Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
FBI Cybercrime Virus
Message
<blockquote data-quote="theflush" data-source="post: 144222" data-attributes="member: 14835"><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013</p><p>Ran by SYSTEM on MININT-CGQ9GB5 on 15-11-2013 17:39:13</p><p>Running from E:\</p><p>Windows 7 Home Premium (X64) OS Language: English(US)</p><p>Internet Explorer Version 10</p><p>Boot Mode: Recovery</p><p></p><p>The current controlset is ControlSet001</p><p><strong>ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.</strong></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [626552 2012-04-09] (Alps Electric Co., Ltd.)</p><p>HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()</p><p>HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\quickset.exe [3732848 2012-03-23] (Dell Inc.)</p><p>HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)</p><p>Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)</p><p>HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)</p><p>HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)</p><p>HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)</p><p>HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\CyberLink\Shared files\brs.exe [75048 2011-08-11] (cyberlink)</p><p>HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)</p><p>HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()</p><p>HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)</p><p>HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)</p><p>HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1686528 2012-03-27] (Wondershare)</p><p>HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-09] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)</p><p>HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)</p><p>HKU\Chloe\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-13] (Apple Inc.)</p><p>HKU\Chloe\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)</p><p>HKU\Chloe\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe</p><p>HKU\Chloe\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18705664 2013-01-08] (Skype Technologies S.A.)</p><p>HKU\Chloe\...\Run: [Speech Recognition] - C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-13] (Microsoft Corporation)</p><p>HKU\Chloe\...\Run: [AppleIEDAV] - C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1315144 2013-09-04] (Apple Inc.)</p><p>HKU\Chloe\...\Run: [Google Update] - [x]</p><p>HKU\Chloe\...\Run: [Wow6432Node] - C:\Users\Chloe\AppData\Roaming\jvsfrfec\cvejhrri.exe</p><p>HKU\Chloe\...\RunOnce: [ed14a1r] - C:\ProgramData\kaaw\xkwqcp.exe [477184 2013-11-11] (NVIDIA Corporation)</p><p>HKU\Chloe\...\Winlogon: [Shell] C:\ProgramData\muwel\uweu.exe,explorer.exe <==== ATTENTION </p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>S2 AECLFilters; C:\Windows\system32\AECLSr64.exe [93696 2012-01-24] (Andrea Electronics Corporation)</p><p>S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink)</p><p>S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)</p><p>S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)</p><p>S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{78471049-99fa-4929-c677-087f515a326a}\ \...\???\{78471049-99fa-4929-c677-087f515a326a}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>S3 CirrusLFD; C:\Windows\System32\DRIVERS\CSLFDx64.sys [35328 2012-04-02] (Cirrus Logic)</p><p>S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)</p><p>S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)</p><p>S1 vcmlrika; \??\C:\Windows\system32\drivers\vcmlrika.sys [x]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-11-15 17:39 - 2013-11-15 17:39 - 00000000 ____D C:\FRST</p><p>2013-11-15 14:27 - 2013-11-15 14:28 - 01957794 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe</p><p>2013-11-14 18:49 - 2013-11-14 18:49 - 00002051 _____ C:\Users\admin\Downloads\aswMBR.txt</p><p>2013-11-14 18:49 - 2013-11-14 18:49 - 00000512 _____ C:\Users\admin\Downloads\MBR.dat</p><p>2013-11-14 15:44 - 2013-11-14 15:44 - 00035022 _____ C:\Users\admin\Downloads\Extras.Txt</p><p>2013-11-14 15:43 - 2013-11-14 15:43 - 00073652 _____ C:\Users\admin\Downloads\OTL.Txt</p><p>2013-11-14 15:36 - 2013-11-14 15:38 - 04745728 _____ (AVAST Software) C:\Users\admin\Downloads\aswMBR.exe</p><p>2013-11-14 15:36 - 2013-11-14 15:36 - 00602112 _____ (OldTimer Tools) C:\Users\admin\Downloads\OTL.exe</p><p>2013-11-13 19:21 - 2013-11-13 19:21 - 00000000 ____D C:\ProgramData\qudlao</p><p>2013-11-13 19:21 - 2013-11-13 19:21 - 00000000 ____D C:\ProgramData\cyblx</p><p>2013-11-13 19:21 - 2013-11-13 19:21 - 00000000 ____D C:\ProgramData\beuqns</p><p>2013-11-13 19:06 - 2013-10-12 00:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe</p><p>2013-11-13 19:06 - 2013-10-12 00:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll</p><p>2013-11-13 19:06 - 2013-10-12 00:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll</p><p>2013-11-13 19:06 - 2013-10-12 00:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll</p><p>2013-11-13 19:06 - 2013-10-12 00:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll</p><p>2013-11-13 19:06 - 2013-10-11 23:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll</p><p>2013-11-13 19:06 - 2013-10-11 23:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll</p><p>2013-11-13 19:06 - 2013-10-11 23:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll</p><p>2013-11-13 19:06 - 2013-10-11 23:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll</p><p>2013-11-13 19:06 - 2013-10-11 23:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll</p><p>2013-11-13 19:06 - 2013-10-11 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb</p><p>2013-11-13 