Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Moneypak Ransomware virus
Message
<blockquote data-quote="thelongshot" data-source="post: 120512" data-attributes="member: 8185"><p>Here it is:</p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-05-2013</p><p>Ran by jason.birzer (administrator) on 13-05-2013 17:26:37</p><p>Running from H:\</p><p>Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)</p><p>Internet Explorer Version 8</p><p>Boot Mode: Safe Mode (minimal)</p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe</p><p>(Microsoft Corporation) C:\windows\system32\cmd.exe</p><p>(Farbar) H:\FRST64.exe</p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3825176 2012-11-13] (Safer-Networking Ltd.)</p><p>HKU\adm\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]</p><p>HKU\adm\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-05-18] (Hewlett-Packard Company)</p><p>HKU\Administrator\...\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent [1635752 2013-05-03] (Valve Corporation)</p><p>HKU\Administrator\...\Run: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer [2264336 2010-08-24] (TiVo Inc.)</p><p>HKU\Administrator\...\Run: [TivoTransfer] C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe [608528 2010-08-24] (TiVo Inc.)</p><p>HKU\Administrator\...\Run: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify [437520 2010-08-24] (TiVo Inc.)</p><p>HKU\Administrator\...\Run: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe [856336 2010-08-24] (TiVo Inc.)</p><p>HKU\Administrator\...\Run: [F.lux] "C:\Users\jason.birzer\Local Settings\Apps\F.lux\flux.exe" /noshow [x]</p><p>HKU\Administrator\...\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [6377120 2012-09-20] (SlySoft, Inc.)</p><p>HKU\Administrator\...\Run: [Desura] C:\Program Files (x86)\Desura\desura.exe -autostart [2529096 2012-03-24] (Desura Pty Ltd)</p><p>HKU\Administrator\...\Run: [Akamai NetSession Interface] "C:\Users\jason.birzer\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)</p><p>HKU\bogus\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]</p><p>HKU\bogus\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-05-18] (Hewlett-Packard Company)</p><p>HKU\Classic .NET AppPool\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]</p><p>HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]</p><p>HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]</p><p>HKU\DefaultAppPool\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]</p><p>HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]</p><p>BootExecute: autocheck autochk * sdnclean64.exe</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com</p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm</p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com</p><p>SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyByCzytB0EtByEyCtN0D0Tzu0CtBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593045297</p><p>SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}</p><p>SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyByCzytB0EtByEyCtN0D0Tzu0CtBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593045297</p><p>SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyByCzytB0EtByEyCtN0D0Tzu0CtBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593045297</p><p>SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1</p><p>BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)</p><p>BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)</p><p>BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)</p><p>BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)</p><p>BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)</p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</p><p>PDF: HKLM-x32 {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab</p><p>PDF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab</p><p>PDF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab</p><p>Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [20992] (Microsoft Corporation)</p><p>Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.1</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\jason.birzer\AppData\Roaming\Mozilla\Firefox\Profiles\8nmd9h63.default</p><p>FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll ()</p><p>FF Plugin: @microsoft.com/GENUINE - C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()</p><p>FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)</p><p>FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)</p><p>FF Plugin-x32: @microsoft.com/GENUINE - C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: @nosltd.com/getPlus+(R),version=1.6.2.103 - C:\Program Files (x86)\NOS\bin\np_gp.dll No File</p><p>FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)</p><p>FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)</p><p>FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>S3 Droppix Service; C:\Program Files (x86)\Common Files\Droppix\DxService.exe [221184 2009-08-28] (Droppix)</p><p>S2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)</p><p>S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)</p><p>S3 Media Center 16 Service; C:\Program Files (x86)\J River\Media Center 16\JRService.exe [384136 2011-10-18] (J. River, Inc.)