Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
fbi moneypak virus
Message
<blockquote data-quote="chikenfoot" data-source="post: 122892" data-attributes="member: 8631"><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2013 01</p><p>Ran by SYSTEM on 30-05-2013 21:16:20</p><p>Running from E:\</p><p>Windows 7 Home Premium (X64) OS Language: English(US)</p><p>Internet Explorer Version 8</p><p>Boot Mode: Recovery</p><p></p><p>The current controlset is ControlSet001</p><p><strong>ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.</strong></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2122536 2010-05-07] (Synaptics Incorporated)</p><p>HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10144288 2010-04-13] (Realtek Semiconductor)</p><p>Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]</p><p>HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [x]</p><p>HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-28] (AVG Technologies CZ, s.r.o.)</p><p>HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)</p><p>HKLM-x32\...\Run: [dellsupportcenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [206064 2009-05-21] (SupportSoft, Inc.)</p><p>HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" [1255088 2013-05-27] (AVG Secure Search)</p><p>HKU\Chikenfoot\...\Run: [dg] C:\Users\Chikenfoot\AppData\Roaming\Microsoft\RSBOT.exe [x]</p><p>HKU\Chikenfoot\...\Run: [SansaDispatch] C:\Users\Chikenfoot\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [613888 2013-04-27] (SanDisk Corporation)</p><p>HKU\Chikenfoot\...\Run: [ROC_ROC_APR2013_AV] C:\Users\Chikenfoot\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid d0cd2c9c845b47d182342104e4a2ffb2-86a25157b67a51fcc20b8a31f63a59c2000d6af5 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 [x]</p><p>HKU\Chikenfoot\...\Winlogon: [Shell] explorer.exe,C:\Users\Chikenfoot\AppData\Roaming\skype.dat [161280 2011-11-17] (HSN Software LLC) <==== ATTENTION </p><p>HKU\Guest\...\Run: [Best Buy pc app] C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms [x]</p><p>HKU\Guest\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4240760 2010-09-23] (Microsoft Corporation)</p><p>HKU\Guest\...\Run: [dg] C:\Users\Guest\AppData\Roaming\Microsoft\RSBOT.exe [x]</p><p>HKU\Guest\...\Run: [QuickPhrase] "C:\Program Files (x86)\TypingMaster\QuickPhrase\quickphrase.exe" [x]</p><p>HKU\Guest\...\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]</p><p>HKU\Guest\...\Run: [SansaDispatch] C:\Users\Guest\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [x]</p><p>HKU\Guest\...\Run: [RebateInformer] C:\PROGRA~2\REBATE~1\REBATE~1.EXE /STARTUP [x]</p><p>HKU\Guest\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /schedule 300000 [4932056 2012-11-12] (Exent Technologies Ltd.)</p><p>HKU\Love and Peace\...\Run: [Best Buy pc app] C:\Users\Love and Peace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms [x]</p><p>Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk</p><p>ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)</p><p>Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk</p><p>ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)</p><p>Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk</p><p>ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)</p><p>Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk</p><p>ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)</p><p>Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk</p><p>ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)</p><p>Startup: C:\Users\Love and Peace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk</p><p>ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-13] (AVG Technologies CZ, s.r.o.)</p><p>S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)</p><p>S2 vToolbarUpdater15.