Jump to content

Search the Community

Showing results for tags 'FBI'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Downloaded and ran FRST and have Search.txt and FRST.txt. Can someone tell me how to remove this infection? Thanks for any help. FRST.txt Search.txt
  2. Sorry if this has been discussed already. I was online and then I all of the sudden got redirected to one of those FBI scamsites that lock up your browser and tell you to pay up and stuff. After ending the task through the task manager, I immediately updated my AV (Malwarebytes of course) and scanned it. The scan turned out to not find anything. However, seeing as I'm paranoid, I wanna know if I'm safe. Have I gotten a virus that my AV can't detect or not. Basically, I'm asking if I should reformat my computer or not. Thanks for your replies and happy new year!
  3. Hello, Could i please get some help in removing this malware?It would be greatly appreciated. ICE has locked my c drive. I still have access to slave and a remoteIn order to get online i have swtiched the slave to master but i know i need to switch back to repair.I have tried all 3 safe mode repair options to no avail. I cant slow the malware down enough to type even one wordI made a boot copy on a cd but nothing happens when i try to run but i am only inserting it because i cant open a control windowthat is where it is at ; (Possibly to make matters worse i reformatted my slave drive thinking it was backed up by my norton as i had requested.. but didnt check.I reformatted to install XP because this is the only computer i have running now. Well XP installed just perfect but i lost a lot work data in part because norton re installed virus protection. I ran one recovery software and saw bits & pieces of info. Im saying all this because if possible i hope to get some of the data back but getting malware off is #1 priority The computer is a Dell 2003 decktop running xp thank you for your time
  4. I'm at my wits end, I contracted the FBI Moneypak virus the other day and can't get rid of it. I have Symantec and ran a scan, no luck. Malwarebytes didn't pick up anything either. I can only run in safe mode. I have Windows 8. Please help. BTW can I safely backup my files to an external hard drive? JB
  5. Hello. Earlier this evening I opened a blog on Tumblr and it turned into a fake FBI warning thing saying I had to pay money via Moneypak because it was 'locking my internet' and I wouldn't be able to get on the internet anymore. It wouldn't let me use the browser X button to close so I used the Task Manager to shut off my Chrome browser. I ran a Malwarebytes full scan and it found nothing. I followed advice on the internet regarding getting into safe mode and doing a system restore, as well as checking various folders (like AppData) for suspicious files and even spent time looking for suspicious things in regedit from a list I found. Didn't see anything strange. Ran another scan while in safe mode and nothing. Cleared out everything (history, passwords, cache, the whole 9 yards) from Chrome, booted to normal mode. Ran Rkill and I'm mostly sure it didn't find anything either since it didn't say it did. Incidentally, I am using Chrome to type this and it isn't locked down. Is it safe to assume that I'm okay since nothing ever came up?
  6. I am running Windows 7. My computer won't start in safe mode; just restarts. I downloaded Farbar Recovery Scan Tool and have it on a flashdrive. Ran FRST64 and i have a FRST.txt log. From all the forums I have read, it seems I need someone to evaluate the data specific to my computer so I cannot go any farther on my own. To anyone with the know-how, PLEASE HELP! Here is mt FRST.txt log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2013 01 Ran by SYSTEM on MININT-HN35IAD on 27-10-2013 21:29:31 Running from E:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [set] - c:\programdata\SetWallpaper.cmd HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8084000 2009-08-25] (Realtek Semiconductor) HKLM\...\Run: [skytel] - C:\Program Files\Realtek\Audio\HDA\SkyTel.exe [1833504 2009-08-25] (Realtek Semiconductor Corp.) HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated) HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE [767312 2009-09-03] (CANON INC.) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [499608 2011-03-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ASUS Screen Saver Protector] - C:\Windows\AsScrPro.exe [3054136 2009-09-10] (ASUS) HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [104936 2008-07-18] (CyberLink) HKLM-x32\...\Run: [PowerForPhone] - C:\Program Files (x86)\P4P\P4P.exe [778240 2008-01-25] () HKLM-x32\...\Run: [updateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [updateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.) HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS) HKLM-x32\...\Run: [Turbo Gear Help] - C:\Program Files\ASUS\Turbo Gear\GearHelp.exe [1026048 2009-08-05] () HKLM-x32\...\Run: [Turbo Gear] - C:\Program Files\ASUS\Turbo Gear\TurboGear.exe [2987520 2009-08-05] () HKLM-x32\...\Run: [ADSMTray] - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe [272952 2009-06-24] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [DirectConsole2] - C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe [2861696 2009-08-11] (ASUSTek.) HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-03-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [141608 2010-07-16] (Apple Inc.) HKLM-x32\...\Run: [iJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-15] (CANON INC.) HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [bYR_AGENT] - C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe [396416 2012-09-12] (LG Electronics) HKLM-x32\...\Run: [AVG_TRAY] - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2404376 2013-10-02] () HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated) HKU\Mcx1\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [163328 2010-11-20] (Microsoft Corporation) HKU\Mcx1\...\Run: [spybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\Mcx1\...\Run: [sUPERAntiSpyware] - C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [2424192 2013-08-03] (SUPERAntiSpyware.com) HKU\Mcx1\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-06-02] (AVG Secure Search) HKU\Mcx1\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] - C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe [1266712 2013-06-07] (AVG Secure Search) HKU\Mcx1\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation) HKU\Mcx1\...\RunOnce: [DPAPIKeyMig] - C:\Windows\System32\dpapimig.exe [74752 2009-07-13] (Microsoft Corporation) HKU\Mcx1\...\RunOnce: [avg_spchecker] - "C:\Program Files (x86)\AVG\AVG9\Notification\SPChecker1.exe" /start HKU\Nate\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [163328 2010-11-20] (Microsoft Corporation) HKU\Nate\...\Run: [spybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\Nate\...\Run: [PeerBlock] - C:\Program Files\PeerBlock\peerblock.exe [2101848 2009-09-27] (PeerBlock, LLC) HKU\Nate\...\Run: [Akamai NetSession Interface] - C:\Users\Nate\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-04] (Akamai Technologies, Inc.) Startup: C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3rd7t7lc.lnk ShortcutTarget: 3rd7t7lc.lnk -> C:\PROGRA~3\cl7t7dr3.dss () BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart ==================== Services (Whitelisted) ================= S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-02] (Akamai Technologies, Inc.) S2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-07] () S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.) S2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) S2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] () S2 vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-02] (AVG Secure Search) S2 WBVGAservice; C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [72248 2009-02-06] () S2 Winmgmt; C:\PROGRA~3\3rd7t7lc.pss [61544 2013-10-22] (Microsoft Corporation) S4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon90 [x] ==================== Drivers (Whitelisted) ==================== S2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] () S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. ) S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. ) S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. ) S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.) S1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.) S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.) S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-10] (AVG Technologies CZ, s.r.o.) S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-02] (AVG Technologies) S3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [12672 2007-08-02] (Razer (Asia-Pacific) Pte Ltd) S1 EIO64; C:\Windows\System32\DRIVERS\EIO64.sys [16384 2009-07-22] (ASUSTeK Computer Inc.) S2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-02] () S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [19544 2009-09-27] () S1 SASDIFSV; C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-04-01] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 SASENUM; C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [12872 2010-04-01] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 SASKUTIL; C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys [67656 2010-06-29] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] () S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2011-02-13] (LG Electronics Inc.) S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2011-02-13] (LG Electronics Inc.) S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2011-02-13] (LG Electronics Inc.) S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [x] S1 EIO_XP; \??\C:\Windows\system32\drivers\EIO64_XP.sys [x] S3 ipswuio; System32\DRIVERS\ipswuio.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-27 21:20 - 2013-10-27 21:20 - 00000000 ____D C:\FRST 2013-10-22 19:13 - 2013-10-23 21:31 - 95025368 ____T C:\ProgramData\3rd7t7lc.bxx 2013-10-22 19:13 - 2013-10-23 21:30 - 00000000 _____ C:\ProgramData\3rd7t7lc.fvv 2013-10-22 19:13 - 2013-10-22 19:13 - 00128512 _____ C:\ProgramData\cl7t7dr3.dss 2013-10-22 19:13 - 2013-10-22 19:13 - 00061544 ____T (Microsoft Corporation) C:\ProgramData\3rd7t7lc.pss 2013-10-12 12:10 - 2013-09-22 15:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-10-12 12:10 - 2013-09-22 15:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-10-12 12:10 - 2013-09-22 15:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-10-12 12:10 - 2013-09-22 15:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-10-12 12:10 - 2013-09-22 15:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-10-12 12:10 - 2013-09-22 15:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-10-12 12:10 - 2013-09-22 15:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-10-12 12:10 - 2013-09-22 15:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-10-12 12:10 - 2013-09-22 15:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-10-12 12:10 - 2013-09-22 15:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-10-12 12:10 - 2013-09-22 15:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-10-12 12:10 - 2013-09-22 15:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-10-12 12:10 - 2013-09-22 15:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-10-12 12:10 - 2013-09-22 14:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-10-12 12:10 - 2013-09-22 14:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-10-12 12:10 - 2013-09-22 14:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-10-12 12:10 - 2013-09-22 14:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-10-12 12:10 - 2013-09-22 14:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-10-12 12:10 - 2013-09-22 14:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-10-12 12:10 - 2013-09-22 14:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-10-12 12:10 - 2013-09-22 14:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-10-12 12:10 - 2013-09-22 14:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-10-12 12:10 - 2013-09-22 14:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-10-12 12:10 - 2013-09-22 14:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-10-12 12:10 - 2013-09-22 14:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-10-12 12:10 - 2013-09-22 14:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-10-12 12:10 - 2013-09-22 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-10-12 12:10 - 2013-09-20 19:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-10-12 12:10 - 2013-09-20 19:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-10-12 12:10 - 2013-09-20 18:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-10-12 12:10 - 2013-09-20 18:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-10-11 14:47 - 2013-10-11 14:47 - 00000000 ____D C:\7747f7abe698b5e08ec29a8332396ca8 2013-10-10 14:54 - 2013-09-13 17:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys 2013-10-10 14:54 - 2013-09-07 18:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-10-10 14:54 - 2013-09-07 18:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll 2013-10-10 14:54 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2013-10-10 14:54 - 2013-08-28 18:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-10-10 14:54 - 2013-08-28 18:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll 2013-10-10 14:54 - 2013-08-28 18:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll 2013-10-10 14:54 - 2013-08-28 18:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll 2013-10-10 14:54 - 2013-08-28 18:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll 2013-10-10 14:54 - 2013-08-28 17:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-10-10 14:54 - 2013-08-28 17:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-10-10 14:54 - 2013-08-28 17:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-10-10 14:54 - 2013-08-28 17:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2013-10-10 14:54 - 2013-08-28 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-10-10 14:54 - 2013-08-28 17:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2013-10-10 14:54 - 2013-08-28 16:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-10-10 14:54 - 2013-08-28 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-10-10 14:54 - 2013-08-28 16:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-10-10 14:54 - 2013-08-28 16:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-10-10 14:54 - 2013-08-27 17:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-10-10 14:54 - 2013-07-20 02:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll 2013-10-10 14:54 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-10-10 14:54 - 2013-07-12 02:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys 2013-10-10 14:54 - 2013-07-12 02:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys 2013-10-10 