</p><p>S2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [67400 2011-04-01] (Microsoft Corporation)</p><p>R2 MsMpSvc; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation)</p><p>S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)</p><p>S3 NisSrv; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation)</p><p>S2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [301760 2012-12-10] ()</p><p>S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)</p><p>S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)</p><p>S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)</p><p>S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1024384 2013-01-14] (Enigma Software Group USA, LLC.)</p><p>S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)</p><p>S2 TivoBeacon2; C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [1104656 2010-08-24] (TiVo Inc.)</p><p>S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [x]</p><p>S3 SymSnapService; "C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe" [x]</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)</p><p>S1 archlp; C:\Windows\System32\drivers\archlp.sys [136192 2010-07-07] ()</p><p>S3 dgderdrv; C:\Windows\SysWow64\drivers\dgderdrv.sys [20032 2011-05-08] (Devguru Co., Ltd)</p><p>S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()</p><p>S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)</p><p>S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)</p><p>S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()</p><p>S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)</p><p>S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19032 2013-01-11] ()</p><p>S3 pwdspio; C:\windows\system32\pwdspio.sys [12384 2013-01-11] ()</p><p>S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()</p><p>S3 ADIHdAudAddService; system32\drivers\ADIHdAud.sys [x]</p><p>S2 Aspi32; System32\drivers\aspi32.sys [x]</p><p>S3 catchme; \??\C:\ComboFix\catchme.sys [x]</p><p>S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]</p><p>S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]</p><p>S1 ElbyCDIO; System32\Drivers\ElbyCDIO.sys [x]</p><p>S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-05-13 13:56 - 2013-05-13 13:56 - 00017617 ____A C:\ComboFix.txt</p><p>2013-05-13 13:49 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe</p><p>2013-05-13 13:49 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe</p><p>2013-05-13 13:49 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe</p><p>2013-05-13 13:49 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe</p><p>2013-05-13 13:49 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe</p><p>2013-05-13 13:49 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe</p><p>2013-05-13 13:49 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe</p><p>2013-05-13 13:49 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe</p><p>2013-05-13 13:46 - 2013-05-13 13:56 - 00000000 ___AD C:\Qoobox</p><p>2013-05-13 13:46 - 2013-05-13 13:55 - 00000000 ____D C:\Windows\erdnt</p><p>2013-05-13 00:12 - 2013-05-13 00:12 - 00002577 ____A C:\Users\jason.birzer\Desktop\RKreport[1]_S_05132013_02d0012.txt</p><p>2013-05-13 00:12 - 2013-05-13 00:12 - 00002460 ____A C:\Users\jason.birzer\Desktop\RKreport[2]_D_05132013_02d0012.txt</p><p>2013-05-13 00:12 - 2013-05-13 00:12 - 00000000 ____D C:\Users\jason.birzer\Desktop\RK_Quarantine</p><p>2013-05-13 00:08 - 2013-05-13 00:08 - 00014236 ____A C:\AdwCleaner[S1].txt</p><p>2013-05-13 00:07 - 2013-05-13 00:01 - 00816128 ____A C:\Users\jason.birzer\Desktop\RogueKiller.exe</p><p>2013-05-13 00:07 - 2013-05-13 00:00 - 00628743 ____A C:\Users\jason.birzer\Desktop\AdwCleaner.exe</p><p>2013-05-13 00:06 - 2013-05-12 23:55 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\jason.birzer\Desktop\rkill.com</p><p>2013-05-12 23:35 - 2013-05-12 23:35 - 00000000 ____D C:\FRST</p><p>2013-05-12 09:36 - 2013-05-12 09:36 - 00000000 ____D C:\Users\adm\AppData\Local\Apple</p><p>2013-05-12 01:57 - 2013-05-12 23:28 - 00000000 ____D C:\Users\adm\AppData\Local\TSVNCache</p><p>2013-05-12 01:57 - 2013-05-12 01:57 - 00000000 ____D C:\Users\adm\AppData\Roaming\Subversion</p><p>2013-05-11 23:45 - 2013-05-11 23:45 - 00000000 ____D C:\Users\bogus\AppData\Roaming\Malwarebytes</p><p>2013-05-11 23:43 - 2013-05-11 23:43 - 00000020 ___SH C:\Users\adm\ntuser.ini</p><p>2013-05-11 23:43 - 2013-05-11 23:43 - 00000000 ____D C:\users\adm</p><p>2013-05-11 23:43 - 2010-01-25 02:24 - 00000000 ____D C:\Users\adm\AppData\Roaming\Macromedia</p><p>2013-05-11 23:13 - 2013-05-13 