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-27] (AVG Secure Search)</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)</p><p>S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)</p><p>S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)</p><p>S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)</p><p>S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)</p><p>S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)</p><p>S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)</p><p>S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-05-27] (AVG Technologies)</p><p>S2 X5XSEx_Pr143; C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [56136 2012-08-02] (Exent Technologies Ltd.)</p><p>S2 MCSTRM; No ImagePath</p><p>S2 mrtRate; No ImagePath</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-05-30 21:16 - 2013-05-30 21:16 - 00000000 ____D C:\FRST</p><p>2013-05-30 09:40 - 2013-05-30 12:36 - 00000004 ____A C:\Users\Chikenfoot\Application Data\skype.ini</p><p>2013-05-30 09:40 - 2013-05-30 12:36 - 00000004 ____A C:\Users\Chikenfoot\AppData\Roaming\skype.ini</p><p>2013-05-30 09:37 - 2013-05-30 10:00 - 00000336 ___AH C:\Windows\Tasks\{42939782-2A54-4C6F-86F2-4477B2211B63}.job</p><p>2013-05-30 09:37 - 2013-05-30 09:37 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\Application Data\94b25045-e8dc-41b0-9948-88010b369249ad</p><p>2013-05-30 09:37 - 2013-05-30 09:37 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\94b25045-e8dc-41b0-9948-88010b369249ad</p><p>2013-05-30 09:37 - 2013-05-30 09:37 - 00000000 ____D C:\Users\Chikenfoot\AppData\Local\94b25045-e8dc-41b0-9948-88010b369249ad</p><p>2013-05-25 13:46 - 2013-05-25 14:01 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\Mixxx</p><p>2013-05-25 13:46 - 2013-05-25 14:01 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\Application Data\Mixxx</p><p>2013-05-25 13:46 - 2013-05-25 14:01 - 00000000 ____D C:\Users\Chikenfoot\AppData\Local\Mixxx</p><p>2013-05-25 13:44 - 2013-05-25 13:44 - 00001947 ____A C:\Users\Guest\Desktop\Digital DJ Pro.lnk</p><p>2013-05-25 13:43 - 2013-05-25 13:44 - 00000000 ____D C:\Program Files (x86)\Digital DJ Pro</p><p>2013-05-17 01:44 - 2013-05-17 01:45 - 02137424 ____A (Solid State Networks) C:\Users\Chikenfoot\Downloads\install_flashplayer11x32axau_mssd_aih.exe</p><p>2013-05-12 15:03 - 2013-05-30 09:41 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\Realtek</p><p>2013-05-12 15:03 - 2013-05-30 09:41 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\Application Data\Realtek</p><p>2013-05-12 15:03 - 2013-05-30 09:41 - 00000000 ____D C:\Users\Chikenfoot\AppData\Local\Realtek</p><p>2013-05-12 14:00 - 2013-05-18 12:48 - 00000000 ____D C:\Users\Chikenfoot\My Documents\Talent Show Song Considerations</p><p>2013-05-12 14:00 - 2013-05-18 12:48 - 00000000 ____D C:\Users\Chikenfoot\Documents\Talent Show Song Considerations</p><p>2013-05-04 14:40 - 2013-05-04 14:44 - 00000124 ___AH C:\Users\Chikenfoot\Downloads\.picasa.ini</p><p>2013-05-04 07:15 - 2013-05-04 07:15 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\AVG SafeGuard toolbar</p><p>2013-05-04 07:15 - 2013-05-04 07:15 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\Application Data\AVG SafeGuard toolbar</p><p>2013-05-04 07:15 - 2013-05-04 07:15 - 00000000 ____D C:\Users\Chikenfoot\AppData\Local\AVG SafeGuard toolbar</p><p>2013-05-04 07:15 - 2013-05-04 07:15 - 00000000 ____D C:\ProgramData\AVG Security Toolbar</p><p>2013-05-04 07:15 - 2013-05-04 07:15 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar</p><p>2013-05-04 07:15 - 2013-05-04 07:15 - 00000000 ____D C:\ProgramData\Application Data\AVG Security Toolbar</p><p>2013-05-04 07:15 - 2013-05-04 07:15 - 00000000 ____D C:\ProgramData\Application Data\AVG SafeGuard toolbar</p><p>2013-05-04 07:14 - 2013-05-27 00:12 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys</p><p>2013-05-04 07:14 - 2013-05-27 00:12 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2013-05-30 21:16 - 2013-05-30 21:16 - 00000000 ____D C:\FRST</p><p>2013-05-30 12:36 - 2013-05-30 09:40 - 00000004 ____A C:\Users\Chikenfoot\Application Data\skype.ini</p><p>2013-05-30 12:36 - 2013-05-30 09:40 - 00000004 ____A