Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Moneypak Ransomware virus
Message
<blockquote data-quote="thelongshot" data-source="post: 120395" data-attributes="member: 8185"><p>Ok, "Repair Your Computer" isn't an option in Advanced Boot Options, so I went with "Safe Mode With Command Line" instead.</p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-05-2013</p><p>Ran by jason.birzer (administrator) on 12-05-2013 23:35:04</p><p>Running from H:\</p><p>Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)</p><p>Internet Explorer Version 8</p><p>Boot Mode: Safe Mode (minimal)</p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe</p><p>(Microsoft Corporation) C:\Windows\system32\cmd.exe</p><p>(Farbar) H:\FRST64.exe</p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>MountPoints2: F - F:\.\Bin\ASSETUP.exe</p><p>HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3825176 2012-11-13] (Safer-Networking Ltd.)</p><p>HKU\adm\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]</p><p>HKU\adm\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-05-18] (Hewlett-Packard Company)</p><p>HKU\Administrator\...\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent [1635752 2013-05-03] (Valve Corporation)</p><p>HKU\Administrator\...\Run: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer [2264336 2010-08-24] (TiVo Inc.)</p><p>HKU\Administrator\...\Run: [TivoTransfer] C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe [608528 2010-08-24] (TiVo Inc.)</p><p>HKU\Administrator\...\Run: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify [437520 2010-08-24] (TiVo Inc.)</p><p>HKU\Administrator\...\Run: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe [856336 2010-08-24] (TiVo Inc.)</p><p>HKU\Administrator\...\Run: [F.lux] "C:\Users\jason.birzer\Local Settings\Apps\F.lux\flux.exe" /noshow [x]</p><p>HKU\Administrator\...\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [6377120 2012-09-20] (SlySoft, Inc.)</p><p>HKU\Administrator\...\Run: [Desura] C:\Program Files (x86)\Desura\desura.exe -autostart [2529096 2012-03-24] (Desura Pty Ltd)</p><p>HKU\Administrator\...\Run: [Akamai NetSession Interface] "C:\Users\jason.birzer\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)</p><p>HKU\bogus\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]</p><p>HKU\bogus\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-05-18] (Hewlett-Packard Company)</p><p>HKU\Classic .NET AppPool\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]</p><p>HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]</p><p>HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]</p><p>HKU\DefaultAppPool\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]</p><p>HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]</p><p>BootExecute: autocheck autochk * sdnclean64.exe</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyByCzytB0EtByEyCtN0D0Tzu0CtBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593045297</p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/</p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyByCzytB0EtByEyCtN0D0Tzu0CtBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593045297</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm</p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyByCzytB0EtByEyCtN0D0Tzu0CtBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593045297</p><p>HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyByCzytB0EtByEyCtN0D0Tzu0CtBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593045297</p><p>SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyByCzytB0EtByEyCtN0D0Tzu0CtBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593045297</p><p>SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}</p><p>HKLM-x32 SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyByCzytB0EtByEyCtN0D0Tzu0CtBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593045297</p><p>SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyByCzytB0EtByEyCtN0D0Tzu0CtBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593045297</p><p>HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyByCzytB0EtByEyCtN0D0Tzu0CtBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593045297</p><p>SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyByCzytB0EtByEyCtN0D0Tzu0CtBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593045297</p><p>SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1</p><p>BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)</p><p>BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)</p><p>BHO-x32: Qwiklinx - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\jason.birzer\AppData\Roaming\Qwiklinx\Qwiklinx.dll (Qwiklinx, Inc.)