Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-12-2013 Ran by Amanda (administrator) on AMANDA-PC on 24-12-2013 07:11:41 Running from F:\virus Windows 7 Ultimate (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Safe Mode (with Networking) ==================== Processes (Whitelisted) ================= (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe [38768 2009-10-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe [640376 2009-10-02] (Adobe Systems Inc.) HKLM-x32\...\Run: [V0400Mon.exe] - C:\Windows\V0400Mon.exe [32768 2007-06-03] (Creative Technology Ltd.) HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.) HKLM-x32\...\Run: [HTC Sync Loader] - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [634880 2011-12-20] () HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\Runonce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-17] (Microsoft Corporation) HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe HKCU\...\Run: [Facebook Update] - C:\Users\Amanda\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17148552 2012-02-29] (Skype Technologies S.A.) HKCU\...\Run: [xA2oxSonRUjbG] - C:\Users\Amanda\AppData\Local\build.exe [108032 2013-05-06] (Корпорация Майкрософт) MountPoints2: F - F:\LaunchU3.exe -a HKU\JR\...\Run: [Steam] - "C:\Program Files (x86)\Steam\Steam.exe" -silent HKU\JR\...\Run: [Facebook Update] - C:\Users\JR\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-20] (Facebook Inc.) HKU\JR\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5622512 2013-05-14] (SUPERAntiSpyware.com) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF38C5CBE5AF8CA01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKCU\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.msn.com/?pc=skyp&ocid=skydhp HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtD0EtD0Bzz0D0FyCtCyE0CtDyCtC0EtN0D0Tzu0CtByCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2005850280 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtD0EtD0Bzz0D0FyCtCyE0CtDyCtC0EtN0D0Tzu0CtByCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2005850280 URLSearchHook: HKCU - Default Value = {dd716bcd-bc24-e944-69b7-b26d74121c70} URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File URLSearchHook: HKCU - FCToolbarURLSearchHook Class - {dd716bcd-bc24-e944-69b7-b26d74121c70} - C:\Program Files (x86)\BucksBee Loyalty Plugin - 100884.rs\Helper.dll () StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtD0EtD0Bzz0D0FyCtCyE0CtDyCtC0EtN0D0Tzu0CtByCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2005850280 SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {0B4A10D1-FBD6-451d-BFDA-F03252B05984} SearchScopes: HKLM-x32 - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtD0EtD0Bzz0D0FyCtCyE0CtDyCtC0EtN0D0Tzu0CtByCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2005850280 SearchScopes: HKLM-x32 - {5d7e2ae3-de3b-4de0-8f15-014e8ecaf4ee} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKxdm568YYus&ptb=034CA3E9-F72B-4794-86EC-DFE749CF50D9&psa=&ind=2010122921&ptnrS=ZKxdm568YYus&si=&st=sb&n=77d00aa9&searchfor={searchTerms} SearchScopes: HKLM-x32 - {6074CB4B-AAF5-A857-5CF9-1F8C40D98BFA} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20100522032405141&tb_oid=22-05-2010&tb_mrud=22-05-2010 SearchScopes: HKCU - DefaultScope {409DD3B4-D1F8-EC6E-EDBD-2367FDA78762} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtD0EtD0Bzz0D0FyCtCyE0CtDyCtC0EtN0D0Tzu0CtByCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2005850280 SearchScopes: HKCU - Backup.Old.DefaultScope {409DD3B4-D1F8-EC6E-EDBD-2367FDA78762} SearchScopes: HKCU - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20100522032405141&tb_oid=22-05-2010&tb_mrud=22-05-2010 SearchScopes: HKCU - {409DD3B4-D1F8-EC6E-EDBD-2367FDA78762} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtD0EtD0Bzz0D0FyCtCyE0CtDyCtC0EtN0D0Tzu0CtByCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2005850280 SearchScopes: HKCU - {5d7e2ae3-de3b-4de0-8f15-014e8ecaf4ee} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKxdm568YYus&ptb=034CA3E9-F72B-4794-86EC-DFE749CF50D9&psa=&ind=2010122810&ptnrS=ZKxdm568YYus&si=&st=sb&n=77d00a3a&searchfor={searchTerms} SearchScopes: HKCU - {6074CB4B-AAF5-A857-5CF9-1F8C40D98BFA} URL = http://www.bing.com/search?q={searchTerms}&pc=Z015&form=ZGAIDF SearchScopes: HKCU - {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = Playbryte-fa-ptn/search/redirect/?type=default&user_id=60a2f613-d14a-4e69-a795-c858e1aeacba&query={searchTerms} SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms} SearchScopes: HKCU - {F2C67326-B902-4914-9420-CA6EE6611FF3} URL = http://websearch.ask.com/redirect?client=ie&tb=OVO2&o=2159&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^A2E&apn_dtid=^YYYYYY^SH^US&apn_uid=608071ec-29eb-4a26-b77c-0776b21ef574&apn_sauid=13C2C25F-7E56-4602-8FF8-F450786158DF& BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: BucksBee Loyalty Plugin - 100884.rs - {531D0355-4050-2CB4-2902-6A0CC0372774} - C:\Program Files (x86)\BucksBee Loyalty Plugin - 100884.rs\BucksBee Loyalty Plugin.dll (Freecause Inc.) