Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
FBI MONEYPAK VIRUS
Message
<blockquote data-quote="Awp264" data-source="post: 123135" data-attributes="member: 8665"><p>Thank you Fiery! Here is the info you requested...</p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-06-2013</p><p>Ran by SYSTEM on 01-06-2013 16:13:20</p><p>Running from E:\</p><p>Windows 7 Home Premium (X86) OS Language: English(US)</p><p>Internet Explorer Version 9</p><p>Boot Mode: Recovery</p><p></p><p>The current controlset is ControlSet002</p><p><strong>ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.</strong></p><p></p><p></p><p>ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.</p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [15960096 2009-03-06] (NVIDIA Corporation)</p><p>HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [82464 2009-03-06] (NVIDIA Corporation)</p><p>HKLM\...\Runonce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [x]</p><p>HKLM\...\Winlogon: [Shell] regsvr32 /n /i /s "C:\Users\Heather\AppData\Local\sjwsnt.jsc" [x ] () <=== ATTENTION</p><p>HKU\Heather\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [ 2013-03-29] (Valve Corporation)</p><p>HKU\Heather\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [ 2013-04-19] (Skype Technologies S.A.)</p><p>HKU\Heather\...\Run: [Yontoo Desktop] "C:\Users\Heather\AppData\Roaming\Yontoo\YontooDesktop.exe" [x]</p><p>HKU\Heather\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe -update activex [ 2013-03-09] (Adobe Systems Incorporated)</p><p>BootExecute: autocheck autochk * bootdelete</p><p></p><p>========================== Services (Whitelisted) =================</p><p></p><p>S2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [16896 2009-03-27] (LSI Corporation)</p><p>S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-30] (AVAST Software)</p><p>S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)</p><p>S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation)</p><p>S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-20] (Microsoft Corporation)</p><p>S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-05-31] (SurfRight B.V.)</p><p>S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [856400 2010-11-20] (Microsoft Corporation)</p><p>S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)</p><p>S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)</p><p>S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [117144 2013-05-26] (Mozilla Foundation)</p><p>S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [116560 2009-06-10] (Microsoft Corporation)</p><p>S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation)</p><p>S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-05-14] (Skype Technologies S.A.)</p><p>S2 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [161384 2013-02-28] (Skype Technologies)</p><p>S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [489256 2012-11-19] (Valve Corporation)</p><p>S2 vToolbarUpdater15.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-31] (AVG Secure Search)</p><p>S2 WirelessUSB; C:\Program Files (x86)\CNet\Wireless LAN Driver and Utility\RtlService.exe [36864 2010-04-16] (Realtek)</p><p>S2 HitmanPro37CrusaderBoot; "E:\HitmanPro_x64.exe" /crusader:boot [x]</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>S3 AgereSoftModem; C:\Windows\System32\DRIVERS\agrsm64.sys [1208320 2009-06-11] (LSI Corporation)</p><p>S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)</p><p>S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)</p><p>S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software)</p><p>S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software)</p><p>S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)</p><p>S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)</p><p>S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-05-31] (AVG Technologies)</p><p>S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)</p><p>S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)</p><p>S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)</p><p>S3 hitmanpro35; C:\Windows\system32\drivers\hitmanpro35.sys [23112 2013-03-24] ()</p><p>S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation)</p><p>S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)</p><p>S3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation)</p><p>S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [848384 2011-02-10] (Realtek Semiconductor Corporation )</p><p>S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [2061856 2010-03-23] (Realtek Semiconductor Corporation )</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-06-01 16:13 - 2013-06-01 16:13 - 00000000 ____D C:\FRST</p><p>2013-05-31 22:02 - 2013-05-31 22:02 - 00000000 ____D C:\Windows\SysWOW64\cache</p><p>2013-05-31 20:00 - 2013-05-31 20:01 - 00003725 ____A C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml</p><p>2013-05-29 00:21 - 2013-05-29 00:21 - 304158412 ____A C:\Windows\MEMORY.DMP</p><p>2013-05-29 00:21 - 2013-05-29 00:21 - 00000000 ____D C:\Windows\Minidump</p><p>2013-05-28 23:48 - 2013-05-28 23:48 - 00318322 ____A C:\Windows\System32\HitmanPro_20130528_2348.log</p><p>2013-05-28 21:55 - 2013-05-31 20:43 - 00001821 ____A C:\Users\Public\Desktop\HitmanPro.lnk</p><p>2013-05-28 21:55 - 2013-05-31 20:43 - 00000000 ____D C:\Program Files\HitmanPro</p><p>2013-05-27 11:12 - 2013-05-27 11:12 - 00100352 ____A (G<o) C:\Users\Heather\AppData\Local\sjwsnt.jsc</p><p>2013-05-26 22:10 - 2013-05-27 00:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox</p><p>2013-05-26 19:13 - 2013-05-26 19:13 - 00000000 ____D C:\Users\Heather\AppData\Local\Macromedia</p><p>2013-05-17 23:35 - 2013-05-17 23:35 - 00017249 ____A C:\Users\Heather\Desktop\Price Budget.ods</p><p>2013-05-17 10:10 - 2013-02-27 02:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe</p><p>2013-05-17 10:10 - 2013-02-27 01:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll</p><p>2013-05-17 10:10 - 2013-02-27 01:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll</p><p>2013-05-17 10:10 - 2013-02-27 01:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll</p><p>2013-05-17 10:10 - 2013-02-27 01:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll</p><p>2013-05-17 10:10 - 2013-02-27 00:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll</p><p>2013-05-17 10:10 - 2013-02-27 00:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll</p><p>2013-05-17 10:10 - 2013-02-27 00:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll</p><p>2013-05-17 10:07 - 2013-04-10 02:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys</p><p>2013-05-17 10:07 - 2013-04-10 02:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys</p><p>2013-05-17 10:07 - 2011-02-03 07:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll</p><p>2013-05-17 09:26 - 2013-04-05 02:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe</p><p>2013-05-17 09:26 - 2013-04-05 02:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll</p><p>2013-05-17 09:26 - 2013-04-05 02:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll</p><p>2013-05-17 09:26 - 2013-04-05 02:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll</p><p>2013-05-17 09:26 - 2013-04-05 02:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll</p><p>2013-05-17 09:26 - 2013-04-05 02:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll</p><p>2013-05-17 09:26 - 2013-04-05 01:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll</p><p>2013-05-17 09:26 - 2013-04-05 01:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll</p><p>2013-05-17 09:26 - 2013-04-05 01:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll</p><p>2013-05-17 09:26 - 2013-04-05 01:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll</p><p>2013-05-17 09:26 - 2013-04-05 01:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll</p><p>2013-05-17 09:26 - 2013-04-05 00:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb</p><p>2013-05-17 09:26 - 2013-04-05 00:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb</p><p>2013-05-17 09:26 - 2013-04-04 23:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe</p><p>2013-05-17 09:26 - 2013-04-04 23:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe</p><p>2013-05-17 09:25 - 2013-04-05 02:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll</p><p>2013-05-17 09:25 - 2013-04-05 02:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll</p><p>2013-05-17 09:25 - 2013-04-05 02:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll</p><p>2013-05-17 09:25 - 2013-04-05 02:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll</p><p>2013-05-17 09:25 - 2013-04-05 02:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll</p><p>2013-05-17 09:25 - 2013-04-05 02:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll</p><p>2013-05-17 09:25 - 2013-04-05 02:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll</p><p>2013-05-17 09:25 - 2013-04-05 02:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll</p><p>2013-05-17 09:25 - 2013-04-05 01:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll</p><p>2013-05-17 09:25 - 2013-04-05 01:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll</p><p>2013-05-17 09:25 - 