FBI Ransomware

Inactive-A
By rammertide07
May 10, 2013
Topic Status:
Not open for further replies.
  1. Hello all, this is my first post here. I recently have acquired the FBI moneypak malware and this thing is a beast. Rolling back the system does not work, Avast does not work in Safe Mode...

    I've ran the Farbar for Windows 7 64bit OS. Here's the report:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05-2013<BR>Ran by Hunter Collier at 2013-05-09 23:52:05 Run:<BR>Running from I:\Download<BR>Boot Mode: Safe Mode (minimal)<BR>==========================================================<BR><BR><BR>==================== Installed Programs =======================<BR><BR>Adobe AIR (Version: 3.5.0.600)<BR>Adobe Flash Player 10 Plugin (Version: 10.0.45.2)<BR>Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)<BR>Adobe Reader X (10.1.2) (Version: 10.1.2)<BR>Adobe Shockwave Player 11.5 (Version: 11.5.8.612)<BR>Any Video Converter Ultimate 4.5.7<BR>Ashampoo Photo Commander 10 v.10.1.3 (Version: 10.1.3)<BR>Audacity 1.2.4<BR>avast! Free Antivirus (Version: 8.0.1488.0)<BR>AviSynth 2.5<BR>AVS Image Converter 2.3.2.248 (Version: 2.3.2.248)<BR>Canon Inkjet Printer/Scanner/Fax Extended Survey Program<BR>Canon MP Navigator EX 3.0<BR>Canon MP250 series MP Drivers<BR>Canon MP250 series User Registration<BR>Canon Utilities Easy-PhotoPrint EX<BR>Canon Utilities My Printer<BR>Canon Utilities Solution Menu<BR>CTRLA - Hidden image creator 1.0<BR>D3DX10 (Version: 15.4.2368.0902)<BR>DeblurMyImage_free (Version: 2.0)<BR>DefaultTab (Version: 2.2.1.0)<BR>DenoiseMyImage_free (Version: 2.0)<BR>DVD Decrypter (Remove Only)<BR>EasyTether (Version: 1.1.16)<BR>Fast Free Converter (Version: 4.1)<BR>Free YouTube to MP3 Converter version 3.12.1.320 (Version: 3.12.1.320)<BR>Gadwin PrintScreen (Version: 4.4)<BR>GIMP 2.8.2 (Version: 2.8.2)<BR>Google Chrome (Version: 26.0.1410.64)<BR>Google Earth (Version: 7.0.3.8542)<BR>Google Update Helper (Version: 1.3.21.135)<BR>GTK+ 2.6.7-2 runtime environment<BR>HTC Driver Installer (Version: 2.0.7.018)<BR>HTC Sync (Version: 2.0.40)<BR>IDRMyImage_free (Version: 2.0)<BR>Image Plugin (Version: 3.04.0226)<BR>InfoAtoms [Uninstall] (Version: 1.5.0.0)<BR>Inkscape 0.48.4 (Version: 0.48.4)<BR>Internet Explorer Toolbar 4.7 by SweetPacks (Version: 4.7.0008)<BR>IrfanView (remove only) (Version: 4.32)<BR>Jasc Digital Camera Support v5.01 (Version: 5.01.0000)<BR>Java Auto Updater (Version: 2.0.2.4)<BR>Java(TM) 6 Update 20 (Version: 6.0.200)<BR>Java(TM) 6 Update 21 (Version: 6.0.210)<BR>Java(TM) 7 Update 2 (64-bit) (Version: 7.0.20)<BR>Java(TM) SE Development Kit 7 Update 2 (64-bit) (Version: 1.7.0.20)<BR>JavaFX 2.0.2 (64-bit) (Version: 2.0.2)<BR>JavaFX 2.0.2 SDK (64-bit) (Version: 2.0.2)<BR>JNLP<BR>Media Player<BR>Media Player Packages<BR>Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)<BR>Microsoft Application Error Reporting (Version: 12.0.6015.5000)<BR>Microsoft Silverlight (Version: 5.1.20125.0)<BR>Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)<BR>Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)<BR>Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)<BR>Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)<BR>Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)<BR>Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)<BR>Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)<BR>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)<BR>Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)<BR>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)<BR>Microsoft Visual C++ 2010&nbsp; x64 Redistributable - 10.0.30319 (Version: 10.0.30319)<BR>Microsoft Visual C++ 2010&nbsp; x86 Redistributable - 10.0.30319 (Version: 10.0.30319)<BR>Mobile Broadband Generic Drivers (Version: 2.03.09.005.14)<BR>MotoHelper 2.1.25 Driver 5.3.0 (Version: 2.1.25)<BR>MotoHelper MergeModules (Version: 1.2.0)<BR>Motorola Mobile Drivers Installation 5.3.0 (Version: 5.3.0)<BR>Mozilla Thunderbird (2.0.0.6) (Version: 2.0.0.6 (en-US))<BR>MSVCRT (Version: 15.4.2862.0708)<BR>MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)<BR>MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)<BR>OpenOffice.org 2.1 Language Pack (Español) (Version: 2.1.9095)<BR>OpenOffice.org 3.4.1 (Version: 3.41.9593)<BR>Paint Shop Pro 7 (Version: 7.0.4.0000)<BR>Pdf2Jpg version 1.2 (Version: 1.2)<BR>Photo Collage Max (Version: 2.1.6.6)<BR>Photo Pos Pro (Version: 1.89)<BR>PhotoScape<BR>Plata Software MultiMediaOffice v2.0.0 (Version: v2.0.0)<BR>RealDownloader (Version: 1.3.0)<BR>RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)<BR>RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)<BR>RealPlayer (Version: 16.0.0)<BR>RealUpgrade 1.1 (Version: 1.1.0)<BR>RepaintMyImage_free (Version: 1.0)<BR>Script Font Trial, Version 3.5b<BR>Search Protect by conduit (Version: 1.4.3.7)<BR>SMPlayer 0.6.9 (Version: 0.6.9)<BR>Software Version Updater (Version: 1.1.3.7)<BR>SolidWorks eDrawings 2013 (Version: 13.0.5016)<BR>The GIMP 2.2.10<BR>The KJB Desktop Bible Book<BR>Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)<BR>Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)<BR>Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)<BR>Verizon Wireless MiFi-2200 Firmware Updates (Version: 1.0.1)<BR>Videora iPod Converter 6 (Version: 6)<BR>Virtual DJ Home - Atomix Productions<BR>VirtualDJ Home FREE (Version: 7.0.4.1)<BR>VirtualDub-Mpeg2 v2.0.0 (Version: v2.0.0)<BR>Visual Slideshow<BR>VZAccess Manager (Version: 7.2.11.1)<BR>WAV To MP3 Converter version 1.0 r1 (Version: 1.0 r1)<BR>Windows Live Communications Platform (Version: 15.4.3502.0922)<BR>Windows Live Essentials (Version: 15.4.3502.0922)<BR>Windows Live Essentials (Version: 15.4.3508.1109)<BR>Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)<BR>Windows Live Installer (Version: 15.4.3502.0922)<BR>Windows Live Language Selector (Version: 15.4.3508.1109)<BR>Windows Live Messenger (Version: 15.4.3502.0922)<BR>Windows Live Movie Maker (Version: 15.4.3502.0922)<BR>Windows Live Photo Common (Version: 15.4.3502.0922)<BR>Windows Live Photo Gallery (Version: 15.4.3502.0922)<BR>Windows Live PIMT Platform (Version: 15.4.3508.1109)<BR>Windows Live SOXE (Version: 15.4.3502.0922)<BR>Windows Live SOXE Definitions (Version: 15.4.3502.0922)<BR>Windows Live UX Platform (Version: 15.4.3502.0922)<BR>Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)<BR>Windows Mobile Device Updater Component (Version: 04.08.2345.00)<BR>Windows Movie Maker 2.6 (Version: 2.6.4037.0)<BR>Windows Movie Maker Enhancement Pack 2010 (Version: 1.5)<BR>WModem Driver Installer (Version: 2.0.6.9)<BR>Word Artist 2.2 (Version: 2.2)<BR>Word to Heart<BR>Your Free DVD Ripper 4.5<BR>YouTube Downloader App 3.00 (Version: 3.00)<BR>Youtube Downloader HD v. 2.9.6<BR>YTD Video Downloader 3.9.6 (Version: 3.9.6)<BR>Zoner Photo Studio 15 (Version: 15.0.1.2)<BR>Zumas RevengeTM (remove only)<BR>Zune (Version: 04.08.2345.00)<BR>Zune Language Pack (CHS) (Version: 04.08.2345.00)<BR>Zune Language Pack (CHT) (Version: 04.08.2345.00)<BR>Zune Language Pack (CSY) (Version: 04.08.2345.00)<BR>Zune Language Pack (DAN) (Version: 04.08.2345.00)<BR>Zune Language Pack (DEU) (Version: 04.08.2345.00)<BR>Zune Language Pack (ELL) (Version: 04.08.2345.00)<BR>Zune Language Pack (ESP) (Version: 04.08.2345.00)<BR>Zune Language Pack (FIN) (Version: 04.08.2345.00)<BR>Zune Language Pack (FRA) (Version: 04.08.2345.00)<BR>Zune Language Pack (HUN) (Version: 04.08.2345.00)<BR>Zune Language Pack (IND) (Version: 04.08.2345.00)<BR>Zune Language Pack (ITA) (Version: 04.08.2345.00)<BR>Zune Language Pack (JPN) (Version: 04.08.2345.00)<BR>Zune Language Pack (KOR) (Version: 04.08.2345.00)<BR>Zune Language Pack (MSL) (Version: 04.08.2345.00)<BR>Zune Language Pack (NLD) (Version: 04.08.2345.00)<BR>Zune Language Pack (NOR) (Version: 04.08.2345.00)<BR>Zune Language Pack (PLK) (Version: 04.08.2345.00)<BR>Zune Language Pack (PTB) (Version: 04.08.2345.00)<BR>Zune Language Pack (PTG) (Version: 04.08.2345.00)<BR>Zune Language Pack (RUS) (Version: 04.08.2345.00)<BR>Zune Language Pack (SVE) (Version: 04.08.2345.00)<BR><BR>==================== Restore Points&nbsp; =========================<BR><BR>03-04-2013 00:13:35 Windows Update<BR>06-04-2013 04:21:13 Windows Update<BR>10-04-2013 00:32:31 Windows Update<BR>10-04-2013 20:58:39 Windows Update<BR>12-04-2013 03:37:52 Windows Update<BR>17-04-2013 02:22:40 Windows Update<BR>20-04-2013 02:31:06 Windows Update<BR>23-04-2013 21:28:14 Windows Update<BR>24-04-2013 21:09:24 Windows Update<BR>28-04-2013 20:43:47 Installed Word Artist 2.2<BR>01-05-2013 01:11:42 Windows Update<BR>05-05-2013 04:24:37 Windows Defender Checkpoint<BR><BR>==================== Faulty Device Manager Devices =============<BR><BR>Name: Base System Device<BR>Description: Base System Device<BR>Class Guid: <BR>Manufacturer: <BR>Service: <BR>Problem: : The drivers for this device are not installed. (Code 28)<BR>Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.<BR><BR>Name: aswVmm<BR>Description: aswVmm<BR>Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}<BR>Manufacturer: <BR>Service: aswVmm<BR>Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)<BR>Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.<BR>Devices stay in this state if they have been prepared for removal.<BR>After you remove the device, this error disappears.Remove the device, and this error should be resolved.<BR><BR>Name: <BR>Description: <BR>Class Guid: <BR>Manufacturer: <BR>Service: <BR>Problem: : The drivers for this device are not installed. (Code 28)<BR>Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.<BR><BR>Name: Base System Device<BR>Description: Base System Device<BR>Class Guid: <BR>Manufacturer: <BR>Service: <BR>Problem: : The drivers for this device are not installed. (Code 28)<BR>Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.<BR><BR>Name: Security Processor Loader Driver<BR>Description: Security Processor Loader Driver<BR>Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}<BR>Manufacturer: <BR>Service: spldr<BR>Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)<BR>Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.<BR>Devices stay in this state if they have been prepared for removal.<BR>After you remove the device, this error disappears.Remove the device, and this error should be resolved.