19:06 - 2013-10-11 22:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb</p><p>2013-11-13 19:06 - 2013-10-11 21:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe</p><p>2013-11-13 19:06 - 2013-10-11 21:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe</p><p>2013-11-13 19:05 - 2013-10-12 00:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll</p><p>2013-11-13 19:05 - 2013-10-12 00:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll</p><p>2013-11-13 19:05 - 2013-10-12 00:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll</p><p>2013-11-13 19:05 - 2013-10-12 00:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll</p><p>2013-11-13 19:05 - 2013-10-12 00:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll</p><p>2013-11-13 19:05 - 2013-10-12 00:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll</p><p>2013-11-13 19:05 - 2013-10-12 00:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll</p><p>2013-11-13 19:05 - 2013-10-12 00:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll</p><p>2013-11-13 19:05 - 2013-10-12 00:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll</p><p>2013-11-13 19:05 - 2013-10-11 23:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll</p><p>2013-11-13 19:05 - 2013-10-11 23:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll</p><p>2013-11-13 19:05 - 2013-10-11 23:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll</p><p>2013-11-13 19:05 - 2013-10-11 23:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll</p><p>2013-11-13 19:05 - 2013-10-11 23:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll</p><p>2013-11-13 19:05 - 2013-10-11 23:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll</p><p>2013-11-13 19:05 - 2013-10-11 23:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll</p><p>2013-11-13 19:05 - 2013-10-11 23:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll</p><p>2013-11-13 17:38 - 2013-11-13 17:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client</p><p>2013-11-13 17:32 - 2013-11-13 17:32 - 00000000 ____D C:\Windows\TempB5FB6F14-B263-7D1D-93B8-0412C3BF339B-Signatures</p><p>2013-11-13 17:27 - 2013-11-13 17:31 - 13670584 _____ (Microsoft Corporation) C:\Users\admin\Downloads\mseinstall.exe</p><p>2013-11-13 16:55 - 2013-11-13 16:55 - 00074856 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT</p><p>2013-11-13 16:38 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll</p><p>2013-11-13 16:38 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll</p><p>2013-11-13 16:37 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll</p><p>2013-11-13 16:37 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll</p><p>2013-11-13 16:37 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll</p><p>2013-11-13 16:37 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll</p><p>2013-11-13 16:37 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll</p><p>2013-11-13 16:37 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll</p><p>2013-11-13 16:37 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys</p><p>2013-11-13 16:37 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys</p><p>2013-11-13 16:37 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys</p><p>2013-11-13 16:37 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll</p><p>2013-11-13 16:37 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll</p><p>2013-11-13 16:37 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll</p><p>2013-11-13 16:37 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll</p><p>2013-11-13 16:37 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll</p><p>2013-11-13 16:37 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll</p><p>2013-11-13 16:37 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll</p><p>2013-11-13 16:37 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll</p><p>2013-11-13 16:37 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll</p><p>2013-11-13 16:37 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll</p><p>2013-11-13 16:37 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe</p><p>2013-11-13 16:37 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys</p><p>2013-11-13 16:32 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll</p><p>2013-11-13 16:32 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL</p><p>2013-11-13 16:32 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL</p><p>2013-11-13 16:32 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll</p><p>2013-11-13 16:32 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL</p><p>2013-11-13 16:32 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll</p><p>2013-11-13 16:32 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll</p><p>2013-11-13 16:22 - 2013-11-13 16:22 - 00000000 ____D C:\Users\admin\AppData\Local\Apple</p><p>2013-11-13 16:18 - 2013-11-13 16:18 - 00000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes</p><p>2013-11-13 16:15 - 2013-11-13 17:34 - 00000000 ____D C:\Users\admin\AppData\Local\Google</p><p>2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\Users\admin\AppData\Roaming\Roxio</p><p>2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\Users\admin\AppData\Roaming\Apple Computer</p><p>2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\Users\admin\AppData\Local\Wondershare</p><p>2013-11-13 16:14 - 2013-11-13 16:15 - 00002265 _____ C:\Users\admin\Desktop\Google Chrome.lnk</p><p>2013-11-13 16:14 - 2013-11-13 16:14 - 00000000 ____D C:\Users\admin\AppData\Roaming\Adobe</p><p>2013-11-13 16:14 - 2013-11-13 16:14 - 00000000 ____D C:\Users\admin\AppData\Local\VirtualStore</p><p>2013-11-13 16:12 - 2013-11-13 