Jump to content

I believe I am infected.


Recommended Posts

I am posting as requested.

 

THanks

 

------------------------------------------------------start frst --------------------------------------------------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by Blessed (administrator) on IBM-PC on 19-07-2014 19:20:29
Running from C:\Users\Blessed\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\ATTSplusPCMT\SPLUS_UI.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Integrated Camera\Monitor.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
() C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft) C:\Program Files (x86)\Common Files\Lenovo\SUP\sup_wermonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [380544 2012-05-28] (Alcor Micro Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2908984 2012-07-12] (Synaptics Incorporated)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [293256 2012-10-10] (Lenovo Group Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [integrated Camera_Monitor] => C:\Program Files (x86)\Integrated Camera\monitor.exe [258936 2011-11-14] ()
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1095472 2012-03-12] (Lenovo)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/MCM_WCP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=U218DHP&pc=U218
SearchScopes: HKLM - DefaultScope {B6A06A97-564D-49AC-88A1-6E1313E23B03} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MALCJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {B6A06A97-564D-49AC-88A1-6E1313E23B03} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MALCJS
SearchScopes: HKLM-x32 - DefaultScope {B6A06A97-564D-49AC-88A1-6E1313E23B03} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MALCJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {B6A06A97-564D-49AC-88A1-6E1313E23B03} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MALCJS
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1

FireFox:
========
FF ProfilePath: C:\Users\Blessed\AppData\Roaming\Mozilla\Firefox\Profiles\alfnu6qw.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client

==================== Services (Whitelisted) =================

S4 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-03-12] (Lenovo)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-06] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation)
S4 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [187784 2012-10-10] (Lenovo Group Limited)
S4 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S4 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) [File not signed]
S4 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1492280 2012-02-06] (Lenovo Group Limited)
S3 IEEtwCollectorService; %SystemRoot%\system32\IEEtwCollector.exe /V [X]