14:54 - 2013-07-12 02:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBAUDIO.sys 2013-10-10 14:54 - 2013-07-04 04:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll 2013-10-10 14:54 - 2013-07-04 04:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll 2013-10-10 14:54 - 2013-07-04 04:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll 2013-10-10 14:54 - 2013-07-04 03:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2013-10-10 14:54 - 2013-07-04 03:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2013-10-10 14:54 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2013-10-10 14:54 - 2013-07-04 02:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys 2013-10-10 14:54 - 2013-07-02 20:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys 2013-10-10 14:54 - 2013-07-02 20:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys 2013-10-10 14:54 - 2013-06-25 14:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys 2013-10-10 14:54 - 2013-06-05 21:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll 2013-10-10 14:54 - 2013-06-05 21:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll 2013-10-10 14:54 - 2013-06-05 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll 2013-10-10 14:54 - 2013-06-05 21:47 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll 2013-10-10 14:54 - 2013-06-05 20:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2013-10-10 14:54 - 2013-06-05 20:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2013-10-10 14:54 - 2013-06-05 20:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2013-10-10 14:54 - 2013-06-05 19:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2013-10-10 14:54 - 2013-06-05 19:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2013-10-10 14:54 - 2013-06-05 19:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2013-10-10 14:53 - 2013-08-27 17:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll 2013-10-10 14:53 - 2013-08-01 04:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys ==================== One Month Modified Files and Folders ======= 2013-10-27 21:20 - 2013-10-27 21:20 - 00000000 ____D C:\FRST 2013-10-27 17:16 - 2011-04-14 19:42 - 01791194 _____ C:\Windows\setupact.log 2013-10-27 17:16 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-24 19:13 - 2010-02-11 20:11 - 02082048 _____ C:\Windows\WindowsUpdate.log 2013-10-24 19:13 - 2010-02-11 19:00 - 00011104 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-24 19:13 - 2010-02-11 19:00 - 00011104 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-24 19:12 - 2012-08-21 20:53 - 00000000 ____D C:\Windows\System32\Drivers\AVG 2013-10-23 21:31 - 2013-10-22 19:13 - 95025368 ____T C:\ProgramData\3rd7t7lc.bxx 2013-10-23 21:31 - 2010-03-15 23:22 - 00000000 ____D C:\Program Files\PeerBlock 2013-10-23 21:30 - 2013-10-22 19:13 - 00000000 _____ C:\ProgramData\3rd7t7lc.fvv 2013-10-23 21:30 - 2010-11-05 06:43 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-23 21:29 - 2013-06-07 17:02 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job 2013-10-23 21:29 - 2013-06-02 12:06 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2013-10-22 19:13 - 2013-10-22 19:13 - 00128512 _____ C:\ProgramData\cl7t7dr3.dss 2013-10-22 19:13 - 2013-10-22 19:13 - 00061544 ____T (Microsoft Corporation) C:\ProgramData\3rd7t7lc.pss 2013-10-22 18:47 - 2010-11-05 06:43 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-22 18:33 - 2012-07-10 16:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-22 15:06 - 2010-02-11 20:21 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{729F353F-406B-4D5D-B26D-C4D40B962884} 2013-10-14 13:42 - 2010-11-05 06:43 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-10-14 13:41 - 2010-11-05 06:43 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-10-13 10:44 - 2010-03-23 16:50 - 00000000 ____D C:\Users\Nate\AppData\Roaming\vlc 2013-10-12 22:51 - 2009-10-02 02:03 - 00000000 ____D C:\Users\Nate\AppData\Roaming\uTorrent 2013-10-12 22:50 - 2009-07-13 21:13 - 00850430 _____ C:\Windows\System32\PerfStringBackup.INI 2013-10-12 22:44 - 2013-03-14 07:14 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-12 22:44 - 2013-03-14 07:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-10-12 22:44 - 2009-07-13 20:45 - 00503640 _____ C:\Windows\System32\FNTCACHE.DAT 2013-10-12 14:31 - 2008-09-19 03:18 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-10-12 12:05 - 2010-06-01 14:18 - 00844646 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-10-12 11:49 - 2013-07-25 23:01 - 00000000 ____D C:\Windows\System32\MRT 2013-10-12 11:42 - 2010-04-11 09:30 - 80541720 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-10-11 15:33 - 2010-12-26 14:22 - 00000000 ____D C:\Windows\rescache 2013-10-11 15:33 - 2010-02-11 19:17 - 00000000 ____D C:\users\Mcx1 2013-10-11 14:47 - 2013-10-11 14:47 - 00000000 ____D C:\7747f7abe698b5e08ec29a8332396ca8 2013-10-10 14:39 - 2012-07-10 16:43 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-10-10 14:39 - 2012-07-10 16:43 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-10-10 14:39 - 2011-09-18 13:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-10-02 02:10 - 2012-08-21 20:54 - 00046368 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys 2013-10-02 02:10 - 2012-08-21 20:54 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search Files to move or delete: ==================== C:\ProgramData\cl7t7dr3.dss Some content of TEMP: ==================== C:\Users\Nate\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Nate\AppData\Local\Temp\~tmf2863949050340457556.dll ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 12% Total physical RAM: 6143.04 MB Available physical RAM: 5404.48 MB Total Pagefile: 6141.18 MB Available Pagefile: 5407.05 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (VistaOS) (Fixed) (Total:453.07 GB) (Free:8.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: () (Removable) (Total:1.88 GB) (Free:0.59 GB) FAT Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 97646C29) Partition 1: (Not Active) - (Size=13 GB) - (Type=1C) Partition 2: (Active) - (Size=453 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 2 GB) (Disk ID: 6F20736B) No partition Table on disk 1. Disk 1 is a removable device. LastRegBack: 2013-10-21 13:38 ==================== End Of Log ============================
  7. Got the CyberFBI virus monkey-pack or whatever. Tried to reboot in Safe Mode with Networking. When I log into the Admin Account, which is where I was when it happened, I get a black screen. I can log into Standard Account from Safe Mode, with no black screen. I managed to get Task Mgr. up and noticed under Services Tab that Status of most apps is Stopped.
  8. Hi, so i've recently caught the Moneypak virus...Again. last time this happend i was able to look up how to remove it my self, but this time the virus is a lot stronger. I can't go into my safemode in order to use any fixes. i read a post from back in May and it was said to download "Farbar" so you guys can take a look and advise further so i've taken the libertry of doing so. FRST.txt Please help me out it would be most appreciated.
  9. Hello, I'm running Windows 64 bit and have recently gotten what looks to be a bad version of the ICE Ransomware virus. I am unable to login to my account normally due to the ransom screen popping up immediately and going to the BSOD after several moments. None of the safe-mode options work. Even safe-mode with command prompt which is what I usually do in this kind of situation. I've always been able to use the rstrui.exe to solve this type of issue but not this time. When I enter my password and try to login in safe-mode it says "shutting down" and then "restarting" which it proceeds to do. When I put in my Windows installation disc and boot from it I know it's supposed to go to a screen where you can either repair, format and reinstall or restore previous state. When I boot from CD/DVD it just goes to a BIOS screen where it says at the top "Windows failed to load" or something like that. It then lists the same options that I have already tried. -Safe-mode -Safe-mode with networking -Safe mode with command prompt I've also tried Hitman.Pro Kickstart and got the message MBR Failed to load. The only thing that worked with Kickstart was the boot normally option which ended up getting the ransomware screen again. The only thing I haven't tried yet is Kaspersky 10 Repair disc which I will try tonight, but I'm not holding my breath. Every forum I've seen on this issue seems to say if safe-mode doesnt work use your installation disc, repair disc or Kickstart. Otherwise if you don't have a disc or it's not working to use safe-mode with command promt. But nowhere could I find a forum about what to do if neither of these things are working. If anyone could help me with this I would be extremely grateful. I am fully prepared to format and reinstall but i'm not even able to do THAT at his point. I haven't tried putting the drive in a different computer and trying to format but I don't see how that would really make a difference. Can a virus spread beyond the hard drive? I may just buy a new hard drive but i'm still holding out some hope that this can be fixed somehow. Iv'e never had a virus this bad before to where none of the common methods are not wotking. Thank you for you help!
  10. Hello, my laptop has contracted the FBI moneypak malware. I have encountered different renditions of this malware several times before and seemed to successfully remove it via step by step instructions according to a youtube video. The issue now is that I cannot log into safe mode or safe mode with command prompt to remove the malware. Every time that I try to sign in, a few seconds into the loading for the login I am logged off and the computer is automatically restarted. I have no option but a regular login where the ransomware appears and advertises its demands. What can I do to remove this kind of moneypak? It has probably been around two weeks since I've been able to use my laptop.
  11. Hi please help me - i Have read previous posts on this and have the following scan info from running FRST64 with command prompt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-09-2013 Ran by SYSTEM on MININT-2IAHU3H on 04-09-2013 21:39:52 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet002 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated) HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.) HKLM\...\Run: [synAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated) HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-15] (Realtek Semiconductor) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation) HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-17] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme) HKLM-x32\...\Run: [sonicMasterTray] - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus) HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS) HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUS) HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [CitrixReceiver] - "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" [x] HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.) ==================== Services (Whitelisted) ================= S2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-16] (ASUS) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation) S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation) S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-03 22:12 - 2013-09-03 22:12 - 00000272 ____H C:\Windows\Tasks\{0C02A81B-844F-42D8-9736-EFB6079D3B48}.job 2013-08-19 19:32 - 2013-08-19 19:32 - 00000000 ____D C:\Windows\System32\MRT ==================== One Month Modified Files and Folders ======= 2013-09-04 21:38 - 2013-09-04 21:38 - 00000000 ____D C:\FRST 2013-09-03 22:51 - 2012-06-13 16:19 - 00001984 _____ C:\Windows\System32\AutoRunFilter.ini 2013-09-03 22:50 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-03 22:50 - 2009-07-13 20:51 - 00048883 _____ C:\Windows\setupact.log 2013-09-03 22:12 - 2013-09-03 22:12 - 00000272 ____H C:\Windows\Tasks\{0C02A81B-844F-42D8-9736-EFB6079D3B48}.job 2013-09-03 22:09 - 2012-02-17 23:37 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-03 22:05 - 2012-11-15 10:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-03 22:03 - 2012-06-13 16:10 - 01922983 _____ C:\Windows\WindowsUpdate.log 2013-08-30 05:40 - 2013-04-25 09:04 - 00048384 _____ C:\Windows\IE9_main.log 2013-08-21 20:05 - 2012-11-15 10:17 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-21 20:05 - 2012-11-15 10:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-19 19:36 - 2009-07-13 21:13 - 00793204 _____ C:\Windows\System32\PerfStringBackup.INI 2013-08-19 19:34 - 2013-08-19 19:32 - 00000000 ____D C:\Windows\System32\MRT 2013-08-19 19:32 - 2012-11-15 09:01 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-08-14 17:03 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-14 17:03 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-05 17:49 - 2013-06-01 18:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-05 16:55 - 2012-11-06 20:00 - 00000000 ___HD C:\ASUS.DAT 2013-08-05 16:54 - 2013-04-03 06:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-08-05 16:54 - 2013-04-03 06:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-08-05 16:54 - 2012-02-17 23:15 - 00051132 _____ C:\Windows\PFRO.log Files to move or delete: ==================== C:\Windows\Tasks\{0C02A81B-844F-42D8-9736-EFB6079D3B48}.job ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-08-10 17:21:36 Restore point made on: 2013-08-14 16:59:13 Restore point made on: 2013-08-19 19:29:43 Restore point made on: 2013-08-21 19:55:53 Restore point made on: 2013-08-26 06:52:14 Restore point made on: 2013-08-28 18:35:59 Restore point made on: 2013-08-30 05:38:18 Restore point made on: 2013-09-02 12:28:04 ==================== Memory info =========================== Percentage of memory in use: 11% Total physical RAM: 6048.13 MB Available physical RAM: 5347.14 MB Total Pagefile: 6046.27 MB Available Pagefile: 5348.2 MB Total Virtual: 8192 MB Available Virtual: 8191.87 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:70.41 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (DATA) (Fixed) (Total:153.85 GB) (Free:153.76 GB) NTFS Drive f: (CORSAIR) (Removable) (Total:15.05 GB) (Free:14.73 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E3102A4B) Partition 1: (Not Active) - (Size=25 GB) - (Type=1C) Partition 2: (Active) - (Size=119 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=154 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 15 GB) (Disk ID: 04DD5721) Partition 1: (Active) - (Size=15 GB) - (Type=0C) LastRegBack: 2013-08-28 20:11 ==================== End Of Log ============================ I dont know what to do from here please help Thank you
  12. Hello I have some how contracted an fbi virus. And can not seem to get rid of it. I tried hitman no luck. I am at a loss. Any help would be appreciated.