</p><p>BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)</p><p>BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)</p><p>BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)</p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</p><p>PDF: HKLM-x32 {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab</p><p>PDF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab</p><p>PDF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab</p><p>Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [20992] (Microsoft Corporation)</p><p>Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.1</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\jason.birzer\AppData\Roaming\Mozilla\Firefox\Profiles\8nmd9h63.default</p><p>FF Homepage: hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyByCzytB0EtByEyCtN0D0Tzu0CtBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593045297</p><p>FF SelectedSearchEngine: Search</p><p>FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll ()</p><p>FF Plugin: @microsoft.com/GENUINE - C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()</p><p>FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)</p><p>FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)</p><p>FF Plugin-x32: @microsoft.com/GENUINE - C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: @nosltd.com/getPlus+(R),version=1.6.2.103 - C:\Program Files (x86)\NOS\bin\np_gp.dll No File</p><p>FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)</p><p>FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)</p><p>FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF Extension: No Name - C:\Users\jason.birzer\AppData\Roaming\Mozilla\Firefox\Profiles\8nmd9h63.default\Extensions\staged</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>S3 Droppix Service; C:\Program Files (x86)\Common Files\Droppix\DxService.exe [221184 2009-08-28] (Droppix)</p><p>S2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)</p><p>S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)</p><p>S3 Media Center 16 Service; C:\Program Files (x86)\J River\Media Center 16\JRService.exe [384136 2011-10-18] (J. River, Inc.)</p><p>S2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [67400 2011-04-01] (Microsoft Corporation)</p><p>R2 MsMpSvc; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation)</p><p>S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)</p><p>S3 NisSrv; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation)</p><p>S2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [301760 2012-12-10] ()</p><p>S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)</p><p>S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)</p><p>S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)</p><p>S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1024384 2013-01-14] (Enigma Software Group USA, LLC.)</p><p>S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)</p><p>S2 TivoBeacon2; C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [1104656 2010-08-24] (TiVo Inc.)</p><p>S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [x]</p><p>S3 SymSnapService; "C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe" [x]</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)</p><p>S1 archlp; C:\Windows\System32\drivers\archlp.sys [136192 2010-07-07] ()</p><p>S3 dgderdrv; C:\Windows\SysWow64\drivers\dgderdrv.sys [20032 2011-05-08] (Devguru Co., Ltd)</p><p>S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()</p><p>S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)</p><p>S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)</p><p>S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()</p><p>S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)</p><p>S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19032 2013-01-11] ()</p><p>S3 pwdspio; C:\windows\system32\pwdspio.sys [12384 2013-01-11] ()</p><p>S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()</p><p>S3 ADIHdAudAddService; system32\drivers\ADIHdAud.sys [x]</p><p>S2 Aspi32; System32\drivers\aspi32.sys [x]</p><p>S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]</p><p>S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]</p><p>S1 ElbyCDIO; System32\Drivers\ElbyCDIO.sys [x]</p><p>S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]</p><p>S3 X6va005; \??