Inactive-A FBI Ransomware

rammertide07 · May 10, 2013

Hello all, this is my first post here. I recently have acquired the FBI moneypak malware and this thing is a beast. Rolling back the system does not work, Avast does not work in Safe Mode...

I've ran the Farbar for Windows 7 64bit OS. Here's the report:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05-2013 Ran by Hunter Collier at 2013-05-09 23:52:05 Run: Running from I:\Download Boot Mode: Safe Mode (minimal) ========================================================== ==================== Installed Programs ======================= Adobe AIR (Version: 3.5.0.600) Adobe Flash Player 10 Plugin (Version: 10.0.45.2) Adobe Flash Player 11 ActiveX (Version: 11.6.602.180) Adobe Reader X (10.1.2) (Version: 10.1.2) Adobe Shockwave Player 11.5 (Version: 11.5.8.612) Any Video Converter Ultimate 4.5.7 Ashampoo Photo Commander 10 v.10.1.3 (Version: 10.1.3) Audacity 1.2.4 avast! Free Antivirus (Version: 8.0.1488.0) AviSynth 2.5 AVS Image Converter 2.3.2.248 (Version: 2.3.2.248) Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon MP Navigator EX 3.0 Canon MP250 series MP Drivers Canon MP250 series User Registration Canon Utilities Easy-PhotoPrint EX Canon Utilities My Printer Canon Utilities Solution Menu CTRLA - Hidden image creator 1.0 D3DX10 (Version: 15.4.2368.0902) DeblurMyImage_free (Version: 2.0) DefaultTab (Version: 2.2.1.0) DenoiseMyImage_free (Version: 2.0) DVD Decrypter (Remove Only) EasyTether (Version: 1.1.16) Fast Free Converter (Version: 4.1) Free YouTube to MP3 Converter version 3.12.1.320 (Version: 3.12.1.320) Gadwin PrintScreen (Version: 4.4) GIMP 2.8.2 (Version: 2.8.2) Google Chrome (Version: 26.0.1410.64) Google Earth (Version: 7.0.3.8542) Google Update Helper (Version: 1.3.21.135) GTK+ 2.6.7-2 runtime environment HTC Driver Installer (Version: 2.0.7.018) HTC Sync (Version: 2.0.40) IDRMyImage_free (Version: 2.0) Image Plugin (Version: 3.04.0226) InfoAtoms [Uninstall] (Version: 1.5.0.0) Inkscape 0.48.4 (Version: 0.48.4) Internet Explorer Toolbar 4.7 by SweetPacks (Version: 4.7.0008) IrfanView (remove only) (Version: 4.32) Jasc Digital Camera Support v5.01 (Version: 5.01.0000) Java Auto Updater (Version: 2.0.2.4) Java(TM) 6 Update 20 (Version: 6.0.200) Java(TM) 6 Update 21 (Version: 6.0.210) Java(TM) 7 Update 2 (64-bit) (Version: 7.0.20) Java(TM) SE Development Kit 7 Update 2 (64-bit) (Version: 1.7.0.20) JavaFX 2.0.2 (64-bit) (Version: 2.0.2) JavaFX 2.0.2 SDK (64-bit) (Version: 2.0.2) JNLP Media Player Media Player Packages Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319) Mobile Broadband Generic Drivers (Version: 2.03.09.005.14) MotoHelper 2.1.25 Driver 5.3.0 (Version: 2.1.25) MotoHelper MergeModules (Version: 1.2.0) Motorola Mobile Drivers Installation 5.3.0 (Version: 5.3.0) Mozilla Thunderbird (2.0.0.6) (Version: 2.0.0.6 (en-US)) MSVCRT (Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) OpenOffice.org 2.1 Language Pack (Español) (Version: 2.1.9095) OpenOffice.org 3.4.1 (Version: 3.41.9593) Paint Shop Pro 7 (Version: 7.0.4.0000) Pdf2Jpg version 1.2 (Version: 1.2) Photo Collage Max (Version: 2.1.6.6) Photo Pos Pro (Version: 1.89) PhotoScape Plata Software MultiMediaOffice v2.0.0 (Version: v2.0.0) RealDownloader (Version: 1.3.0) RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0) RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0) RealPlayer (Version: 16.0.0) RealUpgrade 1.1 (Version: 1.1.0) RepaintMyImage_free (Version: 1.0) Script Font Trial, Version 3.5b Search Protect by conduit (Version: 1.4.3.7) SMPlayer 0.6.9 (Version: 0.6.9) Software Version Updater (Version: 1.1.3.7) SolidWorks eDrawings 2013 (Version: 13.0.5016) The GIMP 2.2.10 The KJB Desktop Bible Book Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Verizon Wireless MiFi-2200 Firmware Updates (Version: 1.0.1) Videora iPod Converter 6 (Version: 6) Virtual DJ Home - Atomix Productions VirtualDJ Home FREE (Version: 7.0.4.1) VirtualDub-Mpeg2 v2.0.0 (Version: v2.0.0) Visual Slideshow VZAccess Manager (Version: 7.2.11.1) WAV To MP3 Converter version 1.0 r1 (Version: 1.0 r1) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3508.1109) Windows Live ID Sign-in Assistant (Version: 7.250.4225.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3508.1109) Windows Live Messenger (Version: 15.4.3502.0922) Windows Live Movie Maker (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live Photo Gallery (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) Windows Mobile Device Updater Component (Version: 04.08.2345.00) Windows Movie Maker 2.6 (Version: 2.6.4037.0) Windows Movie Maker Enhancement Pack 2010 (Version: 1.5) WModem Driver Installer (Version: 2.0.6.9) Word Artist 2.2 (Version: 2.2) Word to Heart Your Free DVD Ripper 4.5 YouTube Downloader App 3.00 (Version: 3.00) Youtube Downloader HD v. 2.9.6 YTD Video Downloader 3.9.6 (Version: 3.9.6) Zoner Photo Studio 15 (Version: 15.0.1.2) Zumas RevengeTM (remove only) Zune (Version: 04.08.2345.00) Zune Language Pack (CHS) (Version: 04.08.2345.00) Zune Language Pack (CHT) (Version: 04.08.2345.00) Zune Language Pack (CSY) (Version: 04.08.2345.00) Zune Language Pack (DAN) (Version: 04.08.2345.00) Zune Language Pack (DEU) (Version: 04.08.2345.00) Zune Language Pack (ELL) (Version: 04.08.2345.00) Zune Language Pack (ESP) (Version: 04.08.2345.00) Zune Language Pack (FIN) (Version: 04.08.2345.00) Zune Language Pack (FRA) (Version: 04.08.2345.00) Zune Language Pack (HUN) (Version: 04.08.2345.00) Zune Language Pack (IND) (Version: 04.08.2345.00) Zune Language Pack (ITA) (Version: 04.08.2345.00) Zune Language Pack (JPN) (Version: 04.08.2345.00) Zune Language Pack (KOR) (Version: 04.08.2345.00) Zune Language Pack (MSL) (Version: 04.08.2345.00) Zune Language Pack (NLD) (Version: 04.08.2345.00) Zune Language Pack (NOR) (Version: 04.08.2345.00) Zune Language Pack (PLK) (Version: 04.08.2345.00) Zune Language Pack (PTB) (Version: 04.08.2345.00) Zune Language Pack (PTG) (Version: 04.08.2345.00) Zune Language Pack (RUS) (Version: 04.08.2345.00) Zune Language Pack (SVE) (Version: 04.08.2345.00) ==================== Restore Points  ========================= 03-04-2013 00:13:35 Windows Update 06-04-2013 04:21:13 Windows Update 10-04-2013 00:32:31 Windows Update 10-04-2013 20:58:39 Windows Update 12-04-2013 03:37:52 Windows Update 17-04-2013 02:22:40 Windows Update 20-04-2013 02:31:06 Windows Update 23-04-2013 21:28:14 Windows Update 24-04-2013 21:09:24 Windows Update 28-04-2013 20:43:47 Installed Word Artist 2.2 01-05-2013 01:11:42 Windows Update 05-05-2013 04:24:37 Windows Defender Checkpoint ==================== Faulty Device Manager Devices ============= Name: Base System Device Description: Base System Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: aswVmm Description: aswVmm Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: aswVmm Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Base System Device Description: Base System Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: PCI Simple Communications Controller Description: PCI Simple Communications Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: aswRvrt Description: aswRvrt Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: aswRvrt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (05/09/2013 08:52:49 PM) (Source: System Restore) (User: ) Description: Failed to create restore point (Process = C:\Users\HUNTER~1\AppData\Local\Temp\_av_sfx.tm~71c67ba1-ed5c-4caa-ad1d-263ee91231de\avast.setup /sfx /sfxstorage "C:\Users\HUNTER~1\AppData\Local\Temp\_av_sfx.tm~71c67ba1-ed5c-4caa-ad1d-263ee91231de" /GetEdition:free /edition "1" /brandcode "A"  /srcpath "I:\Download" /sfxname "avast_free_antivirus_setup"; Description = avast! Free Antivirus Setup; Error = 0x8007043c). Error: (05/08/2013 06:28:40 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object. Details: Could not query the status of the EventSystem service. System Error: A system shutdown is in progress. . Error: (05/08/2013 05:48:48 PM) (Source: System Restore) (User: ) Description: An unspecified error occurred during System Restore: (Windows Defender Checkpoint). Additional information: 0x80070005. Error: (05/08/2013 04:29:48 PM) (Source: Application Error) (User: ) Description: Faulting application name: iexplore.exe, version: 9.0.8112.16476, time stamp: 0x5126e7ac Faulting module name: dealcabby_20121029030001.dll, version: 0.0.0.0, time stamp: 0x508ed243 Exception code: 0xc0000005 Fault offset: 0x00001b73 Faulting process id: 0xfc8 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Error: (05/07/2013 11:21:46 PM) (Source: Application Hang) (User: ) Description: The program inkscape.exe version 0.48.4.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 8e0 Start Time: 01ce4ba377e7f926 Termination Time: 10 Application Path: C:\Program Files (x86)\Inkscape\inkscape.exe Report Id: c7f887b7-b796-11e2-9b11-701a04b9343b Error: (05/07/2013 09:32:35 PM) (Source: Application Error) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16768, time stamp: 0x4d688122 Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137 Exception code: 0xc0000005 Fault offset: 0x0000000000028ea8 Faulting process id: 0x724 Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (05/06/2013 11:08:51 PM) (Source: Application Error) (User: ) Description: Faulting application name: iexplore.exe, version: 9.0.8112.16476, time stamp: 0x5126e7ac Faulting module name: dealcabby_20121029030001.dll, version: 0.0.0.0, time stamp: 0x508ed243 Exception code: 0xc0000005 Fault offset: 0x00001b73 Faulting process id: 0x23f4 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Error: (05/06/2013 09:11:20 PM) (Source: Application Hang) (User: ) Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1fd4 Start Time: 01ce4aba8d78b3f9 Termination Time: 32 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error: (05/05/2013 10:16:38 PM) (Source: Application Error) (User: ) Description: Faulting application name: iexplore.exe, version: 9.0.8112.16476, time stamp: 0x5126e7ac Faulting module name: dealcabby_20121029030001.dll, version: 0.0.0.0, time stamp: 0x508ed243 Exception code: 0xc0000005 Fault offset: 0x00001b73 Faulting process id: 0x36f8 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Error: (05/05/2013 09:32:57 PM) (Source: Windows Backup) (User: ) Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). System errors: ============= Error: (05/09/2013 10:45:29 PM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (05/09/2013 10:45:24 PM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (05/09/2013 10:43:47 PM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (05/09/2013 10:43:47 PM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (05/09/2013 10:43:47 PM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (05/09/2013 10:43:47 PM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (05/09/2013 10:43:47 PM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (05/09/2013 10:43:47 PM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (05/09/2013 10:43:46 PM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (05/09/2013 10:43:46 PM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Microsoft Office Sessions: ========================= Error: (05/09/2013 08:52:49 PM) (Source: System Restore)(User: ) Description: C:\Users\HUNTER~1\AppData\Local\Temp\_av_sfx.tm~71c67ba1-ed5c-4caa-ad1d-263ee91231de\avast.setup /sfx /sfxstorage "C:\Users\HUNTER~1\AppData\Local\Temp\_av_sfx.tm~71c67ba1-ed5c-4caa-ad1d-263ee91231de" /GetEdition:free /edition "1" /brandcode "A"  /srcpath "I:\Download" /sfxname "avast_free_antivirus_setup"avast! Free Antivirus Setup0x8007043c Error: (05/08/2013 06:28:40 PM) (Source: Microsoft-Windows-CAPI2)(User: ) Description: Details: Could not query the status of the EventSystem service. System Error: A system shutdown is in progress. Error: (05/08/2013 05:48:48 PM) (Source: System Restore)(User: ) Description: Windows Defender Checkpoint0x80070005 Error: (05/08/2013 04:29:48 PM) (Source: Application Error)(User: ) Description: iexplore.exe9.0.8112.164765126e7acdealcabby_20121029030001.dll0.0.0.0508ed243c000000500001b73fc801ce4c32922f93b1C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Hunter Collier\AppData\Local\dealcabby\ie\dealcabby_20121029030001.dll68609e9e-b826-11e2-9b11-00266c40055c Error: (05/07/2013 11:21:46 PM) (Source: Application Hang)(User: ) Description: inkscape.exe0.48.4.08e001ce4ba377e7f92610C:\Program Files (x86)\Inkscape\inkscape.exec7f887b7-b796-11e2-9b11-701a04b9343b Error: (05/07/2013 09:32:35 PM) (Source: Application Error)(User: ) Description: Explorer.EXE6.1.7600.167684d688122ntdll.dll6.1.7600.169154ec4b137c00000050000000000028ea872401ce47afc27f1e49C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll8a4b3ef0-b787-11e2-9a05-00266c40055c Error: (05/06/2013 11:08:51 PM) (Source: Application Error)(User: ) Description: iexplore.exe9.0.8112.164765126e7acdealcabby_20121029030001.dll0.0.0.0508ed243c000000500001b7323f401ce4ad3091c1e04C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Hunter Collier\AppData\Local\dealcabby\ie\dealcabby_20121029030001.dlld2ca564e-b6cb-11e2-9a05-00266c40055c Error: (05/06/2013 09:11:20 PM) (Source: Application Hang)(User: ) Description: iexplore.exe9.0.8112.164761fd401ce4aba8d78b3f932C:\Program Files (x86)\Internet Explorer\iexplore.exe Error: (05/05/2013 10:16:38 PM) (Source: Application Error)(User: ) Description: iexplore.exe9.0.8112.164765126e7acdealcabby_20121029030001.dll0.0.0.0508ed243c000000500001b7336f801ce4a0688a02d92C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Hunter Collier\AppData\Local\dealcabby\ie\dealcabby_20121029030001.dll5ce18fd7-b5fb-11e2-9a05-00266c40055c Error: (05/05/2013 09:32:57 PM) (Source: Windows Backup)(User: ) Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006) ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 3894.9 MB Available physical RAM: 3284.83 MB Total Pagefile: 7787.93 MB Available Pagefile: 7184.3 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:453.89 GB) (Free:352.31 GB) NTFS (Disk=0 Partition=2) Drive h: (MotoCast) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS Drive I: (MOT) (Removable) (Total:8 GB) (Free:1.48 GB) FAT32 (Disk=1 Partition=1) Drive j: () (Removable) (Total:1.84 GB) (Free:1.62 GB) FAT (Disk=2 Partition=1) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 31AC024B) Partition 1: (Active) - (Size=1 GB) - (Type=27) Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=10 GB) - (Type=17) ======================================================== Disk: 1 (Size: 8 GB) (Disk ID: 00000000) ======================================================== Disk: 2 (Size: 2 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=2 GB) - (Type=06) ==================== End Of Log ============================