2013-04-05 01:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll</p><p>2013-05-17 09:25 - 2013-04-05 01:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll</p><p>2013-05-17 09:25 - 2013-04-05 01:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll</p><p>2013-05-17 09:25 - 2013-04-05 01:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll</p><p>2013-05-17 09:25 - 2013-04-05 01:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll</p><p>2013-05-17 09:25 - 2013-04-05 01:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll</p><p>2013-05-16 21:48 - 2013-04-09 23:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys</p><p>2013-05-16 21:48 - 2013-03-19 01:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll</p><p>2013-05-16 21:48 - 2013-03-19 01:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll</p><p>2013-05-16 21:14 - 2013-05-16 21:14 - 00001113 ____A C:\Users\Heather\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2013-05-08 18:06 - 2013-05-08 18:06 - 00018009 ____A C:\Users\Heather\Documents\Adam REsume.odt</p><p>2013-05-07 19:44 - 2013-05-07 19:44 - 00000193 ____A C:\Windows\WORDPAD.INI</p><p>2013-05-03 21:41 - 2013-05-27 11:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service</p><p>2013-05-03 21:41 - 2013-05-27 01:17 - 00000456 ___AH C:\Windows\Tasks\Norton Security Scan for Heather.job</p><p>2013-05-03 21:41 - 2013-05-03 21:42 - 00000000 ____D C:\Users\Heather\AppData\Roaming\Mozilla</p><p>2013-05-03 21:41 - 2013-05-03 21:41 - 00001457 ____A C:\Users\Public\Desktop\Norton Security Scan.LNK</p><p>2013-05-03 21:41 - 2013-05-03 21:41 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk</p><p>2013-05-03 21:41 - 2013-05-03 21:41 - 00000000 ____D C:\Windows\System32\Drivers\NSSx64</p><p>2013-05-03 21:41 - 2013-05-03 21:41 - 00000000 ____D C:\Users\Heather\AppData\Local\Mozilla</p><p>2013-05-03 21:41 - 2013-05-03 21:41 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan</p><p>2013-05-03 21:40 - 2013-05-03 21:40 - 00000000 ____D C:\Users\Heather\AppData\Local\Google</p><p>2013-05-03 21:35 - 2013-05-03 21:35 - 00000000 ____D C:\Users\Heather\AppData\Local\AVG SafeGuard toolbar</p><p>2013-05-03 21:34 - 2013-05-31 20:00 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar</p><p>2013-05-03 21:34 - 2013-05-31 19:58 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys</p><p>2013-05-03 21:33 - 2013-05-26 23:56 - 00000000 ____D C:\Users\Heather\AppData\Roaming\Yontoo</p><p>2013-05-03 21:33 - 2013-05-03 21:40 - 21041840 ____A (Mozilla) C:\Users\Heather\Downloads\Firefox_Setup_20.0 [1].exe</p><p></p><p>==================== One Month Modified Files and Folders ========</p><p></p><p>2013-06-01 16:13 - 2013-06-01 16:13 - 00000000 ____D C:\FRST</p><p>2013-06-01 00:55 - 2013-03-08 23:27 - 00017408 ____A C:\Windows\System32\rpcnetp.exe</p><p>2013-06-01 00:41 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT</p><p>2013-06-01 00:41 - 2009-07-14 00:51 - 00033618 ____A C:\Windows\setupact.log</p><p>2013-05-31 23:12 - 2009-07-14 00:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2013-05-31 23:12 - 2009-07-14 00:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2013-05-31 23:04 - 2013-03-31 15:31 - 00000418 ____A C:\Windows\Tasks\Quick PC Booster64 startups.job</p><p>2013-05-31 23:04 - 2013-03-09 09:39 - 00000328 ____A C:\Windows\Tasks\GlaryInitialize.job</p><p>2013-05-31 22:48 - 2013-03-08 23:31 - 01391301 ____A C:\Windows\WindowsUpdate.log</p><p>2013-05-31 22:43 - 2013-03-16 07:44 - 00001616 ____A C:\Windows\System32\.crusader</p><p>2013-05-31 22:07 - 2009-07-13 23:20 - 00000000 ___RD C:\Program Files (x86)</p><p>2013-05-31 22:02 - 2013-05-31 22:02 - 00000000 ____D C:\Windows\SysWOW64\cache</p><p>2013-05-31 22:02 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64</p><p>2013-05-31 20:43 - 2013-05-28 21:55 - 00001821 ____A C:\Users\Public\Desktop\HitmanPro.lnk</p><p>2013-05-31 20:43 - 2013-05-28 21:55 - 00000000 ____D C:\Program Files\HitmanPro</p><p>2013-05-31 20:01 - 2013-05-31 20:00 - 00003725 ____A C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml</p><p>2013-05-31 20:00 - 2013-05-03 21:34 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar</p><p>2013-05-31 19:58 - 2013-05-03 21:34 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys</p><p>2013-05-29 00:21 - 2013-05-29 00:21 - 304158412 ____A C:\Windows\MEMORY.DMP</p><p>2013-05-29 00:21 - 2013-05-29 00:21 - 00000000 ____D C:\Windows\Minidump</p><p>2013-05-28 23:48 - 2013-05-28 23:48 - 00318322 ____A C:\Windows\System32\HitmanPro_20130528_2348.log</p><p>2013-05-28 22:50 - 2009-07-14 01:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI</p><p>2013-05-27 12:05 - 2009-07-14 00:45 - 00024576 ____A C:\Windows\System32\umstartup.etl</p><p>2013-05-27 11:27 - 2013-05-03 21:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service</p><p>2013-05-27 11:27 - 2010-11-20 23:47 - 00058664 ____A C:\Windows\PFRO.log</p><p>2013-05-27 11:12 - 2013-05-27 11:12 - 00100352 ____A (G<o) C:\Users\Heather\AppData\Local\sjwsnt.jsc</p><p>2013-05-27 01:17 - 2013-05-03 21:41 - 00000456 ___AH C:\Windows\Tasks\Norton Security Scan for Heather.job</p><p>2013-05-27 00:29 - 2013-05-26 22:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox</p><p>2013-05-26 23:56 - 2013-05-03 21:33 - 00000000 ____D C:\Users\Heather\AppData\Roaming\Yontoo</p><p>2013-05-26 22:31 - 2013-04-22 11:47 - 00000000 ___RD C:\Program Files (x86)\Skype</p><p>2013-05-26 21:15 - 2013-04-22 11:48 - 00000000 ____D C:\Users\Heather\AppData\Roaming\Skype</p><p>2013-05-26 19:13 - 2013-05-26 19:13 - 00000000 ____D C:\Users\Heather\AppData\Local\Macromedia</p><p>2013-05-26 19:13 - 2013-03-09 19:03 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</p><p>2013-05-26 19:13 - 2013-03-09 19:03 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2013-05-22 11:08 - 2013-04-06 14:29 - 00000000 ____D C:\Program Files (x86)\Steam</p><p>2013-05-19 22:19 - 2013-03-24 09:04 - 00000000 ____D C:\Users\Heather\AppData\Roaming\BitTorrent</p><p>2013-05-18 23:53 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\NDF</p><p>2013-05-17 23:35 - 2013-05-17 23:35 - 00017249 ____A C:\Users\Heather\Desktop\Price Budget.ods</p><p>2013-05-17 12:45 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Microsoft.NET</p><p>2013-05-17 09:39 - 2009-07-14 00:45 - 00300232 ____A C:\Windows\System32\FNTCACHE.DAT</p><p>2013-05-16 21:14 - 2013-05-16 21:14 - 00001113 ____A C:\Users\Heather\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2013-05-16 11:46 - 2013-03-09 09:18 - 00000000 ___RD C:\Users\Heather\Desktop\Unused Desktop Icons</p><p>2013-05-16 09:16 - 2013-03-09 07:52 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe</p><p>2013-05-08 18:06 - 2013-05-08 18:06 - 00018009 ____A C:\Users\Heather\Documents\Adam REsume.odt</p><p>2013-05-07 19:44 - 2013-05-07 19:44 - 00000193 ____A C:\Windows\WORDPAD.INI</p><p>2013-05-05 21:22 - 2013-03-31 16:56 - 00000000 ____D C:\Users\Heather\AppData\Local\Microsoft Games</p><p>2013-05-03 21:42 - 2013-05-03 21:41 - 00000000 ____D C:\Users\Heather\AppData\Roaming\Mozilla</p><p>2013-05-03 21:41 - 2013-05-03 21:41 - 00001457 ____A C:\Users\Public\Desktop\Norton Security Scan.LNK</p><p>2013-05-03 21:41 - 2013-05-03 21:41 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk</p><p>2013-05-03 21:41 - 2013-05-03 21:41 - 00000000 ____D C:\Windows\System32\Drivers\NSSx64</p><p>2013-05-03 21:41 - 2013-05-03 21:41 - 00000000 ____D C:\Users\Heather\AppData\Local\Mozilla</p><p>2013-05-03 21:41 - 2013-05-03 21:41 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan</p><p>2013-05-03 21:40 - 2013-05-03 21:40 - 00000000 ____D C:\Users\Heather\AppData\Local\Google</p><p>2013-05-03 21:40 - 2013-05-03 21:33 - 21041840 ____A (Mozilla) C:\Users\Heather\Downloads\Firefox_Setup_20.0 [1].exe</p><p>2013-05-03 21:35 - 2013-05-03 21:35 - 00000000 ____D C:\Users\Heather\AppData\Local\AVG SafeGuard toolbar</p><p>2013-05-02 02:06 - 2010-11-20 23:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe</p><p></p><p>==================== Known DLLs (Whitelisted) ============</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\explorer.exe</p><p>[2013-03-08 23:11] - [2011-02-25 02:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3</p><p></p><p>C:\Windows\System32\winlogon.exe</p><p>[2010-11-20 23:24] - [2010-11-20 23:24] - 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457</p><p></p><p>C:\Windows\System32\wininit.exe</p><p>[2009-07-13 19:52] - [2009-07-13 21:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA</p><p></p><p>C:\Windows\System32\svchost.exe</p><p>[2009-07-13 19:31] - [2009-07-13 21:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D</p><p></p><p>C:\Windows\System32\services.exe</p><p>[2009-07-13 19:19] - [2009-07-13 21:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB</p><p></p><p>C:\Windows\System32\User32.dll</p><p>[2010-11-20 23:24] - [2010-11-20 23:24] - 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B</p><p></p><p>C:\Windows\System32\userinit.exe</p><p>[2010-11-20 23:24] - [2010-11-20 23:24] - 0030720 ____A (Microsoft Corporation) BAFE84E637BF7388C96EF48D4D3FDD53</p><p></p><p>C:\Windows\System32\Drivers\volsnap.sys</p><p>[2010-11-20 23:23] - [2010-11-20 23:23] - 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639</p><p></p><p></p><p>==================== EXE ASSOCIATION =====================</p><p></p><p>HKLM\...