<BR><BR>Name: PCI Simple Communications Controller<BR>Description: PCI Simple Communications Controller<BR>Class Guid: <BR>Manufacturer: <BR>Service: <BR>Problem: : The drivers for this device are not installed. (Code 28)<BR>Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.<BR><BR>Name: aswRvrt<BR>Description: aswRvrt<BR>Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}<BR>Manufacturer: <BR>Service: aswRvrt<BR>Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)<BR>Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.<BR>Devices stay in this state if they have been prepared for removal.<BR>After you remove the device, this error disappears.Remove the device, and this error should be resolved.<BR><BR><BR>==================== Event log errors: =========================<BR><BR>Application errors:<BR>==================<BR>Error: (05/09/2013 08:52:49 PM) (Source: System Restore) (User: )<BR>Description: Failed to create restore point (Process = C:\Users\HUNTER~1\AppData\Local\Temp\_av_sfx.tm~71c67ba1-ed5c-4caa-ad1d-263ee91231de\avast.setup /sfx /sfxstorage "C:\Users\HUNTER~1\AppData\Local\Temp\_av_sfx.tm~71c67ba1-ed5c-4caa-ad1d-263ee91231de" /GetEdition:free /edition "1" /brandcode "A"&nbsp; /srcpath "I:\Download" /sfxname "avast_free_antivirus_setup"; Description = avast! Free Antivirus Setup; Error = 0x8007043c).<BR><BR>Error: (05/08/2013 06:28:40 PM) (Source: Microsoft-Windows-CAPI2) (User: )<BR>Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.<BR><BR><BR>Details:<BR>Could not query the status of the EventSystem service.<BR><BR>System Error:<BR>A system shutdown is in progress.<BR>.<BR><BR>Error: (05/08/2013 05:48:48 PM) (Source: System Restore) (User: )<BR>Description: An unspecified error occurred during System Restore: (Windows Defender Checkpoint). Additional information: 0x80070005.<BR><BR>Error: (05/08/2013 04:29:48 PM) (Source: Application Error) (User: )<BR>Description: Faulting application name: iexplore.exe, version: 9.0.8112.16476, time stamp: 0x5126e7ac<BR>Faulting module name: dealcabby_20121029030001.dll, version: 0.0.0.0, time stamp: 0x508ed243<BR>Exception code: 0xc0000005<BR>Fault offset: 0x00001b73<BR>Faulting process id: 0xfc8<BR>Faulting application start time: 0xiexplore.exe0<BR>Faulting application path: iexplore.exe1<BR>Faulting module path: iexplore.exe2<BR>Report Id: iexplore.exe3<BR><BR>Error: (05/07/2013 11:21:46 PM) (Source: Application Hang) (User: )<BR>Description: The program inkscape.exe version 0.48.4.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.<BR><BR>Process ID: 8e0<BR><BR>Start Time: 01ce4ba377e7f926<BR><BR>Termination Time: 10<BR><BR>Application Path: C:\Program Files (x86)\Inkscape\inkscape.exe<BR><BR>Report Id: c7f887b7-b796-11e2-9b11-701a04b9343b<BR><BR>Error: (05/07/2013 09:32:35 PM) (Source: Application Error) (User: )<BR>Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16768, time stamp: 0x4d688122<BR>Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137<BR>Exception code: 0xc0000005<BR>Fault offset: 0x0000000000028ea8<BR>Faulting process id: 0x724<BR>Faulting application start time: 0xExplorer.EXE0<BR>Faulting application path: Explorer.EXE1<BR>Faulting module path: Explorer.EXE2<BR>Report Id: Explorer.EXE3<BR><BR>Error: (05/06/2013 11:08:51 PM) (Source: Application Error) (User: )<BR>Description: Faulting application name: iexplore.exe, version: 9.0.8112.16476, time stamp: 0x5126e7ac<BR>Faulting module name: dealcabby_20121029030001.dll, version: 0.0.0.0, time stamp: 0x508ed243<BR>Exception code: 0xc0000005<BR>Fault offset: 0x00001b73<BR>Faulting process id: 0x23f4<BR>Faulting application start time: 0xiexplore.exe0<BR>Faulting application path: iexplore.exe1<BR>Faulting module path: iexplore.exe2<BR>Report Id: iexplore.exe3<BR><BR>Error: (05/06/2013 09:11:20 PM) (Source: Application Hang) (User: )<BR>Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.<BR><BR>Process ID: 1fd4<BR><BR>Start Time: 01ce4aba8d78b3f9<BR><BR>Termination Time: 32<BR><BR>Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe<BR><BR>Report Id:<BR><BR>Error: (05/05/2013 10:16:38 PM) (Source: Application Error) (User: )<BR>Description: Faulting application name: iexplore.exe, version: 9.0.8112.16476, time stamp: 0x5126e7ac<BR>Faulting module name: dealcabby_20121029030001.dll, version: 0.0.0.0, time stamp: 0x508ed243<BR>Exception code: 0xc0000005<BR>Fault offset: 0x00001b73<BR>Faulting process id: 0x36f8<BR>Faulting application start time: 0xiexplore.exe0<BR>Faulting application path: iexplore.exe1<BR>Faulting module path: iexplore.exe2<BR>Report Id: iexplore.exe3<BR><BR>Error: (05/05/2013 09:32:57 PM) (Source: Windows Backup) (User: )<BR>Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).<BR><BR><BR>System errors:<BR>=============<BR>Error: (05/09/2013 10:45:29 PM) (Source: Service Control Manager) (User: )<BR>Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: <BR>%%1068<BR><BR>Error: (05/09/2013 10:45:24 PM) (Source: Service Control Manager) (User: )<BR>Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: <BR>%%1068<BR><BR>Error: (05/09/2013 10:43:47 PM) (Source: Service Control Manager) (User: )<BR>Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: <BR>%%1068<BR><BR>Error: (05/09/2013 10:43:47 PM) (Source: Service Control Manager) (User: )<BR>Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: <BR>%%1068<BR><BR>Error: (05/09/2013 10:43:47 PM) (Source: Service Control Manager) (User: )<BR>Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: <BR>%%1068<BR><BR>Error: (05/09/2013 10:43:47 PM) (Source: Service Control Manager) (User: )<BR>Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: <BR>%%1068<BR><BR>Error: (05/09/2013 10:43:47 PM) (Source: Service Control Manager) (User: )<BR>Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: <BR>%%1068<BR><BR>Error: (05/09/2013 10:43:47 PM) (Source: Service Control Manager) (User: )<BR>Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: <BR>%%1068<BR><BR>Error: (05/09/2013 10:43:46 PM) (Source: Service Control Manager) (User: )<BR>Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: <BR>%%1068<BR><BR>Error: (05/09/2013 10:43:46 PM) (Source: Service Control Manager) (User: )<BR>Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: <BR>%%1068<BR><BR><BR>Microsoft Office Sessions:<BR>=========================<BR>Error: (05/09/2013 08:52:49 PM) (Source: System Restore)(User: )<BR>Description: C:\Users\HUNTER~1\AppData\Local\Temp\_av_sfx.tm~71c67ba1-ed5c-4caa-ad1d-263ee91231de\avast.setup /sfx /sfxstorage "C:\Users\HUNTER~1\AppData\Local\Temp\_av_sfx.tm~71c67ba1-ed5c-4caa-ad1d-263ee91231de" /GetEdition:free /edition "1" /brandcode "A"&nbsp; /srcpath "I:\Download" /sfxname "avast_free_antivirus_setup"avast! Free Antivirus Setup0x8007043c<BR><BR>Error: (05/08/2013 06:28:40 PM) (Source: Microsoft-Windows-CAPI2)(User: )<BR>Description: <BR>Details:<BR>Could not query the status of the EventSystem service.<BR><BR>System Error:<BR>A system shutdown is in progress.<BR><BR>Error: (05/08/2013 05:48:48 PM) (Source: System Restore)(User: )<BR>Description: Windows Defender Checkpoint0x80070005<BR><BR>Error: (05/08/2013 04:29:48 PM) (Source: Application Error)(User: )<BR>Description: iexplore.exe9.0.8112.164765126e7acdealcabby_20121029030001.dll0.0.0.0508ed243c000000500001b73fc801ce4c32922f93b1C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Hunter Collier\AppData\Local\dealcabby\ie\dealcabby_20121029030001.dll68609e9e-b826-11e2-9b11-00266c40055c<BR><BR>Error: (05/07/2013 11:21:46 PM) (Source: Application Hang)(User: )<BR>Description: inkscape.exe0.48.4.08e001ce4ba377e7f92610C:\Program Files (x86)\Inkscape\inkscape.exec7f887b7-b796-11e2-9b11-701a04b9343b<BR><BR>Error: (05/07/2013 09:32:35 PM) (Source: Application Error)(User: )<BR>Description: Explorer.EXE6.1.7600.167684d688122ntdll.dll6.1.7600.169154ec4b137c00000050000000000028ea872401ce47afc27f1e49C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll8a4b3ef0-b787-11e2-9a05-00266c40055c<BR><BR>Error: (05/06/2013 11:08:51 PM) (Source: Application Error)(User: )<BR>Description: iexplore.exe9.0.8112.164765126e7acdealcabby_20121029030001.dll0.0.0.0508ed243c000000500001b7323f401ce4ad3091c1e04C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Hunter Collier\AppData\Local\dealcabby\ie\dealcabby_20121029030001.dlld2ca564e-b6cb-11e2-9a05-00266c40055c<BR><BR>Error: (05/06/2013 09:11:20 PM) (Source: Application Hang)(User: )<BR>Description: iexplore.exe9.0.8112.164761fd401ce4aba8d78b3f932C:\Program Files (x86)\Internet Explorer\iexplore.exe<BR><BR>Error: (05/05/2013 10:16:38 PM) (Source: Application Error)(User: )<BR>Description: iexplore.exe9.0.8112.164765126e7acdealcabby_20121029030001.dll0.0.0.0508ed243c000000500001b7336f801ce4a0688a02d92C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Hunter Collier\AppData\Local\dealcabby\ie\dealcabby_20121029030001.dll5ce18fd7-b5fb-11e2-9a05-00266c40055c<BR><BR>Error: (05/05/2013 09:32:57 PM) (Source: Windows Backup)(User: )<BR>Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)<BR><BR><BR>==================== Memory info =========================== <BR><BR>Percentage of memory in use: 15%<BR>Total physical RAM: 3894.9 MB<BR>Available physical RAM: 3284.83 MB<BR>Total Pagefile: 7787.93 MB<BR>Available Pagefile: 7184.3 MB<BR>Total Virtual: 8192 MB<BR>Available Virtual: 8191.84 MB<BR><BR>==================== Drives ================================<BR><BR>Drive c: () (Fixed) (Total:453.89 GB) (Free:352.31 GB) NTFS (Disk=0 Partition=2)<BR>Drive h: (MotoCast) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS<BR>Drive I: (MOT) (Removable) (Total:8 GB) (Free:1.48 GB) FAT32 (Disk=1 Partition=1)<BR>Drive j: () (Removable) (Total:1.84 GB) (Free:1.62 GB) FAT (Disk=2 Partition=1)<BR><BR>==================== MBR &amp; Partition Table ==================<BR><BR>========================================================<BR>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 31AC024B)<BR>Partition 1: (Active) - (Size=1 GB) - (Type=27)<BR>Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)<BR>Partition 3: (Not Active) - (Size=10 GB) - (Type=17)<BR><BR>========================================================<BR>Disk: 1 (Size: 8 GB) (Disk ID: 00000000)<BR><BR>========================================================<BR>Disk: 2 (Size: 2 GB) (Disk ID: 00000000)<BR>Partition 1: (Not Active) - (Size=2 GB) - (Type=06)<BR><BR>==================== End Of Log ============================