So what's next? TIA

rammertide07 · May 10, 2013

FYI, this is the additional report. Just realized this may not be the same as the other report...

Broni · May 10, 2013

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================

Because of some weird formatting your log is not readable.
Before we go anywhere I need to know what is the exact status of your computer.
Can you boot and operate it normally?

rammertide07 · May 10, 2013

I see what you mean. The email display is different than the txt document format. Here is a copy/paste from the txt document:

Running from I:\Download
Boot Mode: Safe Mode (minimal)
==========================================================

==================== Installed Programs =======================
Adobe AIR (Version: 3.5.0.600)
Adobe Flash Player 10 Plugin (Version: 10.0.45.2)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
Any Video Converter Ultimate 4.5.7
Ashampoo Photo Commander 10 v.10.1.3 (Version: 10.1.3)
Audacity 1.2.4
avast! Free Antivirus (Version: 8.0.1488.0)
AviSynth 2.5
AVS Image Converter 2.3.2.248 (Version: 2.3.2.248)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Canon MP250 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CTRLA - Hidden image creator 1.0
D3DX10 (Version: 15.4.2368.0902)
DeblurMyImage_free (Version: 2.0)
DefaultTab (Version: 2.2.1.0)
DenoiseMyImage_free (Version: 2.0)
DVD Decrypter (Remove Only)
EasyTether (Version: 1.1.16)
Fast Free Converter (Version: 4.1)
Free YouTube to MP3 Converter version 3.12.1.320 (Version: 3.12.1.320)
Gadwin PrintScreen (Version: 4.4)
GIMP 2.8.2 (Version: 2.8.2)
Google Chrome (Version: 26.0.1410.64)
Google Earth (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.135)
GTK+ 2.6.7-2 runtime environment
HTC Driver Installer (Version: 2.0.7.018)
HTC Sync (Version: 2.0.40)
IDRMyImage_free (Version: 2.0)
Image Plugin (Version: 3.04.0226)
InfoAtoms [Uninstall] (Version: 1.5.0.0)
Inkscape 0.48.4 (Version: 0.48.4)
Internet Explorer Toolbar 4.7 by SweetPacks (Version: 4.7.0008)
IrfanView (remove only) (Version: 4.32)
Jasc Digital Camera Support v5.01 (Version: 5.01.0000)
Java Auto Updater (Version: 2.0.2.4)
Java(TM) 6 Update 20 (Version: 6.0.200)
Java(TM) 6 Update 21 (Version: 6.0.210)
Java(TM) 7 Update 2 (64-bit) (Version: 7.0.20)
Java(TM) SE Development Kit 7 Update 2 (64-bit) (Version: 1.7.0.20)
JavaFX 2.0.2 (64-bit) (Version: 2.0.2)
JavaFX 2.0.2 SDK (64-bit) (Version: 2.0.2)
JNLP
Media Player
Media Player Packages
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mobile Broadband Generic Drivers (Version: 2.03.09.005.14)
MotoHelper 2.1.25 Driver 5.3.0 (Version: 2.1.25)
MotoHelper MergeModules (Version: 1.2.0)
Motorola Mobile Drivers Installation 5.3.0 (Version: 5.3.0)
Mozilla Thunderbird (2.0.0.6) (Version: 2.0.0.6 (en-US))
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
OpenOffice.org 2.1 Language Pack (Español) (Version: 2.1.9095)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
Paint Shop Pro 7 (Version: 7.0.4.0000)
Pdf2Jpg version 1.2 (Version: 1.2)
Photo Collage Max (Version: 2.1.6.6)
Photo Pos Pro (Version: 1.89)
PhotoScape
Plata Software MultiMediaOffice v2.0.0 (Version: v2.0.0)
RealDownloader (Version: 1.3.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.0)
RealUpgrade 1.1 (Version: 1.1.0)
RepaintMyImage_free (Version: 1.0)
Script Font Trial, Version 3.5b
Search Protect by conduit (Version: 1.4.3.7)
SMPlayer 0.6.9 (Version: 0.6.9)
Software Version Updater (Version: 1.1.3.7)
SolidWorks eDrawings 2013 (Version: 13.0.5016)
The GIMP 2.2.10
The KJB Desktop Bible Book
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Verizon Wireless MiFi-2200 Firmware Updates (Version: 1.0.1)
Videora iPod Converter 6 (Version: 6)
Virtual DJ Home - Atomix Productions
VirtualDJ Home FREE (Version: 7.0.4.1)
VirtualDub-Mpeg2 v2.0.0 (Version: v2.0.0)
Visual Slideshow
VZAccess Manager (Version: 7.2.11.1)
WAV To MP3 Converter version 1.0 r1 (Version: 1.0 r1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
Windows Movie Maker 2.6 (Version: 2.6.4037.0)
Windows Movie Maker Enhancement Pack 2010 (Version: 1.5)
WModem Driver Installer (Version: 2.0.6.9)
Word Artist 2.2 (Version: 2.2)
Word to Heart
Your Free DVD Ripper 4.5
YouTube Downloader App 3.00 (Version: 3.00)
Youtube Downloader HD v. 2.9.6
YTD Video Downloader 3.9.6 (Version: 3.9.6)
Zoner Photo Studio 15 (Version: 15.0.1.2)
Zumas RevengeTM (remove only)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)
==================== Restore Points =========================
03-04-2013 00:13:35 Windows Update
06-04-2013 04:21:13 Windows Update
10-04-2013 00:32:31 Windows Update
10-04-2013 20:58:39 Windows Update
12-04-2013 03:37:52 Windows Update
17-04-2013 02:22:40 Windows Update
20-04-2013 02:31:06 Windows Update
23-04-2013 21:28:14 Windows Update
24-04-2013 21:09:24 Windows Update
28-04-2013 20:43:47 Installed Word Artist 2.2
01-05-2013 01:11:42 Windows Update
05-05-2013 04:24:37 Windows Defender Checkpoint
==================== Faulty Device Manager Devices =============
Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: aswVmm
Description: aswVmm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: aswRvrt
Description: aswRvrt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================
Application errors:
==================
Error: (05/09/2013 08:52:49 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Users\HUNTER~1\AppData\Local\Temp\_av_sfx.tm~71c67ba1-ed5c-4caa-ad1d-263ee91231de\avast.setup /sfx /sfxstorage "C:\Users\HUNTER~1\AppData\Local\Temp\_av_sfx.tm~71c67ba1-ed5c-4caa-ad1d-263ee91231de" /GetEdition:free /edition "1" /brandcode "A" /srcpath "I:\Download" /sfxname "avast_free_antivirus_setup"; Description = avast! Free Antivirus Setup; Error = 0x8007043c).
Error: (05/08/2013 06:28:40 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.
System Error:
A system shutdown is in progress.
.
Error: (05/08/2013 05:48:48 PM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (Windows Defender Checkpoint). Additional information: 0x80070005.
Error: (05/08/2013 04:29:48 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16476, time stamp: 0x5126e7ac
Faulting module name: dealcabby_20121029030001.dll, version: 0.0.0.0, time stamp: 0x508ed243
Exception code: 0xc0000005
Fault offset: 0x00001b73
Faulting process id: 0xfc8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (05/07/2013 11:21:46 PM) (Source: Application Hang) (User: )
Description: The program inkscape.exe version 0.48.4.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 8e0
Start Time: 01ce4ba377e7f926
Termination Time: 10
Application Path: C:\Program Files (x86)\Inkscape\inkscape.exe
Report Id: c7f887b7-b796-11e2-9b11-701a04b9343b
Error: (05/07/2013 09:32:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16768, time stamp: 0x4d688122
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137
Exception code: 0xc0000005
Fault offset: 0x0000000000028ea8
Faulting process id: 0x724
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Error: (05/06/2013 11:08:51 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16476, time stamp: 0x5126e7ac
Faulting module name: dealcabby_20121029030001.dll, version: 0.0.0.0, time stamp: 0x508ed243
Exception code: 0xc0000005
Fault offset: 0x00001b73
Faulting process id: 0x23f4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (05/06/2013 09:11:20 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1fd4
Start Time: 01ce4aba8d78b3f9
Termination Time: 32
Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Report Id:
Error: (05/05/2013 10:16:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16476, time stamp: 0x5126e7ac
Faulting module name: dealcabby_20121029030001.dll, version: 0.0.0.0, time stamp: 0x508ed243
Exception code: 0xc0000005
Fault offset: 0x00001b73
Faulting process id: 0x36f8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (05/05/2013 09:32:57 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