\.exe: exefile => OK</p><p>HKLM\...\exefile\DefaultIcon: %1 => OK</p><p>HKLM\...\exefile\open\command: "%1" %* => OK</p><p></p><p>==================== Restore Points =========================</p><p></p><p>Restore point made on: 2013-05-22 21:11:04</p><p>Restore point made on: 2013-05-28 22:55:13</p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 10%</p><p>Total physical RAM: 2686.6 MB</p><p>Available physical RAM: 2394.07 MB</p><p>Total Pagefile: 2513.46 MB</p><p>Available Pagefile: 2442.43 MB</p><p>Total Virtual: 2047.88 MB</p><p>Available Virtual: 1991.55 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS</p><p>Drive c: () (Fixed) (Total:55.79 GB) (Free:24.28 GB) NTFS</p><p>Drive e: (PRICEJDRIVE) (Removable) (Total:3.71 GB) (Free:3.71 GB) FAT32</p><p>Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS</p><p>Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 56 GB) (Disk ID: 14CB14CB)</p><p>Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)</p><p>Partition 2: (Not Active) - (Size=56 GB) - (Type=07 NTFS)</p><p></p><p>========================================================</p><p>Disk: 1 (Size: 4 GB) (Disk ID: FC3F57BF)</p><p>Partition 1: (Active) - (Size=4 GB) - (Type=0B)</p><p></p><p></p><p>Last Boot: 2013-04-04 13:10</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="Awp264, post: 123135, member: 8665"] Thank you Fiery! Here is the info you requested... Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-06-2013 Ran by SYSTEM on 01-06-2013 16:13:20 Running from E:\ Windows 7 Home Premium (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet002 [b]ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.[/b] ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [15960096 2009-03-06] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [82464 2009-03-06] (NVIDIA Corporation) HKLM\...\Runonce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [x] HKLM\...\Winlogon: [Shell] regsvr32 /n /i /s "C:\Users\Heather\AppData\Local\sjwsnt.jsc" [x ] () <=== ATTENTION HKU\Heather\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [ 2013-03-29] (Valve Corporation) HKU\Heather\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [ 2013-04-19] (Skype Technologies S.A.) HKU\Heather\...\Run: [Yontoo Desktop] "C:\Users\Heather\AppData\Roaming\Yontoo\YontooDesktop.exe" [x] HKU\Heather\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe -update activex [ 2013-03-09] (Adobe Systems Incorporated) BootExecute: autocheck autochk * bootdelete ========================== Services (Whitelisted) ================= S2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [16896 2009-03-27] (LSI Corporation) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-30] (AVAST Software) S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation) S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation) S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-20] (Microsoft Corporation) S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-05-31] (SurfRight B.V.) S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [856400 2010-11-20] (Microsoft Corporation) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [117144 2013-05-26] (Mozilla Foundation) S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [116560 2009-06-10] (Microsoft Corporation) S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation) S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-05-14] (Skype Technologies S.A.) S2 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [161384 2013-02-28] (Skype Technologies) S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [489256 2012-11-19] (Valve Corporation) S2 vToolbarUpdater15.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-31] (AVG Secure Search) S2 WirelessUSB; C:\Program Files (x86)\CNet\Wireless LAN Driver and Utility\RtlService.exe [36864 2010-04-16] (Realtek) S2 HitmanPro37CrusaderBoot; "E:\HitmanPro_x64.exe" /crusader:boot [x] ==================== Drivers (Whitelisted) ==================== S3 AgereSoftModem; C:\Windows\System32\DRIVERS\agrsm64.sys [1208320 2009-06-11] (LSI Corporation) S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software) S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software) S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software) S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software) S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software) S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-05-31] (AVG