16:14 - 00000000 ____D C:\users\admin</p><p>2013-11-13 16:12 - 2013-11-13 16:12 - 00000020 ___SH C:\Users\admin\ntuser.ini</p><p>2013-11-13 16:12 - 2013-11-13 16:12 - 00000000 ____D C:\Users\admin\AppData\Local\SoftThinks</p><p>2013-11-12 19:27 - 2013-11-12 19:27 - 00001119 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2013-11-12 19:27 - 2013-11-12 19:27 - 00001119 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2013-11-12 19:27 - 2013-11-12 19:27 - 00000000 ____D C:\Users\Chloe\AppData\Roaming\Malwarebytes</p><p>2013-11-12 19:27 - 2013-11-12 19:27 - 00000000 ____D C:\ProgramData\Malwarebytes</p><p>2013-11-12 19:27 - 2013-11-12 19:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware</p><p>2013-11-12 19:27 - 2013-04-04 11:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys</p><p>2013-11-11 20:05 - 2013-11-13 19:49 - 00000000 ____D C:\ProgramData\roh</p><p>2013-11-11 20:05 - 2013-11-13 19:33 - 00000000 ____D C:\ProgramData\tequd</p><p>2013-11-11 20:05 - 2013-11-11 20:05 - 00000000 ____D C:\ProgramData\muwel</p><p>2013-11-11 20:05 - 2013-11-11 20:05 - 00000000 ____D C:\ProgramData\kaaw</p><p>2013-11-11 19:59 - 2013-11-13 19:53 - 00000000 ____D C:\ProgramData\almyt</p><p>2013-11-08 18:01 - 2013-11-08 18:01 - 00000000 ____D C:\Users\Chloe\AppData\Local\{5A060B3D-F8F1-40BD-A1B5-0BE623CB4648}</p><p>2013-11-07 17:35 - 2013-11-07 17:35 - 00001068 _____ C:\Users\Chloe\Desktop\Music - Shortcut.lnk</p><p>2013-11-06 16:22 - 2013-11-06 16:23 - 00000000 ____D C:\Users\Chloe\AppData\Local\{85524DF9-6153-4267-81E2-492496F995DA}</p><p>2013-11-05 17:41 - 2013-11-05 17:41 - 00001789 _____ C:\Users\Public\Desktop\iTunes.lnk</p><p>2013-11-05 17:41 - 2013-11-05 17:41 - 00001789 _____ C:\ProgramData\Desktop\iTunes.lnk</p><p>2013-11-05 17:41 - 2013-11-05 17:41 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69</p><p>2013-11-05 17:41 - 2013-11-05 17:41 - 00000000 ____D C:\Program Files\iTunes</p><p>2013-11-05 17:41 - 2013-11-05 17:41 - 00000000 ____D C:\Program Files\iPod</p><p>2013-11-05 17:41 - 2013-11-05 17:41 - 00000000 ____D C:\Program Files (x86)\iTunes</p><p>2013-11-02 08:54 - 2013-11-02 08:55 - 00000000 ____D C:\Users\Chloe\AppData\Local\{597D3BE4-C0EC-4F44-981D-1AEA2414C143}</p><p>2013-10-29 16:50 - 2013-10-29 16:50 - 00000000 ____D C:\Users\Chloe\AppData\Local\{108675B5-FCB2-4027-B618-444ACF96551F}</p><p>2013-10-29 08:51 - 2013-09-04 04:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys</p><p>2013-10-29 08:51 - 2013-09-04 04:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys</p><p>2013-10-29 08:51 - 2013-09-04 04:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys</p><p>2013-10-29 08:51 - 2013-09-04 04:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys</p><p>2013-10-29 08:51 - 2013-09-04 04:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys</p><p>2013-10-29 08:51 - 2013-09-04 04:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys</p><p>2013-10-29 08:51 - 2013-09-04 04:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys</p><p>2013-10-27 15:20 - 2013-10-27 15:20 - 00000000 ____D C:\Users\Chloe\AppData\Local\{5E0B59D5-DF7E-47CF-96FF-9EB0CE72D126}</p><p>2013-10-21 17:20 - 2013-10-21 17:20 - 00000000 ____D C:\Users\Chloe\AppData\Local\{B1F9D029-D5A0-4821-B874-88D9872C3F3B}</p><p>2013-10-21 17:12 - 2013-10-21 17:12 - 00000000 ____D C:\Users\Chloe\AppData\Local\{1FE9DBA0-1AB4-4C3E-8A0C-2BE09A1B93B3}</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2013-11-15 17:39 - 2013-11-15 17:39 - 00000000 ____D C:\FRST</p><p>2013-11-15 14:31 - 2012-11-14 05:23 - 01052597 _____ C:\Windows\WindowsUpdate.log</p><p>2013-11-15 14:28 - 2013-11-15 14:27 - 01957794 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe</p><p>2013-11-15 14:18 - 2012-12-14 14:49 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2013-11-15 14:17 - 2012-12-25 11:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2013-11-14 18:49 - 2013-11-14 18:49 - 00002051 _____ C:\Users\admin\Downloads\aswMBR.txt</p><p>2013-11-14 18:49 - 2013-11-14 18:49 - 00000512 _____ C:\Users\admin\Downloads\MBR.dat</p><p>2013-11-14 18:12 - 2012-12-14 14:49 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2013-11-14 16:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache</p><p>2013-11-14 15:44 - 2013-11-14 15:44 - 00035022 _____ C:\Users\admin\Downloads\Extras.Txt</p><p>2013-11-14 15:43 - 2013-11-14 15:43 - 00073652 _____ C:\Users\admin\Downloads\OTL.Txt</p><p>2013-11-14 15:39 - 2009-07-13 20:45 - 00020880 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2013-11-14 15:39 - 2009-07-13 20:45 - 00020880 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2013-11-14 15:38 - 2013-11-14 15:36 - 04745728 _____ (AVAST Software) C:\Users\admin\Downloads\aswMBR.exe</p><p>2013-11-14 15:36 - 2013-11-14 15:36 - 00602112 _____ (OldTimer Tools) C:\Users\admin\Downloads\OTL.exe</p><p>2013-11-13 19:53 - 2013-11-11 19:59 - 00000000 ____D C:\ProgramData\almyt</p><p>2013-11-13 19:49 - 2013-11-11 20:05 - 00000000 ____D C:\ProgramData\roh</p><p>2013-11-13 19:34 - 2012-11-14 05:57 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup</p><p>2013-11-13 19:33 - 2013-11-11 20:05 - 00000000 ____D C:\ProgramData\tequd</p><p>2013-11-13 19:33 - 2012-11-14 06:10 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks</p><p>2013-11-13 19:33 - 2012-11-14 06:10 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks</p><p>2013-11-13 19:32 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT</p><p>2013-11-13 19:32 - 2009-07-13 20:51 - 00047684 _____ C:\Windows\setupact.log</p><p>2013-11-13 19:23 - 2009-07-13 21:13 - 00778644 _____ C:\Windows\System32\PerfStringBackup.INI</p><p>2013-11-13 19:21 - 2013-11-13 19:21 - 00000000 ____D C:\ProgramData\qudlao</p><p>2013-11-13 19:21 - 2013-11-13 19:21 - 00000000 ____D C:\ProgramData\cyblx</p><p>2013-11-13 19:21 - 2013-11-13 19:21 - 00000000 ____D C:\ProgramData\beuqns</p><p>2013-11-13 19:16 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore</p><p>2013-11-13 17:38 - 2013-11-13 17:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client</p><p>2013-11-13 17:38 - 2012-12-14 15:17 - 00001945 _____ C:\Windows\epplauncher.mif</p><p>2013-11-13 17:38 - 2012-12-14 15:17 - 00000000 ____D C:\Program Files\Microsoft Security Client</p><p>2013-11-13 17:36 - 2010-11-20 19:47 - 00328282 _____ C:\Windows\PFRO.log</p><p>2013-11-13 17:34 - 2013-11-13 16:15 - 00000000 ____D C:\Users\admin\AppData\Local\Google</p><p>2013-11-13 17:32 - 2013-11-13 17:32 - 00000000 ____D C:\Windows\TempB5FB6F14-B263-7D1D-93B8-0412C3BF339B-Signatures</p><p>2013-11-13 17:31 - 2013-11-13 17:27 - 13670584 _____ (Microsoft Corporation) C:\Users\admin\Downloads\mseinstall.exe</p><p>2013-11-13 16:57 - 2012-11-14 05:46 - 00000000 ____D C:\ProgramData\Sonic</p><p>2013-11-13 16:55 - 2013-11-13 16:55 - 00074856 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT</p><p>2013-11-13 16:22 - 2013-11-13 16:22 - 00000000 ____D C:\Users\admin\AppData\Local\Apple</p><p>2013-11-13 16:18 - 2013-11-13 16:18 - 00000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes</p><p>2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\Users\admin\AppData\Roaming\Roxio</p><p>2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\Users\admin\AppData\Roaming\Apple Computer</p><p>2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\Users\admin\AppData\Local\Wondershare</p><p>2013-11-13 16:15 - 2013-11-13 16:14 - 00002265 _____ C:\Users\admin\Desktop\Google Chrome.lnk</p><p>2013-11-13 16:14 - 2013-11-13 16:14 - 00000000 ____D C:\Users\admin\AppData\Roaming\Adobe</p><p>2013-11-13 16:14 - 2013-11-13 16:14 - 00000000 ____D C:\Users\admin\AppData\Local\VirtualStore</p><p>2013-11-13 16:14 - 2013-11-13 16:12 - 00000000 ____D C:\users\admin</p><p>2013-11-13 16:12 - 2013-11-13 16:12 - 00000020 ___SH C:\Users\admin\ntuser.ini</p><p>2013-11-13 16:12 - 2013-11-13 16:12 - 00000000 ____D C:\Users\admin\AppData\Local\SoftThinks</p><p>2013-11-12 19:27 - 2013-11-12 19:27 - 00001119 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2013-11-12 19:27 - 2013-11-12 19:27 - 00001119 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2013-11-12 19:27 - 2013-11-12 19:27 - 00000000 ____D C:\Users\Chloe\AppData\Roaming\Malwarebytes</p><p>2013-11-12 19:27 - 2013-11-12 19:27 - 00000000 ____D C:\ProgramData\Malwarebytes</p><p>2013-11-12 19:27 - 2013-11-12 19:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware</p><p>2013-11-12 18:11 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Microsoft Games</p><p>2013-11-11 20:05 - 2013-11-11 20:05 - 00000000 ____D C:\ProgramData\muwel</p><p>2013-11-11 20:05 - 2013-11-11 20:05 - 00000000 ____D C:\ProgramData\kaaw</p><p>2013-11-11 19:59 - 2012-12-25 11:00 - 00000000 ____D C:\Users\Chloe\AppData\Roaming\Skype</p><p>2013-11-08 18:01 - 2013-11-08 18:01 - 00000000 ____D C:\Users\Chloe\AppData\Local\{5A060B3D-F8F1-40BD-A1B5-0BE623CB4648}</p><p>2013-11-07 17:35 - 2013-11-07 17:35 - 00001068 _____ C:\Users\Chloe\Desktop\Music - Shortcut.lnk</p><p>2013-11-06 16:23 - 2013-11-06 16:22 - 00000000 ____D C:\Users\Chloe\AppData\Local\{85524DF9-6153-4267-81E2-492496F995DA}</p><p>2013-11-05 17:41 - 2013-11-05 17:41 - 00001789 _____ C:\Users\Public\Desktop\iTunes.lnk</p><p>2013-11-05 17:41 - 2013-11-05 17:41 - 00001789 _____ C:\ProgramData\Desktop\iTunes.lnk</p><p>2013-11-05 17:41 - 2013-11-05 17:41 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69</p><p>2013-11-05 17:41 - 2013-11-05 17:41 - 00000000 ____D C:\Program Files\iTunes</p><p>2013-11-05 17:41 - 2013-11-05 17:41 - 00000000 ____D C:\Program Files\iPod</p><p>2013-11-05 17:41 - 2013-11-05 17:41 - 00000000 ____D C:\Program Files (x86)\iTunes</p><p>2013-11-05 15:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF</p><p>2013-11-02 08:55 - 2013-11-02 08:54 - 00000000 ____D C:\Users\Chloe\AppData\Local\{597D3BE4-C0EC-4F44-981D-1AEA2414C143}</p><p>2013-10-29 16:50 - 2013-10-29 16:50 - 00000000 ____D C:\Users\Chloe\AppData\Local\{108675B5-FCB2-4027-B618-444ACF96551F}</p><p>2013-10-27 15:20 - 2013-10-27 15:20 - 00000000 ____D C:\Users\Chloe\AppData\Local\{5E0B59D5-DF7E-47CF-96FF-9EB0CE72D126}</p><p>2013-10-27 09:41 - 2012-12-14 14:49 - 00000000 ____D C:\Program Files (x86)\Google</p><p>2013-10-27 09:40 - 2012-12-14 14:49 - 00000000 ____D C:\Users\Chloe\AppData\Local\Google</p><p>2013-10-21 17:20 - 2013-10-21 17:20 - 00000000 ____D C:\Users\Chloe\AppData\Local\{B1F9D029-D5A0-4821-B874-88D9872C3F3B}</p><p>2013-10-21 17:12 - 2013-10-21 17:12 - 00000000 ____D C:\Users\Chloe\AppData\Local\{1FE9DBA0-1AB4-4C3E-8A0C-2BE09A1B93B3}</p><p></p><p>Files to move or delete:</p><p>====================</p><p>ZeroAccess:</p><p>C:\Users\Chloe\AppData\Local\Google\Desktop\Install</p><p>ZeroAccess:</p><p>C:\Program Files (x86)\Google\Desktop\Install</p><p></p><p></p><p>Some content of TEMP:</p><p>====================</p><p>C:\Users\admin\AppData\Local\Temp\JavaIC.dll</p><p>C:\Users\admin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe</p><p>C:\Users\admin\AppData\Local\Temp\msscct32.dll</p><p>C:\Users\Chloe\AppData\Local\Temp\InstallFlashPlayer.exe</p><p>C:\Users\Chloe\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aih.exe</p><p>C:\Users\Chloe\AppData\Local\Temp\mconduitinstaller.exe</p><p>C:\Users\Chloe\AppData\Local\Temp\SkypeSetup.exe</p><p>C:\Users\Chloe\AppData\Local\Temp\tbMixi.dll</p><p></p><p></p><p>==================== Known DLLs (Whitelisted) ================</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\wininit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\SysWOW64\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== EXE ASSOCIATION =====================</p><p></p><p>HKLM\...