System errors:
=============
Error: (05/09/2013 10:45:29 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (05/09/2013 10:45:24 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (05/09/2013 10:43:47 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (05/09/2013 10:43:47 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (05/09/2013 10:43:47 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (05/09/2013 10:43:47 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (05/09/2013 10:43:47 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (05/09/2013 10:43:47 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (05/09/2013 10:43:46 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (05/09/2013 10:43:46 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (05/09/2013 08:52:49 PM) (Source: System Restore)(User: )
Description: C:\Users\HUNTER~1\AppData\Local\Temp\_av_sfx.tm~71c67ba1-ed5c-4caa-ad1d-263ee91231de\avast.setup /sfx /sfxstorage "C:\Users\HUNTER~1\AppData\Local\Temp\_av_sfx.tm~71c67ba1-ed5c-4caa-ad1d-263ee91231de" /GetEdition:free /edition "1" /brandcode "A" /srcpath "I:\Download" /sfxname "avast_free_antivirus_setup"avast! Free Antivirus Setup0x8007043c
Error: (05/08/2013 06:28:40 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
Could not query the status of the EventSystem service.
System Error:
A system shutdown is in progress.
Error: (05/08/2013 05:48:48 PM) (Source: System Restore)(User: )
Description: Windows Defender Checkpoint0x80070005
Error: (05/08/2013 04:29:48 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164765126e7acdealcabby_20121029030001.dll0.0.0.0508ed243c000000500001b73fc801ce4c32922f93b1C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Hunter Collier\AppData\Local\dealcabby\ie\dealcabby_20121029030001.dll68609e9e-b826-11e2-9b11-00266c40055c
Error: (05/07/2013 11:21:46 PM) (Source: Application Hang)(User: )
Description: inkscape.exe0.48.4.08e001ce4ba377e7f92610C:\Program Files (x86)\Inkscape\inkscape.exec7f887b7-b796-11e2-9b11-701a04b9343b
Error: (05/07/2013 09:32:35 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7600.167684d688122ntdll.dll6.1.7600.169154ec4b137c00000050000000000028ea872401ce47afc27f1e49C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll8a4b3ef0-b787-11e2-9a05-00266c40055c
Error: (05/06/2013 11:08:51 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164765126e7acdealcabby_20121029030001.dll0.0.0.0508ed243c000000500001b7323f401ce4ad3091c1e04C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Hunter Collier\AppData\Local\dealcabby\ie\dealcabby_20121029030001.dlld2ca564e-b6cb-11e2-9a05-00266c40055c
Error: (05/06/2013 09:11:20 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.164761fd401ce4aba8d78b3f932C:\Program Files (x86)\Internet Explorer\iexplore.exe
Error: (05/05/2013 10:16:38 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164765126e7acdealcabby_20121029030001.dll0.0.0.0508ed243c000000500001b7336f801ce4a0688a02d92C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Hunter Collier\AppData\Local\dealcabby\ie\dealcabby_20121029030001.dll5ce18fd7-b5fb-11e2-9a05-00266c40055c
Error: (05/05/2013 09:32:57 PM) (Source: Windows Backup)(User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

==================== Memory info ===========================
Percentage of memory in use: 15%
Total physical RAM: 3894.9 MB
Available physical RAM: 3284.83 MB
Total Pagefile: 7787.93 MB
Available Pagefile: 7184.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:453.89 GB) (Free:352.31 GB) NTFS (Disk=0 Partition=2)
Drive h: (MotoCast) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS
Drive I: (MOT) (Removable) (Total:8 GB) (Free:1.48 GB) FAT32 (Disk=1 Partition=1)
Drive j: () (Removable) (Total:1.84 GB) (Free:1.62 GB) FAT (Disk=2 Partition=1)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 31AC024B)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=17)
========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 00000000)
========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

[FONT=Calibri]When I boot up normally and log into the user account, the normal desktop comes up for 30 seconds and then the FBI moneypak maleware comes up and locks me out from doing anything.[/FONT]
[FONT=Calibri]I have better luck running in safe mode. I did one thing yesterday, can’t remember what, in safe mode and the malware started running. I’m fixing to be back home and I can get the other txt report from Farbar and paste it here. [/FONT]
[FONT=Calibri]All internet goes through my phone and my laptop won’t connect to it in safe mode. FYI.[/FONT]
[FONT=Calibri]Thanks[/FONT]

Broni · May 10, 2013

Yeah I need the other log.

rammertide07 · May 10, 2013

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-05-2013
Ran by Hunter Collier (administrator) on 09-05-2013 23:51:07
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: DealCabby - C:\Users\Hunter Collier\AppData\Roaming\Mozilla\Firefox\Profiles\profile\Extensions\dealcabby@jetpack
FF Extension: SpecialSavings - C:\Users\Hunter Collier\AppData\Roaming\Mozilla\Firefox\Profiles\profile\Extensions\specialsavings@superfish.com

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?SearchSource=10&CUI=UN23359133428389186&ctid=CT3277370
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3292584&SearchSource=48&CUI=UN17294958577068308&UM=2", "hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN18640304411681467&UM=2"
CHR DefaultSearchURL: (Conduit) - http://search.conduit.com/Results.a...9&CUI=UN18640304411681467&ctid=CT3289847&UM=2
CHR DefaultSuggestURL: (Conduit) - http://suggest.search.conduit.com/C...ix={searchTerms}&CUI=UN18640304411681467&UM=2
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
CHR Plugin: (Injovo Extension Plugin) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.566_0\npbrowserext.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj\10.15.0.62_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj\10.15.0.62_0\plugins/np-cwmp.dll No File
CHR Plugin: (Conduit Chrome Approve TB Plugin) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj\10.15.0.62_0\plugins/ChromeApproveTBPlugin.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Unity Player) - C:\Users\Hunter Collier\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Google Docs) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Funmoods) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.1.3_0
CHR Extension: (PriceGong) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.8_0
CHR Extension: (YouTube) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (ChromeUpdateManager) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0
CHR Extension: (New Tab) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\7.0.21_0
CHR Extension: (Google Search) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (MixiDJ V1) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj\10.15.2.523_0
CHR Extension: (uTorrentControl_v2) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.15.0.562_1
CHR Extension: (InfoAtoms) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.5.0.0_0
CHR Extension: (RealDownloader) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0
CHR Extension: () - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\imolbaiifjleeieoblfpkiodaegcolcp\4.0.0.0_0
CHR Extension: (WhiteSmoke New) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.15.2.24_0
CHR Extension: () - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncflbflcglbjoebicfngachbpdmeobkk\4.0.0.0_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0
CHR Extension: (SweetPacks Chrome Extension) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0
CHR Extension: (Gmail) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-01] (AVAST Software)
S2 Browser Manager; C:\ProgramData\Browser Manager\2.6.1125.80\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe [2569168 2013-03-06] ()
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [93984 2013-04-11] (Conduit)
S2 DefaultTabUpdate; C:\Users\Hunter Collier\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-02-12] ()
S2 FastFreeConverterUpdt; C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [687104 2012-11-26] ()
S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
S2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [218992 2011-10-31] ()
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()