C:\Users\Chikenfoot\AppData\Roaming\skype.ini</p><p>2013-05-30 12:35 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2013-05-30 12:35 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2013-05-30 12:28 - 2013-04-03 11:20 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2013-05-30 12:28 - 2010-08-24 17:11 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks</p><p>2013-05-30 12:28 - 2010-08-24 17:11 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks</p><p>2013-05-30 12:28 - 2010-08-24 17:11 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks</p><p>2013-05-30 12:28 - 2010-08-24 17:11 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks</p><p>2013-05-30 12:28 - 2010-08-24 17:11 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks</p><p>2013-05-30 12:28 - 2010-08-24 17:11 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks</p><p>2013-05-30 12:28 - 2010-08-24 16:57 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup</p><p>2013-05-30 12:27 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT</p><p>2013-05-30 12:27 - 2009-07-13 23:51 - 00089195 ____A C:\Windows\setupact.log</p><p>2013-05-30 10:16 - 2013-04-03 11:20 - 00000906 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2013-05-30 10:14 - 2012-04-10 18:45 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2013-05-30 10:08 - 2009-07-14 00:10 - 01335144 ____A C:\Windows\WindowsUpdate.log</p><p>2013-05-30 10:00 - 2013-05-30 09:37 - 00000336 ___AH C:\Windows\Tasks\{42939782-2A54-4C6F-86F2-4477B2211B63}.job</p><p>2013-05-30 09:41 - 2013-05-12 15:03 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\Realtek</p><p>2013-05-30 09:41 - 2013-05-12 15:03 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\Application Data\Realtek</p><p>2013-05-30 09:41 - 2013-05-12 15:03 - 00000000 ____D C:\Users\Chikenfoot\AppData\Local\Realtek</p><p>2013-05-30 09:39 - 2010-08-24 18:27 - 00100042 ____A C:\Windows\PFRO.log</p><p>2013-05-30 09:38 - 2010-12-07 23:28 - 00000000 ____D C:\users\Chikenfoot</p><p>2013-05-30 09:37 - 2013-05-30 09:37 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\Application Data\94b25045-e8dc-41b0-9948-88010b369249ad</p><p>2013-05-30 09:37 - 2013-05-30 09:37 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\94b25045-e8dc-41b0-9948-88010b369249ad</p><p>2013-05-30 09:37 - 2013-05-30 09:37 - 00000000 ____D C:\Users\Chikenfoot\AppData\Local\94b25045-e8dc-41b0-9948-88010b369249ad</p><p>2013-05-30 09:35 - 2011-06-08 22:17 - 00000000 ____D C:\ProgramData\MFAData</p><p>2013-05-30 09:35 - 2011-06-08 22:17 - 00000000 ____D C:\ProgramData\Application Data\MFAData</p><p>2013-05-29 18:35 - 2009-07-14 00:13 - 00727334 ____A C:\Windows\System32\PerfStringBackup.INI</p><p>2013-05-29 12:37 - 2011-12-01 17:13 - 00000000 ____D C:\Users\Chikenfoot\Application Data\SoftGrid Client</p><p>2013-05-29 12:37 - 2011-12-01 17:13 - 00000000 ____D C:\Users\Chikenfoot\AppData\Roaming\SoftGrid Client</p><p>2013-05-29 12:26 - 2011-03-25 17:09 - 00012800 ____A C:\Users\Chikenfoot\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p>2013-05-29 12:26 - 2011-03-25 17:09 - 00012800 ____A C:\Users\Chikenfoot\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p>2013-05-29 12:26 - 2011-03-25 17:09 - 00012800 ____A C:\Users\Chikenfoot\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p>2013-05-27 00:12 - 2013-05-04 07:14 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys</p><p>2013-05-27 00:12 - 2013-05-04 07:14 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar</p><p>2013-05-27 00:12 - 2013-02-10 22:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox</p><p>2013-05-25 14:34 - 2010-08-24 16:46 - 00000000 ____D C:\ProgramData\Application Data\Adobe</p><p>2013-05-25 14:34 - 2010-08-24 16:46 - 00000000 ____D C:\ProgramData\Adobe</p><p>2013-05-25 14:08 - 2012-12-28 18:32 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\CrashDumps</p><p>2013-05-25 14:08 - 2012-12-28 18:32 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\Application Data\CrashDumps</p><p>2013-05-25 