==================== Drivers (Whitelisted) ====================

S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [71440 2012-03-12] (Windows ® Win 7 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-19] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\SysWOW64\drivers\MBAMSwissArmy.sys [38224 2010-01-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27960 2012-07-12] (Synaptics Incorporated)
S3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [3051000 2012-04-03] (Sunplus Technology)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-19 19:18 - 2014-07-19 19:18 - 02089984 _____ (Farbar) C:\Users\Blessed\Downloads\FRST64(1).exe
2014-07-19 19:15 - 2014-07-19 19:17 - 00000000 ____D () C:\7b97567f8e952417badb1b78
2014-07-18 08:10 - 2014-07-19 19:15 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-18 08:10 - 2014-07-18 08:10 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-18 08:10 - 2014-07-18 08:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-18 08:10 - 2014-07-18 08:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-18 08:10 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-18 08:10 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-18 08:09 - 2014-07-18 08:09 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Blessed\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-18 03:00 - 2014-07-18 03:01 - 00000000 ____D () C:\c6d3fad63198950bd425dfbf4c4758
2014-07-18 00:18 - 2014-07-18 00:19 - 00038307 _____ () C:\Users\Blessed\Desktop\CheckResults.txt
2014-07-18 00:09 - 2014-07-18 00:09 - 00036039 _____ () C:\Users\Blessed\Downloads\Addition.txt
2014-07-18 00:08 - 2014-07-18 00:08 - 01682416 _____ (Malwarebytes Corporation) C:\Users\Blessed\Desktop\mbam-check-2.1.1.1001.exe
2014-07-18 00:07 - 2014-07-19 19:28 - 00013134 _____ () C:\Users\Blessed\Downloads\FRST.txt
2014-07-18 00:07 - 2014-07-19 19:22 - 00000000 ____D () C:\FRST
2014-07-18 00:07 - 2014-07-18 00:07 - 02086912 _____ (Farbar) C:\Users\Blessed\Downloads\FRST64.exe
2014-07-18 00:06 - 2014-07-18 00:06 - 01077248 _____ (Farbar) C:\Users\Blessed\Downloads\FRST.exe
2014-07-18 00:04 - 2014-07-18 00:04 - 00000000 ____D () C:\Users\Blessed\AppData\Roaming\Adobe
2014-07-18 00:04 - 2014-07-18 00:04 - 00000000 ____D () C:\Users\Blessed\AppData\Local\Macromedia
2014-07-17 21:59 - 2014-07-18 08:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-17 21:59 - 2014-07-17 21:59 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2014-07-17 21:59 - 2014-07-17 21:59 - 00000000 ____D () C:\Users\Blessed\AppData\Roaming\Malwarebytes
2014-07-17 21:59 - 2014-07-17 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-07-17 21:59 - 2014-07-17 21:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-07-17 21:59 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-17 21:59 - 2010-01-07 16:07 - 00038224 _____ (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
2014-07-16 23:25 - 2014-07-16 23:25 - 00000000 ____D () C:\Users\Blessed\AppData\Roaming\PwrMgr
2014-07-16 23:22 - 2014-07-16 23:23 - 58080904 _____ (Microsoft Corporation) C:\Users\Blessed\Downloads\EIE11_EN-US_WOL_WIN764.EXE
2014-07-16 23:20 - 2014-07-16 23:21 - 00000000 ____D () C:\Users\Blessed\AppData\Roaming\Mozilla
2014-07-16 23:20 - 2014-07-16 23:21 - 00000000 ____D () C:\Users\Blessed\AppData\Local\Mozilla
2014-07-16 23:09 - 2014-07-16 23:09 - 00000000 ____D () C:\Users\Blessed\AppData\Roaming\LSC
2014-07-16 22:59 - 2014-07-16 22:59 - 00109296 _____ () C:\Users\Blessed\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-16 22:59 - 2014-07-16 22:59 - 00000000 ____D () C:\Users\Blessed\AppData\Roaming\Synaptics
2014-07-16 22:59 - 2014-07-16 22:59 - 00000000 ____D () C:\Users\Blessed\AppData\Roaming\Leadertech
2014-07-16 22:59 - 2014-07-16 22:59 - 00000000 ____D () C:\Users\Blessed\AppData\Local\Lenovo
2014-07-16 22:59 - 2014-07-16 22:59 - 00000000 _____ () C:\Users\Blessed\agent.log
2014-07-16 22:58 - 2014-07-16 22:59 - 00000000 ____D () C:\Users\Blessed
2014-07-16 22:58 - 2014-07-16 22:58 - 00000020 ___SH () C:\Users\Blessed\ntuser.ini
2014-07-16 22:58 - 2014-07-16 22:58 - 00000000 ____D () C:\Users\Blessed\AppData\Roaming\PCHC
2014-07-16 22:58 - 2014-07-16 22:58 - 00000000 ____D () C:\Users\Blessed\AppData\Local\VirtualStore
2014-07-16 22:58 - 2013-09-08 19:46 - 00000000 ___RD () C:\Users\Blessed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-16 22:58 - 2013-09-08 19:46 - 00000000 ___RD () C:\Users\Blessed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-16 22:58 - 2013-06-28 10:07 - 00000000 ____D () C:\Users\Blessed\AppData\Local\Microsoft Help