17:24 - 00000000 ____D C:\Users\bogus\AppData\Local\TSVNCache</p><p>2013-05-11 23:13 - 2013-05-11 23:13 - 00000000 ____D C:\Users\bogus\AppData\Roaming\Subversion</p><p>2013-05-11 23:12 - 2013-05-11 23:30 - 00000000 ____D C:\Users\jason.birzer\AppData\Local\NPE</p><p>2013-05-11 23:12 - 2013-05-11 23:12 - 00000000 ____D C:\ProgramData\Norton</p><p>2013-05-11 23:02 - 2013-05-13 14:41 - 00000784 ____A C:\Windows\setupact.log</p><p>2013-05-11 23:02 - 2013-05-11 23:02 - 00000020 ___SH C:\Users\bogus\ntuser.ini</p><p>2013-05-11 23:02 - 2013-05-11 23:02 - 00000000 ____D C:\users\bogus</p><p>2013-05-11 23:02 - 2010-01-25 02:24 - 00000000 ____D C:\Users\bogus\AppData\Roaming\Macromedia</p><p>2013-05-11 22:47 - 2013-05-11 23:02 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy</p><p>2013-05-11 22:46 - 2013-05-11 22:46 - 00002137 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk</p><p>2013-05-11 22:46 - 2013-05-11 22:46 - 00000632 ____A C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job</p><p>2013-05-11 22:46 - 2013-05-11 22:46 - 00000628 ____A C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job</p><p>2013-05-11 22:46 - 2013-05-11 22:46 - 00000458 ____A C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job</p><p>2013-05-11 22:46 - 2013-05-11 22:46 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2</p><p>2013-05-11 22:46 - 2009-01-25 12:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe</p><p>2013-05-11 15:39 - 2013-05-11 15:39 - 00002272 ____A C:\Users\jason.birzer\Desktop\SpyHunter.lnk</p><p>2013-05-11 15:39 - 2013-05-11 15:39 - 00000000 ____D C:\sh4ldr</p><p>2013-05-11 15:39 - 2013-05-11 15:39 - 00000000 ____D C:\Program Files\Enigma Software Group</p><p>2013-05-11 15:39 - 2012-06-22 11:01 - 00022704 ____A C:\Windows\System32\Drivers\EsgScanner.sys</p><p>2013-05-11 12:59 - 2013-05-11 12:59 - 00000000 ____D C:\Users\jason.birzer\Desktop\rkill</p><p>2013-05-11 12:12 - 2013-05-11 12:44 - 00000000 ____D C:\ProgramData\HitmanPro</p><p>2013-05-11 11:57 - 2013-05-11 11:57 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2013-05-11 11:57 - 2013-05-11 11:57 - 00000000 ____D C:\Users\jason.birzer\AppData\Roaming\Malwarebytes</p><p>2013-05-11 11:57 - 2013-05-11 11:57 - 00000000 ____D C:\ProgramData\Malwarebytes</p><p>2013-05-11 11:57 - 2013-05-11 11:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware</p><p>2013-05-11 11:57 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys</p><p>2013-05-11 01:16 - 2013-05-11 01:16 - 00000000 ___HD C:\Users\Public\Documents\Report</p><p>2013-04-30 01:46 - 2013-04-30 01:46 - 00000000 ____D C:\Users\jason.birzer\AppData\Roaming\Greenshot</p><p>2013-04-30 01:46 - 2013-04-30 01:46 - 00000000 ____D C:\Users\jason.birzer\AppData\Local\Greenshot</p><p>2013-04-30 01:46 - 2013-04-30 01:46 - 00000000 ____D C:\Program Files\Greenshot</p><p>2013-04-27 01:33 - 2013-04-27 01:33 - 00002127 ____A C:\Users\Public\Desktop\Venetica.lnk</p><p>2013-04-27 01:21 - 2013-04-27 01:33 - 00000000 ____D C:\Program Files (x86)\Venetica</p><p>2013-04-25 09:53 - 2013-05-02 10:13 - 00002010 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk</p><p>2013-04-25 09:53 - 2013-05-02 10:13 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan</p><p>2013-04-25 09:53 - 2013-04-25 09:53 - 00000000 ____D C:\ProgramData\McAfee Security Scan</p><p>2013-04-24 05:18 - 2013-04-12 10:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys</p><p>2013-04-19 16:54 - 2013-04-19 16:54 - 03867442 ____A C:\Users\jason.birzer\Desktop\Mycomputer.nfo</p><p>2013-04-19 16:52 - 2013-04-19 16:52 - 00036538 ____A C:\Users\jason.birzer\Desktop\DxDiag.txt</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2013-05-13 17:24 - 2013-05-11 23:13 - 00000000 ____D C:\Users\bogus\AppData\Local\TSVNCache</p><p>2013-05-13 17:24 - 2012-10-14 17:07 - 00000000 ____D C:\Users\jason.birzer\AppData\Local\TSVNCache</p><p>2013-05-13 17:24 - 2010-01-24 14:19 - 01318193 ____A C:\Windows\WindowsUpdate.log</p><p>2013-05-13 16:51 - 2012-04-01 21:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2013-05-13 15:43 - 2010-01-25 10:44 - 00000000 ____D C:\Program Files (x86)\Steam</p><p>2013-05-13 14:48 - 2009-07-14 00:45 - 00013456 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2013-05-13 14:48 - 2009-07-14 00:45 - 00013456 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2013-05-13 14:46 - 2009-07-14 01:13 - 00957134 ____A C:\Windows\System32\PerfStringBackup.INI</p><p>2013-05-13 14:41 - 2013-05-11 23:02 - 00000784 ____A C:\Windows\setupact.log</p><p>2013-05-13 14:41 - 2010-01-25 03:35 - 00523940 ____A C:\Windows\PFRO.log</p><p>2013-05-13 14:41 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT</p><p>2013-05-13 13:56 - 2013-05-13 13:56 - 00017617 ____A C:\ComboFix.txt</p><p>2013-05-13 13:56 - 2013-05-13 13:46 - 00000000 ___AD C:\Qoobox</p><p>2013-05-13 13:55 - 2013-05-13 13:46 - 00000000 ____D