14:08 - 2012-12-28 18:32 - 00000000 ____D C:\Users\Chikenfoot\AppData\Local\CrashDumps</p><p>2013-05-25 14:01 - 2013-05-25 13:46 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\Mixxx</p><p>2013-05-25 14:01 - 2013-05-25 13:46 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\Application Data\Mixxx</p><p>2013-05-25 14:01 - 2013-05-25 13:46 - 00000000 ____D C:\Users\Chikenfoot\AppData\Local\Mixxx</p><p>2013-05-25 13:45 - 2011-11-20 17:33 - 00000000 ____D C:\Users\Chikenfoot\Desktop\Alexis</p><p>2013-05-25 13:44 - 2013-05-25 13:44 - 00001947 ____A C:\Users\Guest\Desktop\Digital DJ Pro.lnk</p><p>2013-05-25 13:44 - 2013-05-25 13:43 - 00000000 ____D C:\Program Files (x86)\Digital DJ Pro</p><p>2013-05-25 08:49 - 2012-12-13 18:53 - 00000927 ____A C:\Users\Public\Desktop\AVG 2013.lnk</p><p>2013-05-25 08:49 - 2012-12-13 18:53 - 00000927 ____A C:\ProgramData\Desktop\AVG 2013.lnk</p><p>2013-05-25 06:04 - 2013-04-03 11:25 - 00002145 ____A C:\Users\Public\Desktop\Google Chrome.lnk</p><p>2013-05-25 06:04 - 2013-04-03 11:25 - 00002145 ____A C:\ProgramData\Desktop\Google Chrome.lnk</p><p>2013-05-18 12:48 - 2013-05-12 14:00 - 00000000 ____D C:\Users\Chikenfoot\My Documents\Talent Show Song Considerations</p><p>2013-05-18 12:48 - 2013-05-12 14:00 - 00000000 ____D C:\Users\Chikenfoot\Documents\Talent Show Song Considerations</p><p>2013-05-18 09:43 - 2011-02-20 22:15 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\Windows Live</p><p>2013-05-18 09:43 - 2011-02-20 22:15 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\Application Data\Windows Live</p><p>2013-05-18 09:43 - 2011-02-20 22:15 - 00000000 ____D C:\Users\Chikenfoot\AppData\Local\Windows Live</p><p>2013-05-17 03:17 - 2012-04-10 18:45 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</p><p>2013-05-17 03:17 - 2011-07-10 18:32 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2013-05-17 02:00 - 2010-12-07 23:47 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe</p><p>2013-05-17 01:45 - 2013-05-17 01:44 - 02137424 ____A (Solid State Networks) C:\Users\Chikenfoot\Downloads\install_flashplayer11x32axau_mssd_aih.exe</p><p>2013-05-04 15:38 - 2012-10-26 09:08 - 00000000 ____D C:\Users\Chikenfoot\Desktop\spam</p><p>2013-05-04 14:44 - 2013-05-04 14:40 - 00000124 ___AH C:\Users\Chikenfoot\Downloads\.picasa.ini</p><p>2013-05-04 07:15 - 2013-05-04 07:15 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\AVG SafeGuard toolbar</p><p>2013-05-04 07:15 - 2013-05-04 07:15 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\Application Data\AVG SafeGuard toolbar</p><p>2013-05-04 07:15 - 2013-05-04 07:15 - 00000000 ____D C:\Users\Chikenfoot\AppData\Local\AVG SafeGuard toolbar</p><p>2013-05-04 07:15 - 2013-05-04 07:15 - 00000000 ____D C:\ProgramData\AVG Security Toolbar</p><p>2013-05-04 07:15 - 2013-05-04 07:15 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar</p><p>2013-05-04 07:15 - 2013-05-04 07:15 - 00000000 ____D C:\ProgramData\Application Data\AVG Security Toolbar</p><p>2013-05-04 07:15 - 2013-05-04 07:15 - 00000000 ____D C:\ProgramData\Application Data\AVG SafeGuard toolbar</p><p>2013-05-01 19:56 - 2012-12-25 11:59 - 00000000 ____D C:\Users\Chikenfoot\Desktop\Mac</p><p></p><p>Other Malware:</p><p>===========</p><p>C:\Users\Chikenfoot\AppData\Roaming\skype.dat</p><p>C:\Users\Chikenfoot\AppData\Roaming\skype.ini</p><p></p><p>==================== Known DLLs (Whitelisted) ================</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\wininit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\SysWOW64\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== EXE ASSOCIATION =====================</p><p></p><p>HKLM\...\.exe: exefile => OK</p><p>HKLM\...\exefile\DefaultIcon: %1 => OK</p><p>HKLM\...