  13. Wife's computer infected with FBI ransomware. Toshiba Laptop, Windows 7, 32 bit. It may be a coincidence, but immediately after the Ransomware Screen showed, I rebooted in safe mode, tried to run MalwareBytes, but only got as far as windows log in screen, when I attempted to log in with the password it was not accepted as being correct. Several attempts led to same results. Have tried several work-arounds to get past the inability to log in to no avail. I have downloaded the FRST.exe to a mem. stick, but can't get past the log in problem. Any attempts to bypass with F8 key to (Repair your computer, Safe Mode(s) etc. all take me to log in screen with the same results with password being "incorrect". Have tried to boot from Windows 7 disk, Kapersky rescue disk,and Trinity Rescue Kit IO disks to no avail, same blockage at the login screen.(I did not use any of this software to attempt a scan). I used Kapersky only to see if I could get by the login problem. I am stuck....any ideas?
  14. Why does Malwarebytes not block the FBI Moneypak virus? It removes it for the most part, I think, but I continue to have this pop up on my system even when MB is running and has been updated.
  15. Can someone please look at my log file below and give me any help safemode does not work. Thanks All Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-07-2013 04 Ran by SYSTEM on 27-07-2013 22:41:16 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor) HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation) HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X] HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] () HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.) HKLM-x32\...\Run: [brStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2011-05-19] (Brother Industries, Ltd.) HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [454600 2013-02-28] (McAfee, Inc.) HKU\Default\...\Run: [sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation) HKU\Default User\...\Run: [sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation) HKU\Public\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation) HKU\T\...\Run: [sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe [1475584 2010-11-20] (Microsoft Corporation) HKU\T\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\T\AppData\Local\Temp\uslqhyvpxomfggwmb.exe [67584 2013-07-26] () <===== ATTENTION HKU\T\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation) HKU\T\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION HKU\T\...\Command Processor: "C:\Users\T\AppData\Local\Temp\uslqhyvpxomfggwmb.exe" <===== ATTENTION! Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk ShortcutTarget: HP SimpleSave Monitor.lnk -> (No File) ==================== Services (Whitelisted) ================= S2 BackupService; C:\Users\T\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.) S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [120592 2013-05-22] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [388680 2013-06-15] (McAfee, Inc.) S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.) S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-02-28] (McAfee, Inc.) S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-04-03] (McAfee, Inc.) S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-04-03] (McAfee, Inc.) S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.) ==================== Drivers (Whitelisted) ==================== S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-04-03] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [179664 2013-04-03] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309968 2013-04-03] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [516608 2013-04-03] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [772944 2013-04-03] (McAfee, Inc.) S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [337120 2013-02-18] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95856 2013-02-18] (McAfee, Inc.) S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [342416 2013-04-03] (McAfee, Inc.) S2 monblanking; C:\Windows\System32\DRIVERS\monblanking.sys [34048 2013-03-13] (Citrix Systems, Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-27 22:41 - 2013-07-27 22:41 - 00000000 ____D C:\FRST 2013-07-27 20:25 - 2013-07-27 20:25 - 65273856 _____ C:\Windows\System32\config\SOFTWARE.bhv 2013-07-27 20:25 - 2013-07-27 20:25 - 20447232 _____ C:\Windows\System32\config\SYSTEM.bhv 2013-07-27 20:25 - 2013-07-27 20:25 - 01310720 _____ C:\Windows\System32\config\DEFAULT.bhv 2013-07-27 20:25 - 2013-07-27 20:25 - 00262144 _____ C:\Windows\System32\config\SECURITY.bhv 2013-07-27 20:25 - 2013-07-27 20:25 - 00262144 _____ C:\Windows\System32\config\SAM.bhv 2013-07-27 19:48 - 2013-07-27 19:48 - 00000000 ____D C:\$Anvi Rescue Disk$ 2013-07-26 15:19 - 2013-07-26 15:19 - 00003160 ____N C:\bootsqm.dat 2013-07-26 15:14 - 2013-07-26 15:14 - 01097678 _____ C:\Users\T\AppData\Local\2433f433 2013-07-26 15:14 - 2013-07-26 15:14 - 01097604 _____ C:\Users\T\AppData\Roaming\2433f433 2013-07-26 15:14 - 2013-07-26 15:14 - 01097600 _____ C:\ProgramData\2433f433 2013-07-25 18:29 - 2013-07-25 18:29 - 00000000 ____D C:\Users\T\AppData\Local\{82A1BC79-9150-43F2-ACE8-A9330646AAE4} 2013-07-25 15:52 - 2013-07-26 14:44 - 00001806 _____ C:\Users\Public\Desktop\McAfee Security Center.lnk 2013-07-25 15:52 - 2013-07-26 14:44 - 00001806 _____ C:\ProgramData\Desktop\McAfee Security Center.lnk 2013-07-25 15:52 - 2012-05-28 10:28 - 00197264 _____ (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys 2013-07-25 15:51 - 2013-07-27 20:35 - 00000000 ____D C:\Program Files\McAfee 2013-07-25 15:51 - 2013-07-25 15:51 - 00000000 ____D C:\Program Files\McAfee.com 2013-07-25 15:51 - 2013-07-25 15:51 - 00000000 ____D C:\Program Files (x86)\McAfee.com 2013-07-25 15:51 - 2013-04-03 13:34 - 00182752 _____ (McAfee, Inc.) C:\Windows\System32\mfevtps.exe 2013-07-25 15:42 - 2013-07-25 15:42 - 05102984 _____ (McAfee, Inc.) C:\Users\T\Downloads\McAfeeSetup(1).exe 2013-07-24 22:21 - 2013-07-24 22:21 - 00000000 ____D C:\Users\T\AppData\Roaming\McAfee 2013-07-24 22:19 - 2013-07-24 22:19 - 00578640 _____ (McAfee, Inc.) C:\Users\T\Downloads\MVTInstaller.exe 2013-07-24 22:19 - 2013-07-24 22:19 - 00578640 _____ (McAfee, Inc.) C:\Users\T\Downloads\MVTInstaller(2).exe 2013-07-24 22:19 - 2013-07-24 22:19 - 00578640 _____ (McAfee, Inc.) C:\Users\T\Downloads\MVTInstaller(1).exe 2013-07-23 16:53 - 2013-07-23 16:53 - 00000000 ____D C:\Users\T\AppData\Local\{A2FB41DF-4E37-4A20-829B-458A3156E1F0} 2013-07-22 16:30 - 2013-07-23 16:58 - 01049135 _____ C:\Users\T\Documents\13VSC3700.ENV 2013-07-22 09:50 - 2013-07-22 09:50 - 00000000 ____D C:\Users\T\AppData\Local\{9F284BB8-94B5-4154-A440-5AB2CA928516} 2013-07-19 11:55 - 2013-07-19 11:55 - 00000000 ____D C:\Users\T\AppData\Local\{29F8CD13-9144-454D-BF7C-6CDE1B8D723D} 2013-07-18 20:05 - 2013-07-18 20:05 - 00000000 ____D C:\Users\T\AppData\Local\{72C605C0-53C1-47D3-9BB3-B9F4CBE6AB22} 2013-07-16 17:00 - 2013-07-16 17:00 - 00000000 ____D C:\Users\T\AppData\Local\{60953837-00C4-45A0-84D7-24DFD537D5CD} 2013-07-16 16:33 - 2013-07-16 16:37 - 00850362 _____ C:\Users\T\Documents\13VSC0497.ENV 2013-07-15 16:33 - 2013-07-15 16:34 - 00000000 ____D C:\Users\T\AppData\Local\{B7863A29-D7F9-457E-AFFB-F9A4B574A85E} 2013-07-13 11:26 - 2013-07-13 11:26 - 00000000 ____D C:\Users\T\AppData\Local\{1C37073A-8BA0-480B-8D01-CA96180C6E13} 2013-07-13 11:03 - 2013-07-13 11:03 - 00000000 ____D C:\Users\T\AppData\Local\{38FAA561-BA50-4DCF-9567-9192C16EB362} 2013-07-13 10:35 - 2013-07-13 10:35 - 00000000 ____D C:\Users\T\AppData\Local\{8034F250-B4C6-4074-9B59-20F403FC9AB4} 2013-07-11 12:33 - 2013-07-11 12:34 - 00000000 ____D C:\Users\T\AppData\Local\{34E96E0F-99A9-43C8-961E-E055CA857796} 2013-07-11 10:55 - 2013-07-11 10:55 - 00000000 ____D C:\Users\T\AppData\Local\{03E68801-310C-4CF1-9E6C-830669FB784A} 2013-07-10 22:55 - 2013-07-10 22:55 - 00000000 ____D C:\Users\T\AppData\Local\{6A831AA8-8C9E-401A-BDC4-3E86A76BE2D7} 2013-07-10 10:55 - 2013-07-10 10:55 - 00000000 ____D C:\Users\T\AppData\Local\{C3A18543-B8E9-4221-9E69-01C5CE29BA0A} 2013-07-09 22:09 - 2013-06-11 18:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-09 22:09 - 2013-06-11 18:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-09 22:09 - 2013-06-11 18:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-09 22:09 - 2013-06-11 18:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-09 22:09 - 2013-06-11 18:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-09 22:09 - 2013-06-11 18:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-09 22:09 - 2013-06-11 18:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-09 22:09 - 2013-06-11 18:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-09 22:09 - 2013-06-11 18:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-09 22:09 - 2013-06-11 18:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-09 22:09 - 2013-06-11 18:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-07-09 22:09 - 2013-06-11 18:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-07-09 22:09 - 2013-06-11 18:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-07-09 22:09 - 2013-06-11 18:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-07-09 22:09 - 2013-06-11 18:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-07-09 22:09 - 2013-06-11 18:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-07-09 22:09 - 2013-06-11 18:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-07-09 22:09 - 2013-06-11 18:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-07-09 22:09 - 2013-06-11 18:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-07-09 22:09 - 2013-06-11 18:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-07-09 22:09 - 2013-06-11 18:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-07-09 22:09 - 2013-06-11 18:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-07-09 22:09 - 2013-06-11 18:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-07-09 22:09 - 2013-06-11 18:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-07-09 22:09 - 2013-06-11 18:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-07-09 22:09 - 2013-06-11 18:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-07-09 22:09 - 2013-06-11 18:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-07-09 22:09 - 2013-06-11 17:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-09 22:09 - 2013-06-11 17:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-07-09 22:09 - 2013-06-06 22:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-07-09 22:09 - 2013-06-06 21:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-09 19:24 - 2013-07-09 19:24 - 00000000 ____D C:\Users\T\AppData\Local\{EF31F38A-CAC3-4920-85A0-572B5BFECAC1} 2013-07-09 18:28 - 2013-06-04 01:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll 2013-07-09 18:28 - 2013-06-03 23:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2013-07-09 18:28 - 2013-05-06 01:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL 2013-07-09 18:28 - 2013-05-05 23:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-09 18:27 - 2013-06-04 22:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-07-09 18:25 - 2013-04-09 18:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-07-09 18:25 - 2013-04-02 17:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2013-07-05 11:07 - 2013-07-05 11:07 - 00000000 ____D C:\Users\T\AppData\Local\{415DA1C2-B3F3-4758-ADAC-6714912259D0} 2013-07-03 07:57 - 2013-07-03 07:57 - 00000000 ____D C:\Users\T\AppData\Local\{7F022855-EADC-4FAC-A323-042A3614ECBC} 2013-07-02 16:40 - 2013-07-02 16:40 - 01144089 _____ C:\Users\T\Downloads\1695500979 2013-07-02 16:36 - 2013-07-02 16:36 - 00000000 ____D C:\Users\T\AppData\Local\{35F95DDF-D814-415C-A718-5CEA291302CB} 2013-07-01 12:34 - 2013-07-01 12:34 - 00000000 ____D C:\Users\T\AppData\Local\{CE44540F-D8F3-4565-BB20-6CC51F6D109C} 2013-06-30 15:59 - 2013-06-30 15:59 - 00000000 ____D C:\Users\T\AppData\Local\{44B2BB29-5700-4331-A73C-E9EA58A0B7E5} 2013-06-28 15:39 - 2013-06-28 17:39 - 00000000 ____D C:\Users\T\AppData\Local\ACI PDF Printer 2013-06-28 08:03 - 2013-06-28 08:03 - 00000000 ____D C:\Users\T\AppData\Local\{B502142D-ED78-4BEF-8E11-707EF480AFB5} 2013-06-27 14:47 - 2013-06-27 14:47 - 00000000 ____D C:\Users\T\AppData\Local\{FB4E8CE3-75FB-4DF1-A72F-AD01388A4AA8} ==================== One Month Modified Files and Folders ======= 2013-07-27 22:41 - 2013-07-27 22:41 - 00000000 ____D C:\FRST 2013-07-27 20:35 - 2013-07-25 15:51 - 00000000 ____D C:\Program Files\McAfee 2013-07-27 20:35 - 2013-06-07 16:53 - 00000000 ____D C:\ProgramData\HPSS 2013-07-27 20:35 - 2013-05-28 17:02 - 00000000 ____D C:\Program Files\DIFX 2013-07-27 20:35 - 2013-05-14 01:26 - 00000000 ____D C:\Program Files (x86)\BDE 2013-07-27 20:35 - 2013-05-14 01:26 - 00000000 ____D C:\Program Files (x86)\ACI 2013-07-27 20:35 - 2013-05-13 09:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-07-27 20:35 - 2013-05-12 09:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-27 20:35 - 2013-05-12 09:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-07-27 20:35 - 2013-05-12 09:27 - 00000000 ____D C:\Program Files\Common Files\McAfee 2013-07-27 20:35 - 2013-05-12 02:28 - 00000000 ____D C:\Brother 2013-07-27 20:35 - 2013-05-12 02:27 - 00000000 ____D C:\Program Files (x86)\Browny02 2013-07-27 20:35 - 2013-05-12 02:15 - 00000000 ____D C:\ProgramData\Brother 2013-07-27 20:35 - 2013-05-12 01:54 - 00000000 ____D C:\ProgramData\ACI 2013-07-27 20:35 - 2013-05-12 01:45 - 00000000 ____D C:\ApexWin 2013-07-27 20:35 - 2013-05-12 01:16 - 00000000 ____D C:\Program Files\BDE 2013-07-27 20:35 - 2013-05-12 01:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-07-27 20:35 - 2013-05-12 01:15 - 00000000 ____D C:\Program Files (x86)\ControlCenter4 2013-07-27 20:35 - 2013-05-12 01:14 - 00000000 ____D C:\Program Files (x86)\Brother 2013-07-27 20:35 - 2013-05-12 01:14 - 00000000 ____D C:\Program Files (x86)\ACI32 2013-07-27 20:35 - 2013-05-12 01:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2013-07-27 20:35 - 2013-05-11 23:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-27 20:35 - 2011-03-02 00:07 - 00000000 ____D C:\Program Files\Realtek 2013-07-27 20:35 - 2011-03-01 23:53 - 00000000 ____D C:\Program Files\Dell Games Folder 2013-07-27 20:35 - 2011-03-01 22:31 - 00000000 ____D C:\Program Files (x86)\TrustedID 2013-07-27 20:35 - 2011-03-01 22:31 - 00000000 ____D C:\Program Files (x86)\Jagex 2013-07-27 20:35 - 2011-03-01 22:30 - 00000000 ____D C:\Program Files\Roxio 2013-07-27 20:35 - 2011-03-01 22:26 - 00000000 ____D C:\ProgramData\McAfee 2013-07-27 20:35 - 2011-03-01 22:26 - 00000000 ____D C:\Program Files (x86)\McAfee 2013-07-27 20:35 - 2011-03-01 22:26 - 00000000 ____D C:\Program Files (x86)\Dell 2013-07-27 20:35 - 2011-03-01 22:24 - 00000000 ____D C:\Program Files\Windows Live 2013-07-27 20:35 - 2011-03-01 22:24 - 00000000 ____D C:\Program Files (x86)\Windows Live 2013-07-27 20:35 - 2011-03-01 22:21 - 00000000 ____D C:\Program Files (x86)\eBay 2013-07-27 20:35 - 2011-03-01 22:20 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-07-27 20:35 - 2011-03-01 22:19 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2013-07-27 20:35 - 2011-03-01 22:15 - 00000000 ____D C:\Program Files (x86)\Citrix 2013-07-27 20:35 - 2011-03-01 22:10 - 00000000 ____D C:\Program Files\Dell Inc 2013-07-27 20:35 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-27 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar 2013-07-27 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Portable Devices 2013-07-27 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2013-07-27 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-27 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Reference Assemblies 2013-07-27 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\MSBuild 2013-07-27 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Microsoft Games 2013-07-27 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker 2013-07-27 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar 2013-07-27 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices 2013-07-27 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2013-07-27 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-07-27 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\MSBuild 2013-07-27 20:35 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Windows NT 2013-07-27 20:35 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System 2013-07-27 20:35 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Services 2013-07-27 20:35 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-07-27 20:35 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files (x86)\Windows NT 2013-07-27 20:34 - 2013-05-14 01:26 - 00000000 ____D C:\Users\Public\ACI 2013-07-27 20:34 - 2013-05-14 01:23 - 00000000 ____D C:\Users\T\AppData\Local\Cached Installations 2013-07-27 20:34 - 2013-05-13 10:01 - 00000000 ____D C:\Windows\System32\Macromed 2013-07-27 20:34 - 2013-05-13 03:03 - 00000000 ____D C:\Windows\System32\SPReview 2013-07-27 20:34 - 2013-05-13 03:02 - 00000000 ____D C:\Windows\System32\EventProviders 2013-07-27 20:34 - 2013-05-12 03:04 - 00000000 ____D C:\Users\T\AppData\Roaming\ControlCenter4 2013-07-27 20:34 - 2013-05-12 01:48 - 00000000 ____D C:\Windows\Crystal 2013-07-27 20:34 - 2013-05-12 01:29 - 00000000 ____D C:\Windows\SysWOW64\oem 2013-07-27 20:34 - 2013-05-12 01:25 - 00000000 ____D C:\Users\T\AppData\Roaming\HP SimpleSave Application 2013-07-27 20:34 - 2013-05-12 01:05 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2013-07-27 20:34 - 2013-05-11 23:41 - 00000000 ____D C:\Users\T\AppData\Local\Stardock_Corporation 2013-07-27 20:34 - 2013-05-11 23:37 - 00000000 ___RD C:\Users\T\Desktop\Play Games 2013-07-27 20:34 - 2013-05-11 12:40 - 00000000 ____D C:\Windows\SMINST 2013-07-27 20:34 - 2011-03-02 00:07 - 00000000 ____D C:\Windows\SysWOW64\x64 2013-07-27 20:34 - 2011-03-02 00:07 - 00000000 ____D C:\Windows\SysWOW64\RTCOM 2013-07-27 20:34 - 2011-03-02 00:07 - 00000000 ____D C:\Windows\SysWOW64\Lang 2013-07-27 20:34 - 2011-03-01 23:53 - 00000000 ___RD C:\Users\Default\Desktop\Play Games 2013-07-27 20:34 - 2011-03-01 23:53 - 00000000 ___RD C:\Users\Default User\Desktop\Play Games 2013-07-27 20:34 - 2011-03-01 22:32 - 00000000 __HDC C:\ProgramData\{04A07C23-5821-4F25-BF46-1188636AE238} 2013-07-27 20:34 - 2011-03-01 22:25 - 00000000 ____D C:\Windows\en 2013-07-27 20:34 - 2011-03-01 22:20 - 00000000 ____D C:\ProgramData\Skype 2013-07-27 20:34 - 2011-03-01 22:16 - 00000000 ____D C:\ProgramData\WildTangent 2013-07-27 20:34 - 2011-03-01 22:10 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2013-07-27 20:34 - 2009-07-14 02:44 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-07-27 20:34 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\SysWOW64\winrm 2013-07-27 20:34 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\SysWOW64\WCN 2013-07-27 20:34 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\SysWOW64\slmgr 2013-07-27 20:34 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts 2013-07-27 20:34 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\System32\winrm 2013-07-27 20:34 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\System32\WCN 2013-07-27 20:34 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\System32\slmgr 2013-07-27 20:34 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\System32\Printing_Admin_Scripts 2013-07-27 20:34 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\SysWOW64\WindowsPowerShell 2013-07-27 20:34 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\WindowsPowerShell 2013-07-27 20:34 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\WinBioPlugIns 2013-07-27 20:34 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\restore 2013-07-27 20:34 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Performance 2013-07-27 20:34 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Offline Web Pages 2013-07-27 20:34 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\addins 2013-07-27 20:34 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2013-07-27 20:34 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\Setup 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Web 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\TAPI 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\uk-UA 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\th-TH 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sppui 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\spp 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Speech 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sl-SI 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sk-SK 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Setup 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ro-RO 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Recovery 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ras 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\oobe 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\NetworkList 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\MUI 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Msdtc 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\IME 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\icsxml 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\hr-HR 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\com 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\bg-BG 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\zh-HK 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\uk-UA 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\tr-TR 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\th-TH 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sysprep 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sr-Latn-CS 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sppui 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\spp 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\spool 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Speech 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\SMI 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sl-SI 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sk-SK 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Setup 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ro-RO 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ras 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\oobe 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NetworkList 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\MUI 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Msdtc 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\migwiz 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\manifeststore 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\lv-LV 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\lt-LT 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\IME 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\icsxml 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ias 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\hr-HR 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\he-IL 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\et-EE 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Dism 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\com 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\bg-BG 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ar-SA 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Speech 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\servicing 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\security 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\schemas 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Resources 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PLA 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\L2Schemas 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\IME 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Globalization 