08-09 21:52 - 2013-08-09 21:52 - 00001289 _____ C:\Users\Default User.DefaultUser-PC\Desktop\Driver Manager.lnk
2013-08-09 21:46 - 2013-08-09 21:46 - 00903080 _____ (Oracle Corporation) C:\Users\Default User.DefaultUser-PC\Downloads\jxpiinstall(1).exe
2013-08-09 21:38 - 2012-02-21 16:45 - 00000000 ____D C:\users\Default.DefaultUser-PC
2013-08-09 21:38 - 2009-07-13 23:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-08-09 21:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat

Files to move or delete:
====================
C:\Users\Default User.DefaultUser-PC\AppData\Local\Temp\lhibbkxvnkthtkjvrtu.bfg

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-08-31 13:38:24

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3838.49 MB
Available physical RAM: 3238.14 MB
Total Pagefile: 3836.64 MB
Available Pagefile: 3235.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:19.33 GB) NTFS
Drive f: (HITMANPRO) (Removable) (Total:1.86 GB) (Free:1.84 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 000E2092)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 2E03D442)
Partition 1: (Active) - (Size=2 GB) - (Type=0B)

LastRegBack: 2013-08-31 22:36

==================== End Of Log ============================

Link to post
Share on other sites

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the flashdrive as fixlist.txt

HKU\Mcx1-TECK9000\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe <==== ATTENTION

Startup: C:\Users\Default User.DefaultUser-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8zoqgwlj.lnk

ShortcutTarget: 8zoqgwlj.lnk -> C:\PROGRA~3\jlwgqoz8.plz ()

S2 Winmgmt; C:\PROGRA~3\8zoqgwlj.pzz [64604 2013-09-05] (Microsoft Corporation)

S2 Winmgmt; C:\PROGRA~3\8zoqgwlj.pzz [64604 2013-09-05] (Microsoft Corporation)

2013-09-05 15:21 - 2013-09-05 15:26 - 95025368 ____T C:\ProgramData\8zoqgwlj.pff

2013-09-05 15:21 - 2013-09-05 15:26 - 00000000 _____ C:\ProgramData\8zoqgwlj.ctrl

2013-09-05 15:21 - 2013-09-05 15:21 - 00165888 _____ C:\ProgramData\jlwgqoz8.plz

2013-09-05 15:21 - 2013-09-05 15:21 - 00064604 ____T (Microsoft Corporation) C:\ProgramData\8zoqgwlj.pzz

C:\Users\Default User.DefaultUser-PC\AppData\Local\Temp\lhibbkxvnkthtkjvrtu.bfg

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.