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - No Name - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No File Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: HKLM-x32 {935F9B04-0C7B-4454-A391-348C54AD7ADD} http://webgames.d.tmsrv.com/c=446a367be48ac6ef6a40fc4802936164/aff=t_20wt_wg/p/release/jollybear/wg_bigcityadventuresydney/bigcityadventuresydney/GameFiles/JBGamePlayer.cab DPF: HKLM-x32 {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR RestoreOnStartup: "hxxp://www.google.com/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.) CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Unity Player) - C:\Users\Amanda\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Amanda\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) CHR Extension: (Google Docs) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 CHR Extension: (Google Search) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 CHR Extension: (Gmail) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Amanda\AppData\Local\funmoods.crx CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Amanda\AppData\Local\funmoods-speeddial.crx ==================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] () ==================== Drivers (Whitelisted) ==================== S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation ) S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 VF0400Afx; C:\Windows\System32\Drivers\V0400Afx.sys [214240 2007-06-10] (Creative Technology Ltd.) S3 VF0400Vfx; C:\Windows\System32\DRIVERS\V0400VFx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.) S3 VF0400Vid; C:\Windows\System32\DRIVERS\V0400Vid.sys [204736 2007-06-06] (Creative Technology Ltd.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-24 07:10 - 2013-12-24 07:10 - 00000000 ____D C:\FRST 2013-12-23 08:24 - 2013-12-23 08:25 - 00001650 _____ C:\Users\Amanda\Desktop\Rkill.txt 2013-12-23 08:24 - 2013-12-23 08:24 - 00000000 ____D C:\Users\Amanda\Desktop\rkill 2013-12-14 23:07 - 2013-12-23 14:34 - 00009086 _____ C:\Windows\PFRO.log 2013-12-14 23:01 - 2013-12-14 23:01 - 08699272 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe ==================== One Month Modified Files and Folders ======= 2013-12-24 07:11 - 2009-07-14 00:13 - 00726142 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-24 07:10 - 2013-12-24 07:10 - 00000000 ____D C:\FRST 2013-12-24 05:26 - 2013-10-16 10:48 - 00003861 _____ C:\Windows\WindowsUpdate.log 2013-12-23 14:36 - 2012-02-09 16:55 - 00000000 ____D C:\Users\Amanda\AppData\Local\Htc 2013-12-23 14:36 - 2010-05-21 22:17 - 00000000 ____D C:\Users\Amanda\Tracing 2013-12-23 14:35 - 2013-01-12 19:34 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-23 14:34 - 2013-12-14 23:07 - 00009086 _____ C:\Windows\PFRO.log 2013-12-23 14:34 - 2013-08-28 16:50 - 00002746 _____ C:\Windows\setupact.log 2013-12-23 14:34 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-23 09:48 - 2012-09-03 09:42 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-12-23 09:48 - 2012-09-03 09:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-23 08:25 - 2013-12-23 08:24 - 00001650 _____ C:\Users\Amanda\Desktop\Rkill.txt 2013-12-23 08:24 - 2013-12-23 08:24 - 00000000 ____D C:\Users\Amanda\Desktop\rkill 2013-12-23 07:56 - 2013-01-12 19:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-23 07:55 - 2013-01-12 19:34 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-23 07:53 - 2013-06-20 08:33 - 00000916 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3720689192-4100693960-38180999-1002UA.job 2013-12-23 07:53 - 2012-03-29 15:45 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3720689192-4100693960-38180999-1000UA.job 2013-12-23 07:53 - 2012-03-29 15:45 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3720689192-4100693960-38180999-1000Core.job 2013-12-22 16:29 - 2012-09-23 19:00 - 00000000 ____D C:\Program Files (x86)\Playbryte 2013-12-22 11:28 - 2009-07-14 00:08 - 00032540 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-12-14 23:08 - 2012-02-11 16:23 - 00000000 ____D C:\Users\JR\AppData\Local\Htc 2013-12-14 23:05 - 2013-01-12 19:34 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-12-14 23:05 - 2013-01-12 19:34 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-12-14 23:02 - 2013-01-12 19:34 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-14 23:01 - 2013-12-14 23:01 - 08699272 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-12-14 23:01 - 2013-06-20 08:33 - 00000894 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3720689192-4100693960-38180999-1002Core.job 2013-12-14 23:01 - 2013-01-12 19:34 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-14 23:01 - 2013-01-12 19:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ZeroAccess: C:\Users\JR\AppData\Local\{b348d045-aa5d-5fe2-dac3-3c924fab47cb} C:\Users\JR\AppData\Local\{b348d045-aa5d-5fe2-dac3-3c924fab47cb}\@ C:\Users\JR\AppData\Local\{b348d045-aa5d-5fe2-dac3-3c924fab47cb}\U\00000001.@ Files to move or delete: ==================== C:\ProgramData\ahc__0poi.pad Some content of TEMP: ==================== C:\Users\Amanda\AppData\Local\Temp\qemzmade.dll C:\Users\Amanda\AppData\Local\Temp\wkibvf8d.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-22 16:51 ==================== End Of Log ============================