\.exe: exefile => OK</p><p>HKLM\...\exefile\DefaultIcon: %1 => OK</p><p>HKLM\...\exefile\open\command: "%1" %* => OK</p><p></p><p>==================== Restore Points =========================</p><p></p><p>2</p><p>Restore point made on: 2013-11-13 19:16:25</p><p>Restore point made on: 2013-11-15 14:29:35</p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 18%</p><p>Total physical RAM: 3971.35 MB</p><p>Available physical RAM: 3221.23 MB</p><p>Total Pagefile: 3969.5 MB</p><p>Available Pagefile: 3217.3 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.88 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: (OSDisk) (Fixed) (Total:452.09 GB) (Free:384.95 GB) NTFS</p><p>Drive e: (JIM) (Removable) (Total:0.93 GB) (Free:0.43 GB) FAT</p><p>Drive f: (Recovery) (Fixed) (Total:13.67 GB) (Free:5.96 GB) NTFS ==>[System with boot components (obtained from reading drive)]</p><p>Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C126BBC0)</p><p>Partition 1: (Not Active) - (Size=452 GB) - (Type=07 NTFS)</p><p>Partition 2: (Active) - (Size=14 GB) - (Type=07 NTFS)</p><p></p><p>========================================================</p><p>Disk: 1 (Size: 953 MB) (Disk ID: 6F20736B)</p><p>No partition Table on disk 1.</p><p>Disk 1 is a removable device.</p><p></p><p></p><p>LastRegBack: 2013-11-10 16:39</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="theflush, post: 144222, member: 14835"] Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013 Ran by SYSTEM on MININT-CGQ9GB5 on 15-11-2013 17:39:13 Running from E:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [626552 2012-04-09] (Alps Electric Co., Ltd.) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\quickset.exe [3732848 2012-03-23] (Dell Inc.) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd) HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.) HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.) HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\CyberLink\Shared files\brs.exe [75048 2011-08-11] (cyberlink) HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] () HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1686528 2012-03-27] (Wondershare) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.) HKU\Chloe\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-13] (Apple Inc.) HKU\Chloe\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.) HKU\Chloe\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe HKU\Chloe\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18705664 2013-01-08] (Skype Technologies S.A.) HKU\Chloe\...\Run: [Speech Recognition] - C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-13] (Microsoft Corporation) HKU\Chloe\...\Run: [AppleIEDAV] - C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1315144 2013-09-04] (Apple Inc.) HKU\Chloe\...\Run: [Google Update] - [x] HKU\Chloe\...\Run: [Wow6432Node] - C:\Users\Chloe\AppData\Roaming\jvsfrfec\cvejhrri.exe HKU\Chloe\...\RunOnce: [ed14a1r] - C:\ProgramData\kaaw\xkwqcp.exe [477184 2013-11-11] (NVIDIA Corporation) HKU\Chloe\...\Winlogon: [Shell] C:\ProgramData\muwel\uweu.exe,explorer.exe <==== ATTENTION ==================== Services (Whitelisted) ================= S2 AECLFilters; C:\Windows\system32\AECLSr64.exe [93696 2012-01-24] (Andrea Electronics Corporation) S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink) S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation) S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{78471049-99fa-4929-c677-087f515a326a}\ \...\???\{78471049-99fa-4929-c677-087f515a326a}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) ==================== Drivers (Whitelisted) ==================== S3 CirrusLFD; C:\Windows\System32\DRIVERS\CSLFDx64.sys [35328 2012-04-02] (Cirrus Logic) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation) S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation) S1 vcmlrika; \??\C:\Windows\system32\drivers\vcmlrika.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-15 17:39 - 2013-11-15 17:39 - 00000000 ____D C:\FRST 2013-11-15 14:27 - 2013-11-15 14:28 - 01957794 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe 2013-11-14 18:49 - 2013-11-14 18:49 - 00002051 _____ C:\Users\admin\Downloads\aswMBR.txt 2013-11-14 18:49 - 2013-11-14 18:49 - 00000512 _____ C:\Users\admin\Downloads\MBR.dat 2013-11-14 15:44 - 2013-11-14 15:44 - 00035022 _____ C:\Users\admin\Downloads\Extras.Txt 2013-11-14 15:43 - 2013-11-14 15:43 - 00073652 _____ C:\Users\admin\Downloads\OTL.Txt 2013-11-14 15:36 - 2013-11-14 15:38 - 04745728 _____ (AVAST Software) C:\Users\admin\Downloads\aswMBR.exe 2013-11-14 15:36 - 2013-11-14 15:36 - 00602112 _____ (OldTimer Tools) C:\Users\admin\Downloads\OTL.exe 2013-11-13 19:21 - 2013-11-13 19:21 - 00000000 ____D C:\ProgramData\qudlao 2013-11-13 19:21 - 2013-11-13 19:21 - 00000000 ____D C:\ProgramData\cyblx 2013-11-13 19:21 - 2013-11-13 19:21 - 00000000 ____D C:\ProgramData\beuqns 2013-11-13 19:06 - 2013-10-12 00:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-11-13 19:06 - 2013-10-12 00:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-11-13 19:06 - 2013-10-12 00:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-11-13 19:06 - 2013-10-12 00:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-11-13 19:06 - 2013-10-12 00:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-11-13 19:06 - 2013-10-11 23:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-11-13 19:06 - 2013-10-11 23:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-11-13 19:06 - 2013-10-11 23:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-11-13 19:06 - 2013-10-11 23:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-11-13 19:06 - 2013-10-11 23:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-11-13 19:06 - 2013-10-11 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-11-13 19:06 - 2013-10-11 22:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-11-13 19:06 - 2013-10-11 21:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-11-13 19:06 - 2013-10-11 21:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-11-13 19:05 - 2013-10-12 00:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-11-13 19:05 - 2013-10-12 00:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-11-13 19:05 - 2013-10-12 00:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-11-13 19:05 - 2013-10-12 00:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-11-13 19:05 - 2013-10-12 00:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-11-13 19:05 - 2013-10-12 00:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-11-13 19:05 - 2013-10-12 00:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-11-13 19:05 - 2013-10-12 00:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-11-13 19:05 - 2013-10-12 00:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-11-13 19:05 - 2013-10-11 23:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-11-13 19:05 - 2013-10-11 23:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-11-13 19:05 - 2013-10-11 23:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-11-13 19:05 - 2013-10-11 23:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-11-13 19:05 - 2013-10-11 23:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-11-13 19:05 - 2013-10-11 23:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-11-13 19:05 - 2013-10-11 23:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-11-13 19:05 - 2013-10-11 23:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-11-13 17:38 - 2013-11-13 17:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2013-11-13 17:32 - 2013-11-13 17:32 - 00000000 ____D C:\Windows\TempB5FB6F14-B263-7D1D-93B8-0412C3BF339B-Signatures 2013-11-13 17:27 - 2013-11-13 17:31 - 13670584 _____ (Microsoft Corporation) C:\Users\admin\Downloads\mseinstall.exe 2013-11-13 16:55 - 2013-11-13 16:55 - 00074856 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT 2013-11-13 16:38 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-11-13 16:38 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-11-13 16:37 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll 2013-11-13 16:37 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll 2013-11-13 16:37 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-11-13 16:37 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2013-11-13 16:37 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-11-13 16:37 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2013-11-13 16:37 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys 2013-11-13 16:37 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2013-11-13 16:37 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2013-11-13 16:37 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll 2013-11-13 16:37 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll 2013-11-13 16:37 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll 2013-11-13 16:37 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll 2013-11-13 16:37 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll 2013-11-13 16:37 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2013-11-13 16:37 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2013-11-13 16:37 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-11-13 16:37 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2013-11-13 16:37 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2013-11-13 16:37 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe 2013-11-13 16:37 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2013-11-13 16:32 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll 2013-11-13 16:32 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL 2013-11-13 16:32 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL 2013-11-13 16:32 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2013-11-13 16:32 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-11-13 16:32 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll 2013-11-13 16:32 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2013-11-13 16:22 - 2013-11-13 16:22 - 00000000 ____D C:\Users\admin\AppData\Local\Apple 2013-11-13 16:18 - 2013-11-13 16:18 - 00000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes 2013-11-13 16:15 - 2013-11-13 17:34 - 00000000 ____D C:\Users\admin\AppData\Local\Google 2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\Users\admin\AppData\Roaming\Roxio 2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\Users\admin\AppData\Roaming\Apple Computer 2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\Users\admin\AppData\Local\Wondershare 2013-11-13 16:14 - 2013-11-13 16:15 - 00002265 _____ C:\Users\admin\Desktop\Google Chrome.lnk 2013-11-13 16:14 - 2013-11-13 16:14 - 00000000 ____D C:\Users\admin\AppData\Roaming\Adobe 2013-11-13 16:14 - 2013-11-13 16:14 - 00000000 ____D C:\Users\admin\AppData\Local\VirtualStore 2013-11-13 16:12 - 2013-11-13 16:14 - 00000000 ____D C:\users\admin 2013-11-13 16:12 - 2013-11-13 16:12 - 00000020 ___SH C:\Users\admin\ntuser.ini 2013-11-13 16:12 - 2013-11-13 16:12 - 