\exefile\open\command: "%1" %* => OK</p><p></p><p>==================== Restore Points =========================</p><p></p><p>Restore point made on: 2013-03-23 23:00:28</p><p>Restore point made on: 2013-04-01 12:02:25</p><p>Restore point made on: 2013-04-01 12:03:42</p><p>Restore point made on: 2013-04-12 16:23:50</p><p>Restore point made on: 2013-04-19 21:11:38</p><p>Restore point made on: 2013-04-26 18:32:30</p><p>Restore point made on: 2013-05-17 02:00:42</p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 14%</p><p>Total physical RAM: 3892.52 MB</p><p>Available physical RAM: 3310.81 MB</p><p>Total Pagefile: 3890.67 MB</p><p>Available Pagefile: 3303.55 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.85 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:192.27 GB) NTFS (Disk=0 Partition=3)</p><p>Drive e: (PODPOD) (Removable) (Total:0.48 GB) (Free:0.41 GB) FAT32 (Disk=2 Partition=1)</p><p>Drive f: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:5.34 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]</p><p>Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: F6996217)</p><p>Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)</p><p>Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)</p><p>Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)</p><p></p><p>========================================================</p><p>Disk: 2 (Size: 491 MB) (Disk ID: 00000000)</p><p>Partition 1: (Active) - (Size=491 MB) - (Type=0B)</p><p></p><p></p><p>Last Boot: 2013-04-27 20:36</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="chikenfoot, post: 122892, member: 8631"] Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2013 01 Ran by SYSTEM on 30-05-2013 21:16:20 Running from E:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2122536 2010-05-07] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10144288 2010-04-13] (Realtek Semiconductor) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X] HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [x] HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-28] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.) HKLM-x32\...\Run: [dellsupportcenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [206064 2009-05-21] (SupportSoft, Inc.) HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" [1255088 2013-05-27] (AVG Secure Search) HKU\Chikenfoot\...\Run: [dg] C:\Users\Chikenfoot\AppData\Roaming\Microsoft\RSBOT.exe [x] HKU\Chikenfoot\...\Run: [SansaDispatch] C:\Users\Chikenfoot\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [613888 2013-04-27] (SanDisk Corporation) HKU\Chikenfoot\...\Run: [ROC_ROC_APR2013_AV] C:\Users\Chikenfoot\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid d0cd2c9c845b47d182342104e4a2ffb2-86a25157b67a51fcc20b8a31f63a59c2000d6af5 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 [x] HKU\Chikenfoot\...\Winlogon: [Shell] explorer.exe,C:\Users\Chikenfoot\AppData\Roaming\skype.dat [161280 2011-11-17] (HSN Software LLC) <==== ATTENTION HKU\Guest\...\Run: [Best Buy pc app] C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms [x] HKU\Guest\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4240760 2010-09-23] (Microsoft Corporation) HKU\Guest\...\Run: [dg] C:\Users\Guest\AppData\Roaming\Microsoft\RSBOT.exe [x] HKU\Guest\...\Run: [QuickPhrase] "C:\Program Files (x86)\TypingMaster\QuickPhrase\quickphrase.exe" [x] HKU\Guest\...\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x] HKU\Guest\...\Run: [SansaDispatch] C:\Users\Guest\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [x] HKU\Guest\...\Run: [RebateInformer] C:\PROGRA~2\REBATE~1\REBATE~1.EXE /STARTUP [x] HKU\Guest\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /schedule 300000 [4932056 2012-11-12] (Exent Technologies Ltd.) HKU\Love and Peace\...\Run: [Best Buy pc app] C:\Users\Love and Peace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms [x] Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Love and Peace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) ==================== Services (Whitelisted) ================= S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-13] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.) S2 vToolbarUpdater15.