\C:\Users\JASON~1.BIR\AppData\Local\Temp\005F834.tmp [x]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-05-12 23:35 - 2013-05-12 23:35 - 00000000 ____D C:\FRST</p><p>2013-05-12 09:36 - 2013-05-12 09:36 - 00000000 ____D C:\Users\adm\AppData\Local\Apple</p><p>2013-05-12 01:57 - 2013-05-12 23:28 - 00000000 ____D C:\Users\adm\AppData\Local\TSVNCache</p><p>2013-05-12 01:57 - 2013-05-12 01:57 - 00000000 ____D C:\Users\adm\AppData\Roaming\Subversion</p><p>2013-05-11 23:45 - 2013-05-11 23:45 - 00000000 ____D C:\Users\bogus\AppData\Roaming\Malwarebytes</p><p>2013-05-11 23:43 - 2013-05-11 23:43 - 00000020 ___SH C:\Users\adm\ntuser.ini</p><p>2013-05-11 23:43 - 2013-05-11 23:43 - 00000000 ____D C:\users\adm</p><p>2013-05-11 23:43 - 2010-01-25 02:24 - 00000000 ____D C:\Users\adm\AppData\Roaming\Macromedia</p><p>2013-05-11 23:13 - 2013-05-12 01:56 - 00000000 ____D C:\Users\bogus\AppData\Local\TSVNCache</p><p>2013-05-11 23:13 - 2013-05-11 23:13 - 00000000 ____D C:\Users\bogus\AppData\Roaming\Subversion</p><p>2013-05-11 23:12 - 2013-05-11 23:30 - 00000000 ____D C:\Users\jason.birzer\AppData\Local\NPE</p><p>2013-05-11 23:12 - 2013-05-11 23:12 - 00000000 ____D C:\ProgramData\Norton</p><p>2013-05-11 23:02 - 2013-05-12 23:31 - 00000336 ____A C:\Windows\setupact.log</p><p>2013-05-11 23:02 - 2013-05-11 23:02 - 00000020 ___SH C:\Users\bogus\ntuser.ini</p><p>2013-05-11 23:02 - 2013-05-11 23:02 - 00000000 ____D C:\users\bogus</p><p>2013-05-11 23:02 - 2010-01-25 02:24 - 00000000 ____D C:\Users\bogus\AppData\Roaming\Macromedia</p><p>2013-05-11 23:01 - 2013-05-11 23:01 - 00000318 ____A C:\Windows\wininit.ini</p><p>2013-05-11 22:47 - 2013-05-11 23:02 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy</p><p>2013-05-11 22:46 - 2013-05-11 22:46 - 00002137 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk</p><p>2013-05-11 22:46 - 2013-05-11 22:46 - 00000632 ____A C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job</p><p>2013-05-11 22:46 - 2013-05-11 22:46 - 00000628 ____A C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job</p><p>2013-05-11 22:46 - 2013-05-11 22:46 - 00000458 ____A C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job</p><p>2013-05-11 22:46 - 2013-05-11 22:46 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2</p><p>2013-05-11 22:46 - 2009-01-25 12:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe</p><p>2013-05-11 15:39 - 2013-05-11 15:39 - 00002272 ____A C:\Users\jason.birzer\Desktop\SpyHunter.lnk</p><p>2013-05-11 15:39 - 2013-05-11 15:39 - 00000000 ____D C:\Windows\22B3AE667A374118BADB3680C15CA366.TMP</p><p>2013-05-11 15:39 - 2013-05-11 15:39 - 00000000 ____D C:\sh4ldr</p><p>2013-05-11 15:39 - 2013-05-11 15:39 - 00000000 ____D C:\Program Files\Enigma Software Group</p><p>2013-05-11 15:39 - 2012-06-22 11:01 - 00022704 ____A C:\Windows\System32\Drivers\EsgScanner.sys</p><p>2013-05-11 12:59 - 2013-05-11 12:59 - 00003078 ____A C:\Users\jason.birzer\Desktop\Rkill.txt</p><p>2013-05-11 12:59 - 2013-05-11 12:59 - 00000000 ____D C:\Users\jason.birzer\Desktop\rkill</p><p>2013-05-11 12:12 - 2013-05-11 12:44 - 00000000 ____D C:\ProgramData\HitmanPro</p><p>2013-05-11 11:57 - 2013-05-11 11:57 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2013-05-11 11:57 - 2013-05-11 11:57 - 00000000 ____D C:\Users\jason.birzer\AppData\Roaming\Malwarebytes</p><p>2013-05-11 11:57 - 2013-05-11 11:57 - 00000000 ____D C:\ProgramData\Malwarebytes</p><p>2013-05-11 11:57 - 2013-05-11 11:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware</p><p>2013-05-11 11:57 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys</p><p>2013-05-11 01:16 - 2013-05-11 01:16 - 00000000 ___HD C:\Users\Public\Documents\Report</p><p>2013-04-30 01:46 - 2013-04-30 01:46 - 00000000 ____D C:\Users\jason.birzer\AppData\Roaming\Greenshot</p><p>2013-04-30 01:46 - 2013-04-30 01:46 - 00000000 ____D C:\Users\jason.birzer\AppData\Local\Greenshot</p><p>2013-04-30 01:46 - 2013-04-30 01:46 - 00000000 ____D C:\Program Files\Greenshot</p><p>2013-04-27 01:33 - 2013-04-27 01:33 - 00002127 ____A C:\Users\Public\Desktop\Venetica.lnk</p><p>2013-04-27 01:21 - 2013-04-27 01:33 - 00000000 ____D C:\Program Files (x86)\Venetica</p><p>2013-04-25 09:53 - 2013-05-02 10:13 - 00002010 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk</p><p>2013-04-25 09:53 - 2013-05-02 10:13 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan</p><p>2013-04-25 09:53 - 2013-04-25 09:53 - 00000000 ____D C:\ProgramData\McAfee Security Scan</p><p>2013-04-24 05:18 - 2013-04-12 10:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys</p><p>2013-04-19 16:54 - 2013-04-19 16:54 - 03867442 ____A C:\Users\jason.birzer\Desktop\Mycomputer.nfo</p><p>2013-04-19 16:52 - 2013-04-19 16:52 - 00036538 ____A C:\Users\jason.birzer\Desktop\DxDiag.txt</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2013-05-12 23:35 - 2013-05-12 23:35 - 00000000 ____D C:\FRST</p><p>2013-05-12 23:31 - 2013-05-11 23:02 - 00000336 ____A C:\Windows\setupact.log</p><p>2013-05-12 23:31 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT</p><p>2013-05-12 23:30 - 2010-01-25 03:35 - 00523388 ____A C:\Windows\PFRO.log</p><p>2013-05-12 23:28 - 2013-05-12 01:57 - 00000000 ____D C:\Users\adm\AppData\Local\TSVNCache</p><p>2013-05-12 23:28 - 2012-10-14 17:07 - 00000000 ____D C:\Users\jason.birzer\AppData\Local\TSVNCache</p><p>2013-05-12 23:28 - 2010-01-24 14:19 - 01153146 ____A C:\Windows\WindowsUpdate.log</p><p>2013-05-12 23:28 - 2009-07-14 01:13 - 00957134 ____A C:\Windows\System32\PerfStringBackup.INI</p><p>2013-05-12 