00000000 ____D C:\Users\admin\AppData\Local\SoftThinks 2013-11-12 19:27 - 2013-11-12 19:27 - 00001119 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-11-12 19:27 - 2013-11-12 19:27 - 00001119 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk 2013-11-12 19:27 - 2013-11-12 19:27 - 00000000 ____D C:\Users\Chloe\AppData\Roaming\Malwarebytes 2013-11-12 19:27 - 2013-11-12 19:27 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-11-12 19:27 - 2013-11-12 19:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-11-12 19:27 - 2013-04-04 11:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-11-11 20:05 - 2013-11-13 19:49 - 00000000 ____D C:\ProgramData\roh 2013-11-11 20:05 - 2013-11-13 19:33 - 00000000 ____D C:\ProgramData\tequd 2013-11-11 20:05 - 2013-11-11 20:05 - 00000000 ____D C:\ProgramData\muwel 2013-11-11 20:05 - 2013-11-11 20:05 - 00000000 ____D C:\ProgramData\kaaw 2013-11-11 19:59 - 2013-11-13 19:53 - 00000000 ____D C:\ProgramData\almyt 2013-11-08 18:01 - 2013-11-08 18:01 - 00000000 ____D C:\Users\Chloe\AppData\Local\{5A060B3D-F8F1-40BD-A1B5-0BE623CB4648} 2013-11-07 17:35 - 2013-11-07 17:35 - 00001068 _____ C:\Users\Chloe\Desktop\Music - Shortcut.lnk 2013-11-06 16:22 - 2013-11-06 16:23 - 00000000 ____D C:\Users\Chloe\AppData\Local\{85524DF9-6153-4267-81E2-492496F995DA} 2013-11-05 17:41 - 2013-11-05 17:41 - 00001789 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-11-05 17:41 - 2013-11-05 17:41 - 00001789 _____ C:\ProgramData\Desktop\iTunes.lnk 2013-11-05 17:41 - 2013-11-05 17:41 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-11-05 17:41 - 2013-11-05 17:41 - 00000000 ____D C:\Program Files\iTunes 2013-11-05 17:41 - 2013-11-05 17:41 - 00000000 ____D C:\Program Files\iPod 2013-11-05 17:41 - 2013-11-05 17:41 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-11-02 08:54 - 2013-11-02 08:55 - 00000000 ____D C:\Users\Chloe\AppData\Local\{597D3BE4-C0EC-4F44-981D-1AEA2414C143} 2013-10-29 16:50 - 2013-10-29 16:50 - 00000000 ____D C:\Users\Chloe\AppData\Local\{108675B5-FCB2-4027-B618-444ACF96551F} 2013-10-29 08:51 - 2013-09-04 04:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys 2013-10-29 08:51 - 2013-09-04 04:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys 2013-10-29 08:51 - 2013-09-04 04:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys 2013-10-29 08:51 - 2013-09-04 04:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys 2013-10-29 08:51 - 2013-09-04 04:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys 2013-10-29 08:51 - 2013-09-04 04:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys 2013-10-29 08:51 - 2013-09-04 04:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys 2013-10-27 15:20 - 2013-10-27 15:20 - 00000000 ____D C:\Users\Chloe\AppData\Local\{5E0B59D5-DF7E-47CF-96FF-9EB0CE72D126} 2013-10-21 17:20 - 2013-10-21 17:20 - 00000000 ____D C:\Users\Chloe\AppData\Local\{B1F9D029-D5A0-4821-B874-88D9872C3F3B} 2013-10-21 17:12 - 2013-10-21 17:12 - 00000000 ____D C:\Users\Chloe\AppData\Local\{1FE9DBA0-1AB4-4C3E-8A0C-2BE09A1B93B3} ==================== One Month Modified Files and Folders ======= 2013-11-15 17:39 - 2013-11-15 17:39 - 00000000 ____D C:\FRST 2013-11-15 14:31 - 2012-11-14 05:23 - 01052597 _____ C:\Windows\WindowsUpdate.log 2013-11-15 14:28 - 2013-11-15 14:27 - 01957794 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe 2013-11-15 14:18 - 2012-12-14 14:49 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-11-15 14:17 - 2012-12-25 11:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-14 18:49 - 2013-11-14 18:49 - 00002051 _____ C:\Users\admin\Downloads\aswMBR.txt 2013-11-14 18:49 - 2013-11-14 18:49 - 00000512 _____ C:\Users\admin\Downloads\MBR.dat 2013-11-14 18:12 - 2012-12-14 14:49 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-11-14 16:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-11-14 15:44 - 2013-11-14 15:44 - 00035022 _____ C:\Users\admin\Downloads\Extras.Txt 2013-11-14 15:43 - 2013-11-14 15:43 - 00073652 _____ C:\Users\admin\Downloads\OTL.Txt 2013-11-14 15:39 - 2009-07-13 20:45 - 00020880 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-14 15:39 - 2009-07-13 20:45 - 00020880 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-14 15:38 - 2013-11-14 15:36 - 04745728 _____ (AVAST Software) C:\Users\admin\Downloads\aswMBR.exe 2013-11-14 15:36 - 2013-11-14 15:36 - 00602112 _____ (OldTimer Tools) C:\Users\admin\Downloads\OTL.exe 2013-11-13 19:53 - 2013-11-11 19:59 - 00000000 ____D C:\ProgramData\almyt 2013-11-13 19:49 - 2013-11-11 20:05 - 00000000 ____D C:\ProgramData\roh 2013-11-13 19:34 - 2012-11-14 05:57 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2013-11-13 19:33 - 2013-11-11 20:05 - 00000000 ____D C:\ProgramData\tequd 2013-11-13 19:33 - 2012-11-14 06:10 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2013-11-13 19:33 - 2012-11-14 06:10 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2013-11-13 19:32 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-13 19:32 - 2009-07-13 20:51 - 00047684 _____ C:\Windows\setupact.log 2013-11-13 19:23 - 2009-07-13 21:13 - 00778644 _____ C:\Windows\System32\PerfStringBackup.INI 2013-11-13 19:21 - 2013-11-13 19:21 - 00000000 ____D C:\ProgramData\qudlao 2013-11-13 19:21 - 2013-11-13 19:21 - 00000000 ____D C:\ProgramData\cyblx 2013-11-13 19:21 - 2013-11-13 19:21 - 00000000 ____D C:\ProgramData\beuqns 2013-11-13 19:16 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore 2013-11-13 17:38 - 2013-11-13 17:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2013-11-13 17:38 - 2012-12-14 15:17 - 00001945 _____ C:\Windows\epplauncher.mif 2013-11-13 17:38 - 2012-12-14 15:17 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-11-13 