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-27] (AVG Secure Search) ==================== Drivers (Whitelisted) ==================== S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.) S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.) S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.) S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.) S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.) S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.) S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.) S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-05-27] (AVG Technologies) S2 X5XSEx_Pr143; C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [56136 2012-08-02] (Exent Technologies Ltd.) S2 MCSTRM; No ImagePath S2 mrtRate; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-30 21:16 - 2013-05-30 21:16 - 00000000 ____D C:\FRST 2013-05-30 09:40 - 2013-05-30 12:36 - 00000004 ____A C:\Users\Chikenfoot\Application Data\skype.ini 2013-05-30 09:40 - 2013-05-30 12:36 - 00000004 ____A C:\Users\Chikenfoot\AppData\Roaming\skype.ini 2013-05-30 09:37 - 2013-05-30 10:00 - 00000336 ___AH C:\Windows\Tasks\{42939782-2A54-4C6F-86F2-4477B2211B63}.job 2013-05-30 09:37 - 2013-05-30 09:37 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\Application Data\94b25045-e8dc-41b0-9948-88010b369249ad 2013-05-30 09:37 - 2013-05-30 09:37 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\94b25045-e8dc-41b0-9948-88010b369249ad 2013-05-30 09:37 - 2013-05-30 09:37 - 00000000 ____D C:\Users\Chikenfoot\AppData\Local\94b25045-e8dc-41b0-9948-88010b369249ad 2013-05-25 13:46 - 2013-05-25 14:01 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\Mixxx 2013-05-25 13:46 - 2013-05-25 14:01 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\Application Data\Mixxx 2013-05-25 13:46 - 2013-05-25 14:01 - 00000000 ____D C:\Users\Chikenfoot\AppData\Local\Mixxx 2013-05-25 13:44 - 2013-05-25 13:44 - 00001947 ____A C:\Users\Guest\Desktop\Digital DJ Pro.lnk 2013-05-25 13:43 - 2013-05-25 13:44 - 00000000 ____D C:\Program Files (x86)\Digital DJ Pro 2013-05-17 01:44 - 2013-05-17 01:45 - 02137424 ____A (Solid State Networks) C:\Users\Chikenfoot\Downloads\install_flashplayer11x32axau_mssd_aih.exe 2013-05-12 15:03 - 2013-05-30 09:41 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\Realtek 2013-05-12 15:03 - 2013-05-30 09:41 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\Application Data\Realtek 2013-05-12 15:03 - 2013-05-30 09:41 - 00000000 ____D C:\Users\Chikenfoot\AppData\Local\Realtek 2013-05-12 14:00 - 2013-05-18 12:48 - 00000000 ____D C:\Users\Chikenfoot\My Documents\Talent Show Song Considerations 2013-05-12 14:00 - 2013-05-18 12:48 - 00000000 ____D C:\Users\Chikenfoot\Documents\Talent Show Song Considerations 2013-05-04 14:40 - 2013-05-04 14:44 - 00000124 ___AH C:\Users\Chikenfoot\Downloads\.picasa.ini 2013-05-04 07:15 - 2013-05-04 07:15 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\AVG SafeGuard toolbar 2013-05-04 07:15 - 2013-05-04 07:15 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\Application Data\AVG SafeGuard toolbar 2013-05-04 07:15 - 2013-05-04 07:15 - 00000000 ____D C:\Users\Chikenfoot\AppData\Local\AVG SafeGuard toolbar 2013-05-04 07:15 - 2013-05-04 07:15 - 00000000 ____D C:\ProgramData\AVG Security Toolbar 2013-05-04 07:15 - 2013-05-04 07:15 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar 2013-05-04 07:15 - 2013-05-04 07:15 - 00000000 ____D C:\ProgramData\Application Data\AVG Security Toolbar 2013-05-04 07:15 - 2013-05-04 07:15 - 00000000 ____D C:\ProgramData\Application Data\AVG SafeGuard toolbar 2013-05-04 07:14 - 2013-05-27 00:12 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys 2013-05-04 07:14 - 2013-05-27 00:12 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar ==================== One Month Modified Files and Folders ======= 2013-05-30 21:16 - 2013-05-30 21:16 - 00000000 ____D C:\FRST 2013-05-30 12:36 - 2013-05-30 09:40 - 00000004 ____A C:\Users\Chikenfoot\Application Data\skype.ini 2013-05-30 12:36 - 2013-05-30 09:40 - 