    So what's next? TIA
  2. rammertide07

    rammertide07 Newcomer, in training Topic Starter

    FYI, this is the additional report. Just realized this may not be the same as the other report...
  3. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================

    Because of some weird formatting your log is not readable.
    Before we go anywhere I need to know what is the exact status of your computer.
    Can you boot and operate it normally?
  4. rammertide07

    rammertide07 Newcomer, in training Topic Starter

    I see what you mean. The email display is different than the txt document format. Here is a copy/paste from the txt document:

    Running from I:\Download
    Boot Mode: Safe Mode (minimal)
    ==========================================================

    ==================== Installed Programs =======================
    Adobe AIR (Version: 3.5.0.600)
    Adobe Flash Player 10 Plugin (Version: 10.0.45.2)
    Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
    Adobe Reader X (10.1.2) (Version: 10.1.2)
    Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
    Any Video Converter Ultimate 4.5.7
    Ashampoo Photo Commander 10 v.10.1.3 (Version: 10.1.3)
    Audacity 1.2.4
    avast! Free Antivirus (Version: 8.0.1488.0)
    AviSynth 2.5
    AVS Image Converter 2.3.2.248 (Version: 2.3.2.248)
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    Canon MP Navigator EX 3.0
    Canon MP250 series MP Drivers
    Canon MP250 series User Registration
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    CTRLA - Hidden image creator 1.0
    D3DX10 (Version: 15.4.2368.0902)
    DeblurMyImage_free (Version: 2.0)
    DefaultTab (Version: 2.2.1.0)
    DenoiseMyImage_free (Version: 2.0)
    DVD Decrypter (Remove Only)
    EasyTether (Version: 1.1.16)
    Fast Free Converter (Version: 4.1)
    Free YouTube to MP3 Converter version 3.12.1.320 (Version: 3.12.1.320)
    Gadwin PrintScreen (Version: 4.4)
    GIMP 2.8.2 (Version: 2.8.2)
    Google Chrome (Version: 26.0.1410.64)
    Google Earth (Version: 7.0.3.8542)
    Google Update Helper (Version: 1.3.21.135)
    GTK+ 2.6.7-2 runtime environment
    HTC Driver Installer (Version: 2.0.7.018)
    HTC Sync (Version: 2.0.40)
    IDRMyImage_free (Version: 2.0)
    Image Plugin (Version: 3.04.0226)
    InfoAtoms [Uninstall] (Version: 1.5.0.0)
    Inkscape 0.48.4 (Version: 0.48.4)
    Internet Explorer Toolbar 4.7 by SweetPacks (Version: 4.7.0008)
    IrfanView (remove only) (Version: 4.32)
    Jasc Digital Camera Support v5.01 (Version: 5.01.0000)
    Java Auto Updater (Version: 2.0.2.4)
    Java(TM) 6 Update 20 (Version: 6.0.200)
    Java(TM) 6 Update 21 (Version: 6.0.210)
    Java(TM) 7 Update 2 (64-bit) (Version: 7.0.20)
    Java(TM) SE Development Kit 7 Update 2 (64-bit) (Version: 1.7.0.20)
    JavaFX 2.0.2 (64-bit) (Version: 2.0.2)
    JavaFX 2.0.2 SDK (64-bit) (Version: 2.0.2)
    JNLP
    Media Player
    Media Player Packages
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
    Microsoft Application Error Reporting (Version: 12.0.6015.5000)
    Microsoft Silverlight (Version: 5.1.20125.0)
    Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
    Mobile Broadband Generic Drivers (Version: 2.03.09.005.14)
    MotoHelper 2.1.25 Driver 5.3.0 (Version: 2.1.25)
    MotoHelper MergeModules (Version: 1.2.0)
    Motorola Mobile Drivers Installation 5.3.0 (Version: 5.3.0)
    Mozilla Thunderbird (2.0.0.6) (Version: 2.0.0.6 (en-US))
    MSVCRT (Version: 15.4.2862.0708)
    MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
    MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
    OpenOffice.org 2.1 Language Pack (Español) (Version: 2.1.9095)
    OpenOffice.org 3.4.1 (Version: 3.41.9593)
    Paint Shop Pro 7 (Version: 7.0.4.0000)
    Pdf2Jpg version 1.2 (Version: 1.2)
    Photo Collage Max (Version: 2.1.6.6)
    Photo Pos Pro (Version: 1.89)
    PhotoScape
    Plata Software MultiMediaOffice v2.0.0 (Version: v2.0.0)
    RealDownloader (Version: 1.3.0)
    RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
    RealPlayer (Version: 16.0.0)
    RealUpgrade 1.1 (Version: 1.1.0)
    RepaintMyImage_free (Version: 1.0)
    Script Font Trial, Version 3.5b
    Search Protect by conduit (Version: 1.4.3.7)
    SMPlayer 0.6.9 (Version: 0.6.9)
    Software Version Updater (Version: 1.1.3.7)
    SolidWorks eDrawings 2013 (Version: 13.0.5016)
    The GIMP 2.2.10
    The KJB Desktop Bible Book
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
    Verizon Wireless MiFi-2200 Firmware Updates (Version: 1.0.1)
    Videora iPod Converter 6 (Version: 6)
    Virtual DJ Home - Atomix Productions
    VirtualDJ Home FREE (Version: 7.0.4.1)
    VirtualDub-Mpeg2 v2.0.0 (Version: v2.0.0)
    Visual Slideshow
    VZAccess Manager (Version: 7.2.11.1)
    WAV To MP3 Converter version 1.0 r1 (Version: 1.0 r1)
    Windows Live Communications Platform (Version: 15.4.3502.0922)
    Windows Live Essentials (Version: 15.4.3502.0922)
    Windows Live Essentials (Version: 15.4.3508.1109)
    Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
    Windows Live Installer (Version: 15.4.3502.0922)
    Windows Live Language Selector (Version: 15.4.3508.1109)
    Windows Live Messenger (Version: 15.4.3502.0922)
    Windows Live Movie Maker (Version: 15.4.3502.0922)
    Windows Live Photo Common (Version: 15.4.3502.0922)
    Windows Live Photo Gallery (Version: 15.4.3502.0922)
    Windows Live PIMT Platform (Version: 15.4.3508.1109)
    Windows Live SOXE (Version: 15.4.3502.0922)
    Windows Live SOXE Definitions (Version: 15.4.3502.0922)
    Windows Live UX Platform (Version: 15.4.3502.0922)
    Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
    Windows Mobile Device Updater Component (Version: 04.08.2345.00)
    Windows Movie Maker 2.6 (Version: 2.6.4037.0)
    Windows Movie Maker Enhancement Pack 2010 (Version: 1.5)
    WModem Driver Installer (Version: 2.0.6.9)
    Word Artist 2.2 (Version: 2.2)
    Word to Heart
    Your Free DVD Ripper 4.5
    YouTube Downloader App 3.00 (Version: 3.00)
    Youtube Downloader HD v. 2.9.6
    YTD Video Downloader 3.9.6 (Version: 3.9.6)
    Zoner Photo Studio 15 (Version: 15.0.1.2)
    Zumas RevengeTM (remove only)
    Zune (Version: 04.08.2345.00)
    Zune Language Pack (CHS) (Version: 04.08.2345.00)
    Zune Language Pack (CHT) (Version: 04.08.2345.00)
    Zune Language Pack (CSY) (Version: 04.08.2345.00)
    Zune Language Pack (DAN) (Version: 04.08.2345.00)
    Zune Language Pack (DEU) (Version: 04.08.2345.00)
    Zune Language Pack (ELL) (Version: 04.08.2345.00)
    Zune Language Pack (ESP) (Version: 04.08.2345.00)
    Zune Language Pack (FIN) (Version: 04.08.2345.00)
    Zune Language Pack (FRA) (Version: 04.08.2345.00)
    Zune Language Pack (HUN) (Version: 04.08.2345.00)
    Zune Language Pack (IND) (Version: 04.08.2345.00)
    Zune Language Pack (ITA) (Version: 04.08.2345.00)
    Zune Language Pack (JPN) (Version: 04.08.2345.00)
    Zune Language Pack (KOR) (Version: 04.08.2345.00)
    Zune Language Pack (MSL) (Version: 04.08.2345.00)
    Zune Language Pack (NLD) (Version: 04.08.2345.00)
    Zune Language Pack (NOR) (Version: 04.08.2345.00)
    Zune Language Pack (PLK) (Version: 04.08.2345.00)
    Zune Language Pack (PTB) (Version: 04.08.2345.00)
    Zune Language Pack (PTG) (Version: 04.08.2345.00)
    Zune Language Pack (RUS) (Version: 04.08.2345.00)
    Zune Language Pack (SVE) (Version: 04.08.2345.00)
    ==================== Restore Points =========================
    03-04-2013 00:13:35 Windows Update
    06-04-2013 04:21:13 Windows Update
    10-04-2013 00:32:31 Windows Update
    10-04-2013 20:58:39 Windows Update
    12-04-2013 03:37:52 Windows Update
    17-04-2013 02:22:40 Windows Update
    20-04-2013 02:31:06 Windows Update
    23-04-2013 21:28:14 Windows Update
    24-04-2013 21:09:24 Windows Update
    28-04-2013 20:43:47 Installed Word Artist 2.2
    01-05-2013 01:11:42 Windows Update
    05-05-2013 04:24:37 Windows Defender Checkpoint
    ==================== Faulty Device Manager Devices =============
    Name: Base System Device
    Description: Base System Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
    Name: aswVmm
    Description: aswVmm
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: aswVmm
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.
    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
    Name: Base System Device
    Description: Base System Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
    Name: Security Processor Loader Driver
    Description: Security Processor Loader Driver
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: spldr
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.
    Name: PCI Simple Communications Controller
    Description: PCI Simple Communications Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
    Name: aswRvrt
    Description: aswRvrt
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: aswRvrt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (05/09/2013 08:52:49 PM) (Source: System Restore) (User: )
    Description: Failed to create restore point (Process = C:\Users\HUNTER~1\AppData\Local\Temp\_av_sfx.tm~71c67ba1-ed5c-4caa-ad1d-263ee91231de\avast.setup /sfx /sfxstorage "C:\Users\HUNTER~1\AppData\Local\Temp\_av_sfx.tm~71c67ba1-ed5c-4caa-ad1d-263ee91231de" /GetEdition:free /edition "1" /brandcode "A" /srcpath "I:\Download" /sfxname "avast_free_antivirus_setup"; Description = avast! Free Antivirus Setup; Error = 0x8007043c).
    Error: (05/08/2013 06:28:40 PM) (Source: Microsoft-Windows-CAPI2) (User: )
    Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

    Details:
    Could not query the status of the EventSystem service.
    System Error:
    A system shutdown is in progress.
    .
    Error: (05/08/2013 05:48:48 PM) (Source: System Restore) (User: )
    Description: An unspecified error occurred during System Restore: (Windows Defender Checkpoint). Additional information: 0x80070005.
    Error: (05/08/2013 04:29:48 PM) (Source: Application Error) (User: )
    Description: Faulting application name: iexplore.exe, version: 9.0.8112.16476, time stamp: 0x5126e7ac
    Faulting module name: dealcabby_20121029030001.dll, version: 0.0.0.0, time stamp: 0x508ed243
    Exception code: 0xc0000005
    Fault offset: 0x00001b73
    Faulting process id: 0xfc8
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3
    Error: (05/07/2013 11:21:46 PM) (Source: Application Hang) (User: )
    Description: The program inkscape.exe version 0.48.4.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
    Process ID: 8e0
    Start Time: 01ce4ba377e7f926
    Termination Time: 10
    Application Path: C:\Program Files (x86)\Inkscape\inkscape.exe
    Report Id: c7f887b7-b796-11e2-9b11-701a04b9343b
    Error: (05/07/2013 09:32:35 PM) (Source: Application Error) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16768, time stamp: 0x4d688122
    Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137
    Exception code: 0xc0000005
    Fault offset: 0x0000000000028ea8
    Faulting process id: 0x724
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Error: (05/06/2013 11:08:51 PM) (Source: Application Error) (User: )
    Description: Faulting application name: iexplore.exe, version: 9.0.8112.16476, time stamp: 0x5126e7ac
    Faulting module name: dealcabby_20121029030001.dll, version: 0.0.0.0, time stamp: 0x508ed243
    Exception code: 0xc0000005
    Fault offset: 0x00001b73
    Faulting process id: 0x23f4
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3
    Error: (05/06/2013 09:11:20 PM) (Source: Application Hang) (User: )
    Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
    Process ID: 1fd4
    Start Time: 01ce4aba8d78b3f9
    Termination Time: 32
    Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
    Report Id:
    Error: (05/05/2013 10:16:38 PM) (Source: Application Error) (User: )
    Description: Faulting application name: iexplore.exe, version: 9.0.8112.16476, time stamp: 0x5126e7ac
    Faulting module name: dealcabby_20121029030001.dll, version: 0.0.0.0, time stamp: 0x508ed243
    Exception code: 0xc0000005
    Fault offset: 0x00001b73
    Faulting process id: 0x36f8
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3
    Error: (05/05/2013 09:32:57 PM) (Source: Windows Backup) (User: )
    Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