Technologies) S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation) S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 hitmanpro35; C:\Windows\system32\drivers\hitmanpro35.sys [23112 2013-03-24] () S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) S3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation) S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [848384 2011-02-10] (Realtek Semiconductor Corporation ) S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [2061856 2010-03-23] (Realtek Semiconductor Corporation ) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-01 16:13 - 2013-06-01 16:13 - 00000000 ____D C:\FRST 2013-05-31 22:02 - 2013-05-31 22:02 - 00000000 ____D C:\Windows\SysWOW64\cache 2013-05-31 20:00 - 2013-05-31 20:01 - 00003725 ____A C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml 2013-05-29 00:21 - 2013-05-29 00:21 - 304158412 ____A C:\Windows\MEMORY.DMP 2013-05-29 00:21 - 2013-05-29 00:21 - 00000000 ____D C:\Windows\Minidump 2013-05-28 23:48 - 2013-05-28 23:48 - 00318322 ____A C:\Windows\System32\HitmanPro_20130528_2348.log 2013-05-28 21:55 - 2013-05-31 20:43 - 00001821 ____A C:\Users\Public\Desktop\HitmanPro.lnk 2013-05-28 21:55 - 2013-05-31 20:43 - 00000000 ____D C:\Program Files\HitmanPro 2013-05-27 11:12 - 2013-05-27 11:12 - 00100352 ____A (G<o) C:\Users\Heather\AppData\Local\sjwsnt.jsc 2013-05-26 22:10 - 2013-05-27 00:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-26 19:13 - 2013-05-26 19:13 - 00000000 ____D C:\Users\Heather\AppData\Local\Macromedia 2013-05-17 23:35 - 2013-05-17 23:35 - 00017249 ____A C:\Users\Heather\Desktop\Price Budget.ods 2013-05-17 10:10 - 2013-02-27 02:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-17 10:10 - 2013-02-27 01:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-17 10:10 - 2013-02-27 01:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-17 10:10 - 2013-02-27 01:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-17 10:10 - 2013-02-27 01:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-17 10:10 - 2013-02-27 00:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-17 10:10 - 2013-02-27 00:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-17 10:10 - 2013-02-27 00:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-17 10:07 - 2013-04-10 02:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-17 10:07 - 2013-04-10 02:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys 2013-05-17 10:07 - 2011-02-03 07:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll 2013-05-17 09:26 - 2013-04-05 02:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-05-17 09:26 - 2013-04-05 02:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-17 09:26 - 2013-04-05 02:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-17 09:26 - 2013-04-05 02:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-05-17 09:26 - 2013-04-05 02:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-05-17 09:26 - 2013-04-05 02:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-05-17 09:26 - 2013-04-05 01:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-17 09:26 - 2013-04-05 01:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-05-17 09:26 - 2013-04-05 01:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-05-17 09:26 - 2013-04-05 01:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-05-17 09:26 - 2013-04-05 01:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-05-17 09:26 - 2013-04-05 00:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-17 09:26 - 2013-04-05 00:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-17 09:26 - 2013-04-04 23:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-17 09:26 - 2013-04-04 23:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-05-17 09:25 - 2013-04-05 02:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-17 09:25 - 2013-04-05 02:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-17 09:25 - 2013-04-05 02:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-17 09:25 - 2013-04-05 02:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-17 09:25 - 2013-04-05 02:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-17 09:25 - 2013-04-05 02:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-17 09:25 - 2013-04-05 02:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-17 09:25 - 2013-04-05 02:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-17 09:25 - 2013-04-05 01:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-17 09:25 - 2013-04-05 01:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-05-17 09:25 - 2013-04-05 01:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-17 09:25 - 2013-04-05 01:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-05-17 09:25 - 2013-04-05 01:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-17 09:25 - 2013-04-05 01:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-05-17 09:25 - 2013-04-05 01:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-17 09:25 - 2013-04-05 01:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-16 21:48 - 2013-04-09 23:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-16 21:48 - 2013-03-19 01:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2013-05-16 21:48 - 2013-03-19 01:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll 2013-05-16 21:14 - 2013-05-16 21:14 - 00001113 ____A C:\Users\Heather\Desktop\Malwarebytes Anti-Malware.lnk 2013-05-08 18:06 - 2013-05-08 18:06 - 00018009 ____A C:\Users\Heather\Documents\Adam REsume.odt 2013-05-07 19:44 - 2013-05-07 19:44 - 00000193 ____A C:\Windows\WORDPAD.INI 2013-05-03 21:41 - 2013-05-27 11:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-05-03 21:41 - 2013-05-27 01:17 - 00000456 ___AH C:\Windows\Tasks\Norton Security Scan for Heather.job 2013-05-03 21:41 - 2013-05-03 21:42 - 00000000 ____D C:\Users\Heather\AppData\Roaming\Mozilla 2013-05-03 21:41 - 2013-05-03 21:41 - 00001457 ____A C:\Users\Public\Desktop\Norton Security Scan.LNK 2013-05-03 21:41 - 2013-05-03 21:41 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-05-03 21:41 - 2013-05-03 21:41 - 00000000 ____D C:\Windows\System32\Drivers\NSSx64 2013-05-03 21:41 - 2013-05-03 21:41 - 00000000 ____D C:\Users\Heather\AppData\Local\Mozilla 2013-05-03 21:41 - 2013-05-03 21:41 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan 2013-05-03 21:40 - 2013-05-03 21:40 - 00000000 ____D C:\Users\Heather\AppData\Local\Google 2013-05-03 21:35 - 2013-05-03 21:35 - 00000000 ____D C:\Users\Heather\AppData\Local\AVG SafeGuard toolbar 2013-05-03 21:34 - 2013-05-31 20:00 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar 2013-05-03 21:34 - 2013-05-31 19:58 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys 2013-05-03 21:33 - 2013-05-26 23:56 - 00000000 ____D C:\Users\Heather\AppData\Roaming\Yontoo 2013-05-03 21:33 - 2013-05-03 21:40 - 21041840 ____A (Mozilla) C:\Users\Heather\Downloads\Firefox_Setup_20.0 [1].exe ==================== One Month Modified Files and Folders ======== 2013-06-01 16:13 - 2013-06-01 16:13 - 00000000 ____D C:\FRST 2013-06-01 00:55 - 2013-03-08 23:27 - 00017408 ____A C:\Windows\System32\rpcnetp.exe 2013-06-01 00:41 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-01 00:41 - 2009-07-14 00:51 - 00033618 ____A C:\Windows\setupact.log 2013-05-31 23:12 - 2009-07-14 00:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-31 23:12 - 2009-07-14 00:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-31 23:04 - 2013-03-31 15:31 - 00000418 ____A C:\Windows\Tasks\Quick PC Booster64 startups.job 2013-05-31 23:04 - 2013-03-09 09:39 - 00000328 ____A C:\Windows\Tasks\GlaryInitialize.job 2013-05-31 22:48 - 2013-03-08 23:31 - 01391301 ____A C:\Windows\WindowsUpdate.log 2013-05-31 22:43 - 2013-03-16 07:44 - 00001616 ____A C:\Windows\System32\.crusader 2013-05-31 22:07 - 2009-07-13 23:20 - 00000000 ___RD C:\Program Files (x86) 2013-05-31 22:02 - 2013-05-31 22:02 - 00000000 ____D C:\Windows\SysWOW64\cache 2013-05-31 22:02 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64 2013-05-31 20:43 - 2013-05-28 21:55 - 00001821 ____A C:\Users\Public\Desktop\HitmanPro.lnk 2013-05-31 20:43 - 2013-05-28 21:55 - 00000000 ____D C:\Program Files\HitmanPro 2013-05-31 20:01 - 2013-05-31 20:00 - 00003725 ____A C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml 2013-05-31 20:00 - 2013-05-03 21:34 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar 2013-05-31 19:58 - 2013-05-03 21:34 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys 2013-05-29 00:21 - 2013-05-29 00:21 - 304158412 ____A C:\Windows\MEMORY.DMP 2013-05-29 00:21 - 2013-05-29 00:21 - 00000000 ____D C:\Windows\Minidump 2013-05-28 23:48 - 2013-05-28 23:48 - 00318322 ____A C:\Windows\System32\HitmanPro_20130528_2348.log 2013-05-28 22:50 - 2009-07-14 01:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-27 12:05 - 2009-07-14 00:45 - 00024576 ____A C:\Windows\System32\umstartup.etl 2013-05-27 11:27 - 2013-05-03 21:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-05-27 11:27 - 2010-11-20 23:47 - 00058664 ____A C:\Windows\PFRO.log 2013-05-27 11:12 - 2013-05-27 11:12 - 00100352 ____A (G<o) C:\Users\Heather\AppData\Local\sjwsnt.jsc 2013-05-27 01:17 - 2013-05-03 21:41 - 00000456 ___AH