17:36 - 2010-11-20 19:47 - 00328282 _____ C:\Windows\PFRO.log 2013-11-13 17:34 - 2013-11-13 16:15 - 00000000 ____D C:\Users\admin\AppData\Local\Google 2013-11-13 17:32 - 2013-11-13 17:32 - 00000000 ____D C:\Windows\TempB5FB6F14-B263-7D1D-93B8-0412C3BF339B-Signatures 2013-11-13 17:31 - 2013-11-13 17:27 - 13670584 _____ (Microsoft Corporation) C:\Users\admin\Downloads\mseinstall.exe 2013-11-13 16:57 - 2012-11-14 05:46 - 00000000 ____D C:\ProgramData\Sonic 2013-11-13 16:55 - 2013-11-13 16:55 - 00074856 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT 2013-11-13 16:22 - 2013-11-13 16:22 - 00000000 ____D C:\Users\admin\AppData\Local\Apple 2013-11-13 16:18 - 2013-11-13 16:18 - 00000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes 2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\Users\admin\AppData\Roaming\Roxio 2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\Users\admin\AppData\Roaming\Apple Computer 2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\Users\admin\AppData\Local\Wondershare 2013-11-13 16:15 - 2013-11-13 16:14 - 00002265 _____ C:\Users\admin\Desktop\Google Chrome.lnk 2013-11-13 16:14 - 2013-11-13 16:14 - 00000000 ____D C:\Users\admin\AppData\Roaming\Adobe 2013-11-13 16:14 - 2013-11-13 16:14 - 00000000 ____D C:\Users\admin\AppData\Local\VirtualStore 2013-11-13 16:14 - 2013-11-13 16:12 - 00000000 ____D C:\users\admin 2013-11-13 16:12 - 2013-11-13 16:12 - 00000020 ___SH C:\Users\admin\ntuser.ini 2013-11-13 16:12 - 2013-11-13 16:12 - 00000000 ____D C:\Users\admin\AppData\Local\SoftThinks 2013-11-12 19:27 - 2013-11-12 19:27 - 00001119 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-11-12 19:27 - 2013-11-12 19:27 - 00001119 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk 2013-11-12 19:27 - 2013-11-12 19:27 - 00000000 ____D C:\Users\Chloe\AppData\Roaming\Malwarebytes 2013-11-12 19:27 - 2013-11-12 19:27 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-11-12 19:27 - 2013-11-12 19:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-11-12 18:11 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Microsoft Games 2013-11-11 20:05 - 2013-11-11 20:05 - 00000000 ____D C:\ProgramData\muwel 2013-11-11 20:05 - 2013-11-11 20:05 - 00000000 ____D C:\ProgramData\kaaw 2013-11-11 19:59 - 2012-12-25 11:00 - 00000000 ____D C:\Users\Chloe\AppData\Roaming\Skype 2013-11-08 18:01 - 2013-11-08 18:01 - 00000000 ____D C:\Users\Chloe\AppData\Local\{5A060B3D-F8F1-40BD-A1B5-0BE623CB4648} 2013-11-07 17:35 - 2013-11-07 17:35 - 00001068 _____ C:\Users\Chloe\Desktop\Music - Shortcut.lnk 2013-11-06 16:23 - 2013-11-06 16:22 - 00000000 ____D C:\Users\Chloe\AppData\Local\{85524DF9-6153-4267-81E2-492496F995DA} 2013-11-05 17:41 - 2013-11-05 17:41 - 00001789 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-11-05 17:41 - 2013-11-05 17:41 - 00001789 _____ C:\ProgramData\Desktop\iTunes.lnk 2013-11-05 17:41 - 2013-11-05 17:41 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-11-05 17:41 - 2013-11-05 17:41 - 00000000 ____D C:\Program Files\iTunes 2013-11-05 17:41 - 2013-11-05 17:41 - 00000000 ____D C:\Program Files\iPod 2013-11-05 17:41 - 2013-11-05 17:41 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-11-05 15:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF 2013-11-02 08:55 - 2013-11-02 08:54 - 00000000 ____D C:\Users\Chloe\AppData\Local\{597D3BE4-C0EC-4F44-981D-1AEA2414C143} 2013-10-29 16:50 - 2013-10-29 16:50 - 00000000 ____D C:\Users\Chloe\AppData\Local\{108675B5-FCB2-4027-B618-444ACF96551F} 2013-10-27 15:20 - 2013-10-27 15:20 - 00000000 ____D C:\Users\Chloe\AppData\Local\{5E0B59D5-DF7E-47CF-96FF-9EB0CE72D126} 2013-10-27 09:41 - 2012-12-14 14:49 - 00000000 ____D C:\Program Files (x86)\Google 2013-10-27 09:40 - 2012-12-14 14:49 - 00000000 ____D C:\Users\Chloe\AppData\Local\Google 2013-10-21 17:20 - 2013-10-21 17:20 - 00000000 ____D C:\Users\Chloe\AppData\Local\{B1F9D029-D5A0-4821-B874-88D9872C3F3B} 2013-10-21 17:12 - 2013-10-21 17:12 - 00000000 ____D C:\Users\Chloe\AppData\Local\{1FE9DBA0-1AB4-4C3E-8A0C-2BE09A1B93B3} Files to move or delete: ==================== ZeroAccess: C:\Users\Chloe\AppData\Local\Google\Desktop\Install ZeroAccess: C:\Program Files (x86)\Google\Desktop\Install Some content of TEMP: ==================== C:\Users\admin\AppData\Local\Temp\JavaIC.dll C:\Users\admin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\admin\AppData\Local\Temp\msscct32.dll C:\Users\Chloe\AppData\Local\Temp\InstallFlashPlayer.exe C:\Users\Chloe\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aih.exe C:\Users\Chloe\AppData\Local\Temp\mconduitinstaller.exe C:\Users\Chloe\AppData\Local\Temp\SkypeSetup.exe C:\Users\Chloe\AppData\Local\Temp\tbMixi.dll ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= 2 Restore point made on: 2013-11-13 19:16:25 Restore point made on: 2013-11-15 14:29:35 ==================== Memory info =========================== Percentage of memory in use: 18% Total physical RAM: 3971.35 MB Available physical RAM: 3221.23 MB Total Pagefile: 3969.5 MB Available Pagefile: 3217.3 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (OSDisk) (Fixed) (Total:452.09 GB) (Free:384.95 GB) NTFS Drive e: (JIM) (Removable) (Total:0.93 GB) (Free:0.43 GB) FAT Drive f: (Recovery) (Fixed) (Total:13.67 GB) (Free:5.96 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C126BBC0) Partition 1: (Not Active) - (Size=452 GB) - (Type=07 NTFS) Partition 2: (Active) - (Size=14 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 953 MB) (Disk ID: 6F20736B) No partition Table on disk 1. Disk 1 is a removable device. LastRegBack: 2013-11-10 16:39 ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top