    System errors:
    =============
    Error: (05/09/2013 10:45:29 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068
    Error: (05/09/2013 10:45:24 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068
    Error: (05/09/2013 10:43:47 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068
    Error: (05/09/2013 10:43:47 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068
    Error: (05/09/2013 10:43:47 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068
    Error: (05/09/2013 10:43:47 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068
    Error: (05/09/2013 10:43:47 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068
    Error: (05/09/2013 10:43:47 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068
    Error: (05/09/2013 10:43:46 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068
    Error: (05/09/2013 10:43:46 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Microsoft Office Sessions:
    =========================
    Error: (05/09/2013 08:52:49 PM) (Source: System Restore)(User: )
    Description: C:\Users\HUNTER~1\AppData\Local\Temp\_av_sfx.tm~71c67ba1-ed5c-4caa-ad1d-263ee91231de\avast.setup /sfx /sfxstorage "C:\Users\HUNTER~1\AppData\Local\Temp\_av_sfx.tm~71c67ba1-ed5c-4caa-ad1d-263ee91231de" /GetEdition:free /edition "1" /brandcode "A" /srcpath "I:\Download" /sfxname "avast_free_antivirus_setup"avast! Free Antivirus Setup0x8007043c
    Error: (05/08/2013 06:28:40 PM) (Source: Microsoft-Windows-CAPI2)(User: )
    Description:
    Details:
    Could not query the status of the EventSystem service.
    System Error:
    A system shutdown is in progress.
    Error: (05/08/2013 05:48:48 PM) (Source: System Restore)(User: )
    Description: Windows Defender Checkpoint0x80070005
    Error: (05/08/2013 04:29:48 PM) (Source: Application Error)(User: )
    Description: iexplore.exe9.0.8112.164765126e7acdealcabby_20121029030001.dll0.0.0.0508ed243c000000500001b73fc801ce4c32922f93b1C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Hunter Collier\AppData\Local\dealcabby\ie\dealcabby_20121029030001.dll68609e9e-b826-11e2-9b11-00266c40055c
    Error: (05/07/2013 11:21:46 PM) (Source: Application Hang)(User: )
    Description: inkscape.exe0.48.4.08e001ce4ba377e7f92610C:\Program Files (x86)\Inkscape\inkscape.exec7f887b7-b796-11e2-9b11-701a04b9343b
    Error: (05/07/2013 09:32:35 PM) (Source: Application Error)(User: )
    Description: Explorer.EXE6.1.7600.167684d688122ntdll.dll6.1.7600.169154ec4b137c00000050000000000028ea872401ce47afc27f1e49C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll8a4b3ef0-b787-11e2-9a05-00266c40055c
    Error: (05/06/2013 11:08:51 PM) (Source: Application Error)(User: )
    Description: iexplore.exe9.0.8112.164765126e7acdealcabby_20121029030001.dll0.0.0.0508ed243c000000500001b7323f401ce4ad3091c1e04C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Hunter Collier\AppData\Local\dealcabby\ie\dealcabby_20121029030001.dlld2ca564e-b6cb-11e2-9a05-00266c40055c
    Error: (05/06/2013 09:11:20 PM) (Source: Application Hang)(User: )
    Description: iexplore.exe9.0.8112.164761fd401ce4aba8d78b3f932C:\Program Files (x86)\Internet Explorer\iexplore.exe
    Error: (05/05/2013 10:16:38 PM) (Source: Application Error)(User: )
    Description: iexplore.exe9.0.8112.164765126e7acdealcabby_20121029030001.dll0.0.0.0508ed243c000000500001b7336f801ce4a0688a02d92C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Hunter Collier\AppData\Local\dealcabby\ie\dealcabby_20121029030001.dll5ce18fd7-b5fb-11e2-9a05-00266c40055c
    Error: (05/05/2013 09:32:57 PM) (Source: Windows Backup)(User: )
    Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

    ==================== Memory info ===========================
    Percentage of memory in use: 15%
    Total physical RAM: 3894.9 MB
    Available physical RAM: 3284.83 MB
    Total Pagefile: 7787.93 MB
    Available Pagefile: 7184.3 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB
    ==================== Drives ================================
    Drive c: () (Fixed) (Total:453.89 GB) (Free:352.31 GB) NTFS (Disk=0 Partition=2)
    Drive h: (MotoCast) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS
    Drive I: (MOT) (Removable) (Total:8 GB) (Free:1.48 GB) FAT32 (Disk=1 Partition=1)
    Drive j: () (Removable) (Total:1.84 GB) (Free:1.62 GB) FAT (Disk=2 Partition=1)
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 31AC024B)
    Partition 1: (Active) - (Size=1 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=10 GB) - (Type=17)
    ========================================================
    Disk: 1 (Size: 8 GB) (Disk ID: 00000000)
    ========================================================
    Disk: 2 (Size: 2 GB) (Disk ID: 00000000)
    Partition 1: (Not Active) - (Size=2 GB) - (Type=06)


    When I boot up normally and log into the user account, the normal desktop comes up for 30 seconds and then the FBI moneypak maleware comes up and locks me out from doing anything.
    I have better luck running in safe mode. I did one thing yesterday, can’t remember what, in safe mode and the malware started running. I’m fixing to be back home and I can get the other txt report from Farbar and paste it here.
    All internet goes through my phone and my laptop won’t connect to it in safe mode. FYI.
    Thanks
  5. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Yeah I need the other log.
  6. rammertide07

    rammertide07 Newcomer, in training Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-05-2013
    Ran by Hunter Collier (administrator) on 09-05-2013 23:51:07
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Extension: DealCabby - C:\Users\Hunter Collier\AppData\Roaming\Mozilla\Firefox\Profiles\profile\Extensions\dealcabby@jetpack
    FF Extension: SpecialSavings - C:\Users\Hunter Collier\AppData\Roaming\Mozilla\Firefox\Profiles\profile\Extensions\specialsavings@superfish.com

    Chrome:
    =======
    CHR HomePage: hxxp://search.conduit.com/?SearchSource=10&CUI=UN23359133428389186&ctid=CT3277370
    CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3292584&SearchSource=48&CUI=UN17294958577068308&UM=2", "hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN18640304411681467&UM=2"
    CHR DefaultSearchURL: (Conduit) - http://search.conduit.com/Results.a...9&CUI=UN18640304411681467&ctid=CT3289847&UM=2
    CHR DefaultSuggestURL: (Conduit) - http://suggest.search.conduit.com/C...ix={searchTerms}&CUI=UN18640304411681467&UM=2
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
    CHR Plugin: (Injovo Extension Plugin) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.566_0\npbrowserext.dll No File
    CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj\10.15.0.62_0\plugins/ConduitChromeApiPlugin.dll No File
    CHR Plugin: (Conduit Radio Plugin) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj\10.15.0.62_0\plugins/np-cwmp.dll No File
    CHR Plugin: (Conduit Chrome Approve TB Plugin) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj\10.15.0.62_0\plugins/ChromeApproveTBPlugin.dll No File
    CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
    CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    CHR Plugin: (Unity Player) - C:\Users\Hunter Collier\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    CHR Extension: (Google Docs) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
    CHR Extension: (Google Drive) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
    CHR Extension: (Funmoods) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.1.3_0
    CHR Extension: (PriceGong) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.8_0
    CHR Extension: (YouTube) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
    CHR Extension: (ChromeUpdateManager) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0
    CHR Extension: (New Tab) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\7.0.21_0
    CHR Extension: (Google Search) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
    CHR Extension: (MixiDJ V1) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj\10.15.2.523_0
    CHR Extension: (uTorrentControl_v2) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.15.0.562_1
    CHR Extension: (InfoAtoms) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.5.0.0_0
    CHR Extension: (RealDownloader) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0
    CHR Extension: () - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\imolbaiifjleeieoblfpkiodaegcolcp\4.0.0.0_0
    CHR Extension: (WhiteSmoke New) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.15.2.24_0
    CHR Extension: () - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncflbflcglbjoebicfngachbpdmeobkk\4.0.0.0_0
    CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0
    CHR Extension: (SweetPacks Chrome Extension) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0
    CHR Extension: (Gmail) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

    ==================== Services (Whitelisted) =================

    S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-01] (AVAST Software)
    S2 Browser Manager; C:\ProgramData\Browser Manager\2.6.1125.80\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe [2569168 2013-03-06] ()
    S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [93984 2013-04-11] (Conduit)
    S2 DefaultTabUpdate; C:\Users\Hunter Collier\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-02-12] ()
    S2 FastFreeConverterUpdt; C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [687104 2012-11-26] ()
    S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
    S2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [218992 2011-10-31] ()
    S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()

    ==================== Drivers (Whitelisted) ====================

    S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
    S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-01] (AVAST Software)
    S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-01] (AVAST Software)
    S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-01] (AVAST Software)
    S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-01] ()
    S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-05-01] (AVAST Software)
    S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378432 2013-05-01] (AVAST Software)
    S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-01] (AVAST Software)
    S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-05-02] ()
    S3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [20784 2012-06-06] (Mobile Stream)
    S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-12-18] (Novatel Wireless Inc.)
    S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-12-18] (Novatel Wireless Inc.)
    S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2009-12-18] (Novatel Wireless Inc.)
    S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
    S3 SMSIVZAM5X64; C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [43032 2009-05-25] (Smith Micro Inc.)
    S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [28808 2008-03-05] ()
    S3 SWNC5E00; C:\Windows\System32\DRIVERS\SWNC5E00.sys [195584 2008-03-05] (Sierra Wireless Inc.)
    S3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [x]
    S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-05-09 23:51 - 2013-05-09 23:51 - 00000000 ____D C:\FRST
    2013-05-09 20:53 - 2013-05-09 20:54 - 00002075 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2013-05-09 20:53 - 2013-05-09 20:53 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
    2013-05-09 20:53 - 2013-05-09 20:53 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2013-05-09 20:53 - 2013-05-02 10:44 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
    2013-05-09 20:53 - 2013-05-01 18:34 - 01025808 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2013-05-09 20:53 - 2013-05-01 18:34 - 00378432 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2013-05-09 20:53 - 2013-05-01 18:34 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2013-05-09 20:53 - 2013-05-01 18:34 - 00072016 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
    2013-05-09 20:53 - 2013-05-01 18:34 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys
    2013-05-09 20:53 - 2013-05-01 18:34 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2013-05-09 20:53 - 2013-05-01 18:34 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2013-05-09 20:53 - 2013-05-01 18:33 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2013-05-09 20:53 - 2013-05-01 18:33 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
    2013-05-09 20:52 - 2013-05-09 20:52 - 00000000 ____D C:\ProgramData\AVAST Software
    2013-05-09 20:52 - 2013-05-09 20:52 - 00000000 ____D C:\Program Files\AVAST Software
    2013-05-08 22:05 - 2013-05-08 22:05 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\MFAData
    2013-05-08 22:05 - 2013-05-08 22:05 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\Avg2013
    2013-05-08 22:05 - 2013-05-08 22:05 - 00000000 ____D C:\ProgramData\MFAData
    2013-05-08 21:32 - 2013-05-08 21:32 - 00000022 ____A C:\Users\Hunter Collier\Desktop\Transfer.zip
    2013-05-08 16:30 - 2013-05-09 22:41 - 95023320 ___AT C:\ProgramData\wveqr.pad
    2013-05-08 16:30 - 2013-05-09 22:41 - 00000000 ____A C:\ProgramData\as98213.txt
    2013-05-08 16:30 - 2013-05-08 16:30 - 95023320 ___AT C:\ProgramData\g7dof.pad
    2013-05-08 16:30 - 2013-05-08 16:30 - 00126976 ____A (Microsoft Corporation) C:\ProgramData\rqevw.dat
    2013-05-08 16:30 - 2013-05-08 16:30 - 00126976 ____A (Microsoft Corporation) C:\ProgramData\fod7g.dat
    2013-05-08 16:30 - 2013-05-08 16:30 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
    2013-05-08 16:30 - 2013-05-08 16:30 - 00000151 ____A C:\ProgramData\wveqr.reg
    2013-05-08 16:30 - 2013-05-08 16:30 - 00000055 ____A C:\ProgramData\wveqr.bat
    2013-05-08 16:07 - 2013-05-08 16:07 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{BBD368E1-E854-437E-B5F6-EED5B0E7DC45}
    2013-05-06 22:50 - 2013-05-06 22:50 - 00024406 ____A C:\Users\Hunter Collier\AppData\Local\recently-used.xbel
    2013-05-06 22:25 - 2013-05-08 17:47 - 00000000 ____D C:\Program Files (x86)\File Type Helper
    2013-05-06 22:25 - 2013-05-06 22:24 - 00022851 ____A C:\Users\Hunter Collier\Desktop\skunklin.zip
    2013-05-06 22:24 - 2013-05-08 17:47 - 00000000 ____D C:\Program Files (x86)\Fast Free Converter
    2013-05-06 22:22 - 2013-05-06 22:22 - 00163512 ____A () C:\Users\Hunter Collier\Downloads\Skunkline_downloader_by_AcidFonts.exe
    2013-05-04 23:27 - 2013-05-08 17:47 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2013-05-02 22:44 - 2013-05-07 20:41 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{48FB845D-7F25-42F1-8226-2B2DDED22037}
    2013-05-02 22:41 - 2013-05-02 22:41 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{F7A228D6-4DD5-4FF1-A58A-05F2417A6327}
    2013-04-30 22:55 - 2013-04-30 22:56 - 00000000 ____D C:\Program Files (x86)\Script Font Trial
    2013-04-30 22:49 - 2013-04-30 22:51 - 00917360 ____A (Elfring Fonts, Inc. ) C:\Users\Hunter Collier\Desktop\inscript.exe
    2013-04-29 22:45 - 2013-04-30 19:40 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{59EA95A1-1654-4F21-B2C4-387CBAA3ACB5}
    2013-04-28 17:23 - 2013-04-28 17:23 - 00016584 ____A C:\Users\Hunter Collier\Desktop\hs_err_pid4588.log
    2013-04-28 15:44 - 2013-04-28 18:54 - 00000000 ____D C:\Program Files (x86)\Word Artist 2.2
    2013-04-28 11:14 - 2013-04-28 18:54 - 00000000 ____D C:\Users\Hunter Collier\Desktop\Graphics.Media
    2013-04-28 11:04 - 2013-05-09 22:41 - 00000392 ____A C:\Windows\Tasks\AmiUpdXp.job
    2013-04-28 11:04 - 2013-04-28 18:54 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\SwvUpdater
    2013-04-28 11:04 - 2013-04-28 11:04 - 00000000 ____D C:\Program Files (x86)\SearchProtect
    2013-04-28 11:03 - 2013-04-28 13:48 - 00000000 ____D C:\Program Files (x86)\Iminent
    2013-04-28 11:03 - 2013-04-28 11:09 - 00000866 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
    2013-04-28 11:03 - 2013-04-28 11:04 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\SearchProtect
    2013-04-28 11:03 - 2013-04-28 11:03 - 00000551 ____A C:\Users\Guest\Desktop\Graphx Edge.lnk
    2013-04-28 11:02 - 2013-04-28 11:02 - 00511184 ____A (Graphx Edge ) C:\Users\Hunter Collier\Downloads\bodyfonts-trial.exe
    2013-04-27 00:35 - 2013-04-27 00:35 - 00081280 ____A C:\Users\Hunter Collier\Desktop\Yahoo4.ods
    2013-04-23 16:28 - 2013-04-12 09:36 - 01653096 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2013-04-20 22:41 - 2013-05-09 22:40 - 00006493 ____A C:\Users\Hunter Collier\AppData\Local\58bcb66e-aa35-11e2-8274-b8ac6f996f26.crx
    2013-04-20 22:41 - 2013-04-20 22:41 - 00720896 ____A (Mise Technology,Inc) C:\Users\Hunter Collier\AppData\Roaming\pasitv.dll
    2013-04-20 22:41 - 2013-04-20 22:41 - 00434176 ____A () C:\Users\Hunter Collier\AppData\Roaming\pifeud.dll
    2013-04-20 22:29 - 2013-05-06 22:27 - 00000000 ____D C:\Users\Hunter Collier\Desktop\Camera
    2013-04-17 18:23 - 2013-04-17 18:24 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\DVDVideoSoft
    2013-04-17 18:23 - 2013-04-17 18:23 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\DVDVideoSoftIEHelpers
    2013-04-17 18:23 - 2013-04-17 18:23 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
    2013-04-11 22:38 - 2013-02-22 01:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-04-11 22:38 - 2013-02-22 01:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-04-11 22:38 - 2013-02-22 01:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-04-11 22:38 - 2013-02-22 01:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-04-11 22:38 - 2013-02-22 01:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-04-11 22:38 - 2013-02-22 01:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-04-11 22:38 - 2013-02-22 01:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-04-11 22:38 - 2013-02-22 01:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-04-11 22:38 - 2013-02-22 01:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-04-11 22:38 - 2013-02-22 01:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-04-11 22:38 - 2013-02-22 01:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-04-11 22:38 - 2013-02-22 01:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-04-11 22:38 - 2013-02-22 01:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-04-11 22:38 - 2013-02-22 01:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-04-11 22:38 - 2013-02-22 01:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-04-11 22:38 - 2013-02-22 01:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-04-11 22:38 - 2013-02-21 23:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-04-11 22:38 - 2013-02-21 22:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-04-11 22:38 - 2013-02-21 22:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-04-11 22:38 - 2013-02-21 22:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-04-11 22:38 - 2013-02-21 22:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-04-11 22:38 - 2013-02-21 22:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-04-11 22:38 - 2013-02-21 22:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-04-11 22:38 - 2013-02-21 22:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-04-11 22:38 - 2013-02-21 22:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-04-11 22:38 - 2013-02-21 22:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-04-11 22:38 - 2013-02-21 22:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2013-04-11 22:38 - 2013-02-21 22:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-04-11 22:38 - 2013-02-21 22:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-04-11 22:38 - 2013-02-21 22:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-04-11 22:38 - 2013-02-21 22:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-04-11 22:38 - 2013-02-21 22:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-04-10 17:28 - 2013-04-10 17:30 - 150856784 ____A C:\Users\Hunter Collier\Desktop\Brother George.zip
    2013-04-09 23:26 - 2013-04-09 23:29 - 00000000 ____D C:\Users\Hunter Collier\.contenta
    2013-04-09 23:26 - 2013-04-09 23:28 - 00004121 ____A C:\Windows\SysWOW64\contenta-converter.log
    2013-04-09 23:26 - 2013-04-09 23:26 - 00000000 ____D C:\Users\Hunter Collier\.Contenta SVG Converter
    2013-04-09 19:46 - 2013-02-12 10:42 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
    2013-04-09 19:46 - 2013-02-12 10:37 - 03138048 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
    2013-04-09 19:46 - 2013-02-12 10:31 - 00158208 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
    2013-04-09 19:46 - 2013-02-12 10:13 - 02691072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2013-04-09 19:46 - 2013-02-12 10:07 - 00131072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2013-04-09 19:46 - 2013-02-12 08:59 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2013-04-09 19:40 - 2013-02-28 22:32 - 03150848 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-04-09 19:33 - 2013-03-19 01:19 - 05497688 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2013-04-09 19:33 - 2013-03-19 00:54 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2013-04-09 19:33 - 2013-03-19 00:06 - 03958120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2013-04-09 19:33 - 2013-03-19 00:06 - 03902312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2013-04-09 19:33 - 2013-03-18 23:53 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2013-04-09 19:33 - 2013-03-18 22:19 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
    2013-04-09 19:33 - 2013-01-24 00:41 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys

    ==================== One Month Modified Files and Folders =======

    2013-05-09 23:51 - 2013-05-09 23:51 - 00000000 ____D C:\FRST
    2013-05-09 22:47 - 2009-07-14 00:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-05-09 22:42 - 2010-08-05 00:54 - 01135868 ____A C:\Windows\WindowsUpdate.log
    2013-05-09 22:42 - 2009-07-13 23:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-05-09 22:42 - 2009-07-13 23:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-05-09 22:41 - 2013-05-08 16:30 - 95023320 ___AT C:\ProgramData\wveqr.pad
    2013-05-09 22:41 - 2013-05-08 16:30 - 00000000 ____A C:\ProgramData\as98213.txt
    2013-05-09 22:41 - 2013-04-28 11:04 - 00000392 ____A C:\Windows\Tasks\AmiUpdXp.job
    2013-05-09 22:41 - 2012-11-24 15:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
    2013-05-09 22:40 - 2013-04-20 22:41 - 00006493 ____A C:\Users\Hunter Collier\AppData\Local\58bcb66e-aa35-11e2-8274-b8ac6f996f26.crx
    2013-05-09 22:40 - 2010-08-22 15:32 - 00000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-05-09 22:38 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-05-09 22:38 - 2009-07-13 23:51 - 00090181 ____A C:\Windows\setupact.log
    2013-05-09 22:37 - 2012-12-16 18:12 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\WinLive
    2013-05-09 20:54 - 2013-05-09 20:53 - 00002075 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2013-05-09 20:53 - 2013-05-09 20:53 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
    2013-05-09 20:53 - 2013-05-09 20:53 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2013-05-09 20:52 - 2013-05-09 20:52 - 00000000 ____D C:\ProgramData\AVAST Software
    2013-05-09 20:52 - 2013-05-09 20:52 - 00000000 ____D C:\Program Files\AVAST Software
    2013-05-08 22:05 - 2013-05-08 22:05 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\MFAData
    2013-05-08 22:05 - 2013-05-08 22:05 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\Avg2013
    2013-05-08 22:05 - 2013-05-08 22:05 - 00000000 ____D C:\ProgramData\MFAData
    2013-05-08 21:32 - 2013-05-08 21:32 - 00000022 ____A C:\Users\Hunter Collier\Desktop\Transfer.zip
    2013-05-08 17:47 - 2013-05-06 22:25 - 00000000 ____D C:\Program Files (x86)\File Type Helper
    2013-05-08 17:47 - 2013-05-06 22:24 - 00000000 ____D C:\Program Files (x86)\Fast Free Converter
    2013-05-08 17:47 - 2013-05-04 23:27 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2013-05-08 17:47 - 2012-12-16 18:12 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\MCommon
    2013-05-08 17:47 - 2012-11-24 15:42 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\Plata Software
    2013-05-08 17:47 - 2010-08-05 20:52 - 00000000 ____D C:\ProgramData\Real
    2013-05-08 17:47 - 2010-08-05 01:06 - 00000000 ____D C:\users\Hunter Collier
    2013-05-08 17:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
    2013-05-08 17:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
    2013-05-08 17:38 - 2013-02-04 20:52 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-05-08 17:38 - 2012-02-26 21:46 - 00000458 ___AH C:\Windows\Tasks\Windows Driver Foundation.job
    2013-05-08 17:38 - 2010-08-22 15:32 - 00000914 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-05-08 16:30 - 2013-05-08 16:30 - 95023320 ___AT C:\ProgramData\g7dof.pad
    2013-05-08 16:30 - 2013-05-08 16:30 - 00126976 ____A (Microsoft Corporation) C:\ProgramData\rqevw.dat
    2013-05-08 16:30 - 2013-05-08 16:30 - 00126976 ____A (Microsoft Corporation) C:\ProgramData\fod7g.dat
    2013-05-08 16:30 - 2013-05-08 16:30 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
    2013-05-08 16:30 - 2013-05-08 16:30 - 00000151 ____A C:\ProgramData\wveqr.reg
    2013-05-08 16:30 - 2013-05-08 16:30 - 00000055 ____A C:\ProgramData\wveqr.bat
    2013-05-08 16:29 - 2012-11-23 23:47 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\CrashDumps
    2013-05-08 16:07 - 2013-05-08 16:07 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{BBD368E1-E854-437E-B5F6-EED5B0E7DC45}
    2013-05-07 23:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\tracing
    2013-05-07 20:41 - 2013-05-02 22:44 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{48FB845D-7F25-42F1-8226-2B2DDED22037}
    2013-05-06 22:50 - 2013-05-06 22:50 - 00024406 ____A C:\Users\Hunter Collier\AppData\Local\recently-used.xbel
    2013-05-06 22:27 - 2013-04-20 22:29 - 00000000 ____D C:\Users\Hunter Collier\Desktop\Camera
    2013-05-06 22:25 - 2012-11-25 11:04 - 00000032 ____A C:\END
    2013-05-06 22:24 - 2013-05-06 22:25 - 00022851 ____A C:\Users\Hunter Collier\Desktop\skunklin.zip
    2013-05-06 22:22 - 2013-05-06 22:22 - 00163512 ____A () C:\Users\Hunter Collier\Downloads\Skunkline_downloader_by_AcidFonts.exe
    2013-05-05 22:29 - 2013-01-28 19:22 - 00016893 ____A C:\Users\Hunter Collier\Desktop\Church Notes.ods
    2013-05-02 22:41 - 2013-05-02 22:41 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{F7A228D6-4DD5-4FF1-A58A-05F2417A6327}
    2013-05-02 22:38 - 2009-07-13 23:45 - 00305856 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-05-02 18:52 - 2012-08-21 20:35 - 00000000 ____D C:\Users\Hunter Collier\Desktop\Church
    2013-05-02 10:44 - 2013-05-09 20:53 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
    2013-05-02 02:06 - 2010-08-05 10:33 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2013-05-01 18:34 - 2013-05-09 20:53 - 01025808 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2013-05-01 18:34 - 2013-05-09 20:53 - 00378432 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2013-05-01 18:34 - 2013-05-09 20:53 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2013-05-01 18:34 - 2013-05-09 20:53 - 00072016 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
    2013-05-01 18:34 - 2013-05-09 20:53 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys
    2013-05-01 18:34 - 2013-05-09 20:53 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2013-05-01 18:34 - 2013-05-09 20:53 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2013-05-01 18:33 - 2013-05-09 20:53 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2013-05-01 18:33 - 2013-05-09 20:53 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
    2013-04-30 23:41 - 2010-08-06 19:17 - 00069536 ____A C:\Users\Hunter Collier\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-04-30 22:56 - 2013-04-30 22:55 - 00000000 ____D C:\Program Files (x86)\Script Font Trial
    2013-04-30 22:51 - 2013-04-30 22:49 - 00917360 ____A (Elfring Fonts, Inc. ) C:\Users\Hunter Collier\Desktop\inscript.exe
    2013-04-30 19:40 - 2013-04-29 22:45 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{59EA95A1-1654-4F21-B2C4-387CBAA3ACB5}
    2013-04-28 18:54 - 2013-04-28 15:44 - 00000000 ____D C:\Program Files (x86)\Word Artist 2.2
    2013-04-28 18:54 - 2013-04-28 11:14 - 00000000 ____D C:\Users\Hunter Collier\Desktop\Graphics.Media
    2013-04-28 18:54 - 2013-04-28 11:04 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\SwvUpdater
    2013-04-28 18:54 - 2013-03-17 16:09 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\Clipdiary
    2013-04-28 18:54 - 2012-11-25 11:04 - 00000000 ____D C:\Program Files (x86)\Conduit
    2013-04-28 18:54 - 2012-11-10 13:04 - 00000000 ____D C:\Windows\SysWOW64\Extensions
    2013-04-28 17:23 - 2013-04-28 17:23 - 00016584 ____A C:\Users\Hunter Collier\Desktop\hs_err_pid4588.log
    2013-04-28 13:55 - 2013-02-18 23:22 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\internethelper
    2013-04-28 13:54 - 2010-08-05 20:47 - 00097564 ____A C:\Windows\PFRO.log
    2013-04-28 13:51 - 2012-11-25 11:04 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\Conduit
    2013-04-28 13:48 - 2013-04-28 11:03 - 00000000 ____D C:\Program Files (x86)\Iminent
    2013-04-28 11:09 - 2013-04-28 11:03 - 00000866 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
    2013-04-28 11:04 - 2013-04-28 11:04 - 00000000 ____D C:\Program Files (x86)\SearchProtect
    2013-04-28 11:04 - 2013-04-28 11:03 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\SearchProtect
    2013-04-28 11:03 - 2013-04-28 11:03 - 00000551 ____A C:\Users\Guest\Desktop\Graphx Edge.lnk
    2013-04-28 11:03 - 2012-11-26 23:49 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\CRE
    2013-04-28 11:02 - 2013-04-28 11:02 - 00511184 ____A (Graphx Edge ) C:\Users\Hunter Collier\Downloads\bodyfonts-trial.exe
    2013-04-27 00:35 - 2013-04-27 00:35 - 00081280 ____A C:\Users\Hunter Collier\Desktop\Yahoo4.ods
    2013-04-20 22:55 - 2010-10-21 23:07 - 00009728 ____A C:\Users\Hunter Collier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-04-20 22:41 - 2013-04-20 22:41 - 00720896 ____A (Mise Technology,Inc) C:\Users\Hunter Collier\AppData\Roaming\pasitv.dll
    2013-04-20 22:41 - 2013-04-20 22:41 - 00434176 ____A () C:\Users\Hunter Collier\AppData\Roaming\pifeud.dll
    2013-04-18 22:02 - 2012-12-16 19:24 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\Youtube Downloader HD
    2013-04-17 18:24 - 2013-04-17 18:23 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\DVDVideoSoft
    2013-04-17 18:23 - 2013-04-17 18:23 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\DVDVideoSoftIEHelpers
    2013-04-17 18:23 - 2013-04-17 18:23 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
    2013-04-12 09:36 - 2013-04-23 16:28 - 01653096 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2013-04-11 09:22 - 2011-07-11 11:57 - 00421200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
    2013-04-10 18:24 - 2010-11-21 10:06 - 00000000 ____D C:\ProgramData\CanonIJPLM
    2013-04-10 17:30 - 2013-04-10 17:28 - 150856784 ____A C:\Users\Hunter Collier\Desktop\Brother George.zip
    2013-04-09 23:29 - 2013-04-09 23:26 - 00000000 ____D C:\Users\Hunter Collier\.contenta
    2013-04-09 23:28 - 2013-04-09 23:26 - 00004121 ____A C:\Windows\SysWOW64\contenta-converter.log
    2013-04-09 23:26 - 2013-04-09 23:26 - 00000000 ____D C:\Users\Hunter Collier\.Contenta SVG Converter
    2013-04-09 20:35 - 2013-02-21 21:57 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk

    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-21-1448089386-1678093697-344294379-1000\$6352e625e921adda9d24cbb9bc058261

    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-18\$6352e625e921adda9d24cbb9bc058261

    Other Malware:
    ===========
    C:\Users\Hunter Collier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
    C:\ProgramData\fod7g.dat
    C:\ProgramData\g7dof.pad
    C:\ProgramData\rqevw.dat
    C:\ProgramData\rundll32.exe
    C:\ProgramData\wveqr.bat
    C:\ProgramData\wveqr.pad
    C:\ProgramData\wveqr.reg

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    Last Boot: 2013-05-05 10:19

    ==================== End Of Log ============================
  7. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    The top of the log seems to be cut off.
    Please repost.
  8. rammertide07

    rammertide07 Newcomer, in training Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-05-2013
    Ran by Hunter Collier (administrator) on 09-05-2013 23:51:07
    Running from I:\Download
    Windows 7 Home Premium (X64) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Safe Mode (minimal)
    ==================== Processes (Whitelisted) =================

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Microsoft Corporation) C:\Windows\System32\msdt.exe
    (Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe
    (Farbar) I:\Download\FRST64.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
    HKLM\...\Run: [pasitv] "C:\Windows\System32\rundll32.exe" "C:\Users\Hunter Collier\AppData\Roaming\pasitv.dll",GetFunction2 [720896 2013-04-20] (Mise Technology,Inc)
    HKLM\...\Run: [pifeud] "C:\Windows\System32\rundll32.exe" "C:\Users\Hunter Collier\AppData\Roaming\pifeud.dll",window_bits [434176 2013-04-20] ()
    HKLM-x32\...\Winlogon: [Shell] C:\PROGRA~3\wveqr.bat [x ] ()
    HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$6352e625e921adda9d24cbb9bc058261\n. ATTENTION! ====> ZeroAccess
    HKCU\...\Run: [Gadwin PrintScreen] "C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash [495616 2008-12-09] (Gadwin Systems, Inc)
    HKCU\...\Run: [EasyTether] "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe" [48680 2012-06-06] (Mobile Stream)
    HKCU\...\Run: [SearchProtect] C:\Users\Hunter Collier\AppData\Roaming\SearchProtect\bin\cltmng.exe [2730784 2013-04-11] (Conduit)
    HKCU\...\Run: [ctfmon.exe] C:\PROGRA~3\rundll32.exe C:\PROGRA~3\rqevw.dat,FG00 [126976 2013-05-08] (Microsoft Corporation)
    HKCU\...\Run: [Zoner Photo Studio Autoupdate] C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE [752736 2012-10-08] (ZONER software)
    HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\HUNTER~1\AppData\Local\Temp\seypimm\sspibir\wow64.dll ATTENTION! ====> ZeroAccess
    MountPoints2: E - E:\MotoCastSetup.exe -a
    MountPoints2: {09a564a3-c176-11e1-b99a-00266c40055c} - E:\MotoCastSetup.exe -a
    MountPoints2: {0c766d11-ef23-11e1-a1ed-701a04b9343b} - E:\MotoCastSetup.exe -a
    MountPoints2: {31e8f99f-9266-11e1-b130-701a04b9343b} - E:\MotoCastSetup.exe -a
    MountPoints2: {66655589-258d-11e0-8632-00266c40055c} - F:\TL-Bootstrap.exe
    MountPoints2: {66655663-258d-11e0-8632-00266c40055c} - E:\TL-Bootstrap.exe
    MountPoints2: {92e6809f-6e9c-11e0-8591-701a04b9343b} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\AppLaunch.exe AUTORUN=1
    MountPoints2: {f3f784e8-1d90-11e2-b47b-701a04b9343b} - E:\MotoCastSetup.exe -a
    MountPoints2: {f3f785d6-1d90-11e2-b47b-00266c40055c} - H:\MotoCastSetup.exe -a
    MountPoints2: {f4694956-24b5-11e0-a272-701a04b9343b} - G:\VZAccess_Manager.exe /z detect
    MountPoints2: {f4694966-24b5-11e0-a272-701a04b9343b} - G:\VZAccess_Manager.exe /z detect
    HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot [295072 2013-02-13] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2730784 2013-04-11] (Conduit)
    HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858456 2013-05-01] (AVAST Software)
    Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    ShortcutTarget: LimeWire On Startup.lnk -> C:\Program Files (x86)\LimeWire\LimeWire.exe (No File)
    Startup: C:\Users\Hunter Collier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
    ShortcutTarget: msconfig.lnk -> C:\PROGRA~3\rqevw.dat (Microsoft Corporation)
    Startup: C:\Users\Hunter Collier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiMediaOffice Start Menu.lnk
    ShortcutTarget: MultiMediaOffice Start Menu.lnk -> C:\Program Files (x86)\Plata Software MultiMediaOffice\PlataStartMenu.exe (Plata Software, Inc)
    Startup: C:\Users\Hunter Collier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
    ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\program\quickstart.exe ()

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=Down...f5-e387caf04cd5&searchtype=ds&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=do...tAtDzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=230215531
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10...&barid={7C0B755E-9A19-11E2-9B18-00266C40055C}
    URLSearchHook: (No Name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No File
    HKLM SearchScopes: DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.p...tAtDzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=230215531
    SearchScopes: HKLM - {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.p...tAtDzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=230215531
    HKLM-x32 SearchScopes: DefaultScope {7DE58EF7-1C91-4E2F-B6AA-E9F95CC11030} URL =
    SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=Down...f5-e387caf04cd5&searchtype=ds&q={searchTerms}
    SearchScopes: HKLM-x32 - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebsearch.com/myweb...1011&st=sb&n=77ee60a3&searchfor={searchTerms}
    SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481032
    SearchScopes: HKLM-x32 - {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.p...tAtDzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=230215531
    SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&...&barid={7C0B755E-9A19-11E2-9B18-00266C40055C}
    HKCU SearchScopes: DefaultScope {7DE58EF7-1C91-4E2F-B6AA-E9F95CC11030} URL = http://search.conduit.com/ResultsEx...9847&CUI=UN41763429461133921&UM=2&SSPV=TB_CIS
    SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=Down...f5-e387caf04cd5&searchtype=ds&q={searchTerms}
    SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searc...SP_ss&mntrId=8cf7e5a3000000000000020054746872
    SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?c...pn_sauid=809CEEEF-26CB-4065-BDCF-8A57663FCC8A
    SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
    SearchScopes: HKCU - {7DE58EF7-1C91-4E2F-B6AA-E9F95CC11030} URL = http://search.conduit.com/ResultsEx...9847&CUI=UN41763429461133921&UM=2&SSPV=TB_CIS
    SearchScopes: HKCU - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebsearch.com/myweb...1011&st=sb&n=77ee60a3&searchfor={searchTerms}
    SearchScopes: HKCU - {AD3E4045-466A-45AC-82EE-1B8D4EC52E1F} URL = http://search.conduit.com/Results.aspx?&ctid=CT3283894&SearchSource=45?&q={searchTerms}
    SearchScopes: HKCU - {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.p...tAtDzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=230215531
    SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&...&barid={7C0B755E-9A19-11E2-9B18-00266C40055C}
    SearchScopes: HKCU - 蹮祁Z2罐pv↖歪*X(�2s(畚繨涸拥澅 v税!讞(浼48懈patm6阰^Mp`缩鱛I樉!劻�啇x�8�賘�囱;醓�[8牶~廟賦滘�8'�-)x� URL =
    BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
    BHO-x32: DealCabby - {0B4A07CF-45EB-4B10-B6BB-35568A2F89BE} - C:\Users\Hunter Collier\AppData\Local\dealcabby\ie\dealcabby_20121029030001.dll ()
    BHO-x32: InfoAtoms - {103089DA-0F31-4A8B-843F-7D24A7FE8345} - C:\Program Files (x86)\InfoAtoms\IE32\InfoAtomsClientIE.dll (InfoAtoms Inc.)
    BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Blog This in Windows Live - {2adefb8e-b923-35e6-86e2-2b7841f5d2a2} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO-x32: No Name - {7365A975-D1E8-41ed-8C66-FA70EDB97A39} - No File
    BHO-x32: TidyNetwork.com - {7736C7FA-512D-11E2-B871-DEC36088709B} - C:\Users\Hunter Collier\AppData\Local\TidyNetwork.com\tidy2ie.dll ()
    BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Hunter Collier\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
    BHO-x32: Fast Free Converter 4.1 - {8232785C-5C98-4A6E-B7B4-911FFBED7582} - C:\PROGRA~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL (Fast Free Converter)
    BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
    BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    Toolbar: HKLM-x32 - No Name - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No File
    Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
    Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKCU - No Name - {124D001A-BDCB-472F-AA59-BBE7E4BC3204} - No File
    Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No File
    PDF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    PDF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    PDF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
    PDF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    PDF: HKLM-x32 {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
    Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4

    FireFox:
    ========
    FF ProfilePath: C:\Users\Hunter Collier\AppData\Roaming\Mozilla\Firefox\Profiles\profile
    FF Plugin: @java.com/DTPlugin,version=10.2.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.2.1 - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ No File
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
    FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF Plugin-x32: google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Extension: DealCabby - C:\Users\Hunter Collier\AppData\Roaming\Mozilla\Firefox\Profiles\profile\Extensions\dealcabby@jetpack
    FF Extension: SpecialSavings - C:\Users\Hunter Collier\AppData\Roaming\Mozilla\Firefox\Profiles\profile\Extensions\specialsavings@superfish.com