23:28 - 2009-07-14 00:45 - 00013456 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2013-05-12 23:28 - 2009-07-14 00:45 - 00013456 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2013-05-12 22:51 - 2012-04-01 21:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2013-05-12 22:43 - 2012-06-20 00:23 - 00000000 ____D C:\Users\jason.birzer\AppData\Local\CrashDumps</p><p>2013-05-12 09:36 - 2013-05-12 09:36 - 00000000 ____D C:\Users\adm\AppData\Local\Apple</p><p>2013-05-12 02:36 - 2010-02-02 02:08 - 00000000 ____D C:\ProgramData\Zoom Player</p><p>2013-05-12 01:57 - 2013-05-12 01:57 - 00000000 ____D C:\Users\adm\AppData\Roaming\Subversion</p><p>2013-05-12 01:56 - 2013-05-11 23:13 - 00000000 ____D C:\Users\bogus\AppData\Local\TSVNCache</p><p>2013-05-11 23:45 - 2013-05-11 23:45 - 00000000 ____D C:\Users\bogus\AppData\Roaming\Malwarebytes</p><p>2013-05-11 23:43 - 2013-05-11 23:43 - 00000020 ___SH C:\Users\adm\ntuser.ini</p><p>2013-05-11 23:43 - 2013-05-11 23:43 - 00000000 ____D C:\users\adm</p><p>2013-05-11 23:30 - 2013-05-11 23:12 - 00000000 ____D C:\Users\jason.birzer\AppData\Local\NPE</p><p>2013-05-11 23:13 - 2013-05-11 23:13 - 00000000 ____D C:\Users\bogus\AppData\Roaming\Subversion</p><p>2013-05-11 23:12 - 2013-05-11 23:12 - 00000000 ____D C:\ProgramData\Norton</p><p>2013-05-11 23:02 - 2013-05-11 23:02 - 00000020 ___SH C:\Users\bogus\ntuser.ini</p><p>2013-05-11 23:02 - 2013-05-11 23:02 - 00000000 ____D C:\users\bogus</p><p>2013-05-11 23:02 - 2013-05-11 22:47 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy</p><p>2013-05-11 23:01 - 2013-05-11 23:01 - 00000318 ____A C:\Windows\wininit.ini</p><p>2013-05-11 22:46 - 2013-05-11 22:46 - 00002137 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk</p><p>2013-05-11 22:46 - 2013-05-11 22:46 - 00000632 ____A C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job</p><p>2013-05-11 22:46 - 2013-05-11 22:46 - 00000628 ____A C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job</p><p>2013-05-11 22:46 - 2013-05-11 22:46 - 00000458 ____A C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job</p><p>2013-05-11 22:46 - 2013-05-11 22:46 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2</p><p>2013-05-11 15:39 - 2013-05-11 15:39 - 00002272 ____A C:\Users\jason.birzer\Desktop\SpyHunter.lnk</p><p>2013-05-11 15:39 - 2013-05-11 15:39 - 00000000 ____D C:\Windows\22B3AE667A374118BADB3680C15CA366.TMP</p><p>2013-05-11 15:39 - 2013-05-11 15:39 - 00000000 ____D C:\sh4ldr</p><p>2013-05-11 15:39 - 2013-05-11 15:39 - 00000000 ____D C:\Program Files\Enigma Software Group</p><p>2013-05-11 12:59 - 2013-05-11 12:59 - 00003078 ____A C:\Users\jason.birzer\Desktop\Rkill.txt</p><p>2013-05-11 12:59 - 2013-05-11 12:59 - 00000000 ____D C:\Users\jason.birzer\Desktop\rkill</p><p>2013-05-11 12:44 - 2013-05-11 12:12 - 00000000 ____D C:\ProgramData\HitmanPro</p><p>2013-05-11 12:35 - 2011-02-13 19:04 - 00016384 __ASH C:\Users\jason.birzer\Thumbs.db</p><p>2013-05-11 11:57 - 2013-05-11 11:57 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2013-05-11 11:57 - 2013-05-11 11:57 - 00000000 ____D C:\Users\jason.birzer\AppData\Roaming\Malwarebytes</p><p>2013-05-11 11:57 - 2013-05-11 11:57 - 00000000 ____D C:\ProgramData\Malwarebytes</p><p>2013-05-11 11:57 - 2013-05-11 11:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware</p><p>2013-05-11 11:48 - 2011-06-13 00:03 - 00000000 ____D C:\Windows\pss</p><p>2013-05-11 01:16 - 2013-05-11 01:16 - 00000000 ___HD C:\Users\Public\Documents\Report</p><p>2013-05-09 20:36 - 2010-01-25 10:44 - 00000000 ____D C:\Program Files (x86)\Steam</p><p>2013-05-08 19:10 - 2010-08-29 23:20 - 00107971 ____A C:\Windows\cdplayer.ini</p><p>2013-05-07 00:00 - 2010-02-02 02:19 - 00000410 ____A C:\Windows\Tasks\updater.exe.job</p><p>2013-05-03 00:51 - 2012-04-26 02:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service</p><p>2013-05-02 11:29 - 2010-01-24 14:33 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe</p><p>2013-05-02 10:13 - 2013-04-25 09:53 - 00002010 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk</p><p>2013-05-02 10:13 - 2013-04-25 09:53 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan</p><p>2013-04-30 17:10 - 2011-05-01 10:59 - 00000000 ____D C:\Program Files (x86)\Luxor</p><p>2013-04-30 01:46 - 2013-04-30 01:46 - 00000000 ____D C:\Users\jason.birzer\AppData\Roaming\Greenshot</p><p>2013-04-30 01:46 - 2013-04-30 01:46 - 00000000 ____D C:\Users\jason.birzer\AppData\Local\Greenshot</p><p>2013-04-30 01:46 - 2013-04-30 01:46 - 00000000 ____D C:\Program Files\Greenshot</p><p>2013-04-30 01:39 - 2012-03-18 01:35 - 00000000 ____D C:\Program Files (x86)\Screenshot Pilot</p><p>2013-04-27 01:33 - 2013-04-27 01:33 - 00002127 ____A C:\Users\Public\Desktop\Venetica.lnk</p><p>2013-04-27 01:33 - 2013-04-27 01:21 - 00000000 ____D C:\Program Files (x86)\Venetica</p><p>2013-04-25 09:53 - 2013-04-25 09:53 - 00000000 ____D C:\ProgramData\McAfee Security Scan</p><p>2013-04-25 09:53 - 2012-04-01 21:10 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</p><p>2013-04-25 09:53 - 2011-07-06 20:28 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2013-04-25 09:53 - 2010-01-25 02:25 - 00000000 ____D C:\ProgramData\Adobe</p><p>2013-04-25 09:51 - 2013-04-11 23:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox</p><p>2013-04-19 16:54 - 2013-04-19 16:54 - 03867442 ____A C:\Users\jason.birzer\Desktop\Mycomputer.nfo</p><p>2013-04-19 16:52 - 2013-04-19 16:52 - 00036538 ____A C:\Users\jason.birzer\Desktop\DxDiag.txt</p><p>2013-04-18 14:10 - 2011-10-22 23:41 - 00000000 ____D C:\Program Files (x86)\Origin</p><p>2013-04-12 10:45 - 2013-04-24 05:18 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys</p><p></p><p>Other Malware:</p><p>===========</p><p>C:\ProgramData\hash.dat</p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\wininit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\SysWOW64\User32.dll</p><p>[2011-04-02 16:51] - [2012-10-04 12:47] - 0869376 ____A (Microsoft Corporation) 47F6DD86DDCAD50F2DC1E3652728F01E</p><p></p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p></p><p>Last Boot: 2013-05-04 00:23</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="thelongshot, post: 120395, member: 8185"] Ok, "Repair Your Computer" isn't an option in Advanced Boot Options, so I went with "Safe Mode With Command Line" instead. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-05-2013 Ran by jason.birzer (administrator) on 12-05-2013 23:35:04 Running from H:\ Windows 7 Professional Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) C:\Windows\system32\cmd.exe (Farbar) H:\FRST64.exe ==================== Registry (Whitelisted) ================== MountPoints2: F - F:\.\Bin\ASSETUP.exe HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3825176 2012-11-13] (Safer-Networking Ltd.) HKU\adm\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x] HKU\adm\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-05-18] (Hewlett-Packard Company) HKU\Administrator\...\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent [1635752 2013-05-03] (Valve Corporation) HKU\Administrator\...\Run: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer [2264336 2010-08-24] (TiVo Inc.) HKU\Administrator\...\Run: [TivoTransfer] C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe [608528 2010-08-24] (TiVo Inc.) HKU\Administrator\...\Run: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify [437520 2010-08-24] (TiVo Inc.) HKU\Administrator\...\Run: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe [856336 2010-08-24] (TiVo Inc.) HKU\Administrator\...\Run: [F.lux] "C:\Users\jason.birzer\Local Settings\Apps\F.lux\flux.exe" /noshow [x] HKU\Administrator\...\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [6377120 2012-09-20] (SlySoft, Inc.) HKU\Administrator\...\Run: [Desura] C:\Program Files (x86)\Desura\desura.exe -autostart [2529096 2012-03-24] (Desura Pty Ltd) HKU\Administrator\...\Run: [Akamai NetSession Interface] "C:\Users\jason.birzer\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.) HKU\bogus\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x] HKU\bogus\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-05-18] (Hewlett-Packard Company) HKU\Classic .NET AppPool\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x] HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x] HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x] HKU\DefaultAppPool\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x] HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x] BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyByCzytB0EtByEyCtN0D0Tzu0CtBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593045297 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyByCzytB0EtByEyCtN0D0Tzu0CtBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593045297 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyByCzytB0EtByEyCtN0D0Tzu0CtBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593045297 HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyByCzytB0EtByEyCtN0D0Tzu0CtBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593045297 SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyByCzytB0EtByEyCtN0D0Tzu0CtBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593045297 SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} HKLM-x32 SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyByCzytB0EtByEyCtN0D0Tzu0CtBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593045297 SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyByCzytB0EtByEyCtN0D0Tzu0CtBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593045297 HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyByCzytB0EtByEyCtN0D0Tzu0CtBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593045297 SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyByCzytB0EtByEyCtN0D0Tzu0CtBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593045297 SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1 BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Qwiklinx - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\jason.birzer\AppData\Roaming\Qwiklinx\Qwiklinx.dll (Qwiklinx, Inc.) BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) PDF: HKLM-x32 {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab PDF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab PDF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [20992] (Microsoft Corporation) Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\jason.birzer\AppData\Roaming\Mozilla\Firefox\Profiles\8nmd9h63.default FF Homepage: hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyByCzytB0EtByEyCtN0D0Tzu0CtBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593045297 FF SelectedSearchEngine: Search FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll () FF Plugin: @microsoft.com/GENUINE - C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nosltd.com/getPlus+(R),version=1.6.2.103 - C:\Program Files (x86)\NOS\bin\np_gp.dll No File FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: No Name - C:\Users\jason.birzer\AppData\Roaming\Mozilla\Firefox\Profiles\8nmd9h63.default\Extensions\staged ==================== Services (Whitelisted) ================= S3 Droppix Service; C:\Program Files (x86)\Common Files\Droppix\DxService.exe [221184 2009-08-28] (Droppix) S2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) S3 Media Center 16 Service; C:\Program Files (x86)\J River\Media Center 16\JRService.exe [384136 2011-10-18] (J. River, Inc.) S2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [67400 2011-04-01] (Microsoft Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation) S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation) S3 NisSrv; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation) S2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [301760 2012-12-10] () S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.) S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.) S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1024384 2013-01-14] (Enigma Software Group USA, LLC.) S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation) S2 TivoBeacon2; C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [1104656 2010-08-24] (TiVo Inc.) S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [x] S3 SymSnapService; "C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe" [x] ==================== Drivers (Whitelisted) ==================== R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.) S1 archlp; C:\Windows\System32\drivers\archlp.sys [136192 2010-07-07] () S3 dgderdrv; C:\Windows\SysWow64\drivers\dgderdrv.sys [20032 2011-05-08] (Devguru Co., Ltd) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] () S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation) S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation) S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation) S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19032 2013-01-11] () S3 pwdspio; C:\windows\system32\pwdspio.sys [12384 2013-01-11] () S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] () S3 ADIHdAudAddService; system32\drivers\ADIHdAud.sys [x] S2 Aspi32; System32\drivers\aspi32.sys [x] S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x] S1 ElbyCDIO; System32\Drivers\ElbyCDIO.sys [x] S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x] S3 X6va005; \??\C:\Users\JASON~1.BIR\AppData\Local\Temp\005F834.tmp [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-12 23:35 - 2013-05-12 23:35 - 00000000 ____D C:\FRST 2013-05-12 09:36 - 2013-05-12 09:36 - 00000000 ____D C:\Users\adm\AppData\Local\Apple 2013-05-12 01:57 - 2013-05-12 23:28 - 00000000 ____D C:\Users\adm\AppData\Local\TSVNCache 2013-05-12 01:57 - 2013-05-12 01:57 - 00000000 ____D C:\Users\adm\AppData\Roaming\Subversion 2013-05-11 23:45 - 2013-05-11 23:45 - 00000000 ____D C:\Users\bogus\AppData\Roaming\Malwarebytes 2013-05-11 23:43 - 2013-05-11 23:43 - 00000020 ___SH C:\Users\adm\ntuser.ini 2013-05-11 23:43 - 2013-05-11 23:43 - 00000000 ____D C:\users\adm 2013-05-11 23:43 - 2010-01-25 02:24 - 00000000 ____D C:\Users\adm\AppData\Roaming\Macromedia 2013-05-11 23:13 - 2013-05-12 01:56 - 00000000 ____D C:\Users\bogus\AppData\Local\TSVNCache 2013-05-11 23:13 - 2013-05-11 23:13 - 00000000 ____D C:\Users\bogus\AppData\Roaming\Subversion 2013-05-11 23:12 - 2013-05-11 23:30 - 00000000 ____D C:\Users\jason.birzer\AppData\Local\NPE 2013-05-11 23:12 - 2013-05-11 23:12 - 00000000 ____D C:\ProgramData\Norton 