2014-07-16 22:58 - 2013-04-03 18:34 - 00002111 _____ () C:\Users\Blessed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-07-16 22:58 - 2013-04-03 18:29 - 00000000 ____D () C:\Users\Blessed\AppData\Roaming\Macromedia
2014-07-16 22:53 - 2014-07-16 22:53 - 00109296 _____ () C:\Users\Mercy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-16 22:53 - 2014-07-16 22:53 - 00000000 ____D () C:\Users\Mercy\AppData\Roaming\Synaptics
2014-07-16 22:53 - 2014-07-16 22:53 - 00000000 ____D () C:\Users\Mercy\AppData\Roaming\PwrMgr
2014-07-16 22:53 - 2014-07-16 22:53 - 00000000 ____D () C:\Users\Mercy\AppData\Roaming\Leadertech
2014-07-16 22:53 - 2014-07-16 22:53 - 00000000 ____D () C:\Users\Mercy\AppData\Local\Lenovo
2014-07-16 22:53 - 2014-07-16 22:53 - 00000000 _____ () C:\Users\Mercy\agent.log
2014-07-16 22:52 - 2014-07-16 22:53 - 00000000 ____D () C:\Users\Mercy
2014-07-16 22:52 - 2014-07-16 22:52 - 00000020 ___SH () C:\Users\Mercy\ntuser.ini
2014-07-16 22:52 - 2014-07-16 22:52 - 00000000 ____D () C:\Users\Mercy\AppData\Roaming\PCHC
2014-07-16 22:52 - 2014-07-16 22:52 - 00000000 ____D () C:\Users\Mercy\AppData\Local\VirtualStore
2014-07-16 22:52 - 2013-09-08 19:46 - 00000000 ___RD () C:\Users\Mercy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-16 22:52 - 2013-09-08 19:46 - 00000000 ___RD () C:\Users\Mercy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-16 22:52 - 2013-06-28 10:07 - 00000000 ____D () C:\Users\Mercy\AppData\Local\Microsoft Help
2014-07-16 22:52 - 2013-04-03 18:34 - 00002111 _____ () C:\Users\Mercy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-07-16 22:52 - 2013-04-03 18:29 - 00000000 ____D () C:\Users\Mercy\AppData\Roaming\Macromedia
2014-07-16 22:08 - 2014-07-16 22:08 - 00000000 ____H () C:\Users\Fortis\Documents\Default.rdp
2014-07-16 08:16 - 2014-07-16 08:16 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
2014-07-16 08:11 - 2014-07-16 08:11 - 00002002 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-07-16 00:01 - 2014-07-16 23:25 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-07-15 23:46 - 2014-07-15 23:46 - 00000000 ___RD () C:\Users\Fortis\SkyDrive
2014-07-15 23:41 - 2014-07-15 23:41 - 00000134 _____ () C:\Users\Fortis\Desktop\Internet Explorer Troubleshooting.url
2014-07-15 23:19 - 2014-07-15 23:20 - 58082952 _____ (Microsoft Corporation) C:\Users\Fortis\Downloads\EIE11_EN-US_MCM_WIN764.EXE
2014-07-15 23:14 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-15 23:14 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-15 23:14 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-15 23:14 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-15 23:14 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-15 23:01 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-15 23:01 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-15 23:01 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-15 23:01 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-15 23:01 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-15 23:01 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-15 23:01 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-15 23:01 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-15 23:01 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-15 23:01 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-15 23:01 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-15 23:01 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-15 23:01 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-15 23:01 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-15 23:01 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-15 23:01 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-15 23:01 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-15 23:01 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-15 23:01 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-15 23:01 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-11 06:33 - 2014-07-11 06:33 - 00000000 ____D () C:\34be4dada0abee508e5a0f3e0a
2014-07-09 16:07 - 2014-07-09 16:07 - 00000000 __SHD () C:\found.014
2014-07-08 14:28 - 2014-07-08 14:28 - 00000000 _____ () C:\Users\Fortis\Downloads\Support-LogMeInRescue(5).exe
2014-07-08 13:01 - 2014-07-08 13:01 - 00000000 ____D () C:\6f88305e220cb313096d9f4a6f1cf3af
2014-07-06 23:27 - 2014-07-06 23:27 - 00000000 ____D () C:\5796ec4a1a55f38d4c4b330edc309daa
2014-07-02 06:23 - 2014-07-02 06:23 - 00000000 ____D () C:\28c2c1fe6b54e5335b
2014-06-23 06:57 - 2014-06-23 06:57 - 00000000 __SHD () C:\found.013
2014-06-19 05:49 - 2014-06-19 05:49 - 00000000 ____D () C:\Windows\Temp2867B090-7C47-86B0-7235-176E5E85E61B-Signatures