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Cursors 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Branding 2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat 2013-07-27 20:25 - 2013-07-27 20:25 - 65273856 _____ C:\Windows\System32\config\SOFTWARE.bhv 2013-07-27 20:25 - 2013-07-27 20:25 - 20447232 _____ C:\Windows\System32\config\SYSTEM.bhv 2013-07-27 20:25 - 2013-07-27 20:25 - 01310720 _____ C:\Windows\System32\config\DEFAULT.bhv 2013-07-27 20:25 - 2013-07-27 20:25 - 00262144 _____ C:\Windows\System32\config\SECURITY.bhv 2013-07-27 20:25 - 2013-07-27 20:25 - 00262144 _____ C:\Windows\System32\config\SAM.bhv 2013-07-27 20:25 - 2013-05-11 23:37 - 00000000 ____D C:\users\T 2013-07-27 19:48 - 2013-07-27 19:48 - 00000000 ____D C:\$Anvi Rescue Disk$ 2013-07-27 18:36 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-07-27 18:36 - 2009-07-13 23:51 - 00039659 _____ C:\Windows\setupact.log 2013-07-27 16:05 - 2013-05-13 10:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-26 16:09 - 2011-03-02 00:06 - 00040876 _____ C:\Windows\PFRO.log 2013-07-26 15:19 - 2013-07-26 15:19 - 00003160 ____N C:\bootsqm.dat 2013-07-26 15:14 - 2013-07-26 15:14 - 01097678 _____ C:\Users\T\AppData\Local\2433f433 2013-07-26 15:14 - 2013-07-26 15:14 - 01097604 _____ C:\Users\T\AppData\Roaming\2433f433 2013-07-26 15:14 - 2013-07-26 15:14 - 01097600 _____ C:\ProgramData\2433f433 2013-07-26 14:44 - 2013-07-25 15:52 - 00001806 _____ C:\Users\Public\Desktop\McAfee Security Center.lnk 2013-07-26 14:44 - 2013-07-25 15:52 - 00001806 _____ C:\ProgramData\Desktop\McAfee Security Center.lnk 2013-07-26 06:07 - 2009-07-14 00:10 - 01107870 _____ C:\Windows\WindowsUpdate.log 2013-07-25 19:25 - 2013-05-12 01:14 - 00000000 ____D C:\Appraisals2013 2013-07-25 19:06 - 2013-05-12 02:52 - 00043113 _____ C:\Users\T\Documents\Work Fees.xlsx 2013-07-25 19:05 - 2013-05-12 01:06 - 00000000 ____D C:\Users\T\AppData\Roaming\SoftGrid Client 2013-07-25 19:02 - 2013-05-15 11:50 - 00000077 _____ C:\Windows\SysWOW64\PDFWRITR.INI 2013-07-25 19:02 - 2013-05-15 11:50 - 00000077 _____ C:\Windows\SysWOW64\__PDF.INI 2013-07-25 19:02 - 2009-07-13 21:34 - 00000512 _____ C:\Windows\win.ini 2013-07-25 18:29 - 2013-07-25 18:29 - 00000000 ____D C:\Users\T\AppData\Local\{82A1BC79-9150-43F2-ACE8-A9330646AAE4} 2013-07-25 15:53 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-25 15:53 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-25 15:51 - 2013-07-25 15:51 - 00000000 ____D C:\Program Files\McAfee.com 2013-07-25 15:51 - 2013-07-25 15:51 - 00000000 ____D C:\Program Files (x86)\McAfee.com 2013-07-25 15:50 - 2009-07-14 00:13 - 00727182 _____ C:\Windows\System32\PerfStringBackup.INI 2013-07-25 15:46 - 2013-05-11 23:40 - 00000072 _____ C:\Windows\SysWOW64\ToasterLauncherLog.log 2013-07-25 15:46 - 2013-05-11 23:40 - 00000000 ____D C:\Users\T\AppData\Local\SoftThinks 2013-07-25 15:42 - 2013-07-25 15:42 - 05102984 _____ (McAfee, Inc.) C:\Users\T\Downloads\McAfeeSetup(1).exe 2013-07-24 22:21 - 2013-07-24 22:21 - 00000000 ____D C:\Users\T\AppData\Roaming\McAfee 2013-07-24 22:19 - 2013-07-24 22:19 - 00578640 _____ (McAfee, Inc.) C:\Users\T\Downloads\MVTInstaller.exe 2013-07-24 22:19 - 2013-07-24 22:19 - 00578640 _____ (McAfee, Inc.) C:\Users\T\Downloads\MVTInstaller(2).exe 2013-07-24 22:19 - 2013-07-24 22:19 - 00578640 _____ (McAfee, Inc.) C:\Users\T\Downloads\MVTInstaller(1).exe 2013-07-23 16:58 - 2013-07-22 16:30 - 01049135 _____ C:\Users\T\Documents\13VSC3700.ENV 2013-07-23 16:53 - 2013-07-23 16:53 - 00000000 ____D C:\Users\T\AppData\Local\{A2FB41DF-4E37-4A20-829B-458A3156E1F0} 2013-07-22 09:50 - 2013-07-22 09:50 - 00000000 ____D C:\Users\T\AppData\Local\{9F284BB8-94B5-4154-A440-5AB2CA928516} 2013-07-19 11:55 - 2013-07-19 11:55 - 00000000 ____D C:\Users\T\AppData\Local\{29F8CD13-9144-454D-BF7C-6CDE1B8D723D} 2013-07-18 20:05 - 2013-07-18 20:05 - 00000000 ____D C:\Users\T\AppData\Local\{72C605C0-53C1-47D3-9BB3-B9F4CBE6AB22} 2013-07-17 16:15 - 2013-05-12 01:14 - 00000000 ____D C:\Bad Appraisals 2013-07-16 17:00 - 2013-07-16 17:00 - 00000000 ____D C:\Users\T\AppData\Local\{60953837-00C4-45A0-84D7-24DFD537D5CD} 2013-07-16 16:37 - 2013-07-16 16:33 - 00850362 _____ C:\Users\T\Documents\13VSC0497.ENV 2013-07-15 16:34 - 2013-07-15 16:33 - 00000000 ____D C:\Users\T\AppData\Local\{B7863A29-D7F9-457E-AFFB-F9A4B574A85E} 2013-07-13 11:26 - 2013-07-13 11:26 - 00000000 ____D C:\Users\T\AppData\Local\{1C37073A-8BA0-480B-8D01-CA96180C6E13} 2013-07-13 11:03 - 2013-07-13 11:03 - 00000000 ____D C:\Users\T\AppData\Local\{38FAA561-BA50-4DCF-9567-9192C16EB362} 2013-07-13 10:35 - 2013-07-13 10:35 - 00000000 ____D C:\Users\T\AppData\Local\{8034F250-B4C6-4074-9B59-20F403FC9AB4} 2013-07-11 15:25 - 2011-03-01 22:30 - 00000000 ____D C:\ProgramData\Sonic 2013-07-11 12:34 - 2013-07-11 12:33 - 00000000 ____D C:\Users\T\AppData\Local\{34E96E0F-99A9-43C8-961E-E055CA857796} 2013-07-11 10:55 - 2013-07-11 10:55 - 00000000 ____D C:\Users\T\AppData\Local\{03E68801-310C-4CF1-9E6C-830669FB784A} 2013-07-10 22:55 - 2013-07-10 22:55 - 00000000 ____D C:\Users\T\AppData\Local\{6A831AA8-8C9E-401A-BDC4-3E86A76BE2D7} 2013-07-10 10:55 - 2013-07-10 10:55 - 00000000 ____D C:\Users\T\AppData\Local\{C3A18543-B8E9-4221-9E69-01C5CE29BA0A} 2013-07-10 10:23 - 2009-07-13 23:45 - 00323904 _____ C:\Windows\System32\FNTCACHE.DAT 2013-07-09 19:24 - 2013-07-09 19:24 - 00000000 ____D C:\Users\T\AppData\Local\{EF31F38A-CAC3-4920-85A0-572B5BFECAC1} 2013-07-05 11:07 - 2013-07-05 11:07 - 00000000 ____D C:\Users\T\AppData\Local\{415DA1C2-B3F3-4758-ADAC-6714912259D0} 2013-07-03 07:57 - 2013-07-03 07:57 - 00000000 ____D C:\Users\T\AppData\Local\{7F022855-EADC-4FAC-A323-042A3614ECBC} 2013-07-02 16:40 - 2013-07-02 16:40 - 01144089 _____ C:\Users\T\Downloads\1695500979 2013-07-02 16:36 - 2013-07-02 16:36 - 00000000 ____D C:\Users\T\AppData\Local\{35F95DDF-D814-415C-A718-5CEA291302CB} 2013-07-01 12:34 - 2013-07-01 12:34 - 00000000 ____D C:\Users\T\AppData\Local\{CE44540F-D8F3-4565-BB20-6CC51F6D109C} 2013-06-30 15:59 - 2013-06-30 15:59 - 00000000 ____D C:\Users\T\AppData\Local\{44B2BB29-5700-4331-A73C-E9EA58A0B7E5} 2013-06-28 17:39 - 2013-06-28 15:39 - 00000000 ____D C:\Users\T\AppData\Local\ACI PDF Printer 2013-06-28 15:39 - 2013-05-28 15:20 - 00000000 ____D C:\Users\T\AppData\Local\{96C5ABB0-BDD9-44BB-A8B7-203F327E8B04} 2013-06-28 08:03 - 2013-06-28 08:03 - 00000000 ____D C:\Users\T\AppData\Local\{B502142D-ED78-4BEF-8E11-707EF480AFB5} 2013-06-27 14:53 - 2013-05-12 02:52 - 00039936 _____ C:\Users\T\Documents\Vendors13.xls 2013-06-27 14:47 - 2013-06-27 14:47 - 00000000 ____D C:\Users\T\AppData\Local\{FB4E8CE3-75FB-4DF1-A72F-AD01388A4AA8} Files to move or delete: ==================== C:\Users\T\AppData\Local\Temp\uslqhyvpxomfggwmb.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-06-30 00:00:14 Restore point made on: 2013-07-08 00:00:10 Restore point made on: 2013-07-09 22:04:43 Restore point made on: 2013-07-17 00:00:12 Restore point made on: 2013-07-24 00:08:35 ==================== Memory info =========================== Percentage of memory in use: 9% Total physical RAM: 8156.98 MB Available physical RAM: 7363.42 MB Total Pagefile: 8155.13 MB Available Pagefile: 7355.98 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:451.91 GB) (Free:379.6 GB) NTFS (Disk=0 Partition=3) Drive d: (CDlinux) (CDROM) (Total:0.11 GB) (Free:0 GB) CDFS Drive e: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS Drive f: (Cruzer) (Removable) (Total:3.74 GB) (Free:3.14 GB) FAT32 (Disk=1 Partition=1) Drive k: (RECOVERY) (Fixed) (Total:13.81 GB) (Free:6.23 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)] Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C648A420) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=14 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) LastRegBack: 2013-07-23 00:46 ==================== End Of Log ============================
  16. Running Malwarebytes Pro did not seem to clean it. I can boot normally into another account on the PC and to safe mode. TIA!! DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.5.1 Run by Dad at 8:06:32 on 2013-07-28 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8167.4767 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k apphost C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe C:\Program Files (x86)\Bluetooth Suite\adminservice.exe C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\ShrewSoft\VPN Client\dtpd.exe C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\ShrewSoft\VPN Client\iked.exe C:\Windows\system32\IProsetMonitor.exe C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k iissvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Steam\Steam.exe C:\Users\Dad\AppData\Local\Programs\Google\MusicManager\MusicManager.exe C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe "C:\Windows\system32\svchost.exe" "C:\Windows\system32\svchost.exe" C:\Windows\SysWOW64\ctfmon.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\notepad.exe C:\Windows\system32\notepad.exe C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe c:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uProxyServer = proxy1.fnc.fujitsu.com:8080 mWinlogon: Userinit = userinit.exe, BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Updater By SweetPacks: {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension32.dll BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll uRun: [Google Update] "C:\Users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [MusicManager] "C:\Users\Dad\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" uRun: [yCpCQSpcQDy4] C:\Users\Dad\AppData\Local\n7MIr9o.exe mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start mRun: [yCpCQSpcQDy4] C:\Users\Dad\AppData\Local\n7MIr9o.exe StartupFolder: C:\Users\Dad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: Interfaces\{17D37927-A4C4-408A-82FB-535176ECFA06} : NameServer = 168.127.133.14,168.127.133.13 TCP: Interfaces\{D2CAD563-649F-4A86-B406-E4B6FB9ECBB0} : DHCPNameServer = 209.18.47.61 209.18.47.62 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Updater By SweetPacks: {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216] R1 NEOFLTR_650_16339;Juniper Networks TDI Filter Driver (NEOFLTR_650_16339);C:\Windows\System32\drivers\NEOFLTR_650_16339.SYS [2012-11-13 100472] R1 vflt;Shrew Soft Lightweight Filter;C:\Windows\System32\drivers\vfilter.sys [2010-9-2 21504] R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-6-13 922240] R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-1 915584] R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-4-28 586880] R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912] R2 dtpd;ShrewSoft DNS Proxy Daemon;C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service [?] R2 GsServer;GoodSync Server;C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe [2012-12-14 5604136] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-6-28 2470736] R2 iked;ShrewSoft IKE Daemon;C:\Program Files\ShrewSoft\VPN Client\iked.exe -service --> C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [?] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-4-28 133800] R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672] R2 ipsecd;ShrewSoft IPSEC Daemon;C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [?] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-6 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-6 701512] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 139616] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264] R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-14 129000] R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-14 394216] R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-13 28832] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-6 25928] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-13 36000] S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2011-3-13 51872] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-13 298656] S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-13 201376] S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-13 55456] S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-13 154272] S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-13 280224] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-10-1 57280] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448] S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-4-28 317440] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-4-28 20992] S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-4-24 42184] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-4-29 59392] S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\System32\drivers\virtualnet.sys [2010-9-2 17408] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-29 1255736] S3 WMSVC;Web Management Service;C:\Windows\System32\inetsrv\WMSvc.exe [2009-7-13 10752] . =============== File Associations =============== . FileExt: .js: UEStudio.js="C:\Program Files (x86)\IDM Computer Solutions\UEStudio\uestudio.exe" "%1" [userChoice] . =============== Created Last 30 ================ . 2013-07-28 12:44:01 -------- d-----w- C:\FRST 2013-07-28 03:10:38 182784 ----a-w- C:\Users\Dad\AppData\Local\n7MIr9o.exe 2013-07-27 14:03:55 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3F9872FA-B538-4A8E-88AB-5F116B4AB863}\mpengine.dll 2013-07-26 01:27:59 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-07-18 16:43:00 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0A01395C-E60E-45D8-8FA3-863497AB1923}\gapaengine.dll 2013-07-16 08:00:55 -------- d-----w- C:\Windows\System32\MRT 2013-07-10 08:33:34 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll 2013-07-10 08:33:34 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll 2013-07-10 08:33:34 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll 2013-07-10 08:33:34 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll 2013-07-10 08:33:33 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll 2013-07-10 08:33:33 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll 2013-07-10 08:33:33 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll 2013-07-10 08:33:17 624128 ----a-w- C:\Windows\System32\qedit.dll 2013-07-10 08:33:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2013-07-10 08:33:16 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-07-10 08:33:16 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2013-07-10 08:26:48 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-07-10 08:25:54 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2013-07-10 08:25:54 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2013-07-10 08:25:54 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2013-07-10 08:25:54 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2013-07-10 08:25:54 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2013-07-10 08:16:43 1643520 ----a-w- C:\Windows\System32\DWrite.dll 2013-07-10 08:16:43 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll 2013-07-05 17:43:58 -------- d-----w- C:\Program Files (x86)\TeamSpeak 3 Client 2013-07-02 14:19:18 33856 ---ha-w- C:\Windows\System32\hamachi.sys 2013-07-02 14:19:09 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi 2013-06-30 15:51:36 -------- d-----w- C:\Users\Dad\AppData\Local\webkit 2013-06-30 13:57:18 -------- d-----w- C:\Users\Dad\AppData\Roaming\GeoSetter 2013-06-30 13:57:12 -------- d-----w- C:\Program Files (x86)\GeoSetter . ==================== Find3M ==================== . 2013-06-19 02:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2013-06-19 02:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-05-27 08:58:02 1447728 ----a-w- C:\Windows\System32\dmwu.exe 2013-05-27 08:57:04 33792 ----a-w- C:\Windows\System32\ImHttpComm.dll 2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll 2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe 2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll 2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll 2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll 2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe . ============= FINISH: 8:06:58.18 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 4/28/2012 4:17:21 AM System Uptime: 7/28/2013 4:00:36 AM (4 hours ago) . Motherboard: ASUSTeK Computer INC. | | P8Z68-V PRO GEN3 Processor: Intel® Core i5-2500K CPU @ 3.30GHz | LGA1155 | 1584/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 261.628 GiB free. D: is CDROM (CDFS) F: is CDROM () G: is FIXED (NTFS) - 233 GiB total, 15.041 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Description: ASUS Bluetooth Device ID: USB\VID_0B05&PID_179C\6&DF2EE03&0&7 Manufacturer: Atheros Communications Name: ASUS Bluetooth PNP Device ID: USB\VID_0B05&PID_179C\6&DF2EE03&0&7 Service: BTHUSB . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco Systems VPN Adapter for 64-bit Windows Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter for 64-bit Windows PNP Device ID: ROOT\NET\0000 Service: CVirtA . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Shrew Soft Virtual Adapter Device ID: ROOT\VNET\0000 Manufacturer: Shrew Soft Name: Shrew Soft Virtual Adapter PNP Device ID: ROOT\VNET\0000 Service: vnet . ==== System Restore Points =================== . RP240: 7/24/2013 9:13:22 AM - Windows Update RP241: 7/27/2013 10:59:18 PM - Removed AI Suite II . ==== Installed Programs ====================== . Adobe Bridge 1.0 Adobe Common File Installer Adobe Creative Suite 2 Adobe Help Center 1.0 Adobe Photoshop CS2 Adobe Stock Photos 1.0 Asmedia ASM104x USB 3.0 Host Controller Driver Assassin's Creed Brotherhood Assassin's Creed II Battlefield 3™ Battlelog Web Plugins Bluetooth Win7 Suite (64) BOSS calibre Cisco Systems VPN Client 5.0.07.0440 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dropbox Electric Sheep 2.7b34c EPU ESN Sonar FileZilla Client 3.6.0.2 Fraps (remove only) GameSpy Arcade GeoSetter 3.4.16 GIMP 2.8.2 GoodSync Google Chrome Google Earth Google Update Helper Guild Wars 2 HandBrake 0.9.8 Intel® Management Engine Components Intel® Network Connections 15.6.25.0 Intel® Processor Graphics Internet Explorer Toolbar 4.8 by SweetPacks Java Auto Updater Java 7 Update 5 JavaFX 2.1.1 Juniper Networks Cache Cleaner 6.5.0 Juniper Networks Host Checker Juniper Networks Secure Application Manager Juniper Networks, Inc. Setup Client Juniper Networks, Inc. Setup Client 64-bit Activex Control Juniper Terminal Services Client Junk Mail filter update Just Cause 2 LEGO Lord of the Rings LibreOffice 4.0.0.3 LogMeIn Hamachi Magic ISO Maker v5.5 (build 0281) Malwarebytes Anti-Malware version 1.75.0.1300 Mass Effect Microsoft .NET Framework 1.1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Halo Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit Microsoft Security Client Microsoft Security Essentials Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Movie Maker MSI Afterburner 2.1.0 MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Music Manager Nexus Mod Manager NVIDIA 3D Vision Controller Driver NVIDIA 3D Vision Controller Driver 301.42 NVIDIA 3D Vision Driver 311.06 NVIDIA Control Panel 311.06 NVIDIA Graphics Driver 311.06 NVIDIA HD Audio Driver 1.3.16.0 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.0213 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.11.3 NVIDIA Update Components Opera 12.16 Origin Pando Media Booster Photo Common Photo Gallery Picasa 3 PL-2303 Vista Driver Installer PunkBuster Services Real Deal UpGrade Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Shrew Soft VPN Client Sid Meier's Civilization 4 Sid Meier's Civilization 4 - Beyond the Sword Steam Suite Specific SweetPacks Updater Service TeamSpeak 3 Client The Elder Scrolls V: Skyrim The Lord of the Rings Online™ v03.08.00.8025 The Settlers: Rise of an Empire Gold Edition TurboTax 2012 TurboTax 2012 WinPerFedFormset TurboTax 2012 WinPerReleaseEngine TurboTax 2012 WinPerTaxSupport TurboTax 2012 wrapper Ubisoft Game Launcher UEStudio Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Updater By SweetPacks 2.0.0.586 Virtual Villagers: A New Home VLC media player 2.0.6 Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.20 beta 2 (64-bit) Zoo Tycoon 2 - Ultimate Collection . ==== Event Viewer Messages From Past Week ======== . 7/28/2013 6:10:45 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 7/28/2013 12:22:41 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 7/28/2013 12:22:41 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. 7/27/2013 9:09:28 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer QUINLANS-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D2CAD563-649F-4A86-B406-E4B6FB9ECBB0}. The master browser is stopping or an election is being forced. 7/27/2013 11:25:46 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 7/27/2013 11:25:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 7/27/2013 11:25:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 7/27/2013 11:21:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 7/27/2013 11:09:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 7/27/2013 11:09:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 7/27/2013 11:09:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 7/27/2013 11:09:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 7/27/2013 11:09:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 7/27/2013 11:09:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 7/27/2013 11:09:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AsUpIO CSC DfsC discache MpFilter NEOFLTR_650_16339 NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vflt Wanarpv6 WfpLwf 7/27/2013 11:09:25 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 7/27/2013 11:09:25 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 7/27/2013 11:09:25 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 7/27/2013 11:09:25 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 7/27/2013 11:09:25 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning. 7/27/2013 11:09:25 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 7/27/2013 11:09:24 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 7/27/2013 11:09:24 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 7/27/2013 11:09:24 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 7/27/2013 11:09:24 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 7/27/2013 11:09:24 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 7/27/2013 11:05:25 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started. 7/27/2013 11:05:25 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress. 7/27/2013 11:05:22 PM, Error: Service Control Manager [7034] - The Cisco Systems, Inc. VPN Service service terminated unexpectedly. It has done this 1 time(s). 7/27/2013 10:20:28 PM, Error: Service Control Manager [7034] - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s). 7/26/2013 5:40:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x0000000000000000, 0x0000000000000002, 0x0000000000000008, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072613-18579-01. 7/26/2013 12:29:56 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.155.788.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9700.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally 7/22/2013 9:03:48 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.155.469.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9700.0 Error code: 0x80072ee2 Error description: The operation timed out 7/22/2013 10:45:42 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer GAMINGDESKTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D2CAD563-649F-4A86-B406-E4B6FB9ECBB0}. The master browser is stopping or an election is being forced. . ==== End Of File ===========================
  17. This sounds like quite a bargain, but not so sure about how to sign up for moneypad. Can anyone help? I get this on my XP pc and my W7 laptop. Actually, instead can you tell me where I can download the FRST or Farbar. I decide to fight and not fall victim to their extortion techniques.