==================== Drivers (Whitelisted) ====================

S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-01] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-01] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-01] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-01] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-05-01] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378432 2013-05-01] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-01] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-05-02] ()
S3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [20784 2012-06-06] (Mobile Stream)
S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-12-18] (Novatel Wireless Inc.)
S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-12-18] (Novatel Wireless Inc.)
S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2009-12-18] (Novatel Wireless Inc.)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 SMSIVZAM5X64; C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [43032 2009-05-25] (Smith Micro Inc.)
S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [28808 2008-03-05] ()
S3 SWNC5E00; C:\Windows\System32\DRIVERS\SWNC5E00.sys [195584 2008-03-05] (Sierra Wireless Inc.)
S3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [x]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-09 23:51 - 2013-05-09 23:51 - 00000000 ____D C:\FRST
2013-05-09 20:53 - 2013-05-09 20:54 - 00002075 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-05-09 20:53 - 2013-05-09 20:53 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
2013-05-09 20:53 - 2013-05-09 20:53 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-05-09 20:53 - 2013-05-02 10:44 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-05-09 20:53 - 2013-05-01 18:34 - 01025808 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-05-09 20:53 - 2013-05-01 18:34 - 00378432 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-05-09 20:53 - 2013-05-01 18:34 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-05-09 20:53 - 2013-05-01 18:34 - 00072016 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-05-09 20:53 - 2013-05-01 18:34 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-05-09 20:53 - 2013-05-01 18:34 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-05-09 20:53 - 2013-05-01 18:34 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-05-09 20:53 - 2013-05-01 18:33 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-05-09 20:53 - 2013-05-01 18:33 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-05-09 20:52 - 2013-05-09 20:52 - 00000000 ____D C:\ProgramData\AVAST Software
2013-05-09 20:52 - 2013-05-09 20:52 - 00000000 ____D C:\Program Files\AVAST Software
2013-05-08 22:05 - 2013-05-08 22:05 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\MFAData
2013-05-08 22:05 - 2013-05-08 22:05 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\Avg2013
2013-05-08 22:05 - 2013-05-08 22:05 - 00000000 ____D C:\ProgramData\MFAData
2013-05-08 21:32 - 2013-05-08 21:32 - 00000022 ____A C:\Users\Hunter Collier\Desktop\Transfer.zip
2013-05-08 16:30 - 2013-05-09 22:41 - 95023320 ___AT C:\ProgramData\wveqr.pad
2013-05-08 16:30 - 2013-05-09 22:41 - 00000000 ____A C:\ProgramData\as98213.txt
2013-05-08 16:30 - 2013-05-08 16:30 - 95023320 ___AT C:\ProgramData\g7dof.pad
2013-05-08 16:30 - 2013-05-08 16:30 - 00126976 ____A (Microsoft Corporation) C:\ProgramData\rqevw.dat
2013-05-08 16:30 - 2013-05-08 16:30 - 00126976 ____A (Microsoft Corporation) C:\ProgramData\fod7g.dat
2013-05-08 16:30 - 2013-05-08 16:30 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-05-08 16:30 - 2013-05-08 16:30 - 00000151 ____A C:\ProgramData\wveqr.reg
2013-05-08 16:30 - 2013-05-08 16:30 - 00000055 ____A C:\ProgramData\wveqr.bat
2013-05-08 16:07 - 2013-05-08 16:07 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{BBD368E1-E854-437E-B5F6-EED5B0E7DC45}
2013-05-06 22:50 - 2013-05-06 22:50 - 00024406 ____A C:\Users\Hunter Collier\AppData\Local\recently-used.xbel
2013-05-06 22:25 - 2013-05-08 17:47 - 00000000 ____D C:\Program Files (x86)\File Type Helper
2013-05-06 22:25 - 2013-05-06 22:24 - 00022851 ____A C:\Users\Hunter Collier\Desktop\skunklin.zip
2013-05-06 22:24 - 2013-05-08 17:47 - 00000000 ____D C:\Program Files (x86)\Fast Free Converter
2013-05-06 22:22 - 2013-05-06 22:22 - 00163512 ____A () C:\Users\Hunter Collier\Downloads\Skunkline_downloader_by_AcidFonts.exe
2013-05-04 23:27 - 2013-05-08 17:47 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2013-05-02 22:44 - 2013-05-07 20:41 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{48FB845D-7F25-42F1-8226-2B2DDED22037}
2013-05-02 22:41 - 2013-05-02 22:41 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{F7A228D6-4DD5-4FF1-A58A-05F2417A6327}
2013-04-30 22:55 - 2013-04-30 22:56 - 00000000 ____D C:\Program Files (x86)\Script Font Trial
2013-04-30 22:49 - 2013-04-30 22:51 - 00917360 ____A (Elfring Fonts, Inc. ) C:\Users\Hunter Collier\Desktop\inscript.exe
2013-04-29 22:45 - 2013-04-30 19:40 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{59EA95A1-1654-4F21-B2C4-387CBAA3ACB5}
2013-04-28 17:23 - 2013-04-28 17:23 - 00016584 ____A C:\Users\Hunter Collier\Desktop\hs_err_pid4588.log
2013-04-28 15:44 - 2013-04-28 18:54 - 00000000 ____D C:\Program Files (x86)\Word Artist 2.2
2013-04-28 11:14 - 2013-04-28 18:54 - 00000000 ____D C:\Users\Hunter Collier\Desktop\Graphics.Media
2013-04-28 11:04 - 2013-05-09 22:41 - 00000392 ____A C:\Windows\Tasks\AmiUpdXp.job
2013-04-28 11:04 - 2013-04-28 18:54 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\SwvUpdater
2013-04-28 11:04 - 2013-04-28 11:04 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-04-28 11:03 - 2013-04-28 13:48 - 00000000 ____D C:\Program Files (x86)\Iminent
2013-04-28 11:03 - 2013-04-28 11:09 - 00000866 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-04-28 11:03 - 2013-04-28 11:04 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\SearchProtect
2013-04-28 11:03 - 2013-04-28 11:03 - 00000551 ____A C:\Users\Guest\Desktop\Graphx Edge.lnk
2013-04-28 11:02 - 2013-04-28 11:02 - 00511184 ____A (Graphx Edge ) C:\Users\Hunter Collier\Downloads\bodyfonts-trial.exe
2013-04-27 00:35 - 2013-04-27 00:35 - 00081280 ____A C:\Users\Hunter Collier\Desktop\Yahoo4.ods
2013-04-23 16:28 - 2013-04-12 09:36 - 01653096 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-20 22:41 - 2013-05-09 22:40 - 00006493 ____A C:\Users\Hunter Collier\AppData\Local\58bcb66e-aa35-11e2-8274-b8ac6f996f26.crx
2013-04-20 22:41 - 2013-04-20 22:41 - 00720896 ____A (Mise Technology,Inc) C:\Users\Hunter Collier\AppData\Roaming\pasitv.dll
2013-04-20 22:41 - 2013-04-20 22:41 - 00434176 ____A () C:\Users\Hunter Collier\AppData\Roaming\pifeud.dll
2013-04-20 22:29 - 2013-05-06 22:27 - 00000000 ____D C:\Users\Hunter Collier\Desktop\Camera
2013-04-17 18:23 - 2013-04-17 18:24 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\DVDVideoSoft
2013-04-17 18:23 - 2013-04-17 18:23 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\DVDVideoSoftIEHelpers
2013-04-17 18:23 - 2013-04-17 18:23 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-04-11 22:38 - 2013-02-22 01:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-11 22:38 - 2013-02-22 01:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-11 22:38 - 2013-02-22 01:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-11 22:38 - 2013-02-22 01:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-11 22:38 - 2013-02-22 01:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-11 22:38 - 2013-02-22 01:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-11 22:38 - 2013-02-22 01:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-11 22:38 - 2013-02-22 01:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-11 22:38 - 2013-02-22 01:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-11 22:38 - 2013-02-22 01:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-11 22:38 - 2013-02-22 01:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-11 22:38 - 2013-02-22 01:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-11 22:38 - 2013-02-22 01:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-11 22:38 - 2013-02-22 01:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-11 22:38 - 2013-02-22 01:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-11 22:38 - 2013-02-22 01:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-11 22:38 - 2013-02-21 23:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-11 22:38 - 2013-02-21 22:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-11 22:38 - 2013-02-21 22:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-11 22:38 - 2013-02-21 22:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-11 22:38 - 2013-02-21 22:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-11 22:38 - 2013-02-21 22:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-04-11 22:38 - 2013-02-21 22:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-11 22:38 - 2013-02-21 22:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-11 22:38 - 2013-02-21 22:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-11 22:38 - 2013-02-21 22:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-04-11 22:38 - 2013-02-21 22:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-04-11 22:38 - 2013-02-21 22:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-11 22:38 - 2013-02-21 22:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-11 22:38 - 2013-02-21 22:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-11 22:38 - 2013-02-21 22:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-11 22:38 - 2013-02-21 22:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-10 17:28 - 2013-04-10 17:30 - 150856784 ____A C:\Users\Hunter Collier\Desktop\Brother George.zip
2013-04-09 23:26 - 2013-04-09 23:29 - 00000000 ____D C:\Users\Hunter Collier\.contenta
2013-04-09 23:26 - 2013-04-09 23:28 - 00004121 ____A C:\Windows\SysWOW64\contenta-converter.log
2013-04-09 23:26 - 2013-04-09 23:26 - 00000000 ____D C:\Users\Hunter Collier\.Contenta SVG Converter
2013-04-09 19:46 - 2013-02-12 10:42 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-09 19:46 - 2013-02-12 10:37 - 03138048 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-09 19:46 - 2013-02-12 10:31 - 00158208 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-09 19:46 - 2013-02-12 10:13 - 02691072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-04-09 19:46 - 2013-02-12 10:07 - 00131072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-04-09 19:46 - 2013-02-12 08:59 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-04-09 19:40 - 2013-02-28 22:32 - 03150848 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-09 19:33 - 2013-03-19 01:19 - 05497688 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-09 19:33 - 2013-03-19 00:54 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-09 19:33 - 2013-03-19 00:06 - 03958120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-04-09 19:33 - 2013-03-19 00:06 - 03902312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-04-09 19:33 - 2013-03-18 23:53 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-04-09 19:33 - 2013-03-18 22:19 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-09 19:33 - 2013-01-24 00:41 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys

==================== One Month Modified Files and Folders =======

2013-05-09 23:51 - 2013-05-09 23:51 - 00000000 ____D C:\FRST
2013-05-09 22:47 - 2009-07-14 00:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-09 22:42 - 2010-08-05 00:54 - 01135868 ____A C:\Windows\WindowsUpdate.log
2013-05-09 22:42 - 2009-07-13 23:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-09 22:42 - 2009-07-13 23:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-09 22:41 - 2013-05-08 16:30 - 95023320 ___AT C:\ProgramData\wveqr.pad
2013-05-09 22:41 - 2013-05-08 16:30 - 00000000 ____A C:\ProgramData\as98213.txt
2013-05-09 22:41 - 2013-04-28 11:04 - 00000392 ____A C:\Windows\Tasks\AmiUpdXp.job
2013-05-09 22:41 - 2012-11-24 15:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-05-09 22:40 - 2013-04-20 22:41 - 00006493 ____A C:\Users\Hunter Collier\AppData\Local\58bcb66e-aa35-11e2-8274-b8ac6f996f26.crx
2013-05-09 22:40 - 2010-08-22 15:32 - 00000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-09 22:38 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-09 22:38 - 2009-07-13 23:51 - 00090181 ____A C:\Windows\setupact.log
2013-05-09 22:37 - 2012-12-16 18:12 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\WinLive
2013-05-09 20:54 - 2013-05-09 20:53 - 00002075 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-05-09 20:53 - 2013-05-09 20:53 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
2013-05-09 20:53 - 2013-05-09 20:53 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-05-09 20:52 - 2013-05-09 20:52 - 00000000 ____D C:\ProgramData\AVAST Software
2013-05-09 20:52 - 2013-05-09 20:52 - 00000000 ____D C:\Program Files\AVAST Software
2013-05-08 22:05 - 2013-05-08 22:05 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\MFAData
2013-05-08 22:05 - 2013-05-08 22:05 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\Avg2013
2013-05-08 22:05 - 2013-05-08 22:05 - 00000000 ____D C:\ProgramData\MFAData
2013-05-08 21:32 - 2013-05-08 21:32 - 00000022 ____A C:\Users\Hunter Collier\Desktop\Transfer.zip
2013-05-08 17:47 - 2013-05-06 22:25 - 00000000 ____D C:\Program Files (x86)\File Type Helper
2013-05-08 17:47 - 2013-05-06 22:24 - 00000000 ____D C:\Program Files (x86)\Fast Free Converter
2013-05-08 17:47 - 2013-05-04 23:27 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2013-05-08 17:47 - 2012-12-16 18:12 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\MCommon
2013-05-08 17:47 - 2012-11-24 15:42 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\Plata Software
2013-05-08 17:47 - 2010-08-05 20:52 - 00000000 ____D C:\ProgramData\Real
2013-05-08 17:47 - 2010-08-05 01:06 - 00000000 ____D C:\users\Hunter Collier
2013-05-08 17:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-05-08 17:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-05-08 17:38 - 2013-02-04 20:52 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-08 17:38 - 2012-02-26 21:46 - 00000458 ___AH C:\Windows\Tasks\Windows Driver Foundation.job
2013-05-08 17:38 - 2010-08-22 15:32 - 00000914 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-08 16:30 - 2013-05-08 16:30 - 95023320 ___AT C:\ProgramData\g7dof.pad
2013-05-08 16:30 - 2013-05-08 16:30 - 00126976 ____A (Microsoft Corporation) C:\ProgramData\rqevw.dat
2013-05-08 16:30 - 2013-05-08 16:30 - 00126976 ____A (Microsoft Corporation) C:\ProgramData\fod7g.dat
2013-05-08 16:30 - 2013-05-08 16:30 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-05-08 16:30 - 2013-05-08 16:30 - 00000151 ____A C:\ProgramData\wveqr.reg
2013-05-08 16:30 - 2013-05-08 16:30 - 00000055 ____A C:\ProgramData\wveqr.bat
2013-05-08 16:29 - 2012-11-23 23:47 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\CrashDumps
2013-05-08 16:07 - 2013-05-08 16:07 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{BBD368E1-E854-437E-B5F6-EED5B0E7DC45}
2013-05-07 23:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\tracing
2013-05-07 20:41 - 2013-05-02 22:44 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{48FB845D-7F25-42F1-8226-2B2DDED22037}
2013-05-06 22:50 - 2013-05-06 22:50 - 00024406 ____A C:\Users\Hunter Collier\AppData\Local\recently-used.xbel
2013-05-06 22:27 - 2013-04-20 22:29 - 00000000 ____D C:\Users\Hunter Collier\Desktop\Camera
2013-05-06 22:25 - 2012-11-25 11:04 - 00000032 ____A C:\END
2013-05-06 22:24 - 2013-05-06 22:25 - 00022851 ____A C:\Users\Hunter Collier\Desktop\skunklin.zip
2013-05-06 22:22 - 2013-05-06 22:22 - 00163512 ____A () C:\Users\Hunter Collier\Downloads\Skunkline_downloader_by_AcidFonts.exe
2013-05-05 22:29 - 2013-01-28 19:22 - 00016893 ____A C:\Users\Hunter Collier\Desktop\Church Notes.ods
2013-05-02 22:41 - 2013-05-02 22:41 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{F7A228D6-4DD5-4FF1-A58A-05F2417A6327}
2013-05-02 22:38 - 2009-07-13 23:45 - 00305856 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-02 18:52 - 2012-08-21 20:35 - 00000000 ____D C:\Users\Hunter Collier\Desktop\Church
2013-05-02 10:44 - 2013-05-09 20:53 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-05-02 02:06 - 2010-08-05 10:33 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-01 18:34 - 2013-05-09 20:53 - 01025808 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-05-01 18:34 - 2013-05-09 20:53 - 00378432 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-05-01 18:34 - 2013-05-09 20:53 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-05-01 18:34 - 2013-05-09 20:53 - 00072016 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-05-01 18:34 - 2013-05-09 20:53 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-05-01 18:34 - 2013-05-09 20:53 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-05-01 18:34 - 2013-05-09 20:53 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-05-01 18:33 - 2013-05-09 20:53 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-05-01 18:33 - 2013-05-09 20:53 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-04-30 23:41 - 2010-08-06 19:17 - 00069536 ____A C:\Users\Hunter Collier\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-30 22:56 - 2013-04-30 22:55 - 00000000 ____D C:\Program Files (x86)\Script Font Trial
2013-04-30 22:51 - 2013-04-30 22:49 - 00917360 ____A (Elfring Fonts, Inc. ) C:\Users\Hunter Collier\Desktop\inscript.exe
2013-04-30 19:40 - 2013-04-29 22:45 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{59EA95A1-1654-4F21-B2C4-387CBAA3ACB5}
2013-04-28 18:54 - 2013-04-28 15:44 - 00000000 ____D C:\Program Files (x86)\Word Artist 2.2
2013-04-28 18:54 - 2013-04-28 11:14 - 00000000 ____D C:\Users\Hunter Collier\Desktop\Graphics.Media
2013-04-28 18:54 - 2013-04-28 11:04 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\SwvUpdater
2013-04-28 18:54 - 2013-03-17 16:09 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\Clipdiary
2013-04-28 18:54 - 2012-11-25 11:04 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-04-28 18:54 - 2012-11-10 13:04 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-04-28 17:23 - 2013-04-28 17:23 - 00016584 ____A C:\Users\Hunter Collier\Desktop\hs_err_pid4588.log
2013-04-28 13:55 - 2013-02-18 23:22 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\internethelper
2013-04-28 13:54 - 2010-08-05 20:47 - 00097564 ____A C:\Windows\PFRO.log
2013-04-28 13:51 - 2012-11-25 11:04 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\Conduit
2013-04-28 13:48 - 2013-04-28 11:03 - 00000000 ____D C:\Program Files (x86)\Iminent
2013-04-28 11:09 - 2013-04-28 11:03 - 00000866 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-04-28 11:04 - 2013-04-28 11:04 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-04-28 11:04 - 2013-04-28 11:03 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\SearchProtect
2013-04-28 11:03 - 2013-04-28 11:03 - 00000551 ____A C:\Users\Guest\Desktop\Graphx Edge.lnk
2013-04-28 11:03 - 2012-11-26 23:49 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\CRE
2013-04-28 11:02 - 2013-04-28 11:02 - 00511184 ____A (Graphx Edge ) C:\Users\Hunter Collier\Downloads\bodyfonts-trial.exe
2013-04-27 00:35 - 2013-04-27 00:35 - 00081280 ____A C:\Users\Hunter Collier\Desktop\Yahoo4.ods
2013-04-20 22:55 - 2010-10-21 23:07 - 00009728 ____A C:\Users\Hunter Collier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-20 22:41 - 2013-04-20 22:41 - 00720896 ____A (Mise Technology,Inc) C:\Users\Hunter Collier\AppData\Roaming\pasitv.dll
2013-04-20 22:41 - 2013-04-20 22:41 - 00434176 ____A () C:\Users\Hunter Collier\AppData\Roaming\pifeud.dll
2013-04-18 22:02 - 2012-12-16 19:24 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\Youtube Downloader HD
2013-04-17 18:24 - 2013-04-17 18:23 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\DVDVideoSoft
2013-04-17 18:23 - 2013-04-17 18:23 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\DVDVideoSoftIEHelpers
2013-04-17 18:23 - 2013-04-17 18:23 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-04-12 09:36 - 2013-04-23 16:28 - 01653096 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-11 09:22 - 2011-07-11 11:57 - 00421200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-04-10 18:24 - 2010-11-21 10:06 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-04-10 17:30 - 2013-04-10 17:28 - 150856784 ____A C:\Users\Hunter Collier\Desktop\Brother George.zip
2013-04-09 23:29 - 2013-04-09 23:26 - 00000000 ____D C:\Users\Hunter Collier\.contenta
2013-04-09 23:28 - 2013-04-09 23:26 - 00004121 ____A C:\Windows\SysWOW64\contenta-converter.log
2013-04-09 23:26 - 2013-04-09 23:26 - 00000000 ____D C:\Users\Hunter Collier\.Contenta SVG Converter
2013-04-09 20:35 - 2013-02-21 21:57 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1448089386-1678093697-344294379-1000\$6352e625e921adda9d24cbb9bc058261

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$6352e625e921adda9d24cbb9bc058261

Other Malware:
===========
C:\Users\Hunter Collier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
C:\ProgramData\fod7g.dat
C:\ProgramData\g7dof.pad
C:\ProgramData\rqevw.dat
C:\ProgramData\rundll32.exe
C:\ProgramData\wveqr.bat
C:\ProgramData\wveqr.pad
C:\ProgramData\wveqr.reg

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-05-05 10:19

==================== End Of Log ============================

Broni · May 10, 2013

The top of the log seems to be cut off.
Please repost.