2013-05-11 23:02 - 2013-05-12 23:31 - 00000336 ____A C:\Windows\setupact.log 2013-05-11 23:02 - 2013-05-11 23:02 - 00000020 ___SH C:\Users\bogus\ntuser.ini 2013-05-11 23:02 - 2013-05-11 23:02 - 00000000 ____D C:\users\bogus 2013-05-11 23:02 - 2010-01-25 02:24 - 00000000 ____D C:\Users\bogus\AppData\Roaming\Macromedia 2013-05-11 23:01 - 2013-05-11 23:01 - 00000318 ____A C:\Windows\wininit.ini 2013-05-11 22:47 - 2013-05-11 23:02 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-05-11 22:46 - 2013-05-11 22:46 - 00002137 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2013-05-11 22:46 - 2013-05-11 22:46 - 00000632 ____A C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job 2013-05-11 22:46 - 2013-05-11 22:46 - 00000628 ____A C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job 2013-05-11 22:46 - 2013-05-11 22:46 - 00000458 ____A C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job 2013-05-11 22:46 - 2013-05-11 22:46 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2013-05-11 22:46 - 2009-01-25 12:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe 2013-05-11 15:39 - 2013-05-11 15:39 - 00002272 ____A C:\Users\jason.birzer\Desktop\SpyHunter.lnk 2013-05-11 15:39 - 2013-05-11 15:39 - 00000000 ____D C:\Windows\22B3AE667A374118BADB3680C15CA366.TMP 2013-05-11 15:39 - 2013-05-11 15:39 - 00000000 ____D C:\sh4ldr 2013-05-11 15:39 - 2013-05-11 15:39 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-05-11 15:39 - 2012-06-22 11:01 - 00022704 ____A C:\Windows\System32\Drivers\EsgScanner.sys 2013-05-11 12:59 - 2013-05-11 12:59 - 00003078 ____A C:\Users\jason.birzer\Desktop\Rkill.txt 2013-05-11 12:59 - 2013-05-11 12:59 - 00000000 ____D C:\Users\jason.birzer\Desktop\rkill 2013-05-11 12:12 - 2013-05-11 12:44 - 00000000 ____D C:\ProgramData\HitmanPro 2013-05-11 11:57 - 2013-05-11 11:57 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-05-11 11:57 - 2013-05-11 11:57 - 00000000 ____D C:\Users\jason.birzer\AppData\Roaming\Malwarebytes 2013-05-11 11:57 - 2013-05-11 11:57 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-05-11 11:57 - 2013-05-11 11:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-05-11 11:57 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-05-11 01:16 - 2013-05-11 01:16 - 00000000 ___HD C:\Users\Public\Documents\Report 2013-04-30 01:46 - 2013-04-30 01:46 - 00000000 ____D C:\Users\jason.birzer\AppData\Roaming\Greenshot 2013-04-30 01:46 - 2013-04-30 01:46 - 00000000 ____D C:\Users\jason.birzer\AppData\Local\Greenshot 2013-04-30 01:46 - 2013-04-30 01:46 - 00000000 ____D C:\Program Files\Greenshot 2013-04-27 01:33 - 2013-04-27 01:33 - 00002127 ____A C:\Users\Public\Desktop\Venetica.lnk 2013-04-27 01:21 - 2013-04-27 01:33 - 00000000 ____D C:\Program Files (x86)\Venetica 2013-04-25 09:53 - 2013-05-02 10:13 - 00002010 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-04-25 09:53 - 2013-05-02 10:13 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan 2013-04-25 09:53 - 2013-04-25 09:53 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2013-04-24 05:18 - 2013-04-12 10:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-19 16:54 - 2013-04-19 16:54 - 03867442 ____A C:\Users\jason.birzer\Desktop\Mycomputer.nfo 2013-04-19 16:52 - 2013-04-19 16:52 - 00036538 ____A C:\Users\jason.birzer\Desktop\DxDiag.txt ==================== One Month Modified Files and Folders ======= 2013-05-12 23:35 - 2013-05-12 23:35 - 00000000 ____D C:\FRST 2013-05-12 23:31 - 2013-05-11 23:02 - 00000336 ____A C:\Windows\setupact.log 2013-05-12 23:31 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-12 23:30 - 2010-01-25 03:35 - 00523388 ____A C:\Windows\PFRO.log 2013-05-12 23:28 - 2013-05-12 01:57 - 00000000 ____D C:\Users\adm\AppData\Local\TSVNCache 2013-05-12 23:28 - 2012-10-14 17:07 - 00000000 ____D C:\Users\jason.birzer\AppData\Local\TSVNCache 2013-05-12 23:28 - 2010-01-24 14:19 - 01153146 ____A C:\Windows\WindowsUpdate.log 2013-05-12 23:28 - 2009-07-14 01:13 - 00957134 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-12 23:28 - 2009-07-14 00:45 - 00013456 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-12 23:28 - 2009-07-14 00:45 - 00013456 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-12 22:51 - 2012-04-01 21:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-12 22:43 - 2012-06-20 00:23 - 00000000 ____D C:\Users\jason.birzer\AppData\Local\CrashDumps 2013-05-12 09:36 - 2013-05-12 09:36 - 00000000 ____D C:\Users\adm\AppData\Local\Apple 2013-05-12 02:36 - 2010-02-02 02:08 - 00000000 ____D C:\ProgramData\Zoom Player 2013-05-12 01:57 - 2013-05-12 01:57 - 00000000 ____D C:\Users\adm\AppData\Roaming\Subversion 2013-05-12 01:56 - 2013-05-11 23:13 - 00000000 ____D C:\Users\bogus\AppData\Local\TSVNCache 2013-05-11 23:45 - 2013-05-11 23:45 - 00000000 ____D C:\Users\bogus\AppData\Roaming\Malwarebytes 