    Chrome:
    =======
    CHR HomePage: hxxp://search.conduit.com/?SearchSource=10&CUI=UN23359133428389186&ctid=CT3277370
    CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3292584&SearchSource=48&CUI=UN17294958577068308&UM=2", "hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN18640304411681467&UM=2"
    CHR DefaultSearchURL: (Conduit) - http://search.conduit.com/Results.a...9&CUI=UN18640304411681467&ctid=CT3289847&UM=2
    CHR DefaultSuggestURL: (Conduit) - http://suggest.search.conduit.com/C...ix={searchTerms}&CUI=UN18640304411681467&UM=2
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
    CHR Plugin: (Injovo Extension Plugin) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.566_0\npbrowserext.dll No File
    CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj\10.15.0.62_0\plugins/ConduitChromeApiPlugin.dll No File
    CHR Plugin: (Conduit Radio Plugin) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj\10.15.0.62_0\plugins/np-cwmp.dll No File
    CHR Plugin: (Conduit Chrome Approve TB Plugin) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj\10.15.0.62_0\plugins/ChromeApproveTBPlugin.dll No File
    CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
    CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    CHR Plugin: (Unity Player) - C:\Users\Hunter Collier\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    CHR Extension: (Google Docs) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
    CHR Extension: (Google Drive) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
    CHR Extension: (Funmoods) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.1.3_0
    CHR Extension: (PriceGong) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.8_0
    CHR Extension: (YouTube) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
    CHR Extension: (ChromeUpdateManager) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0
    CHR Extension: (New Tab) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\7.0.21_0
    CHR Extension: (Google Search) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
    CHR Extension: (MixiDJ V1) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj\10.15.2.523_0
    CHR Extension: (uTorrentControl_v2) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.15.0.562_1
    CHR Extension: (InfoAtoms) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.5.0.0_0
    CHR Extension: (RealDownloader) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0
    CHR Extension: () - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\imolbaiifjleeieoblfpkiodaegcolcp\4.0.0.0_0
    CHR Extension: (WhiteSmoke New) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.15.2.24_0
    CHR Extension: () - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncflbflcglbjoebicfngachbpdmeobkk\4.0.0.0_0
    CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0
    CHR Extension: (SweetPacks Chrome Extension) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0
    CHR Extension: (Gmail) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

    ==================== Services (Whitelisted) =================

    S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-01] (AVAST Software)
    S2 Browser Manager; C:\ProgramData\Browser Manager\2.6.1125.80\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe [2569168 2013-03-06] ()
    S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [93984 2013-04-11] (Conduit)
    S2 DefaultTabUpdate; C:\Users\Hunter Collier\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-02-12] ()
    S2 FastFreeConverterUpdt; C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [687104 2012-11-26] ()
    S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
    S2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [218992 2011-10-31] ()
    S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()

    ==================== Drivers (Whitelisted) ====================

    S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
    S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-01] (AVAST Software)
    S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-01] (AVAST Software)
    S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-01] (AVAST Software)
    S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-01] ()
    S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-05-01] (AVAST Software)
    S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378432 2013-05-01] (AVAST Software)
    S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-01] (AVAST Software)
    S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-05-02] ()
    S3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [20784 2012-06-06] (Mobile Stream)
    S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-12-18] (Novatel Wireless Inc.)
    S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-12-18] (Novatel Wireless Inc.)
    S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2009-12-18] (Novatel Wireless Inc.)
    S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
    S3 SMSIVZAM5X64; C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [43032 2009-05-25] (Smith Micro Inc.)
    S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [28808 2008-03-05] ()
    S3 SWNC5E00; C:\Windows\System32\DRIVERS\SWNC5E00.sys [195584 2008-03-05] (Sierra Wireless Inc.)
    S3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [x]
    S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-05-09 23:51 - 2013-05-09 23:51 - 00000000 ____D C:\FRST
    2013-05-09 20:53 - 2013-05-09 20:54 - 00002075 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2013-05-09 20:53 - 2013-05-09 20:53 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
    2013-05-09 20:53 - 2013-05-09 20:53 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2013-05-09 20:53 - 2013-05-02 10:44 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
    2013-05-09 20:53 - 2013-05-01 18:34 - 01025808 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2013-05-09 20:53 - 2013-05-01 18:34 - 00378432 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2013-05-09 20:53 - 2013-05-01 18:34 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2013-05-09 20:53 - 2013-05-01 18:34 - 00072016 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
    2013-05-09 20:53 - 2013-05-01 18:34 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys
    2013-05-09 20:53 - 2013-05-01 18:34 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2013-05-09 20:53 - 2013-05-01 18:34 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2013-05-09 20:53 - 2013-05-01 18:33 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2013-05-09 20:53 - 2013-05-01 18:33 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
    2013-05-09 20:52 - 2013-05-09 20:52 - 00000000 ____D C:\ProgramData\AVAST Software
    2013-05-09 20:52 - 2013-05-09 20:52 - 00000000 ____D C:\Program Files\AVAST Software
    2013-05-08 22:05 - 2013-05-08 22:05 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\MFAData
    2013-05-08 22:05 - 2013-05-08 22:05 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\Avg2013
    2013-05-08 22:05 - 2013-05-08 22:05 - 00000000 ____D C:\ProgramData\MFAData
    2013-05-08 21:32 - 2013-05-08 21:32 - 00000022 ____A C:\Users\Hunter Collier\Desktop\Transfer.zip
    2013-05-08 16:30 - 2013-05-09 22:41 - 95023320 ___AT C:\ProgramData\wveqr.pad
    2013-05-08 16:30 - 2013-05-09 22:41 - 00000000 ____A C:\ProgramData\as98213.txt
    2013-05-08 16:30 - 2013-05-08 16:30 - 95023320 ___AT C:\ProgramData\g7dof.pad
    2013-05-08 16:30 - 2013-05-08 16:30 - 00126976 ____A (Microsoft Corporation) C:\ProgramData\rqevw.dat
    2013-05-08 16:30 - 2013-05-08 16:30 - 00126976 ____A (Microsoft Corporation) C:\ProgramData\fod7g.dat
    2013-05-08 16:30 - 2013-05-08 16:30 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
    2013-05-08 16:30 - 2013-05-08 16:30 - 00000151 ____A C:\ProgramData\wveqr.reg
    2013-05-08 16:30 - 2013-05-08 16:30 - 00000055 ____A C:\ProgramData\wveqr.bat
    2013-05-08 16:07 - 2013-05-08 16:07 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{BBD368E1-E854-437E-B5F6-EED5B0E7DC45}
    2013-05-06 22:50 - 2013-05-06 22:50 - 00024406 ____A C:\Users\Hunter Collier\AppData\Local\recently-used.xbel
    2013-05-06 22:25 - 2013-05-08 17:47 - 00000000 ____D C:\Program Files (x86)\File Type Helper
    2013-05-06 22:25 - 2013-05-06 22:24 - 00022851 ____A C:\Users\Hunter Collier\Desktop\skunklin.zip
    2013-05-06 22:24 - 2013-05-08 17:47 - 00000000 ____D C:\Program Files (x86)\Fast Free Converter
    2013-05-06 22:22 - 2013-05-06 22:22 - 00163512 ____A () C:\Users\Hunter Collier\Downloads\Skunkline_downloader_by_AcidFonts.exe
    2013-05-04 23:27 - 2013-05-08 17:47 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2013-05-02 22:44 - 2013-05-07 20:41 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{48FB845D-7F25-42F1-8226-2B2DDED22037}
    2013-05-02 22:41 - 2013-05-02 22:41 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{F7A228D6-4DD5-4FF1-A58A-05F2417A6327}
    2013-04-30 22:55 - 2013-04-30 22:56 - 00000000 ____D C:\Program Files (x86)\Script Font Trial
    2013-04-30 22:49 - 2013-04-30 22:51 - 00917360 ____A (Elfring Fonts, Inc. ) C:\Users\Hunter Collier\Desktop\inscript.exe
    2013-04-29 22:45 - 2013-04-30 19:40 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{59EA95A1-1654-4F21-B2C4-387CBAA3ACB5}
    2013-04-28 17:23 - 2013-04-28 17:23 - 00016584 ____A C:\Users\Hunter Collier\Desktop\hs_err_pid4588.log
    2013-04-28 15:44 - 2013-04-28 18:54 - 00000000 ____D C:\Program Files (x86)\Word Artist 2.2
    2013-04-28 11:14 - 2013-04-28 18:54 - 00000000 ____D C:\Users\Hunter Collier\Desktop\Graphics.Media
    2013-04-28 11:04 - 2013-05-09 22:41 - 00000392 ____A C:\Windows\Tasks\AmiUpdXp.job
    2013-04-28 11:04 - 2013-04-28 18:54 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\SwvUpdater
    2013-04-28 11:04 - 2013-04-28 11:04 - 00000000 ____D C:\Program Files (x86)\SearchProtect
    2013-04-28 11:03 - 2013-04-28 13:48 - 00000000 ____D C:\Program Files (x86)\Iminent
    2013-04-28 11:03 - 2013-04-28 11:09 - 00000866 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
    2013-04-28 11:03 - 2013-04-28 11:04 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\SearchProtect
    2013-04-28 11:03 - 2013-04-28 11:03 - 00000551 ____A C:\Users\Guest\Desktop\Graphx Edge.lnk
    2013-04-28 11:02 - 2013-04-28 11:02 - 00511184 ____A (Graphx Edge ) C:\Users\Hunter Collier\Downloads\bodyfonts-trial.exe
    2013-04-27 00:35 - 2013-04-27 00:35 - 00081280 ____A C:\Users\Hunter Collier\Desktop\Yahoo4.ods
    2013-04-23 16:28 - 2013-04-12 09:36 - 01653096 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2013-04-20 22:41 - 2013-05-09 22:40 - 00006493 ____A C:\Users\Hunter Collier\AppData\Local\58bcb66e-aa35-11e2-8274-b8ac6f996f26.crx
    2013-04-20 22:41 - 2013-04-20 22:41 - 00720896 ____A (Mise Technology,Inc) C:\Users\Hunter Collier\AppData\Roaming\pasitv.dll
    2013-04-20 22:41 - 2013-04-20 22:41 - 00434176 ____A () C:\Users\Hunter Collier\AppData\Roaming\pifeud.dll
    2013-04-20 22:29 - 2013-05-06 22:27 - 00000000 ____D C:\Users\Hunter Collier\Desktop\Camera
    2013-04-17 18:23 - 2013-04-17 18:24 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\DVDVideoSoft
    2013-04-17 18:23 - 2013-04-17 18:23 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\DVDVideoSoftIEHelpers
    2013-04-17 18:23 - 2013-04-17 18:23 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
    2013-04-11 22:38 - 2013-02-22 01:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-04-11 22:38 - 2013-02-22 01:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-04-11 22:38 - 2013-02-22 01:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-04-11 22:38 - 2013-02-22 01:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-04-11 22:38 - 2013-02-22 01:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-04-11 22:38 - 2013-02-22 01:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-04-11 22:38 - 2013-02-22 01:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-04-11 22:38 - 2013-02-22 01:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-04-11 22:38 - 2013-02-22 01:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-04-11 22:38 - 2013-02-22 01:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-04-11 22:38 - 2013-02-22 01:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-04-11 22:38 - 2013-02-22 01:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-04-11 22:38 - 2013-02-22 01:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-04-11 22:38 - 2013-02-22 01:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-04-11 22:38 - 2013-02-22 01:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-04-11 22:38 - 2013-02-22 01:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-04-11 22:38 - 2013-02-21 23:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-04-11 22:38 - 2013-02-21 22:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-04-11 22:38 - 2013-02-21 22:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-04-11 22:38 - 2013-02-21 22:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-04-11 22:38 - 2013-02-21 22:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-04-11 22:38 - 2013-02-21 22:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-04-11 22:38 - 2013-02-21 22:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-04-11 22:38 - 2013-02-21 22:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-04-11 22:38 - 2013-02-21 22:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-04-11 22:38 - 2013-02-21 22:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-04-11 22:38 - 2013-02-21 22:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2013-04-11 22:38 - 2013-02-21 22:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-04-11 22:38 - 2013-02-21 22:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-04-11 22:38 - 2013-02-21 22:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-04-11 22:38 - 2013-02-21 22:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-04-11 22:38 - 2013-02-21 22:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-04-10 17:28 - 2013-04-10 17:30 - 150856784 ____A C:\Users\Hunter Collier\Desktop\Brother George.zip
    2013-04-09 23:26 - 2013-04-09 23:29 - 00000000 ____D C:\Users\Hunter Collier\.contenta
    2013-04-09 23:26 - 2013-04-09 23:28 - 00004121 ____A C:\Windows\SysWOW64\contenta-converter.log
    2013-04-09 23:26 - 2013-04-09 23:26 - 00000000 ____D C:\Users\Hunter Collier\.Contenta SVG Converter
    2013-04-09 19:46 - 2013-02-12 10:42 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
    2013-04-09 19:46 - 2013-02-12 10:37 - 03138048 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
    2013-04-09 19:46 - 2013-02-12 10:31 - 00158208 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
    2013-04-09 19:46 - 2013-02-12 10:13 - 02691072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2013-04-09 19:46 - 2013-02-12 10:07 - 00131072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2013-04-09 19:46 - 2013-02-12 08:59 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2013-04-09 19:40 - 2013-02-28 22:32 - 03150848 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-04-09 19:33 - 2013-03-19 01:19 - 05497688 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2013-04-09 19:33 - 2013-03-19 00:54 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2013-04-09 19:33 - 2013-03-19 00:06 - 03958120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2013-04-09 19:33 - 2013-03-19 00:06 - 03902312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2013-04-09 19:33 - 2013-03-18 23:53 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2013-04-09 19:33 - 2013-03-18 22:19 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
    2013-04-09 19:33 - 2013-01-24 00:41 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys

    ==================== One Month Modified Files and Folders =======

    2013-05-09 23:51 - 2013-05-09 23:51 - 00000000 ____D C:\FRST
    2013-05-09 22:47 - 2009-07-14 00:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-05-09 22:42 - 2010-08-05 00:54 - 01135868 ____A C:\Windows\WindowsUpdate.log
    2013-05-09 22:42 - 2009-07-13 23:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-05-09 22:42 - 2009-07-13 23:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-05-09 22:41 - 2013-05-08 16:30 - 95023320 ___AT C:\ProgramData\wveqr.pad
    2013-05-09 22:41 - 2013-05-08 16:30 - 00000000 ____A C:\ProgramData\as98213.txt
    2013-05-09 22:41 - 2013-04-28 11:04 - 00000392 ____A C:\Windows\Tasks\AmiUpdXp.job
    2013-05-09 22:41 - 2012-11-24 15:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
    2013-05-09 22:40 - 2013-04-20 22:41 - 00006493 ____A C:\Users\Hunter Collier\AppData\Local\58bcb66e-aa35-11e2-8274-b8ac6f996f26.crx
    2013-05-09 22:40 - 2010-08-22 15:32 - 00000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-05-09 22:38 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-05-09 22:38 - 2009-07-13 23:51 - 00090181 ____A C:\Windows\setupact.log
    2013-05-09 22:37 - 2012-12-16 18:12 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\WinLive
    2013-05-09 20:54 - 2013-05-09 20:53 - 00002075 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2013-05-09 20:53 - 2013-05-09 20:53 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
    2013-05-09 20:53 - 2013-05-09 20:53 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2013-05-09 20:52 - 2013-05-09 20:52 - 00000000 ____D C:\ProgramData\AVAST Software
    2013-05-09 20:52 - 2013-05-09 20:52 - 00000000 ____D C:\Program Files\AVAST Software
    2013-05-08 22:05 - 2013-05-08 22:05 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\MFAData
    2013-05-08 22:05 - 2013-05-08 22:05 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\Avg2013
    2013-05-08 22:05 - 2013-05-08 22:05 - 00000000 ____D C:\ProgramData\MFAData
    2013-05-08 21:32 - 2013-05-08 21:32 - 00000022 ____A C:\Users\Hunter Collier\Desktop\Transfer.zip
    2013-05-08 17:47 - 2013-05-06 22:25 - 00000000 ____D C:\Program Files (x86)\File Type Helper
    2013-05-08 17:47 - 2013-05-06 22:24 - 00000000 ____D C:\Program Files (x86)\Fast Free Converter
    2013-05-08 17:47 - 2013-05-04 23:27 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2013-05-08 17:47 - 2012-12-16 18:12 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\MCommon
    2013-05-08 17:47 - 2012-11-24 15:42 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\Plata Software
    2013-05-08 17:47 - 2010-08-05 20:52 - 00000000 ____D C:\ProgramData\Real
    2013-05-08 17:47 - 2010-08-05 01:06 - 00000000 ____D C:\users\Hunter Collier
    2013-05-08 17:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
    2013-05-08 17:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
    2013-05-08 17:38 - 2013-02-04 20:52 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-05-08 17:38 - 2012-02-26 21:46 - 00000458 ___AH C:\Windows\Tasks\Windows Driver Foundation.job
    2013-05-08 17:38 - 2010-08-22 15:32 - 00000914 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-05-08 16:30 - 2013-05-08 16:30 - 95023320 ___AT C:\ProgramData\g7dof.pad
    2013-05-08 16:30 - 2013-05-08 16:30 - 00126976 ____A (Microsoft Corporation) C:\ProgramData\rqevw.dat
    2013-05-08 16:30 - 2013-05-08 16:30 - 00126976 ____A (Microsoft Corporation) C:\ProgramData\fod7g.dat
    2013-05-08 16:30 - 2013-05-08 16:30 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
    2013-05-08 16:30 - 2013-05-08 16:30 - 00000151 ____A C:\ProgramData\wveqr.reg
    2013-05-08 16:30 - 2013-05-08 16:30 - 00000055 ____A C:\ProgramData\wveqr.bat
    2013-05-08 16:29 - 2012-11-23 23:47 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\CrashDumps
    2013-05-08 16:07 - 2013-05-08 16:07 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{BBD368E1-E854-437E-B5F6-EED5B0E7DC45}
    2013-05-07 23:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\tracing
    2013-05-07 20:41 - 2013-05-02 22:44 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{48FB845D-7F25-42F1-8226-2B2DDED22037}
    2013-05-06 22:50 - 2013-05-06 22:50 - 00024406 ____A C:\Users\Hunter Collier\AppData\Local\recently-used.xbel
    2013-05-06 22:27 - 2013-04-20 22:29 - 00000000 ____D C:\Users\Hunter Collier\Desktop\Camera
    2013-05-06 22:25 - 2012-11-25 11:04 - 00000032 ____A C:\END
    2013-05-06 22:24 - 2013-05-06 22:25 - 00022851 ____A C:\Users\Hunter Collier\Desktop\skunklin.zip
    2013-05-06 22:22 - 2013-05-06 22:22 - 00163512 ____A () C:\Users\Hunter Collier\Downloads\Skunkline_downloader_by_AcidFonts.exe
    2013-05-05 22:29 - 2013-01-28 19:22 - 00016893 ____A C:\Users\Hunter Collier\Desktop\Church Notes.ods
    2013-05-02 22:41 - 2013-05-02 22:41 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{F7A228D6-4DD5-4FF1-A58A-05F2417A6327}
    2013-05-02 22:38 - 2009-07-13 23:45 - 00305856 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-05-02 18:52 - 2012-08-21 20:35 - 00000000 ____D C:\Users\Hunter Collier\Desktop\Church
    2013-05-02 10:44 - 2013-05-09 20:53 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
    2013-05-02 02:06 - 2010-08-05 10:33 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2013-05-01 18:34 - 2013-05-09 20:53 - 01025808 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2013-05-01 18:34 - 2013-05-09 20:53 - 00378432 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2013-05-01 18:34 - 2013-05-09 20:53 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2013-05-01 18:34 - 2013-05-09 20:53 - 00072016 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
    2013-05-01 18:34 - 2013-05-09 20:53 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys
    2013-05-01 18:34 - 2013-05-09 20:53 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2013-05-01 18:34 - 2013-05-09 20:53 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2013-05-01 18:33 - 2013-05-09 20:53 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2013-05-01 18:33 - 2013-05-09 20:53 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
    2013-04-30 23:41 - 2010-08-06 19:17 - 00069536 ____A C:\Users\Hunter Collier\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-04-30 22:56 - 2013-04-30 22:55 - 00000000 ____D C:\Program Files (x86)\Script Font Trial
    2013-04-30 22:51 - 2013-04-30 22:49 - 00917360 ____A (Elfring Fonts, Inc. ) C:\Users\Hunter Collier\Desktop\inscript.exe
    2013-04-30 19:40 - 2013-04-29 22:45 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{59EA95A1-1654-4F21-B2C4-387CBAA3ACB5}
    2013-04-28 18:54 - 2013-04-28 15:44 - 00000000 ____D C:\Program Files (x86)\Word Artist 2.2
    2013-04-28 18:54 - 2013-04-28 11:14 - 00000000 ____D C:\Users\Hunter Collier\Desktop\Graphics.Media
    2013-04-28 18:54 - 2013-04-28 11:04 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\SwvUpdater
    2013-04-28 18:54 - 2013-03-17 16:09 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\Clipdiary
    2013-04-28 18:54 - 2012-11-25 11:04 - 00000000 ____D C:\Program Files (x86)\Conduit
    2013-04-28 18:54 - 2012-11-10 13:04 - 00000000 ____D C:\Windows\SysWOW64\Extensions
    2013-04-28 17:23 - 2013-04-28 17:23 - 00016584 ____A C:\Users\Hunter Collier\Desktop\hs_err_pid4588.log
    2013-04-28 13:55 - 2013-02-18 23:22 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\internethelper
    2013-04-28 13:54 - 2010-08-05 20:47 - 00097564 ____A C:\Windows\PFRO.log
    2013-04-28 13:51 - 2012-11-25 11:04 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\Conduit
    2013-04-28 13:48 - 2013-04-28 11:03 - 00000000 ____D C:\Program Files (x86)\Iminent
    2013-04-28 11:09 - 2013-04-28 11:03 - 00000866 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
    2013-04-28 11:04 - 2013-04-28 11:04 - 00000000 ____D C:\Program Files (x86)\SearchProtect
    2013-04-28 11:04 - 2013-04-28 11:03 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\SearchProtect
    2013-04-28 11:03 - 2013-04-28 11:03 - 00000551 ____A C:\Users\Guest\Desktop\Graphx Edge.lnk
    2013-04-28 11:03 - 2012-11-26 23:49 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\CRE
    2013-04-28 11:02 - 2013-04-28 11:02 - 00511184 ____A (Graphx Edge ) C:\Users\Hunter Collier\Downloads\bodyfonts-trial.exe
    2013-04-27 00:35 - 2013-04-27 00:35 - 00081280 ____A C:\Users\Hunter Collier\Desktop\Yahoo4.ods
    2013-04-20 22:55 - 2010-10-21 23:07 - 00009728 ____A C:\Users\Hunter Collier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-04-20 22:41 - 2013-04-20 22:41 - 00720896 ____A (Mise Technology,Inc) C:\Users\Hunter Collier\AppData\Roaming\pasitv.dll
    2013-04-20 22:41 - 2013-04-20 22:41 - 00434176 ____A () C:\Users\Hunter Collier\AppData\Roaming\pifeud.dll
    2013-04-18 22:02 - 2012-12-16 19:24 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\Youtube Downloader HD
    2013-04-17 18:24 - 2013-04-17 18:23 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\DVDVideoSoft
    2013-04-17 18:23 - 2013-04-17 18:23 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\DVDVideoSoftIEHelpers
    2013-04-17 18:23 - 2013-04-17 18:23 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
    2013-04-12 09:36 - 2013-04-23 16:28 - 01653096 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2013-04-11 09:22 - 2011-07-11 11:57 - 00421200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
    2013-04-10 18:24 - 2010-11-21 10:06 - 00000000 ____D C:\ProgramData\CanonIJPLM
    2013-04-10 17:30 - 2013-04-10 17:28 - 150856784 ____A C:\Users\Hunter Collier\Desktop\Brother George.zip
    2013-04-09 23:29 - 2013-04-09 23:26 - 00000000 ____D C:\Users\Hunter Collier\.contenta
    2013-04-09 23:28 - 2013-04-09 23:26 - 00004121 ____A C:\Windows\SysWOW64\contenta-converter.log
    2013-04-09 23:26 - 2013-04-09 23:26 - 00000000 ____D C:\Users\Hunter Collier\.Contenta SVG Converter
    2013-04-09 20:35 - 2013-02-21 21:57 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk

    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-21-1448089386-1678093697-344294379-1000\$6352e625e921adda9d24cbb9bc058261

    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-18\$6352e625e921adda9d24cbb9bc058261

    Other Malware:
    ===========
    C:\Users\Hunter Collier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
    C:\ProgramData\fod7g.dat
    C:\ProgramData\g7dof.pad
    C:\ProgramData\rqevw.dat
    C:\ProgramData\rundll32.exe
    C:\ProgramData\wveqr.bat
    C:\ProgramData\wveqr.pad
    C:\ProgramData\wveqr.reg

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    Last Boot: 2013-05-05 10:19

    ==================== End Of Log ============================

    I double checked and this is all of the first report.
  9. rammertide07

    rammertide07 Newcomer, in training Topic Starter

    I do have a system recovery disc. Could I just use it somehow?
  10. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
    See if you can start your computer normally.

    If so...

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Attached Files:

  11. rammertide07

    rammertide07 Newcomer, in training Topic Starter

    What do you mean try running FRST/FRST64? I typed that into the "run" command but got an error. Both files are saved to the desktop.
     
  12. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    You have 64 bit so you type FRST64
  13. rammertide07

    rammertide07 Newcomer, in training Topic Starter

    OK, I tried just typing "FRST64" into the Run command and nothing.
  14. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    I see what's going on.
    You're not supposed to use any command prompt.

    You ran FRST from here:
    Move FRST and fixlist.txt to your Desktop.
    Both of them must be in same location.

    Double click on FRST to run it and the click on "Fix" button.
  15. rammertide07

    rammertide07 Newcomer, in training Topic Starter

    Oh OK, yea I have both files on the desktop. I was just misunderstanding when you said "Run".
  16. Broni

    Broni Malware Annihilator Posts: 46,169   +251

  17. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Still with me?
  18. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.