==================== One Month Modified Files and Folders =======

2014-07-19 19:28 - 2014-07-18 00:07 - 00013134 _____ () C:\Users\Blessed\Downloads\FRST.txt
2014-07-19 19:27 - 2013-04-03 18:12 - 01648028 _____ () C:\Windows\WindowsUpdate.log
2014-07-19 19:22 - 2014-07-18 00:07 - 00000000 ____D () C:\FRST
2014-07-19 19:18 - 2014-07-19 19:18 - 02089984 _____ (Farbar) C:\Users\Blessed\Downloads\FRST64(1).exe
2014-07-19 19:17 - 2014-07-19 19:15 - 00000000 ____D () C:\7b97567f8e952417badb1b78
2014-07-19 19:17 - 2013-06-20 11:27 - 00002113 _____ () C:\Windows\epplauncher.mif
2014-07-19 19:16 - 2013-06-28 11:05 - 00067024 _____ () C:\Windows\setupact.log
2014-07-19 19:16 - 2013-06-20 13:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-19 19:15 - 2014-07-18 08:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-19 19:15 - 2013-04-03 18:20 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-07-18 08:10 - 2014-07-18 08:10 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-18 08:10 - 2014-07-18 08:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-18 08:10 - 2014-07-18 08:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-18 08:10 - 2014-07-17 21:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-18 08:09 - 2014-07-18 08:09 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Blessed\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-18 08:04 - 2013-12-14 19:56 - 00000000 ____D () C:\Program Files (x86)\ATTSplusPCMT
2014-07-18 03:01 - 2014-07-18 03:00 - 00000000 ____D () C:\c6d3fad63198950bd425dfbf4c4758
2014-07-18 00:19 - 2014-07-18 00:18 - 00038307 _____ () C:\Users\Blessed\Desktop\CheckResults.txt
2014-07-18 00:10 - 2009-07-14 00:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-18 00:10 - 2009-07-14 00:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-18 00:09 - 2014-07-18 00:09 - 00036039 _____ () C:\Users\Blessed\Downloads\Addition.txt
2014-07-18 00:08 - 2014-07-18 00:08 - 01682416 _____ (Malwarebytes Corporation) C:\Users\Blessed\Desktop\mbam-check-2.1.1.1001.exe
2014-07-18 00:07 - 2014-07-18 00:07 - 02086912 _____ (Farbar) C:\Users\Blessed\Downloads\FRST64.exe
2014-07-18 00:06 - 2014-07-18 00:06 - 01077248 _____ (Farbar) C:\Users\Blessed\Downloads\FRST.exe
2014-07-18 00:04 - 2014-07-18 00:04 - 00000000 ____D () C:\Users\Blessed\AppData\Roaming\Adobe
2014-07-18 00:04 - 2014-07-18 00:04 - 00000000 ____D () C:\Users\Blessed\AppData\Local\Macromedia
2014-07-18 00:04 - 2013-04-03 18:20 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-07-18 00:03 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-17 21:59 - 2014-07-17 21:59 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2014-07-17 21:59 - 2014-07-17 21:59 - 00000000 ____D () C:\Users\Blessed\AppData\Roaming\Malwarebytes
2014-07-17 21:59 - 2014-07-17 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-07-17 21:59 - 2014-07-17 21:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-07-17 21:58 - 2009-07-14 01:13 - 00005172 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-16 23:25 - 2014-07-16 23:25 - 00000000 ____D () C:\Users\Blessed\AppData\Roaming\PwrMgr
2014-07-16 23:25 - 2014-07-16 00:01 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-07-16 23:25 - 2013-12-08 07:03 - 00038760 _____ () C:\Windows\IE11_main.log
2014-07-16 23:23 - 2014-07-16 23:22 - 58080904 _____ (Microsoft Corporation) C:\Users\Blessed\Downloads\EIE11_EN-US_WOL_WIN764.EXE
2014-07-16 23:21 - 2014-07-16 23:20 - 00000000 ____D () C:\Users\Blessed\AppData\Roaming\Mozilla
2014-07-16 23:21 - 2014-07-16 23:20 - 00000000 ____D () C:\Users\Blessed\AppData\Local\Mozilla
2014-07-16 23:09 - 2014-07-16 23:09 - 00000000 ____D () C:\Users\Blessed\AppData\Roaming\LSC
2014-07-16 23:00 - 2013-04-03 18:29 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-07-16 22:59 - 2014-07-16 22:59 - 00109296 _____ () C:\Users\Blessed\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-16 22:59 - 2014-07-16 22:59 - 00000000 ____D () C:\Users\Blessed\AppData\Roaming\Synaptics
2014-07-16 22:59 - 2014-07-16 22:59 - 00000000 ____D () C:\Users\Blessed\AppData\Roaming\Leadertech
2014-07-16 22:59 - 2014-07-16 22:59 - 00000000 ____D () C:\Users\Blessed\AppData\Local\Lenovo
2014-07-16 22:59 - 2014-07-16 22:59 - 00000000 _____ () C:\Users\Blessed\agent.log
2014-07-16 22:59 - 2014-07-16 22:58 - 00000000 ____D () C:\Users\Blessed
2014-07-16 22:58 - 2014-07-16 22:58 - 00000020 ___SH () C:\Users\Blessed\ntuser.ini
2014-07-16 22:58 - 2014-07-16 22:58 - 00000000 ____D () C:\Users\Blessed\AppData\Roaming\PCHC