C:\Windows\erdnt</p><p>2013-05-13 13:54 - 2010-01-24 14:19 - 00000000 ____D C:\users\jason.birzer</p><p>2013-05-13 13:54 - 2009-07-13 22:34 - 00000215 ____A C:\Windows\system.ini</p><p>2013-05-13 13:14 - 2012-06-20 00:23 - 00000000 ____D C:\Users\jason.birzer\AppData\Local\CrashDumps</p><p>2013-05-13 10:57 - 2010-02-02 02:08 - 00000000 ____D C:\ProgramData\Zoom Player</p><p>2013-05-13 00:12 - 2013-05-13 00:12 - 00002577 ____A C:\Users\jason.birzer\Desktop\RKreport[1]_S_05132013_02d0012.txt</p><p>2013-05-13 00:12 - 2013-05-13 00:12 - 00002460 ____A C:\Users\jason.birzer\Desktop\RKreport[2]_D_05132013_02d0012.txt</p><p>2013-05-13 00:12 - 2013-05-13 00:12 - 00000000 ____D C:\Users\jason.birzer\Desktop\RK_Quarantine</p><p>2013-05-13 00:08 - 2013-05-13 00:08 - 00014236 ____A C:\AdwCleaner[S1].txt</p><p>2013-05-13 00:01 - 2013-05-13 00:07 - 00816128 ____A C:\Users\jason.birzer\Desktop\RogueKiller.exe</p><p>2013-05-13 00:00 - 2013-05-13 00:07 - 00628743 ____A C:\Users\jason.birzer\Desktop\AdwCleaner.exe</p><p>2013-05-12 23:55 - 2013-05-13 00:06 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\jason.birzer\Desktop\rkill.com</p><p>2013-05-12 23:35 - 2013-05-12 23:35 - 00000000 ____D C:\FRST</p><p>2013-05-12 23:28 - 2013-05-12 01:57 - 00000000 ____D C:\Users\adm\AppData\Local\TSVNCache</p><p>2013-05-12 09:36 - 2013-05-12 09:36 - 00000000 ____D C:\Users\adm\AppData\Local\Apple</p><p>2013-05-12 01:57 - 2013-05-12 01:57 - 00000000 ____D C:\Users\adm\AppData\Roaming\Subversion</p><p>2013-05-11 23:45 - 2013-05-11 23:45 - 00000000 ____D C:\Users\bogus\AppData\Roaming\Malwarebytes</p><p>2013-05-11 23:43 - 2013-05-11 23:43 - 00000020 ___SH C:\Users\adm\ntuser.ini</p><p>2013-05-11 23:43 - 2013-05-11 23:43 - 00000000 ____D C:\users\adm</p><p>2013-05-11 23:30 - 2013-05-11 23:12 - 00000000 ____D C:\Users\jason.birzer\AppData\Local\NPE</p><p>2013-05-11 23:13 - 2013-05-11 23:13 - 00000000 ____D C:\Users\bogus\AppData\Roaming\Subversion</p><p>2013-05-11 23:12 - 2013-05-11 23:12 - 00000000 ____D C:\ProgramData\Norton</p><p>2013-05-11 23:02 - 2013-05-11 23:02 - 00000020 ___SH C:\Users\bogus\ntuser.ini</p><p>2013-05-11 23:02 - 2013-05-11 23:02 - 00000000 ____D C:\users\bogus</p><p>2013-05-11 23:02 - 2013-05-11 22:47 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy</p><p>2013-05-11 22:46 - 2013-05-11 22:46 - 00002137 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk</p><p>2013-05-11 22:46 - 2013-05-11 22:46 - 00000632 ____A C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job</p><p>2013-05-11 22:46 - 2013-05-11 22:46 - 00000628 ____A C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job</p><p>2013-05-11 22:46 - 2013-05-11 22:46 - 00000458 ____A C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job</p><p>2013-05-11 22:46 - 2013-05-11 22:46 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2</p><p>2013-05-11 15:39 - 2013-05-11 15:39 - 00002272 ____A C:\Users\jason.birzer\Desktop\SpyHunter.lnk</p><p>2013-05-11 15:39 - 2013-05-11 15:39 - 00000000 ____D C:\sh4ldr</p><p>2013-05-11 15:39 - 2013-05-11 15:39 - 00000000 ____D C:\Program Files\Enigma Software Group</p><p>2013-05-11 12:59 - 2013-05-11 12:59 - 00000000 ____D C:\Users\jason.birzer\Desktop\rkill</p><p>2013-05-11 12:44 - 2013-05-11 12:12 - 00000000 ____D C:\ProgramData\HitmanPro</p><p>2013-05-11 12:35 - 2011-02-13 19:04 - 00016384 __ASH C:\Users\jason.birzer\Thumbs.db</p><p>2013-05-11 11:57 - 2013-05-11 11:57 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2013-05-11 11:57 - 2013-05-11 11:57 - 00000000 ____D C:\Users\jason.birzer\AppData\Roaming\Malwarebytes</p><p>2013-05-11 11:57 - 2013-05-11 11:57 - 00000000 ____D C:\ProgramData\Malwarebytes</p><p>2013-05-11 11:57 - 2013-05-11 11:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware</p><p>2013-05-11 11:48 - 2011-06-13 00:03 - 00000000 ____D C:\Windows\pss</p><p>2013-05-11 01:16 - 2013-05-11 01:16 - 00000000 ___HD C:\Users\Public\Documents\Report</p><p>2013-05-08 19:10 - 2010-08-29 23:20 - 00107971 ____A C:\Windows\cdplayer.ini</p><p>2013-05-07 00:00 - 2010-02-02 02:19 - 00000410 ____A C:\Windows\Tasks\updater.exe.job</p><p>2013-05-03 00:51 - 2012-04-26 02:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service</p><p>2013-05-02 11:29 - 2010-01-24 14:33 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe</p><p>2013-05-02 10:13 - 2013-04-25 09:53 - 00002010 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk</p><p>2013-05-02 10:13 - 2013-04-25 09:53 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan</p><p>2013-04-30 17:10 - 2011-05-01 10:59 - 00000000 ____D C:\Program Files (x86)\Luxor</p><p>2013-04-30 01:46 - 2013-04-30 01:46 - 00000000 ____D C:\Users\jason.birzer\AppData\Roaming\Greenshot</p><p>2013-04-30 01:46 - 2013-04-30 01:46 - 00000000 ____D C:\Users\jason.birzer\AppData\Local\Greenshot</p><p>2013-04-30 01:46 - 2013-04-30 01:46 - 00000000 ____D C:\Program