2013-05-11 23:43 - 2013-05-11 23:43 - 00000020 ___SH C:\Users\adm\ntuser.ini 2013-05-11 23:43 - 2013-05-11 23:43 - 00000000 ____D C:\users\adm 2013-05-11 23:30 - 2013-05-11 23:12 - 00000000 ____D C:\Users\jason.birzer\AppData\Local\NPE 2013-05-11 23:13 - 2013-05-11 23:13 - 00000000 ____D C:\Users\bogus\AppData\Roaming\Subversion 2013-05-11 23:12 - 2013-05-11 23:12 - 00000000 ____D C:\ProgramData\Norton 2013-05-11 23:02 - 2013-05-11 23:02 - 00000020 ___SH C:\Users\bogus\ntuser.ini 2013-05-11 23:02 - 2013-05-11 23:02 - 00000000 ____D C:\users\bogus 2013-05-11 23:02 - 2013-05-11 22:47 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-05-11 23:01 - 2013-05-11 23:01 - 00000318 ____A C:\Windows\wininit.ini 2013-05-11 22:46 - 2013-05-11 22:46 - 00002137 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2013-05-11 22:46 - 2013-05-11 22:46 - 00000632 ____A C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job 2013-05-11 22:46 - 2013-05-11 22:46 - 00000628 ____A C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job 2013-05-11 22:46 - 2013-05-11 22:46 - 00000458 ____A C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job 2013-05-11 22:46 - 2013-05-11 22:46 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2013-05-11 15:39 - 2013-05-11 15:39 - 00002272 ____A C:\Users\jason.birzer\Desktop\SpyHunter.lnk 2013-05-11 15:39 - 2013-05-11 15:39 - 00000000 ____D C:\Windows\22B3AE667A374118BADB3680C15CA366.TMP 2013-05-11 15:39 - 2013-05-11 15:39 - 00000000 ____D C:\sh4ldr 2013-05-11 15:39 - 2013-05-11 15:39 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-05-11 12:59 - 2013-05-11 12:59 - 00003078 ____A C:\Users\jason.birzer\Desktop\Rkill.txt 2013-05-11 12:59 - 2013-05-11 12:59 - 00000000 ____D C:\Users\jason.birzer\Desktop\rkill 2013-05-11 12:44 - 2013-05-11 12:12 - 00000000 ____D C:\ProgramData\HitmanPro 2013-05-11 12:35 - 2011-02-13 19:04 - 00016384 __ASH C:\Users\jason.birzer\Thumbs.db 2013-05-11 11:57 - 2013-05-11 11:57 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-05-11 11:57 - 2013-05-11 11:57 - 00000000 ____D C:\Users\jason.birzer\AppData\Roaming\Malwarebytes 2013-05-11 11:57 - 2013-05-11 11:57 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-05-11 11:57 - 2013-05-11 11:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-05-11 11:48 - 2011-06-13 00:03 - 00000000 ____D C:\Windows\pss 2013-05-11 01:16 - 2013-05-11 01:16 - 00000000 ___HD C:\Users\Public\Documents\Report 2013-05-09 20:36 - 2010-01-25 10:44 - 00000000 ____D C:\Program Files (x86)\Steam 2013-05-08 19:10 - 2010-08-29 23:20 - 00107971 ____A C:\Windows\cdplayer.ini 2013-05-07 00:00 - 2010-02-02 02:19 - 00000410 ____A C:\Windows\Tasks\updater.exe.job 2013-05-03 00:51 - 2012-04-26 02:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-05-02 11:29 - 2010-01-24 14:33 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2013-05-02 10:13 - 2013-04-25 09:53 - 00002010 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-05-02 10:13 - 2013-04-25 09:53 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan 2013-04-30 17:10 - 2011-05-01 10:59 - 00000000 ____D C:\Program Files (x86)\Luxor 2013-04-30 01:46 - 2013-04-30 01:46 - 00000000 ____D C:\Users\jason.birzer\AppData\Roaming\Greenshot 2013-04-30 01:46 - 2013-04-30 01:46 - 00000000 ____D C:\Users\jason.birzer\AppData\Local\Greenshot 2013-04-30 01:46 - 2013-04-30 01:46 - 00000000 ____D C:\Program Files\Greenshot 2013-04-30 01:39 - 2012-03-18 01:35 - 00000000 ____D C:\Program Files (x86)\Screenshot Pilot 2013-04-27 01:33 - 2013-04-27 01:33 - 00002127 ____A C:\Users\Public\Desktop\Venetica.lnk 2013-04-27 01:33 - 2013-04-27 01:21 - 00000000 ____D C:\Program Files (x86)\Venetica 2013-04-25 09:53 - 2013-04-25 09:53 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2013-04-25 09:53 - 2012-04-01 21:10 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-04-25 09:53 - 2011-07-06 20:28 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-04-25 09:53 - 2010-01-25 02:25 - 00000000 ____D C:\ProgramData\Adobe 2013-04-25 09:51 - 2013-04-11 23:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-04-19 16:54 - 2013-04-19 16:54 - 03867442 ____A C:\Users\jason.birzer\Desktop\Mycomputer.nfo 2013-04-19 16:52 - 2013-04-19 16:52 - 00036538 ____A C:\Users\jason.birzer\Desktop\DxDiag.txt 2013-04-18 14:10 - 2011-10-22 23:41 - 00000000 ____D C:\Program Files (x86)\Origin 2013-04-12 10:45 - 2013-04-24 05:18 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys Other Malware: =========== C:\ProgramData\hash.dat ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll [2011-04-02 16:51] - [2012-10-04 12:47] - 0869376 ____A (Microsoft Corporation) 47F6DD86DDCAD50F2DC1E3652728F01E C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit Last Boot: 2013-05-04 00:23 ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top