rammertide07 · May 10, 2013

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-05-2013
Ran by Hunter Collier (administrator) on 09-05-2013 23:51:07
Running from I:\Download
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)
==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\msdt.exe
(Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe
(Farbar) I:\Download\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [pasitv] "C:\Windows\System32\rundll32.exe" "C:\Users\Hunter Collier\AppData\Roaming\pasitv.dll",GetFunction2 [720896 2013-04-20] (Mise Technology,Inc)
HKLM\...\Run: [pifeud] "C:\Windows\System32\rundll32.exe" "C:\Users\Hunter Collier\AppData\Roaming\pifeud.dll",window_bits [434176 2013-04-20] ()
HKLM-x32\...\Winlogon: [Shell] C:\PROGRA~3\wveqr.bat [x ] ()
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$6352e625e921adda9d24cbb9bc058261\n. ATTENTION! ====> ZeroAccess
HKCU\...\Run: [Gadwin PrintScreen] "C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash [495616 2008-12-09] (Gadwin Systems, Inc)
HKCU\...\Run: [EasyTether] "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe" [48680 2012-06-06] (Mobile Stream)
HKCU\...\Run: [SearchProtect] C:\Users\Hunter Collier\AppData\Roaming\SearchProtect\bin\cltmng.exe [2730784 2013-04-11] (Conduit)
HKCU\...\Run: [ctfmon.exe] C:\PROGRA~3\rundll32.exe C:\PROGRA~3\rqevw.dat,FG00 [126976 2013-05-08] (Microsoft Corporation)
HKCU\...\Run: [Zoner Photo Studio Autoupdate] C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE [752736 2012-10-08] (ZONER software)
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\HUNTER~1\AppData\Local\Temp\seypimm\sspibir\wow64.dll ATTENTION! ====> ZeroAccess
MountPoints2: E - E:\MotoCastSetup.exe -a
MountPoints2: {09a564a3-c176-11e1-b99a-00266c40055c} - E:\MotoCastSetup.exe -a
MountPoints2: {0c766d11-ef23-11e1-a1ed-701a04b9343b} - E:\MotoCastSetup.exe -a
MountPoints2: {31e8f99f-9266-11e1-b130-701a04b9343b} - E:\MotoCastSetup.exe -a
MountPoints2: {66655589-258d-11e0-8632-00266c40055c} - F:\TL-Bootstrap.exe
MountPoints2: {66655663-258d-11e0-8632-00266c40055c} - E:\TL-Bootstrap.exe
MountPoints2: {92e6809f-6e9c-11e0-8591-701a04b9343b} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\AppLaunch.exe AUTORUN=1
MountPoints2: {f3f784e8-1d90-11e2-b47b-701a04b9343b} - E:\MotoCastSetup.exe -a
MountPoints2: {f3f785d6-1d90-11e2-b47b-00266c40055c} - H:\MotoCastSetup.exe -a
MountPoints2: {f4694956-24b5-11e0-a272-701a04b9343b} - G:\VZAccess_Manager.exe /z detect
MountPoints2: {f4694966-24b5-11e0-a272-701a04b9343b} - G:\VZAccess_Manager.exe /z detect
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot [295072 2013-02-13] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2730784 2013-04-11] (Conduit)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858456 2013-05-01] (AVAST Software)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
ShortcutTarget: LimeWire On Startup.lnk -> C:\Program Files (x86)\LimeWire\LimeWire.exe (No File)
Startup: C:\Users\Hunter Collier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
ShortcutTarget: msconfig.lnk -> C:\PROGRA~3\rqevw.dat (Microsoft Corporation)
Startup: C:\Users\Hunter Collier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiMediaOffice Start Menu.lnk
ShortcutTarget: MultiMediaOffice Start Menu.lnk -> C:\Program Files (x86)\Plata Software MultiMediaOffice\PlataStartMenu.exe (Plata Software, Inc)
Startup: C:\Users\Hunter Collier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=Down...f5-e387caf04cd5&searchtype=ds&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=do...tAtDzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=230215531
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10...&barid={7C0B755E-9A19-11E2-9B18-00266C40055C}
URLSearchHook: (No Name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No File
HKLM SearchScopes: DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.p...tAtDzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=230215531
SearchScopes: HKLM - {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.p...tAtDzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=230215531
HKLM-x32 SearchScopes: DefaultScope {7DE58EF7-1C91-4E2F-B6AA-E9F95CC11030} URL =
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=Down...f5-e387caf04cd5&searchtype=ds&q={searchTerms}
SearchScopes: HKLM-x32 - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebsearch.com/myweb...1011&st=sb&n=77ee60a3&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481032
SearchScopes: HKLM-x32 - {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.p...tAtDzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=230215531
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&...&barid={7C0B755E-9A19-11E2-9B18-00266C40055C}
HKCU SearchScopes: DefaultScope {7DE58EF7-1C91-4E2F-B6AA-E9F95CC11030} URL = http://search.conduit.com/ResultsEx...9847&CUI=UN41763429461133921&UM=2&SSPV=TB_CIS
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=Down...f5-e387caf04cd5&searchtype=ds&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searc...SP_ss&mntrId=8cf7e5a3000000000000020054746872
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?c...pn_sauid=809CEEEF-26CB-4065-BDCF-8A57663FCC8A
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {7DE58EF7-1C91-4E2F-B6AA-E9F95CC11030} URL = http://search.conduit.com/ResultsEx...9847&CUI=UN41763429461133921&UM=2&SSPV=TB_CIS
SearchScopes: HKCU - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebsearch.com/myweb...1011&st=sb&n=77ee60a3&searchfor={searchTerms}
SearchScopes: HKCU - {AD3E4045-466A-45AC-82EE-1B8D4EC52E1F} URL = http://search.conduit.com/Results.aspx?&ctid=CT3283894&SearchSource=45?&q={searchTerms}
SearchScopes: HKCU - {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.p...tAtDzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=230215531
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&...&barid={7C0B755E-9A19-11E2-9B18-00266C40055C}
SearchScopes: HKCU - 蹮祁Z2罐pv↖歪*X(�2s(畚繨涸拥澅 v税!讞(浼48懈patm6阰^Mp`缩鱛I樉!劻�啇x�8�賘�囱;醓�[8牶~廟賦滘�8'�-)x� URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: DealCabby - {0B4A07CF-45EB-4B10-B6BB-35568A2F89BE} - C:\Users\Hunter Collier\AppData\Local\dealcabby\ie\dealcabby_20121029030001.dll ()
BHO-x32: InfoAtoms - {103089DA-0F31-4A8B-843F-7D24A7FE8345} - C:\Program Files (x86)\InfoAtoms\IE32\InfoAtomsClientIE.dll (InfoAtoms Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Blog This in Windows Live - {2adefb8e-b923-35e6-86e2-2b7841f5d2a2} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: No Name - {7365A975-D1E8-41ed-8C66-FA70EDB97A39} - No File
BHO-x32: TidyNetwork.com - {7736C7FA-512D-11E2-B871-DEC36088709B} - C:\Users\Hunter Collier\AppData\Local\TidyNetwork.com\tidy2ie.dll ()
BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Hunter Collier\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
BHO-x32: Fast Free Converter 4.1 - {8232785C-5C98-4A6E-B7B4-911FFBED7582} - C:\PROGRA~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL (Fast Free Converter)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - No Name - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {124D001A-BDCB-472F-AA59-BBE7E4BC3204} - No File
Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No File
PDF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
PDF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
PDF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
PDF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
PDF: HKLM-x32 {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Hunter Collier\AppData\Roaming\Mozilla\Firefox\Profiles\profile
FF Plugin: @java.com/DTPlugin,version=10.2.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.2.1 - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: DealCabby - C:\Users\Hunter Collier\AppData\Roaming\Mozilla\Firefox\Profiles\profile\Extensions\dealcabby@jetpack
FF Extension: SpecialSavings - C:\Users\Hunter Collier\AppData\Roaming\Mozilla\Firefox\Profiles\profile\Extensions\specialsavings@superfish.com

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?SearchSource=10&CUI=UN23359133428389186&ctid=CT3277370
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3292584&SearchSource=48&CUI=UN17294958577068308&UM=2", "hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN18640304411681467&UM=2"
CHR DefaultSearchURL: (Conduit) - http://search.conduit.com/Results.a...9&CUI=UN18640304411681467&ctid=CT3289847&UM=2
CHR DefaultSuggestURL: (Conduit) - http://suggest.search.conduit.com/C...ix={searchTerms}&CUI=UN18640304411681467&UM=2
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
CHR Plugin: (Injovo Extension Plugin) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.566_0\npbrowserext.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj\10.15.0.62_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj\10.15.0.62_0\plugins/np-cwmp.dll No File
CHR Plugin: (Conduit Chrome Approve TB Plugin) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj\10.15.0.62_0\plugins/ChromeApproveTBPlugin.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Unity Player) - C:\Users\Hunter Collier\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Google Docs) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Funmoods) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.1.3_0
CHR Extension: (PriceGong) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.8_0
CHR Extension: (YouTube) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (ChromeUpdateManager) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0
CHR Extension: (New Tab) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\7.0.21_0
CHR Extension: (Google Search) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (MixiDJ V1) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj\10.15.2.523_0
CHR Extension: (uTorrentControl_v2) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.15.0.562_1
CHR Extension: (InfoAtoms) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.5.0.0_0
CHR Extension: (RealDownloader) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0
CHR Extension: () - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\imolbaiifjleeieoblfpkiodaegcolcp\4.0.0.0_0
CHR Extension: (WhiteSmoke New) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.15.2.24_0
CHR Extension: () - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncflbflcglbjoebicfngachbpdmeobkk\4.0.0.0_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0
CHR Extension: (SweetPacks Chrome Extension) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0
CHR Extension: (Gmail) - C:\Users\Hunter Collier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-01] (AVAST Software)
S2 Browser Manager; C:\ProgramData\Browser Manager\2.6.1125.80\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe [2569168 2013-03-06] ()
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [93984 2013-04-11] (Conduit)
S2 DefaultTabUpdate; C:\Users\Hunter Collier\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-02-12] ()
S2 FastFreeConverterUpdt; C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [687104 2012-11-26] ()
S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
S2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [218992 2011-10-31] ()
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()