Files\Greenshot</p><p>2013-04-30 01:39 - 2012-03-18 01:35 - 00000000 ____D C:\Program Files (x86)\Screenshot Pilot</p><p>2013-04-27 01:33 - 2013-04-27 01:33 - 00002127 ____A C:\Users\Public\Desktop\Venetica.lnk</p><p>2013-04-27 01:33 - 2013-04-27 01:21 - 00000000 ____D C:\Program Files (x86)\Venetica</p><p>2013-04-25 09:53 - 2013-04-25 09:53 - 00000000 ____D C:\ProgramData\McAfee Security Scan</p><p>2013-04-25 09:53 - 2012-04-01 21:10 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</p><p>2013-04-25 09:53 - 2011-07-06 20:28 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2013-04-25 09:53 - 2010-01-25 02:25 - 00000000 ____D C:\ProgramData\Adobe</p><p>2013-04-25 09:51 - 2013-04-11 23:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox</p><p>2013-04-19 16:54 - 2013-04-19 16:54 - 03867442 ____A C:\Users\jason.birzer\Desktop\Mycomputer.nfo</p><p>2013-04-19 16:52 - 2013-04-19 16:52 - 00036538 ____A C:\Users\jason.birzer\Desktop\DxDiag.txt</p><p>2013-04-18 14:10 - 2011-10-22 23:41 - 00000000 ____D C:\Program Files (x86)\Origin</p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\wininit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\SysWOW64\User32.dll</p><p>[2011-04-02 16:51] - [2012-10-04 12:47] - 0869376 ____A (Microsoft Corporation) 47F6DD86DDCAD50F2DC1E3652728F01E</p><p></p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p></p><p>Last Boot: 2013-05-04 00:23</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="thelongshot, post: 120512, member: 8185"] Here it is: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-05-2013 Ran by jason.birzer (administrator) on 13-05-2013 17:26:37 Running from H:\ Windows 7 Professional Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) C:\windows\system32\cmd.exe (Farbar) H:\FRST64.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3825176 2012-11-13] (Safer-Networking Ltd.) HKU\adm\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x] HKU\adm\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-05-18] (Hewlett-Packard Company) HKU\Administrator\...\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent [1635752 2013-05-03] (Valve Corporation) HKU\Administrator\...\Run: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer [2264336 2010-08-24] (TiVo Inc.) HKU\Administrator\...\Run: [TivoTransfer] C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe [608528 2010-08-24] (TiVo Inc.) HKU\Administrator\...\Run: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify [437520 2010-08-24] (TiVo Inc.) HKU\Administrator\...\Run: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe [856336 2010-08-24] (TiVo Inc.) HKU\Administrator\...\Run: [F.lux] "C:\Users\jason.birzer\Local Settings\Apps\F.lux\flux.exe" /noshow [x] HKU\Administrator\...\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [6377120 2012-09-20] (SlySoft, Inc.) HKU\Administrator\...\Run: [Desura] C:\Program Files (x86)\Desura\desura.exe -autostart [2529096 2012-03-24] (Desura Pty Ltd) HKU\Administrator\...\Run: [Akamai NetSession Interface] "C:\Users\jason.birzer\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.) HKU\bogus\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x] HKU\bogus\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-05-18] (Hewlett-Packard Company) HKU\Classic .NET AppPool\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x] HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x] HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x] HKU\DefaultAppPool\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x] HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x] BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyByCzytB0EtByEyCtN0D0Tzu0CtBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593045297 SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyByCzytB0EtByEyCtN0D0Tzu0CtBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593045297 SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyByCzytB0EtByEyCtN0D0Tzu0CtBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593045297 SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1 BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) PDF: HKLM-x32 {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab PDF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab PDF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [20992] (Microsoft Corporation) Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\jason.birzer\AppData\Roaming\Mozilla\Firefox\Profiles\8nmd9h63.default FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll () FF Plugin: @microsoft.com/GENUINE - C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nosltd.com/getPlus+(R),version=1.6.2.103 - C:\Program Files (x86)\NOS\bin\np_gp.dll No File FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ==================== Services (Whitelisted) ================= S3 Droppix Service; C:\Program Files (x86)\Common Files\Droppix\DxService.exe [221184 2009-08-28] (Droppix) S2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) S3 Media Center 16 Service; C:\Program Files (x86)\J River\Media Center 16\JRService.exe [384136 2011-10-18] (J. River, Inc.) S2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [67400 2011-04-01] (Microsoft Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation) S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation) S3 NisSrv; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation) S2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [301760 2012-12-10] () S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.) S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.) S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1024384 2013-01-14] (Enigma Software Group USA, LLC.) S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation) S2 TivoBeacon2; C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [1104656 2010-08-24] (TiVo Inc.) S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [x] S3 SymSnapService; "C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe" [x] ==================== Drivers (Whitelisted) ==================== R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.) S1 archlp; C:\Windows\System32\drivers\archlp.sys [136192 2010-07-07] () S3 dgderdrv; C:\Windows\SysWow64\drivers\dgderdrv.sys [20032 2011-05-08] (Devguru Co., Ltd) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] () S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation) S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation) S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation) S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19032 2013-01-11] () S3 pwdspio; C:\windows\system32\pwdspio.sys [12384 2013-01-11] () S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] () S3 ADIHdAudAddService; system32\drivers\ADIHdAud.sys [x] S2 Aspi32; System32\drivers\aspi32.sys [x] S3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x] S1 ElbyCDIO; System32\Drivers\ElbyCDIO.sys [x] S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-13 13:56 - 2013-05-13 13:56 - 00017617 ____A C:\ComboFix.txt 2013-05-13 13:49 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe 2013-05-13 13:49 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe 2013-05-13 13:49 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2013-05-13 13:49 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2013-05-13 13:49 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2013-05-13 13:49 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe 2013-05-13 13:49 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe 2013-05-13 13:49 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe 2013-05-13 13:46 - 2013-05-13 13:56 - 00000000 ___AD C:\Qoobox 2013-05-13 13:46 - 2013-05-13 13:55 - 00000000 ____D C:\Windows\erdnt 2013-05-13 00:12 - 2013-05-13 00:12 - 00002577 ____A C:\Users\jason.birzer\Desktop\RKreport[1]_S_05132013_02d0012.txt 2013-05-13 00:12 - 2013-05-13 00:12 - 00002460 ____A C:\Users\jason.birzer\Desktop\RKreport[2]_D_05132013_02d0012.txt 2013-05-13 00:12 - 2013-05-13 00:12 - 00000000 ____D C:\Users\jason.birzer\Desktop\RK_Quarantine 2013-05-13 00:08 - 2013-05-13 00:08 - 00014236 ____A C:\AdwCleaner[S1].txt 2013-05-13 00:07 - 2013-05-13 00:01 - 00816128 ____A C:\Users\jason.birzer\Desktop\RogueKiller.exe 2013-05-13 00:07 - 2013-05-13 00:00 - 00628743 ____A C:\Users\jason.birzer\Desktop\AdwCleaner.exe 2013-05-13 00:06 - 2013-05-12 23:55 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\jason.birzer\Desktop\rkill.com 2013-05-12 23:35 - 2013-05-12 23:35 - 00000000 ____D C:\FRST 2013-05-12 09:36 - 2013-05-12 09:36 - 00000000 ____D C:\Users\adm\AppData\Local\Apple 2013-05-12 01:57 - 2013-05-12 23:28 - 00000000 ____D C:\Users\adm\AppData\Local\TSVNCache 2013-05-12 01:57 - 2013-05-12 01:57 - 00000000 ____D C:\Users\adm\AppData\Roaming\Subversion 2013-05-11 23:45 - 2013-05-11 23:45 - 00000000 ____D C:\Users\bogus\AppData\Roaming\Malwarebytes 2013-05-11 23:43 - 2013-05-11 23:43 - 00000020 ___SH C:\Users\adm\ntuser.ini 2013-05-11 23:43 - 2013-05-11 23:43 - 00000000 ____D C:\users\adm 2013-05-11 23:43 - 2010-01-25 02:24 - 00000000 ____D C:\Users\adm\AppData\Roaming\Macromedia 2013-05-11 23:13 - 2013-05-13 17:24 - 00000000 ____D C:\Users\bogus\AppData\Local\TSVNCache 2013-05-11 23:13 - 2013-05-11 23:13 - 00000000 ____D C:\Users\bogus\AppData\Roaming\Subversion 2013-05-11 23:12 - 2013-05-11 23:30 - 00000000 ____D C:\Users\jason.birzer\AppData\Local\NPE 2013-05-11 23:12 - 2013-05-11 23:12 - 00000000 ____D C:\ProgramData\Norton 2013-05-11 23:02 - 2013-05-13 14:41 - 00000784 ____A C:\Windows\setupact.log 2013-05-11 23:02 - 2013-05-11 23:02 - 00000020 ___SH C:\Users\bogus\ntuser.ini 2013-05-11 23:02 - 2013-05-11 23:02 - 00000000 ____D C:\users\bogus 2013-05-11 23:02 - 2010-01-25 02:24 - 