  18. I have got a computer that has been infected with ransomware. I have even tried to book to safe mode but as soon as I boot to safe it auto restarts! I have downloaded FRST64.exe as recommended from previous posts on here but now I need help in how to remove the virus, I can post the 2 logs here...
  19. Hello, I was just hit with the FBI Virus. I searched this forum, and read some very helpful advice, but it seems each individual situation requires different instructions. I started with the instructions given on this thread: http://forums.malwarebytes.org/index.php?showtopic=117917 I opened Safe Mode with Command Prompt (the other Safe Modes shut down immediately) and ran the FarBar scan tool. I have the FRST.txt and Search.txt below in attachments, as well as another Addition.txt that was given to me after FRST.txt. FRST.txtAddition.txtSearch.txt If someone could help me with what to do next, that would be absolutely wonderful. Thank you.
  20. I'm infected with the FBI Moneypak malware and can't log on to the infected account or in normal or safe mode, I'm on another account right now on the same computer. I've tried restoring to a previous date and deleting unknown programs on my computer through another administrator account. Can someone please help me with getting rid of this annoying malware?
  21. Hello, I like others have stumbled upon the FBI virus and without a clue as to how to remove this troublesome virus. I am on the infected computer now in safe mode with networking. Any help is appreciated! Thank you!
  22. Ive recently been infected with the moneypak malware. I cannot access safemode. Ive read the forums and attached FRST and search. Any help would be appreciated FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-05-2013 Ran by SYSTEM on 19-05-2013 16:59:38 Running from G:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet004 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9636896 2009-12-15] (Realtek Semiconductor) HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-12-15] (Synaptics Incorporated) HKLM\...\Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1931024 2010-07-19] (Intel® Corporation) HKLM\...\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation) HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-20] (Intel Corporation) HKLM-x32\...\Run: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup [82944 2010-01-19] (Sony Electronics Corporation) HKLM-x32\...\Run: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [320880 2009-08-26] (Sony Corporation) HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2009-10-24] (Sony Corporation) HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-28] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" [1151152 2013-03-18] () HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.) HKU\JALIL\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\JALIL\Documents\4f37f4e1.exe [24064 2013-05-16] () HKU\JALIL\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex [x] HKU\JALIL\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Services (Whitelisted) ================= S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S2 arXfrSvc; C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [231280 2011-01-10] (Microsoft Corporation) S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] () S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4936752 2013-04-25] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.) S2 esClient; C:\Program Files\Windows Home Server\esClient.exe [109936 2011-01-10] (Microsoft Corporation) S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [237328 2012-03-30] (McAfee, Inc.) S2 mitsijm2012; c:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe [848184 2010-12-07] (Autodesk, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] () S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-31] (Sonic Solutions) S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-31] (Sonic Solutions) S4 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] () S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-10-15] (Sony Corporation) S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-10-15] (Sony Corporation) S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.) S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-09-14] (Sony Corporation) S2 vToolbarUpdater14.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-03-18] () S3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation) S2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-09-14] (Sony Corporation) S2 WHSConnector; C:\Program Files\Windows Home Server\WHSConnector.exe [489840 2011-01-10] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-28] (AVG Technologies CZ, s.r.o.) S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.) S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.) S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.) S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.) S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.) S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-20] (AVG Technologies CZ, s.r.o.) S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-03-18] (AVG Technologies) S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20568 2010-07-26] (Devguru Co., Ltd) S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-13] (http://libusb-win32.sourceforge.net) S3 TVICHW64; C:\Windows\system32\DRIVERS\TVICHW64.SYS [21200 2010-08-06] (EnTech Taiwan) S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-19 11:25 - 2013-05-19 11:25 - 00003536 ____N C:\bootsqm.dat 2013-05-18 23:51 - 2013-05-18 23:58 - 00000000 ____D C:\Windows\Microsoft Antimalware 2013-05-18 19:56 - 2013-05-18 19:56 - 00000000 ____D C:\FRST 2013-05-18 16:20 - 2013-05-18 16:20 - 00000000 ____D C:\c70d519bc20333e0465e28333c2ee084 2013-05-17 15:56 - 2013-05-17 15:56 - 00000000 ____D C:\c9c105f75ab9a3b90fda 2013-05-17 15:56 - 2013-05-05 13:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-17 15:56 - 2013-05-05 13:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-17 15:56 - 2013-05-05 11:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-17 15:56 - 2013-05-05 11:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-17 15:54 - 2013-04-04 17:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-17 15:54 - 2013-04-04 17:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-17 15:54 - 2013-04-04 17:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-17 15:54 - 2013-04-04 17:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-17 15:54 - 2013-04-04 16:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-05-17 15:54 - 2013-04-04 16:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-05-17 15:54 - 2013-04-04 16:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-17 15:54 - 2013-04-04 16:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-05-17 15:54 - 2013-04-04 16:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-17 15:54 - 2013-04-04 16:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-05-17 15:54 - 2013-04-04 16:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-17 15:54 - 2013-04-04 16:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-17 15:54 - 2013-04-04 16:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-05-17 15:54 - 2013-04-04 16:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-17 15:54 - 2013-04-04 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-17 15:54 - 2013-04-04 14:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-05-17 15:54 - 2013-04-04 14:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-05-17 15:54 - 2013-04-04 14:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-17 15:54 - 2013-04-04 14:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-05-17 15:54 - 2013-04-04 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-05-17 15:54 - 2013-04-04 13:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-17 15:54 - 2013-04-04 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-17 15:54 - 2013-04-04 13:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-05-17 15:54 - 2013-04-04 13:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-05-17 15:54 - 2013-04-04 13:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-17 15:54 - 2013-04-04 13:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-05-17 15:54 - 2013-04-04 13:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-05-17 15:54 - 2013-04-04 13:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-05-16 12:46 - 2013-05-16 12:46 - 01096077 ____A C:\ProgramData\2433f433 2013-05-16 12:46 - 2013-05-16 12:46 - 01096042 ____A C:\Users\JALIL\AppData\Roaming\2433f433 2013-05-16 12:46 - 2013-05-16 12:46 - 01096038 ____A C:\Users\JALIL\AppData\Local\2433f433 2013-05-16 12:46 - 2013-05-16 12:46 - 00024064 ____A C:\Users\JALIL\Documents\4f37f4e1.exe 2013-05-14 17:03 - 2013-05-14 17:03 - 00516096 ____A C:\Users\JALIL\Desktop\Endocrine Histology Practice Quiz.ppt 2013-05-13 15:39 - 2013-05-13 15:39 - 04057695 ____A C:\Users\JALIL\Desktop\Reproduction BOLT S13.pptx 2013-05-13 13:57 - 2013-05-13 13:57 - 04023724 ____A C:\Users\JALIL\Desktop\Dinosaur origins BOLT S13.pptx 2013-05-13 13:29 - 2013-05-13 13:29 - 02058959 ____A C:\Users\JALIL\Desktop\Time and dinos BOLT S13 (SHORT).pptx 2013-04-23 19:12 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys ==================== One Month Modified Files and Folders ======= 2013-05-19 12:29 - 2010-07-14 18:32 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-19 12:29 - 2010-07-02 10:17 - 00000000 ____D C:\users\JALIL 2013-05-19 12:29 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-19 12:29 - 2009-07-13 20:51 - 00142524 ____A C:\Windows\setupact.log 2013-05-19 11:25 - 2013-05-19 11:25 - 00003536 ____N C:\bootsqm.dat 2013-05-19 09:20 - 2010-07-14 18:32 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-18 23:58 - 2013-05-18 23:51 - 00000000 ____D C:\Windows\Microsoft Antimalware 2013-05-18 19:56 - 2013-05-18 19:56 - 00000000 ____D C:\FRST 2013-05-18 16:20 - 2013-05-18 16:20 - 00000000 ____D C:\c70d519bc20333e0465e28333c2ee084 2013-05-18 16:20 - 2010-10-16 09:04 - 00000000 ____D C:\ProgramData\MFAData 2013-05-18 16:20 - 2010-06-08 18:32 - 01188836 ____A C:\Windows\WindowsUpdate.log 2013-05-18 16:18 - 2009-07-13 20:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-18 16:18 - 2009-07-13 20:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-17 15:56 - 2013-05-17 15:56 - 00000000 ____D C:\c9c105f75ab9a3b90fda 2013-05-17 15:56 - 2013-04-05 12:04 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-17 15:56 - 2010-08-03 19:58 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-05-16 12:46 - 2013-05-16 12:46 - 01096077 ____A C:\ProgramData\2433f433 2013-05-16 12:46 - 2013-05-16 12:46 - 01096042 ____A C:\Users\JALIL\AppData\Roaming\2433f433 2013-05-16 12:46 - 2013-05-16 12:46 - 01096038 ____A C:\Users\JALIL\AppData\Local\2433f433 2013-05-16 12:46 - 2013-05-16 12:46 - 00024064 ____A C:\Users\JALIL\Documents\4f37f4e1.exe 2013-05-15 08:57 - 2012-03-31 21:24 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-05-15 08:57 - 2011-06-04 10:39 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-05-14 17:03 - 2013-05-14 17:03 - 00516096 ____A C:\Users\JALIL\Desktop\Endocrine Histology Practice Quiz.ppt 2013-05-13 15:39 - 2013-05-13 15:39 - 04057695 ____A C:\Users\JALIL\Desktop\Reproduction BOLT S13.pptx 2013-05-13 13:57 - 2013-05-13 13:57 - 04023724 ____A C:\Users\JALIL\Desktop\Dinosaur origins BOLT S13.pptx 2013-05-13 13:29 - 2013-05-13 13:29 - 02058959 ____A C:\Users\JALIL\Desktop\Time and dinos BOLT S13 (SHORT).pptx 2013-05-13 13:11 - 2009-07-13 21:13 - 00779306 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-09 08:50 - 2012-12-12 17:09 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk 2013-05-05 13:36 - 2013-05-17 15:56 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-05 13:16 - 2013-05-17 15:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-05 11:25 - 2013-05-17 15:56 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-05 11:12 - 2013-05-17 15:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-04-30 21:38 - 2011-06-14 11:07 - 00000000 ____D C:\Users\JALIL\AppData\Roaming\Skype 2013-04-30 20:03 - 2011-06-14 11:06 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-04-30 20:03 - 2011-06-14 11:06 - 00000000 ____D C:\ProgramData\Skype 2013-04-29 10:25 - 2010-10-10 14:05 - 00000000 ____D C:\Users\JALIL\Documents\Outlook Files 2013-04-23 23:00 - 2012-04-22 16:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox Other Malware: =========== C:\ProgramData\ezsidmv.dat ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-05-18 16:20:22 ==================== Memory info =========================== Percentage of memory in use: 16% Total physical RAM: 3758.1 MB Available physical RAM: 3121.88 MB Total Pagefile: 3756.25 MB Available Pagefile: 3123.82 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:455.29 GB) (Free:294.96 GB) NTFS (Disk=0 Partition=3) Drive e: (Recovery) (Fixed) (Total:10.37 GB) (Free:0.8 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)] Drive g: (WDO_Media64) (Removable) (Total:1.8 GB) (Free:1.73 GB) NTFS (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 814834FB) Partition 1: (Not Active) - (Size=10 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=455 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 2 GB) (Disk ID: 2052474D) Partition 1: (Not Active) - (Size=915 GB) - (Type=70) Partition 2: (Not Active) - (Size=867 GB) - (Type=43) Partition 3: (Not Active) - (Size=5 KB) - (Type=72) Partition 4: (Not Active) - (Size=25 MB) - (Type=00) Last Boot: 2013-05-13 20:18 ==================== End Of Log ============================ Search: Farbar Recovery Scan Tool (x64) Version: 18-05-2013 Ran by SYSTEM at 2013-05-19 17:07:00 Running from G:\ Boot Mode: Recovery ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ======