==================== Drivers (Whitelisted) ====================

S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-01] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-01] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-01] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-01] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-05-01] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378432 2013-05-01] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-01] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-05-02] ()
S3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [20784 2012-06-06] (Mobile Stream)
S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-12-18] (Novatel Wireless Inc.)
S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-12-18] (Novatel Wireless Inc.)
S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2009-12-18] (Novatel Wireless Inc.)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 SMSIVZAM5X64; C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [43032 2009-05-25] (Smith Micro Inc.)
S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [28808 2008-03-05] ()
S3 SWNC5E00; C:\Windows\System32\DRIVERS\SWNC5E00.sys [195584 2008-03-05] (Sierra Wireless Inc.)
S3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [x]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-09 23:51 - 2013-05-09 23:51 - 00000000 ____D C:\FRST
2013-05-09 20:53 - 2013-05-09 20:54 - 00002075 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-05-09 20:53 - 2013-05-09 20:53 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
2013-05-09 20:53 - 2013-05-09 20:53 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-05-09 20:53 - 2013-05-02 10:44 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-05-09 20:53 - 2013-05-01 18:34 - 01025808 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-05-09 20:53 - 2013-05-01 18:34 - 00378432 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-05-09 20:53 - 2013-05-01 18:34 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-05-09 20:53 - 2013-05-01 18:34 - 00072016 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-05-09 20:53 - 2013-05-01 18:34 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-05-09 20:53 - 2013-05-01 18:34 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-05-09 20:53 - 2013-05-01 18:34 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-05-09 20:53 - 2013-05-01 18:33 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-05-09 20:53 - 2013-05-01 18:33 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-05-09 20:52 - 2013-05-09 20:52 - 00000000 ____D C:\ProgramData\AVAST Software
2013-05-09 20:52 - 2013-05-09 20:52 - 00000000 ____D C:\Program Files\AVAST Software
2013-05-08 22:05 - 2013-05-08 22:05 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\MFAData
2013-05-08 22:05 - 2013-05-08 22:05 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\Avg2013
2013-05-08 22:05 - 2013-05-08 22:05 - 00000000 ____D C:\ProgramData\MFAData
2013-05-08 21:32 - 2013-05-08 21:32 - 00000022 ____A C:\Users\Hunter Collier\Desktop\Transfer.zip
2013-05-08 16:30 - 2013-05-09 22:41 - 95023320 ___AT C:\ProgramData\wveqr.pad
2013-05-08 16:30 - 2013-05-09 22:41 - 00000000 ____A C:\ProgramData\as98213.txt
2013-05-08 16:30 - 2013-05-08 16:30 - 95023320 ___AT C:\ProgramData\g7dof.pad
2013-05-08 16:30 - 2013-05-08 16:30 - 00126976 ____A (Microsoft Corporation) C:\ProgramData\rqevw.dat
2013-05-08 16:30 - 2013-05-08 16:30 - 00126976 ____A (Microsoft Corporation) C:\ProgramData\fod7g.dat
2013-05-08 16:30 - 2013-05-08 16:30 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-05-08 16:30 - 2013-05-08 16:30 - 00000151 ____A C:\ProgramData\wveqr.reg
2013-05-08 16:30 - 2013-05-08 16:30 - 00000055 ____A C:\ProgramData\wveqr.bat
2013-05-08 16:07 - 2013-05-08 16:07 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{BBD368E1-E854-437E-B5F6-EED5B0E7DC45}
2013-05-06 22:50 - 2013-05-06 22:50 - 00024406 ____A C:\Users\Hunter Collier\AppData\Local\recently-used.xbel
2013-05-06 22:25 - 2013-05-08 17:47 - 00000000 ____D C:\Program Files (x86)\File Type Helper
2013-05-06 22:25 - 2013-05-06 22:24 - 00022851 ____A C:\Users\Hunter Collier\Desktop\skunklin.zip
2013-05-06 22:24 - 2013-05-08 17:47 - 00000000 ____D C:\Program Files (x86)\Fast Free Converter
2013-05-06 22:22 - 2013-05-06 22:22 - 00163512 ____A () C:\Users\Hunter Collier\Downloads\Skunkline_downloader_by_AcidFonts.exe
2013-05-04 23:27 - 2013-05-08 17:47 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2013-05-02 22:44 - 2013-05-07 20:41 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{48FB845D-7F25-42F1-8226-2B2DDED22037}
2013-05-02 22:41 - 2013-05-02 22:41 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{F7A228D6-4DD5-4FF1-A58A-05F2417A6327}
2013-04-30 22:55 - 2013-04-30 22:56 - 00000000 ____D C:\Program Files (x86)\Script Font Trial
2013-04-30 22:49 - 2013-04-30 22:51 - 00917360 ____A (Elfring Fonts, Inc. ) C:\Users\Hunter Collier\Desktop\inscript.exe
2013-04-29 22:45 - 2013-04-30 19:40 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{59EA95A1-1654-4F21-B2C4-387CBAA3ACB5}
2013-04-28 17:23 - 2013-04-28 17:23 - 00016584 ____A C:\Users\Hunter Collier\Desktop\hs_err_pid4588.log
2013-04-28 15:44 - 2013-04-28 18:54 - 00000000 ____D C:\Program Files (x86)\Word Artist 2.2
2013-04-28 11:14 - 2013-04-28 18:54 - 00000000 ____D C:\Users\Hunter Collier\Desktop\Graphics.Media
2013-04-28 11:04 - 2013-05-09 22:41 - 00000392 ____A C:\Windows\Tasks\AmiUpdXp.job
2013-04-28 11:04 - 2013-04-28 18:54 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\SwvUpdater
2013-04-28 11:04 - 2013-04-28 11:04 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-04-28 11:03 - 2013-04-28 13:48 - 00000000 ____D C:\Program Files (x86)\Iminent
2013-04-28 11:03 - 2013-04-28 11:09 - 00000866 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-04-28 11:03 - 2013-04-28 11:04 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\SearchProtect
2013-04-28 11:03 - 2013-04-28 11:03 - 00000551 ____A C:\Users\Guest\Desktop\Graphx Edge.lnk
2013-04-28 11:02 - 2013-04-28 11:02 - 00511184 ____A (Graphx Edge ) C:\Users\Hunter Collier\Downloads\bodyfonts-trial.exe
2013-04-27 00:35 - 2013-04-27 00:35 - 00081280 ____A C:\Users\Hunter Collier\Desktop\Yahoo4.ods
2013-04-23 16:28 - 2013-04-12 09:36 - 01653096 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-20 22:41 - 2013-05-09 22:40 - 00006493 ____A C:\Users\Hunter Collier\AppData\Local\58bcb66e-aa35-11e2-8274-b8ac6f996f26.crx
2013-04-20 22:41 - 2013-04-20 22:41 - 00720896 ____A (Mise Technology,Inc) C:\Users\Hunter Collier\AppData\Roaming\pasitv.dll
2013-04-20 22:41 - 2013-04-20 22:41 - 00434176 ____A () C:\Users\Hunter Collier\AppData\Roaming\pifeud.dll
2013-04-20 22:29 - 2013-05-06 22:27 - 00000000 ____D C:\Users\Hunter Collier\Desktop\Camera
2013-04-17 18:23 - 2013-04-17 18:24 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\DVDVideoSoft
2013-04-17 18:23 - 2013-04-17 18:23 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\DVDVideoSoftIEHelpers
2013-04-17 18:23 - 2013-04-17 18:23 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-04-11 22:38 - 2013-02-22 01:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-11 22:38 - 2013-02-22 01:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-11 22:38 - 2013-02-22 01:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-11 22:38 - 2013-02-22 01:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-11 22:38 - 2013-02-22 01:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-11 22:38 - 2013-02-22 01:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-11 22:38 - 2013-02-22 01:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-11 22:38 - 2013-02-22 01:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-11 22:38 - 2013-02-22 01:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-11 22:38 - 2013-02-22 01:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-11 22:38 - 2013-02-22 01:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-11 22:38 - 2013-02-22 01:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-11 22:38 - 2013-02-22 01:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-11 22:38 - 2013-02-22 01:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-11 22:38 - 2013-02-22 01:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-11 22:38 - 2013-02-22 01:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-11 22:38 - 2013-02-21 23:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-11 22:38 - 2013-02-21 22:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-11 22:38 - 2013-02-21 22:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-11 22:38 - 2013-02-21 22:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-11 22:38 - 2013-02-21 22:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-11 22:38 - 2013-02-21 22:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-04-11 22:38 - 2013-02-21 22:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-11 22:38 - 2013-02-21 22:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-11 22:38 - 2013-02-21 22:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-11 22:38 - 2013-02-21 22:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-04-11 22:38 - 2013-02-21 22:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-04-11 22:38 - 2013-02-21 22:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-11 22:38 - 2013-02-21 22:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-11 22:38 - 2013-02-21 22:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-11 22:38 - 2013-02-21 22:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-11 22:38 - 2013-02-21 22:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-10 17:28 - 2013-04-10 17:30 - 150856784 ____A C:\Users\Hunter Collier\Desktop\Brother George.zip
2013-04-09 23:26 - 2013-04-09 23:29 - 00000000 ____D C:\Users\Hunter Collier\.contenta
2013-04-09 23:26 - 2013-04-09 23:28 - 00004121 ____A C:\Windows\SysWOW64\contenta-converter.log
2013-04-09 23:26 - 2013-04-09 23:26 - 00000000 ____D C:\Users\Hunter Collier\.Contenta SVG Converter
2013-04-09 19:46 - 2013-02-12 10:42 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-09 19:46 - 2013-02-12 10:37 - 03138048 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-09 19:46 - 2013-02-12 10:31 - 00158208 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-09 19:46 - 2013-02-12 10:13 - 02691072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-04-09 19:46 - 2013-02-12 10:07 - 00131072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-04-09 19:46 - 2013-02-12 08:59 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-04-09 19:40 - 2013-02-28 22:32 - 03150848 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-09 19:33 - 2013-03-19 01:19 - 05497688 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-09 19:33 - 2013-03-19 00:54 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-09 19:33 - 2013-03-19 00:06 - 03958120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-04-09 19:33 - 2013-03-19 00:06 - 03902312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-04-09 19:33 - 2013-03-18 23:53 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-04-09 19:33 - 2013-03-18 22:19 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-09 19:33 - 2013-01-24 00:41 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys

==================== One Month Modified Files and Folders =======

2013-05-09 23:51 - 2013-05-09 23:51 - 00000000 ____D C:\FRST
2013-05-09 22:47 - 2009-07-14 00:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-09 22:42 - 2010-08-05 00:54 - 01135868 ____A C:\Windows\WindowsUpdate.log
2013-05-09 22:42 - 2009-07-13 23:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-09 22:42 - 2009-07-13 23:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-09 22:41 - 2013-05-08 16:30 - 95023320 ___AT C:\ProgramData\wveqr.pad
2013-05-09 22:41 - 2013-05-08 16:30 - 00000000 ____A C:\ProgramData\as98213.txt
2013-05-09 22:41 - 2013-04-28 11:04 - 00000392 ____A C:\Windows\Tasks\AmiUpdXp.job
2013-05-09 22:41 - 2012-11-24 15:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-05-09 22:40 - 2013-04-20 22:41 - 00006493 ____A C:\Users\Hunter Collier\AppData\Local\58bcb66e-aa35-11e2-8274-b8ac6f996f26.crx
2013-05-09 22:40 - 2010-08-22 15:32 - 00000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-09 22:38 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-09 22:38 - 2009-07-13 23:51 - 00090181 ____A C:\Windows\setupact.log
2013-05-09 22:37 - 2012-12-16 18:12 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\WinLive
2013-05-09 20:54 - 2013-05-09 20:53 - 00002075 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-05-09 20:53 - 2013-05-09 20:53 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
2013-05-09 20:53 - 2013-05-09 20:53 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-05-09 20:52 - 2013-05-09 20:52 - 00000000 ____D C:\ProgramData\AVAST Software
2013-05-09 20:52 - 2013-05-09 20:52 - 00000000 ____D C:\Program Files\AVAST Software
2013-05-08 22:05 - 2013-05-08 22:05 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\MFAData
2013-05-08 22:05 - 2013-05-08 22:05 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\Avg2013
2013-05-08 22:05 - 2013-05-08 22:05 - 00000000 ____D C:\ProgramData\MFAData
2013-05-08 21:32 - 2013-05-08 21:32 - 00000022 ____A C:\Users\Hunter Collier\Desktop\Transfer.zip
2013-05-08 17:47 - 2013-05-06 22:25 - 00000000 ____D C:\Program Files (x86)\File Type Helper
2013-05-08 17:47 - 2013-05-06 22:24 - 00000000 ____D C:\Program Files (x86)\Fast Free Converter
2013-05-08 17:47 - 2013-05-04 23:27 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2013-05-08 17:47 - 2012-12-16 18:12 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\MCommon
2013-05-08 17:47 - 2012-11-24 15:42 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\Plata Software
2013-05-08 17:47 - 2010-08-05 20:52 - 00000000 ____D C:\ProgramData\Real
2013-05-08 17:47 - 2010-08-05 01:06 - 00000000 ____D C:\users\Hunter Collier
2013-05-08 17:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-05-08 17:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-05-08 17:38 - 2013-02-04 20:52 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-08 17:38 - 2012-02-26 21:46 - 00000458 ___AH C:\Windows\Tasks\Windows Driver Foundation.job
2013-05-08 17:38 - 2010-08-22 15:32 - 00000914 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-08 16:30 - 2013-05-08 16:30 - 95023320 ___AT C:\ProgramData\g7dof.pad
2013-05-08 16:30 - 2013-05-08 16:30 - 00126976 ____A (Microsoft Corporation) C:\ProgramData\rqevw.dat
2013-05-08 16:30 - 2013-05-08 16:30 - 00126976 ____A (Microsoft Corporation) C:\ProgramData\fod7g.dat
2013-05-08 16:30 - 2013-05-08 16:30 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-05-08 16:30 - 2013-05-08 16:30 - 00000151 ____A C:\ProgramData\wveqr.reg
2013-05-08 16:30 - 2013-05-08 16:30 - 00000055 ____A C:\ProgramData\wveqr.bat
2013-05-08 16:29 - 2012-11-23 23:47 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\CrashDumps
2013-05-08 16:07 - 2013-05-08 16:07 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{BBD368E1-E854-437E-B5F6-EED5B0E7DC45}
2013-05-07 23:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\tracing
2013-05-07 20:41 - 2013-05-02 22:44 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{48FB845D-7F25-42F1-8226-2B2DDED22037}
2013-05-06 22:50 - 2013-05-06 22:50 - 00024406 ____A C:\Users\Hunter Collier\AppData\Local\recently-used.xbel
2013-05-06 22:27 - 2013-04-20 22:29 - 00000000 ____D C:\Users\Hunter Collier\Desktop\Camera
2013-05-06 22:25 - 2012-11-25 11:04 - 00000032 ____A C:\END
2013-05-06 22:24 - 2013-05-06 22:25 - 00022851 ____A C:\Users\Hunter Collier\Desktop\skunklin.zip
2013-05-06 22:22 - 2013-05-06 22:22 - 00163512 ____A () C:\Users\Hunter Collier\Downloads\Skunkline_downloader_by_AcidFonts.exe
2013-05-05 22:29 - 2013-01-28 19:22 - 00016893 ____A C:\Users\Hunter Collier\Desktop\Church Notes.ods
2013-05-02 22:41 - 2013-05-02 22:41 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{F7A228D6-4DD5-4FF1-A58A-05F2417A6327}
2013-05-02 22:38 - 2009-07-13 23:45 - 00305856 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-02 18:52 - 2012-08-21 20:35 - 00000000 ____D C:\Users\Hunter Collier\Desktop\Church
2013-05-02 10:44 - 2013-05-09 20:53 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-05-02 02:06 - 2010-08-05 10:33 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-01 18:34 - 2013-05-09 20:53 - 01025808 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-05-01 18:34 - 2013-05-09 20:53 - 00378432 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-05-01 18:34 - 2013-05-09 20:53 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-05-01 18:34 - 2013-05-09 20:53 - 00072016 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-05-01 18:34 - 2013-05-09 20:53 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-05-01 18:34 - 2013-05-09 20:53 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-05-01 18:34 - 2013-05-09 20:53 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-05-01 18:33 - 2013-05-09 20:53 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-05-01 18:33 - 2013-05-09 20:53 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-04-30 23:41 - 2010-08-06 19:17 - 00069536 ____A C:\Users\Hunter Collier\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-30 22:56 - 2013-04-30 22:55 - 00000000 ____D C:\Program Files (x86)\Script Font Trial
2013-04-30 22:51 - 2013-04-30 22:49 - 00917360 ____A (Elfring Fonts, Inc. ) C:\Users\Hunter Collier\Desktop\inscript.exe
2013-04-30 19:40 - 2013-04-29 22:45 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\{59EA95A1-1654-4F21-B2C4-387CBAA3ACB5}
2013-04-28 18:54 - 2013-04-28 15:44 - 00000000 ____D C:\Program Files (x86)\Word Artist 2.2
2013-04-28 18:54 - 2013-04-28 11:14 - 00000000 ____D C:\Users\Hunter Collier\Desktop\Graphics.Media
2013-04-28 18:54 - 2013-04-28 11:04 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\SwvUpdater
2013-04-28 18:54 - 2013-03-17 16:09 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\Clipdiary
2013-04-28 18:54 - 2012-11-25 11:04 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-04-28 18:54 - 2012-11-10 13:04 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-04-28 17:23 - 2013-04-28 17:23 - 00016584 ____A C:\Users\Hunter Collier\Desktop\hs_err_pid4588.log
2013-04-28 13:55 - 2013-02-18 23:22 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\internethelper
2013-04-28 13:54 - 2010-08-05 20:47 - 00097564 ____A C:\Windows\PFRO.log
2013-04-28 13:51 - 2012-11-25 11:04 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\Conduit
2013-04-28 13:48 - 2013-04-28 11:03 - 00000000 ____D C:\Program Files (x86)\Iminent
2013-04-28 11:09 - 2013-04-28 11:03 - 00000866 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-04-28 11:04 - 2013-04-28 11:04 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-04-28 11:04 - 2013-04-28 11:03 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\SearchProtect
2013-04-28 11:03 - 2013-04-28 11:03 - 00000551 ____A C:\Users\Guest\Desktop\Graphx Edge.lnk
2013-04-28 11:03 - 2012-11-26 23:49 - 00000000 ____D C:\Users\Hunter Collier\AppData\Local\CRE
2013-04-28 11:02 - 2013-04-28 11:02 - 00511184 ____A (Graphx Edge ) C:\Users\Hunter Collier\Downloads\bodyfonts-trial.exe
2013-04-27 00:35 - 2013-04-27 00:35 - 00081280 ____A C:\Users\Hunter Collier\Desktop\Yahoo4.ods
2013-04-20 22:55 - 2010-10-21 23:07 - 00009728 ____A C:\Users\Hunter Collier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-20 22:41 - 2013-04-20 22:41 - 00720896 ____A (Mise Technology,Inc) C:\Users\Hunter Collier\AppData\Roaming\pasitv.dll
2013-04-20 22:41 - 2013-04-20 22:41 - 00434176 ____A () C:\Users\Hunter Collier\AppData\Roaming\pifeud.dll
2013-04-18 22:02 - 2012-12-16 19:24 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\Youtube Downloader HD
2013-04-17 18:24 - 2013-04-17 18:23 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\DVDVideoSoft
2013-04-17 18:23 - 2013-04-17 18:23 - 00000000 ____D C:\Users\Hunter Collier\AppData\Roaming\DVDVideoSoftIEHelpers
2013-04-17 18:23 - 2013-04-17 18:23 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-04-12 09:36 - 2013-04-23 16:28 - 01653096 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-11 09:22 - 2011-07-11 11:57 - 00421200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-04-10 18:24 - 2010-11-21 10:06 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-04-10 17:30 - 2013-04-10 17:28 - 150856784 ____A C:\Users\Hunter Collier\Desktop\Brother George.zip
2013-04-09 23:29 - 2013-04-09 23:26 - 00000000 ____D C:\Users\Hunter Collier\.contenta
2013-04-09 23:28 - 2013-04-09 23:26 - 00004121 ____A C:\Windows\SysWOW64\contenta-converter.log
2013-04-09 23:26 - 2013-04-09 23:26 - 00000000 ____D C:\Users\Hunter Collier\.Contenta SVG Converter
2013-04-09 20:35 - 2013-02-21 21:57 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1448089386-1678093697-344294379-1000\$6352e625e921adda9d24cbb9bc058261

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$6352e625e921adda9d24cbb9bc058261

Other Malware:
===========
C:\Users\Hunter Collier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
C:\ProgramData\fod7g.dat
C:\ProgramData\g7dof.pad
C:\ProgramData\rqevw.dat
C:\ProgramData\rundll32.exe
C:\ProgramData\wveqr.bat
C:\ProgramData\wveqr.pad
C:\ProgramData\wveqr.reg

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-05-05 10:19

==================== End Of Log ============================

I double checked and this is all of the first report.

rammertide07 · May 10, 2013

I do have a system recovery disc. Could I just use it somehow?

Broni · May 10, 2013

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
See if you can start your computer normally.

If so...

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

rammertide07 · May 10, 2013

What do you mean try running FRST/FRST64? I typed that into the "run" command but got an error. Both files are saved to the desktop.

Broni · May 10, 2013

You have 64 bit so you type FRST64

rammertide07 · May 10, 2013

OK, I tried just typing "FRST64" into the Run command and nothing.

Broni · May 10, 2013

I see what's going on.
You're not supposed to use any command prompt.

You ran FRST from here:

Running from I:\Download

Move FRST and fixlist.txt to your Desktop.
Both of them must be in same location.

Double click on FRST to run it and the click on "Fix" button.

rammertide07 · May 10, 2013

Oh OK, yea I have both files on the desktop. I was just misunderstanding when you said "Run".

Broni · May 10, 2013

Broni · May 15, 2013

Still with me?

Broni · May 20, 2013

This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.

Inactive-A FBI Ransomware

rammertide07

Posts: 9 +0

rammertide07

Posts: 9 +0

Broni

Posts: 56,041 +516

rammertide07

Posts: 9 +0

Broni

Posts: 56,041 +516

rammertide07

Posts: 9 +0

Broni

Posts: 56,041 +516

rammertide07

Posts: 9 +0

rammertide07

Posts: 9 +0

Broni

Posts: 56,041 +516

Attachments

rammertide07

Posts: 9 +0

Broni

Posts: 56,041 +516

rammertide07

Posts: 9 +0

Broni

Posts: 56,041 +516

rammertide07

Posts: 9 +0

Broni

Posts: 56,041 +516

Broni

Posts: 56,041 +516

Broni

Posts: 56,041 +516

Similar threads

Latest posts