00000000 ____D C:\Users\bogus\AppData\Roaming\Macromedia 2013-05-11 22:47 - 2013-05-11 23:02 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-05-11 22:46 - 2013-05-11 22:46 - 00002137 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2013-05-11 22:46 - 2013-05-11 22:46 - 00000632 ____A C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job 2013-05-11 22:46 - 2013-05-11 22:46 - 00000628 ____A C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job 2013-05-11 22:46 - 2013-05-11 22:46 - 00000458 ____A C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job 2013-05-11 22:46 - 2013-05-11 22:46 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2013-05-11 22:46 - 2009-01-25 12:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe 2013-05-11 15:39 - 2013-05-11 15:39 - 00002272 ____A C:\Users\jason.birzer\Desktop\SpyHunter.lnk 2013-05-11 15:39 - 2013-05-11 15:39 - 00000000 ____D C:\sh4ldr 2013-05-11 15:39 - 2013-05-11 15:39 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-05-11 15:39 - 2012-06-22 11:01 - 00022704 ____A C:\Windows\System32\Drivers\EsgScanner.sys 2013-05-11 12:59 - 2013-05-11 12:59 - 00000000 ____D C:\Users\jason.birzer\Desktop\rkill 2013-05-11 12:12 - 2013-05-11 12:44 - 00000000 ____D C:\ProgramData\HitmanPro 2013-05-11 11:57 - 2013-05-11 11:57 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-05-11 11:57 - 2013-05-11 11:57 - 00000000 ____D C:\Users\jason.birzer\AppData\Roaming\Malwarebytes 2013-05-11 11:57 - 2013-05-11 11:57 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-05-11 11:57 - 2013-05-11 11:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-05-11 11:57 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-05-11 01:16 - 2013-05-11 01:16 - 00000000 ___HD C:\Users\Public\Documents\Report 2013-04-30 01:46 - 2013-04-30 01:46 - 00000000 ____D C:\Users\jason.birzer\AppData\Roaming\Greenshot 2013-04-30 01:46 - 2013-04-30 01:46 - 00000000 ____D C:\Users\jason.birzer\AppData\Local\Greenshot 2013-04-30 01:46 - 2013-04-30 01:46 - 00000000 ____D C:\Program Files\Greenshot 2013-04-27 01:33 - 2013-04-27 01:33 - 00002127 ____A C:\Users\Public\Desktop\Venetica.lnk 2013-04-27 01:21 - 2013-04-27 01:33 - 00000000 ____D C:\Program Files (x86)\Venetica 2013-04-25 09:53 - 2013-05-02 10:13 - 00002010 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-04-25 09:53 - 2013-05-02 10:13 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan 2013-04-25 09:53 - 2013-04-25 09:53 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2013-04-24 05:18 - 2013-04-12 10:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-19 16:54 - 2013-04-19 16:54 - 03867442 ____A C:\Users\jason.birzer\Desktop\Mycomputer.nfo 2013-04-19 16:52 - 2013-04-19 16:52 - 00036538 ____A C:\Users\jason.birzer\Desktop\DxDiag.txt ==================== One Month Modified Files and Folders ======= 2013-05-13 17:24 - 2013-05-11 23:13 - 00000000 ____D C:\Users\bogus\AppData\Local\TSVNCache 2013-05-13 17:24 - 2012-10-14 17:07 - 00000000 ____D C:\Users\jason.birzer\AppData\Local\TSVNCache 2013-05-13 17:24 - 2010-01-24 14:19 - 01318193 ____A C:\Windows\WindowsUpdate.log 2013-05-13 16:51 - 2012-04-01 21:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-13 15:43 - 2010-01-25 10:44 - 00000000 ____D C:\Program Files (x86)\Steam 2013-05-13 14:48 - 2009-07-14 00:45 - 00013456 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-13 14:48 - 2009-07-14 00:45 - 00013456 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-13 14:46 - 2009-07-14 01:13 - 00957134 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-13 14:41 - 2013-05-11 23:02 - 00000784 ____A C:\Windows\setupact.log 2013-05-13 14:41 - 2010-01-25 03:35 - 00523940 ____A C:\Windows\PFRO.log 2013-05-13 14:41 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-13 13:56 - 2013-05-13 13:56 - 00017617 ____A C:\ComboFix.txt 2013-05-13 13:56 - 2013-05-13 13:46 - 00000000 ___AD C:\Qoobox 2013-05-13 13:55 - 2013-05-13 13:46 - 00000000 ____D C:\Windows\erdnt 2013-05-13 13:54 - 2010-01-24 14:19 - 00000000 ____D C:\users\jason.birzer 2013-05-13 13:54 - 2009-07-13 22:34 - 00000215 ____A C:\Windows\system.ini 2013-05-13 13:14 - 2012-06-20 00:23 - 00000000 ____D C:\Users\jason.birzer\AppData\Local\CrashDumps 2013-05-13 10:57 - 2010-02-02 02:08 - 00000000 ____D C:\ProgramData\Zoom Player 2013-05-13 00:12 - 2013-05-13 00:12 - 00002577 ____A C:\Users\jason.birzer\Desktop\RKreport[1]_S_05132013_02d0012.txt 2013-05-13 00:12 - 2013-05-13 00:12 - 00002460 ____A C:\Users\jason.birzer\Desktop\RKreport[2]_D_05132013_02d0012.txt 2013-05-13 00:12 - 2013-05-13 00:12 - 00000000 ____D C:\Users\jason.birzer\Desktop\RK_Quarantine 2013-05-13 00:08 - 2013-05-13 00:08 - 00014236 ____A C:\AdwCleaner[S1].txt 2013-05-13 00:01 - 2013-05-13 00:07 - 00816128 ____A C:\Users\jason.birzer\Desktop\RogueKiller.exe 2013-05-13 00:00 - 2013-05-13 00:07 - 00628743 ____A C:\Users\jason.birzer\Desktop\AdwCleaner.exe 