00000004 ____A C:\Users\Chikenfoot\AppData\Roaming\skype.ini 2013-05-30 12:35 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-30 12:35 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-30 12:28 - 2013-04-03 11:20 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-30 12:28 - 2010-08-24 17:11 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks 2013-05-30 12:28 - 2010-08-24 17:11 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks 2013-05-30 12:28 - 2010-08-24 17:11 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2013-05-30 12:28 - 2010-08-24 17:11 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks 2013-05-30 12:28 - 2010-08-24 17:11 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks 2013-05-30 12:28 - 2010-08-24 17:11 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2013-05-30 12:28 - 2010-08-24 16:57 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2013-05-30 12:27 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-30 12:27 - 2009-07-13 23:51 - 00089195 ____A C:\Windows\setupact.log 2013-05-30 10:16 - 2013-04-03 11:20 - 00000906 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-30 10:14 - 2012-04-10 18:45 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-30 10:08 - 2009-07-14 00:10 - 01335144 ____A C:\Windows\WindowsUpdate.log 2013-05-30 10:00 - 2013-05-30 09:37 - 00000336 ___AH C:\Windows\Tasks\{42939782-2A54-4C6F-86F2-4477B2211B63}.job 2013-05-30 09:41 - 2013-05-12 15:03 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\Realtek 2013-05-30 09:41 - 2013-05-12 15:03 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\Application Data\Realtek 2013-05-30 09:41 - 2013-05-12 15:03 - 00000000 ____D C:\Users\Chikenfoot\AppData\Local\Realtek 2013-05-30 09:39 - 2010-08-24 18:27 - 00100042 ____A C:\Windows\PFRO.log 2013-05-30 09:38 - 2010-12-07 23:28 - 00000000 ____D C:\users\Chikenfoot 2013-05-30 09:37 - 2013-05-30 09:37 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\Application Data\94b25045-e8dc-41b0-9948-88010b369249ad 2013-05-30 09:37 - 2013-05-30 09:37 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\94b25045-e8dc-41b0-9948-88010b369249ad 2013-05-30 09:37 - 2013-05-30 09:37 - 00000000 ____D C:\Users\Chikenfoot\AppData\Local\94b25045-e8dc-41b0-9948-88010b369249ad 2013-05-30 09:35 - 2011-06-08 22:17 - 00000000 ____D C:\ProgramData\MFAData 2013-05-30 09:35 - 2011-06-08 22:17 - 00000000 ____D C:\ProgramData\Application Data\MFAData 2013-05-29 18:35 - 2009-07-14 00:13 - 00727334 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-29 12:37 - 2011-12-01 17:13 - 00000000 ____D C:\Users\Chikenfoot\Application Data\SoftGrid Client 2013-05-29 12:37 - 2011-12-01 17:13 - 00000000 ____D C:\Users\Chikenfoot\AppData\Roaming\SoftGrid Client 2013-05-29 12:26 - 2011-03-25 17:09 - 00012800 ____A C:\Users\Chikenfoot\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-05-29 12:26 - 2011-03-25 17:09 - 00012800 ____A C:\Users\Chikenfoot\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-05-29 12:26 - 2011-03-25 17:09 - 00012800 ____A C:\Users\Chikenfoot\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-05-27 00:12 - 2013-05-04 07:14 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys 2013-05-27 00:12 - 2013-05-04 07:14 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar 2013-05-27 00:12 - 2013-02-10 22:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-25 14:34 - 2010-08-24 16:46 - 00000000 ____D C:\ProgramData\Application Data\Adobe 2013-05-25 14:34 - 2010-08-24 16:46 - 00000000 ____D C:\ProgramData\Adobe 2013-05-25 14:08 - 2012-12-28 18:32 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\CrashDumps 2013-05-25 14:08 - 2012-12-28 18:32 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\Application Data\CrashDumps 2013-05-25 14:08 - 2012-12-28 18:32 - 00000000 ____D C:\Users\Chikenfoot\AppData\Local\CrashDumps 2013-05-25 14:01 - 2013-05-25 13:46 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\Mixxx 2013-05-25 14:01 - 2013-05-25 13:46 