C:\Windows\Tasks\Norton Security Scan for Heather.job 2013-05-27 00:29 - 2013-05-26 22:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-26 23:56 - 2013-05-03 21:33 - 00000000 ____D C:\Users\Heather\AppData\Roaming\Yontoo 2013-05-26 22:31 - 2013-04-22 11:47 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-05-26 21:15 - 2013-04-22 11:48 - 00000000 ____D C:\Users\Heather\AppData\Roaming\Skype 2013-05-26 19:13 - 2013-05-26 19:13 - 00000000 ____D C:\Users\Heather\AppData\Local\Macromedia 2013-05-26 19:13 - 2013-03-09 19:03 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-05-26 19:13 - 2013-03-09 19:03 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-05-22 11:08 - 2013-04-06 14:29 - 00000000 ____D C:\Program Files (x86)\Steam 2013-05-19 22:19 - 2013-03-24 09:04 - 00000000 ____D C:\Users\Heather\AppData\Roaming\BitTorrent 2013-05-18 23:53 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\NDF 2013-05-17 23:35 - 2013-05-17 23:35 - 00017249 ____A C:\Users\Heather\Desktop\Price Budget.ods 2013-05-17 12:45 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Microsoft.NET 2013-05-17 09:39 - 2009-07-14 00:45 - 00300232 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-16 21:14 - 2013-05-16 21:14 - 00001113 ____A C:\Users\Heather\Desktop\Malwarebytes Anti-Malware.lnk 2013-05-16 11:46 - 2013-03-09 09:18 - 00000000 ___RD C:\Users\Heather\Desktop\Unused Desktop Icons 2013-05-16 09:16 - 2013-03-09 07:52 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-05-08 18:06 - 2013-05-08 18:06 - 00018009 ____A C:\Users\Heather\Documents\Adam REsume.odt 2013-05-07 19:44 - 2013-05-07 19:44 - 00000193 ____A C:\Windows\WORDPAD.INI 2013-05-05 21:22 - 2013-03-31 16:56 - 00000000 ____D C:\Users\Heather\AppData\Local\Microsoft Games 2013-05-03 21:42 - 2013-05-03 21:41 - 00000000 ____D C:\Users\Heather\AppData\Roaming\Mozilla 2013-05-03 21:41 - 2013-05-03 21:41 - 00001457 ____A C:\Users\Public\Desktop\Norton Security Scan.LNK 2013-05-03 21:41 - 2013-05-03 21:41 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-05-03 21:41 - 2013-05-03 21:41 - 00000000 ____D C:\Windows\System32\Drivers\NSSx64 2013-05-03 21:41 - 2013-05-03 21:41 - 00000000 ____D C:\Users\Heather\AppData\Local\Mozilla 2013-05-03 21:41 - 2013-05-03 21:41 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan 2013-05-03 21:40 - 2013-05-03 21:40 - 00000000 ____D C:\Users\Heather\AppData\Local\Google 2013-05-03 21:40 - 2013-05-03 21:33 - 21041840 ____A (Mozilla) C:\Users\Heather\Downloads\Firefox_Setup_20.0 [1].exe 2013-05-03 21:35 - 2013-05-03 21:35 - 00000000 ____D C:\Users\Heather\AppData\Local\AVG SafeGuard toolbar 2013-05-02 02:06 - 2010-11-20 23:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2013-03-08 23:11] - [2011-02-25 02:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3 C:\Windows\System32\winlogon.exe [2010-11-20 23:24] - [2010-11-20 23:24] - 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457 C:\Windows\System32\wininit.exe [2009-07-13 19:52] - [2009-07-13 21:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA C:\Windows\System32\svchost.exe [2009-07-13 19:31] - [2009-07-13 21:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D C:\Windows\System32\services.exe [2009-07-13 19:19] - [2009-07-13 21:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\User32.dll [2010-11-20 23:24] - [2010-11-20 23:24] - 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B C:\Windows\System32\userinit.exe [2010-11-20 23:24] - [2010-11-20 23:24] - 0030720 ____A (Microsoft Corporation) BAFE84E637BF7388C96EF48D4D3FDD53 C:\Windows\System32\Drivers\volsnap.sys [2010-11-20 23:23] - [2010-11-20 23:23] - 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639 ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-05-22 21:11:04 Restore point made on: 2013-05-28 22:55:13 ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 2686.6 MB Available physical RAM: 2394.07 MB Total Pagefile: 2513.46 MB Available Pagefile: 2442.43 MB Total Virtual: 2047.88 MB Available Virtual: 1991.55 MB ==================== Drives ================================ Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS Drive c: () (Fixed) (Total:55.79 GB) (Free:24.28 GB) NTFS Drive e: (PRICEJDRIVE) (Removable) (Total:3.71 GB) (Free:3.71 GB) FAT32 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 56 GB) (Disk ID: 14CB14CB) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=56 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: FC3F57BF) Partition 1: (Active) - (Size=4 GB) - (Type=0B) Last Boot: 2013-04-04 13:10 ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top