2013-05-12 23:55 - 2013-05-13 00:06 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\jason.birzer\Desktop\rkill.com 2013-05-12 23:35 - 2013-05-12 23:35 - 00000000 ____D C:\FRST 2013-05-12 23:28 - 2013-05-12 01:57 - 00000000 ____D C:\Users\adm\AppData\Local\TSVNCache 2013-05-12 09:36 - 2013-05-12 09:36 - 00000000 ____D C:\Users\adm\AppData\Local\Apple 2013-05-12 01:57 - 2013-05-12 01:57 - 00000000 ____D C:\Users\adm\AppData\Roaming\Subversion 2013-05-11 23:45 - 2013-05-11 23:45 - 00000000 ____D C:\Users\bogus\AppData\Roaming\Malwarebytes 2013-05-11 23:43 - 2013-05-11 23:43 - 00000020 ___SH C:\Users\adm\ntuser.ini 2013-05-11 23:43 - 2013-05-11 23:43 - 00000000 ____D C:\users\adm 2013-05-11 23:30 - 2013-05-11 23:12 - 00000000 ____D C:\Users\jason.birzer\AppData\Local\NPE 2013-05-11 23:13 - 2013-05-11 23:13 - 00000000 ____D C:\Users\bogus\AppData\Roaming\Subversion 2013-05-11 23:12 - 2013-05-11 23:12 - 00000000 ____D C:\ProgramData\Norton 2013-05-11 23:02 - 2013-05-11 23:02 - 00000020 ___SH C:\Users\bogus\ntuser.ini 2013-05-11 23:02 - 2013-05-11 23:02 - 00000000 ____D C:\users\bogus 2013-05-11 23:02 - 2013-05-11 22:47 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-05-11 22:46 - 2013-05-11 22:46 - 00002137 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2013-05-11 22:46 - 2013-05-11 22:46 - 00000632 ____A C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job 2013-05-11 22:46 - 2013-05-11 22:46 - 00000628 ____A C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job 2013-05-11 22:46 - 2013-05-11 22:46 - 00000458 ____A C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job 2013-05-11 22:46 - 2013-05-11 22:46 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2013-05-11 15:39 - 2013-05-11 15:39 - 00002272 ____A C:\Users\jason.birzer\Desktop\SpyHunter.lnk 2013-05-11 15:39 - 2013-05-11 15:39 - 00000000 ____D C:\sh4ldr 2013-05-11 15:39 - 2013-05-11 15:39 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-05-11 12:59 - 2013-05-11 12:59 - 00000000 ____D C:\Users\jason.birzer\Desktop\rkill 2013-05-11 12:44 - 2013-05-11 12:12 - 00000000 ____D C:\ProgramData\HitmanPro 2013-05-11 12:35 - 2011-02-13 19:04 - 00016384 __ASH C:\Users\jason.birzer\Thumbs.db 2013-05-11 11:57 - 2013-05-11 11:57 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-05-11 11:57 - 2013-05-11 11:57 - 00000000 ____D C:\Users\jason.birzer\AppData\Roaming\Malwarebytes 2013-05-11 11:57 - 2013-05-11 11:57 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-05-11 11:57 - 2013-05-11 11:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-05-11 11:48 - 2011-06-13 00:03 - 00000000 ____D C:\Windows\pss 2013-05-11 01:16 - 2013-05-11 01:16 - 00000000 ___HD C:\Users\Public\Documents\Report 2013-05-08 19:10 - 2010-08-29 23:20 - 00107971 ____A C:\Windows\cdplayer.ini 2013-05-07 00:00 - 2010-02-02 02:19 - 00000410 ____A C:\Windows\Tasks\updater.exe.job 2013-05-03 00:51 - 2012-04-26 02:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-05-02 11:29 - 2010-01-24 14:33 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2013-05-02 10:13 - 2013-04-25 09:53 - 00002010 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-05-02 10:13 - 2013-04-25 09:53 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan 2013-04-30 17:10 - 2011-05-01 10:59 - 00000000 ____D C:\Program Files (x86)\Luxor 2013-04-30 01:46 - 2013-04-30 01:46 - 00000000 ____D C:\Users\jason.birzer\AppData\Roaming\Greenshot 2013-04-30 01:46 - 2013-04-30 01:46 - 00000000 ____D C:\Users\jason.birzer\AppData\Local\Greenshot 2013-04-30 01:46 - 2013-04-30 01:46 - 00000000 ____D C:\Program Files\Greenshot 2013-04-30 01:39 - 2012-03-18 01:35 - 00000000 ____D C:\Program Files (x86)\Screenshot Pilot 2013-04-27 01:33 - 2013-04-27 01:33 - 00002127 ____A C:\Users\Public\Desktop\Venetica.lnk 2013-04-27 01:33 - 2013-04-27 01:21 - 00000000 ____D C:\Program Files (x86)\Venetica 2013-04-25 09:53 - 2013-04-25 09:53 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2013-04-25 09:53 - 2012-04-01 21:10 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-04-25 09:53 - 2011-07-06 20:28 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-04-25 09:53 - 2010-01-25 02:25 - 00000000 ____D C:\ProgramData\Adobe 2013-04-25 09:51 - 2013-04-11 23:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-04-19 16:54 - 2013-04-19 16:54 - 03867442 ____A C:\Users\jason.birzer\Desktop\Mycomputer.nfo 2013-04-19 16:52 - 2013-04-19 16:52 - 00036538 ____A C:\Users\jason.birzer\Desktop\DxDiag.txt 2013-04-18 14:10 - 2011-10-22 23:41 - 00000000 ____D C:\Program Files (x86)\Origin ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll [2011-04-02 16:51] - [2012-10-04 12:47] - 0869376 ____A (Microsoft Corporation) 47F6DD86DDCAD50F2DC1E3652728F01E C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit Last Boot: 2013-05-04 00:23 ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top