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\Application Data\Mixxx 2013-05-25 14:01 - 2013-05-25 13:46 - 00000000 ____D C:\Users\Chikenfoot\AppData\Local\Mixxx 2013-05-25 13:45 - 2011-11-20 17:33 - 00000000 ____D C:\Users\Chikenfoot\Desktop\Alexis 2013-05-25 13:44 - 2013-05-25 13:44 - 00001947 ____A C:\Users\Guest\Desktop\Digital DJ Pro.lnk 2013-05-25 13:44 - 2013-05-25 13:43 - 00000000 ____D C:\Program Files (x86)\Digital DJ Pro 2013-05-25 08:49 - 2012-12-13 18:53 - 00000927 ____A C:\Users\Public\Desktop\AVG 2013.lnk 2013-05-25 08:49 - 2012-12-13 18:53 - 00000927 ____A C:\ProgramData\Desktop\AVG 2013.lnk 2013-05-25 06:04 - 2013-04-03 11:25 - 00002145 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2013-05-25 06:04 - 2013-04-03 11:25 - 00002145 ____A C:\ProgramData\Desktop\Google Chrome.lnk 2013-05-18 12:48 - 2013-05-12 14:00 - 00000000 ____D C:\Users\Chikenfoot\My Documents\Talent Show Song Considerations 2013-05-18 12:48 - 2013-05-12 14:00 - 00000000 ____D C:\Users\Chikenfoot\Documents\Talent Show Song Considerations 2013-05-18 09:43 - 2011-02-20 22:15 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\Windows Live 2013-05-18 09:43 - 2011-02-20 22:15 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\Application Data\Windows Live 2013-05-18 09:43 - 2011-02-20 22:15 - 00000000 ____D C:\Users\Chikenfoot\AppData\Local\Windows Live 2013-05-17 03:17 - 2012-04-10 18:45 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-05-17 03:17 - 2011-07-10 18:32 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-05-17 02:00 - 2010-12-07 23:47 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-05-17 01:45 - 2013-05-17 01:44 - 02137424 ____A (Solid State Networks) C:\Users\Chikenfoot\Downloads\install_flashplayer11x32axau_mssd_aih.exe 2013-05-04 15:38 - 2012-10-26 09:08 - 00000000 ____D C:\Users\Chikenfoot\Desktop\spam 2013-05-04 14:44 - 2013-05-04 14:40 - 00000124 ___AH C:\Users\Chikenfoot\Downloads\.picasa.ini 2013-05-04 07:15 - 2013-05-04 07:15 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\AVG SafeGuard toolbar 2013-05-04 07:15 - 2013-05-04 07:15 - 00000000 ____D C:\Users\Chikenfoot\Local Settings\Application Data\AVG SafeGuard toolbar 2013-05-04 07:15 - 2013-05-04 07:15 - 00000000 ____D C:\Users\Chikenfoot\AppData\Local\AVG SafeGuard toolbar 2013-05-04 07:15 - 2013-05-04 07:15 - 00000000 ____D C:\ProgramData\AVG Security Toolbar 2013-05-04 07:15 - 2013-05-04 07:15 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar 2013-05-04 07:15 - 2013-05-04 07:15 - 00000000 ____D C:\ProgramData\Application Data\AVG Security Toolbar 2013-05-04 07:15 - 2013-05-04 07:15 - 00000000 ____D C:\ProgramData\Application Data\AVG SafeGuard toolbar 2013-05-01 19:56 - 2012-12-25 11:59 - 00000000 ____D C:\Users\Chikenfoot\Desktop\Mac Other Malware: =========== C:\Users\Chikenfoot\AppData\Roaming\skype.dat C:\Users\Chikenfoot\AppData\Roaming\skype.ini ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-03-23 23:00:28 Restore point made on: 2013-04-01 12:02:25 Restore point made on: 2013-04-01 12:03:42 Restore point made on: 2013-04-12 16:23:50 Restore point made on: 2013-04-19 21:11:38 Restore point made on: 2013-04-26 18:32:30 Restore point made on: 2013-05-17 02:00:42 ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 3892.52 MB Available physical RAM: 3310.81 MB Total Pagefile: 3890.67 MB Available Pagefile: 3303.55 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:192.27 GB) NTFS (Disk=0 Partition=3) Drive e: (PODPOD) (Removable) (Total:0.48 GB) (Free:0.41 GB) FAT32 (Disk=2 Partition=1) Drive f: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:5.34 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)] Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: F6996217) Partition 1: (Not Active) - (Size=100 MB) - (Type=DE) Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 491 MB) (Disk ID: 00000000) Partition 1: (Active) - (Size=491 MB) - (Type=0B) Last Boot: 2013-04-27 20:36 ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top