2014-07-16 22:58 - 2014-07-16 22:58 - 00000000 ____D () C:\Users\Blessed\AppData\Local\VirtualStore
2014-07-16 22:53 - 2014-07-16 22:53 - 00109296 _____ () C:\Users\Mercy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-16 22:53 - 2014-07-16 22:53 - 00000000 ____D () C:\Users\Mercy\AppData\Roaming\Synaptics
2014-07-16 22:53 - 2014-07-16 22:53 - 00000000 ____D () C:\Users\Mercy\AppData\Roaming\PwrMgr
2014-07-16 22:53 - 2014-07-16 22:53 - 00000000 ____D () C:\Users\Mercy\AppData\Roaming\Leadertech
2014-07-16 22:53 - 2014-07-16 22:53 - 00000000 ____D () C:\Users\Mercy\AppData\Local\Lenovo
2014-07-16 22:53 - 2014-07-16 22:53 - 00000000 _____ () C:\Users\Mercy\agent.log
2014-07-16 22:53 - 2014-07-16 22:52 - 00000000 ____D () C:\Users\Mercy
2014-07-16 22:52 - 2014-07-16 22:52 - 00000020 ___SH () C:\Users\Mercy\ntuser.ini
2014-07-16 22:52 - 2014-07-16 22:52 - 00000000 ____D () C:\Users\Mercy\AppData\Roaming\PCHC
2014-07-16 22:52 - 2014-07-16 22:52 - 00000000 ____D () C:\Users\Mercy\AppData\Local\VirtualStore
2014-07-16 22:08 - 2014-07-16 22:08 - 00000000 ____H () C:\Users\Fortis\Documents\Default.rdp
2014-07-16 08:16 - 2014-07-16 08:16 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
2014-07-16 08:15 - 2014-02-20 17:43 - 00000000 ____D () C:\Users\Fortis\AppData\Roaming\LSC
2014-07-16 08:11 - 2014-07-16 08:11 - 00002002 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-07-16 08:11 - 2013-06-20 14:23 - 00000000 ____D () C:\Users\Fortis\AppData\Local\LSC
2014-07-16 08:11 - 2013-04-03 18:21 - 00000000 ____D () C:\Program Files\Lenovo
2014-07-16 08:11 - 2013-04-03 01:40 - 00000000 ____D () C:\ProgramData\Lenovo
2014-07-16 08:10 - 2013-04-03 18:29 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-07-16 03:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-07-16 03:20 - 2009-07-14 00:45 - 00416712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-16 03:19 - 2014-05-07 04:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-16 03:19 - 2011-12-08 16:43 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-16 03:19 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-16 03:19 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-16 03:03 - 2013-06-20 13:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-16 00:54 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-07-16 00:49 - 2013-09-18 03:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-15 23:46 - 2014-07-15 23:46 - 00000000 ___RD () C:\Users\Fortis\SkyDrive
2014-07-15 23:46 - 2013-06-20 14:06 - 00000000 ____D () C:\Users\Fortis
2014-07-15 23:44 - 2013-06-20 14:06 - 00002136 _____ () C:\Users\Fortis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-07-15 23:41 - 2014-07-15 23:41 - 00000134 _____ () C:\Users\Fortis\Desktop\Internet Explorer Troubleshooting.url
2014-07-15 23:20 - 2014-07-15 23:19 - 58082952 _____ (Microsoft Corporation) C:\Users\Fortis\Downloads\EIE11_EN-US_MCM_WIN764.EXE
2014-07-11 06:33 - 2014-07-11 06:33 - 00000000 ____D () C:\34be4dada0abee508e5a0f3e0a
2014-07-09 16:07 - 2014-07-09 16:07 - 00000000 __SHD () C:\found.014
2014-07-08 14:28 - 2014-07-08 14:28 - 00000000 _____ () C:\Users\Fortis\Downloads\Support-LogMeInRescue(5).exe
2014-07-08 13:01 - 2014-07-08 13:01 - 00000000 ____D () C:\6f88305e220cb313096d9f4a6f1cf3af
2014-07-07 06:22 - 2009-07-14 01:08 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-06 23:27 - 2014-07-06 23:27 - 00000000 ____D () C:\5796ec4a1a55f38d4c4b330edc309daa
2014-07-04 10:34 - 2013-12-14 19:40 - 00000000 ____D () C:\Users\Fortis\AppData\Local\LogMeIn Rescue Applet
2014-07-04 10:25 - 2014-06-14 07:25 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-07-04 10:25 - 2010-11-20 23:47 - 00604854 _____ () C:\Windows\PFRO.log
2014-07-02 06:23 - 2014-07-02 06:23 - 00000000 ____D () C:\28c2c1fe6b54e5335b
2014-06-29 22:09 - 2014-07-15 23:14 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 22:04 - 2014-07-15 23:14 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-26 17:40 - 2013-06-26 21:09 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-23 06:57 - 2014-06-23 06:57 - 00000000 __SHD () C:\found.013
2014-06-20 18:05 - 2013-04-03 18:28 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2014-06-19 05:49 - 2014-06-19 05:49 - 00000000 ____D () C:\Windows\Temp2867B090-7C47-86B0-7235-176E5E85E61B-Signatures

Some content of TEMP:
====================
C:\Users\IBM\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 00:38

==================== End Of Log ============================

 

Addition2.txt

Link to post
Share on other sites

  • 1 month later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.