  23. At approx 9:11 yesterday, my computer was hit with the dreaded MoneyPak ransomware. Only one user profile was infected, I have created the dds.txt and attach.txt files from the other user profile. =================================================== ==================== DDS.TXT ===================== =================================================== DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 Run by Work at 12:49:14 on 2013-05-15 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8167.5906 [GMT -4:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Bluetooth Suite\adminservice.exe C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\IProsetMonitor.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe E:\Programs\NetBalancer\SeriousBit.NetBalancer.Service.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\EscSvc64.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\System32\WUDFHost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Users\Work\AppData\Roaming\Spotify\spotify.exe C:\Users\Work\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe E:\Programs\LolReplay\LOLRecorder.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe E:\Programs\Adobe\Acrobat 10.0\Acrobat\acrotray.exe E:\Programs\Gmail Notifier\gnotify.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files (x86)\Razer\Lycosa\razerhid.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files (x86)\Razer\Lycosa\razertra.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO: GetSavin 5.0: {31AD1549-432A-4EFD-88E8-FDB9FB22CE52} - C:\Users\Matt\AppData\Local\getsavin\ie\getsavin_1362897001.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [spotify] "C:\Users\Work\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart uRun: [spotify Web Helper] "C:\Users\Work\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin mRun: [Adobe Acrobat Speed Launcher] "E:\Programs\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "E:\Programs\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] E:\Programs\Gmail Notifier\gnotify.exe mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" mRun: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "E:\Programs\QuickTime\QTTask.exe" -atboottime mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - E:\Programs\LolReplay\LOLRecorder.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: NameServer = 192.168.1.1 TCP: Interfaces\{30985231-1321-42DB-84E6-9859C7DBB100} : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{30985231-1321-42DB-84E6-9859C7DBB100} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{5337C3D6-6489-4DBC-AC49-18F17BA0C30B} : DHCPNameServer = 192.168.42.129 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch x64-Run: [Fences] "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\q76xvt5f.default\ FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - plugin: E:\Programs\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll FF - plugin: E:\Programs\QuickTime\Plugins\npqtplugin.dll FF - plugin: E:\Programs\QuickTime\Plugins\npqtplugin2.dll FF - plugin: E:\Programs\QuickTime\Plugins\npqtplugin3.dll FF - plugin: E:\Programs\QuickTime\Plugins\npqtplugin4.dll FF - plugin: E:\Programs\QuickTime\Plugins\npqtplugin5.dll FF - plugin: E:\Programs\QuickTime\Plugins\npqtplugin6.dll FF - plugin: E:\Programs\QuickTime\Plugins\npqtplugin7.dll . ============= SERVICES / DRIVERS =============== . R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-8-27 297000] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-11-24 56208] R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-14 129000] R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-14 394216] R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-13 36000] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-13 298656] R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-13 28832] R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-13 201376] R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-13 55456] R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-13 154272] R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-13 280224] R3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-1-18 25632] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136] R3 LVUVC64;Logitech HD Webcam C615(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568] R3 Lycosa;Lycosa Keyboard;C:\Windows\System32\drivers\Lycosa.sys [2008-1-17 18816] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-14 25928] R3 Nbdrv;NetBalancer;C:\Windows\System32\drivers\nbdrv.sys [2013-3-16 41256] S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2012-7-20 31744] S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2011-3-13 51872] S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10 31744] S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-1-25 22016] S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-22 20992] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-7 59392] S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088] . =============== File Associations =============== . ShellExec: dreamweaver.exe: Open="E:\Programs\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2013-05-15 06:33:05 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{943846F2-D9C6-47E5-B623-26640A2329A3}\mpengine.dll 2013-05-15 01:52:08 -------- d-----w- C:\Users\Work\AppData\Roaming\Malwarebytes 2013-05-15 01:52:02 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-05-15 01:52:02 -------- d-----w- C:\ProgramData\Malwarebytes 2013-05-15 01:52:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-05-15 01:51:51 -------- d-----w- C:\Users\Work\AppData\Local\Programs 2013-05-15 01:46:15 -------- d-----w- C:\Users\Work\AppData\Local\Apps 2013-05-14 20:07:17 -------- d-----w- C:\Users\Work\AppData\Roaming\LolClient 2013-05-07 14:44:11 -------- d-----w- C:\Users\Work\AppData\Local\CrashDumps 2013-05-06 22:55:46 -------- d-----w- C:\Users\Work\AppData\Local\Apple Computer 2013-05-06 22:55:28 -------- d-----w- C:\Users\Work\AppData\Local\Mozilla 2013-05-05 02:29:14 -------- d-----w- C:\ProgramData\NexonUS 2013-05-05 02:29:12 -------- d-----w- C:\ProgramData\Nexon 2013-05-03 14:02:22 -------- d-----w- C:\Users\Work\AppData\Roaming\NVIDIA 2013-05-03 13:46:25 -------- d-----w- C:\Users\Work\.gem 2013-04-29 19:52:26 -------- d-----w- C:\Users\Work\AppData\Local\Spotify 2013-04-29 19:52:16 -------- d-----w- C:\Users\Work\AppData\Roaming\Spotify 2013-04-29 19:43:06 -------- d-----w- C:\Users\Work\AppData\Roaming\JetBrains 2013-04-29 19:41:32 -------- d-----w- C:\Users\Work\.WebIde60 2013-04-25 00:24:55 22528 ----a-w- C:\Windows\System32\netutils.dll 2013-04-24 00:56:57 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-17 03:02:06 232832 ----a-w- C:\Windows\System32\WDMBL_AP1NC_2_2_0.dll . ==================== Find3M ==================== . 2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-03-20 07:03:12 175616 ----a-w- C:\Windows\System32\msclmd.dll 2013-03-20 07:03:12 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe 2013-03-14 04:22:12 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-14 04:22:12 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll 2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-02-19 12:01:03 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-02-19 11:42:14 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-02-15 06:08:40 44032 ----a-w- C:\Windows\System32\tsgqec.dll 2013-02-15 06:06:11 3717632 ----a-w- C:\Windows\System32\mstscax.dll 2013-02-15 06:02:26 158720 ----a-w- C:\Windows\System32\aaclient.dll 2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll 2013-02-15 04:34:10 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll 2013-02-15 03:25:51 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll . ============= FINISH: 12:49:24.80 =============== =================================================== ==================== ATTACH.TXT ================== =================================================== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 11/21/2012 8:14:11 PM System Uptime: 5/15/2013 12:33:09 PM (0 hours ago) . Motherboard: ASUSTeK Computer INC. | | P8Z68-V PRO GEN3 Processor: Intel® Core i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz . ==== Disk Partitions ========================= . D: is CDROM () G: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . 7-Zip 9.22beta Adobe Acrobat X Pro - English, Français, Deutsch Adobe AIR Adobe Creative Suite 6 Production Premium Adobe CS6 Design and Web Premium Adobe Flash Builder 4.6 Adobe Flash Media Live Encoder 3.2 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Help Manager Adobe Reader XI (11.0.01) Adobe Shockwave Player 12.0 Adobe Widget Browser Adobe® Content Viewer Amazon MP3 Downloader 1.0.17 Apple Application Support Apple Software Update Asmedia ASM104x USB 3.0 Host Controller Driver Assassin's Creed ® III bl Bluetooth Win7 Suite (64) CameraHelperMsi Combat Arms Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition Dishonored Download Navigator EPSON Connect version 1.0 Epson Customer Participation Epson Event Manager EPSON NX510 Series Printer Uninstall Epson Print CD EPSON Scan EPSON XP-600 Series Printer Uninstall EpsonNet Print EpsonNet Setup erLT EVGA Precision 2.0.2 Fences 2 FileZilla Client 3.6.0.2 Forge Fraps (remove only) GetSavin Google Chrome Google Drive Google Gmail Notifier Google Talk Plugin Google Toolbar for Internet Explorer Google Update Helper Guitar Pro 6 Intel® Management Engine Components Intel® Network Connections 15.6.25.0 Java 7 Update 11 Java 7 Update 11 (64-bit) Java SE Development Kit 7 Update 9 (64-bit) JetBrains PhpStorm 6.0 JetBrains WebStorm 6.0 JMicron JMB36X Driver Killing Floor Launchpad Enhanced League of Legends Leap Software Logitech Vid HD Logitech Webcam Software LOLReplay LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Twitter LWS Video Mask Maker LWS VideoEffects LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin Magic ISO Maker v5.5 (build 0281) Malwarebytes Anti-Malware version 1.75.0.1300 marvell 91xx driver Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 32-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 32-bit MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Sync Framework 2.0 Core Components (x64) ENU Microsoft Sync Framework 2.0 Provider Services (x64) ENU Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft XNA Framework Redistributable 4.0 Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 MotoHelper 2.1.41 Driver 5.5.0 MotoHelper MergeModules Motorola Mobile Drivers Installation 5.5.0 Mozilla Firefox 17.0 (x86 en-US) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mumble 1.2.3 NetBalancer Nexon Game Manager NVIDIA 3D Vision Controller Driver 305.27 NVIDIA 3D Vision Driver 311.06 NVIDIA Control Panel 311.06 NVIDIA Graphics Driver 311.06 NVIDIA HD Audio Driver 1.3.18.0 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.0613 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.11.3 NVIDIA Update Components Opera 12.11 Pando Media Booster Path of Exile PDF Settings CS6 ph PlanetSide 2 PunkBuster Services QuickTime Razer Lycosa RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealNetworks - Microsoft Visual C++ 2010 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 RPG MAKER VX Ace Lite Safari Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition Security Update for Microsoft Visio 2010 (KB2760762) 64-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition Skype™ 6.3 Snake Spotify Star Wars Galaxies Star Wars: The Old Republic StarCraft II swMSM SyncToy 2.1 (x64) Torchlight II Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition Uplay Ventrilo Client for Windows x64 Windows Driver Package - Cypress (CYUSB3) USB (08/08/2012 1.1.2.00) World of Warcraft XSplit . ==== End Of File ===========================
  24. I've been hit with the FBI Moneypak ransomware on a Windows 7, x64. Rebooting in Safe Mode with Networking results in a white screen and the inability to do anything else. I have the run the Farbar Recovery Scan Tool and performed a search for services.exe. I understand I should provide the FRST scan log and the results of the search but before I do, I have a question. Should I be concerned about posting my log online? I'm only a mildy technical person, but given the nature of this ransomware I'm ultra sensitive, and am very concerned about additional damage caused by this breach. Should I scrub the log in anyway? Or, can someone provide a fixlist without the full log? Thanks in advance for any help! Thanks, John
  25. Just from reading other threads on this issue I've ran the initial test, and tried to figure out the software or files that are affected but I am not sure what to look for. But attached are the logs for the FRST and Search. Thanks! FRST.txt Search.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.