Jump to content

dasva

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral
  1. All right thank you very much
  2. Thank you very much. I shall take most your reccommendations to heart though since I use my comp mostly for watching shows and games not sure I can avoid those . I saw you linked 2 sites to check for software updates... should I use both? And how often do you recommend I use them to check?
  3. Ah well the log didn't open or save on it's own... <?xml version="1.0" encoding="utf-8" standalone="yes"?><?xml-stylesheet type='text/xsl' href='C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\log.xslt'?><info><LangStrings><string1>Scan Date</string1><string2>Database Version</string2><string3>Total Items Found</string3><string4>Objects Scanned :</string4><string5>Time Elapsed :</string5><string6>Name</string6><string7>Found Items</string7><string8>Item Name</string8><string9>Category</string9><string10>Threat Level</string10><string11>Action Performed</string11><string12>Items Found</string12><string13>Found Area</string13><string14>Details</string14><string15>File Name</string15><string16>MD5</string16><string17>Signature</string17><string18>Registry Key</string18><string19>No Infections Found.</string19><string20 /></LangStrings><loginfo><date>4/26/2014 11:59:39 AM</date><key /><istrial>True</istrial><system>SEAN-PC|67.174.229.78|00-22-15-02-BC-7B</system><scantype>DeepScan</scantype><os>Windows 7 64 Bit, Version : Microsoft Windows NT 6.1.7601 Service Pack 1</os><dbversion>1771</dbversion><time>00:25:53</time><objectscanned>340259</objectscanned><objectfound>21</objectfound><cultureinfo>English (United States)</cultureinfo><version>2.1.1000.10798</version></loginfo><companyinfo><companyname>Nico Mak Computing</companyname><productname>WinZip Malware Protector</productname><copyright>© 2013 WinZip International LLC. All rights reserved.</copyright></companyinfo><log logdate="Friday, April 25, 2014" databaseversion="1769" objectscanned="340259" timeelapsed="00:25:53"><SerializableDictionaryOfStringListOfcFoundItems><Item><Key><string>trojan-downloader.genome</string></Key><Value><ArrayOfFI><FI><C>Trojan-Downloader</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\search toolbar</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>210809</ID></FI><FI><C>Trojan-Downloader</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\search toolbar</V2><V3>nomodify</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Trojan-Downloader</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\search toolbar</V2><V3>norepair</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Trojan-Downloader</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\search toolbar</V2><V3>displayname</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Trojan-Downloader</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\search toolbar</V2><V3>displayversion</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Trojan-Downloader</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\search toolbar</V2><V3>urlinfoabout</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Trojan-Downloader</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\search toolbar</V2><V3>publisher</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Trojan-Downloader</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\search toolbar</V2><V3>estimatedsize</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Trojan-Downloader</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\search toolbar</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>210809</ID></FI><FI><C>Trojan-Downloader</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\search toolbar</V2><V3>updatepage</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI></ArrayOfFI></Value></Item><Item><Key><string>roguesecurityprogram.winantivirus-pro-2006</string></Key><Value><ArrayOfFI><FI><C>Rogue Antispyware Program</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_classes_root</V1><V2>*\shellex\contextmenuhandlers\shellextension</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>212507</ID></FI><FI><C>Rogue Antispyware Program</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_classes_root</V1><V2>directory\shellex\contextmenuhandlers\shellextension</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>212507</ID></FI><FI><C>Rogue Antispyware Program</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_classes_root</V1><V2>drive\shellex\contextmenuhandlers\shellextension</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>212507</ID></FI><FI><C>Rogue Antispyware Program</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\classes\*\shellex\contextmenuhandlers\shellextension</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>212507</ID></FI><FI><C>Rogue Antispyware Program</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\classes\directory\shellex\contextmenuhandlers\shellextension</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>212507</ID></FI><FI><C>Rogue Antispyware Program</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\classes\drive\shellex\contextmenuhandlers\shellextension</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>212507</ID></FI></ArrayOfFI></Value></Item><Item><Key><string>roguesecurityprogram.pro-antispyware-2009</string></Key><Value><ArrayOfFI><FI><C>Rogue Antispyware Program</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_current_user</V1><V2>software\microsoft\windows\currentversion\drivers\video</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>212916</ID></FI><FI><C>Rogue Antispyware Program</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_current_user</V1><V2>software\microsoft\windows\currentversion\drivers\video\options</V2><V3 /><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI></ArrayOfFI></Value></Item><Item><Key><string>roguesecurityprogram.ms-antispyware-2009</string></Key><Value><ArrayOfFI><FI><C>Rogue Antispyware Program</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_current_user</V1><V2>software\microsoft\windows\currentversion\drivers</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>213393</ID></FI></ArrayOfFI></Value></Item><Item><Key><string>trojan.agent</string></Key><Value><ArrayOfFI><FI><C>Trojan</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>FileSignature</FT><V1>c:\users\sean\appdata\local\temp\jar_cache6048616669573384924.tmp</V1><V2>0</V2><V3>1265843400897794383</V3><V4>5bed1cbd6923f7e32b071aa623864f66</V4><V5>0|</V5><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV>c:\users\sean\appdata\local\temp\jar_cache6048616669573384924.tmp</DV><FA>FileSystem</FA><RBT>None</RBT><ID>218671</ID></FI></ArrayOfFI></Value></Item><Item><Key><string>monitoring.employees-pc-monitor</string></Key><Value><ArrayOfFI><FI><C>Monitoring Tool</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_users</V1><V2>s-1-5-18\software\microsoft\windows\currentversion\policies\system</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>214701</ID></FI></ArrayOfFI></Value></Item></SerializableDictionaryOfStringListOfcFoundItems></log></info> Results of screen317's Security Check version 0.99.82 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 25 Java version out of Date! Adobe Reader 10.1.7 Adobe Reader out of Date! Google Chrome 33.0.1750.154 Google Chrome 34.0.1847.116 ````````Process Check: objlist.exe by Laurent```````` WinZip Malware Protector WinZipMalwareProtector.exe PlayOnline SquareEnix PlayOnlineViewer pol.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  4. # AdwCleaner v3.202 - Report created 24/04/2014 at 23:56:49 # Updated 23/04/2014 by Xplode # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) # Username : Sean - SEAN-PC # Running from : C:\Users\Sean\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\AVG Security Toolbar Folder Deleted : C:\ProgramData\w3i Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\w3i Folder Deleted : C:\Users\Sean\AppData\Local\Conduit Folder Deleted : C:\Users\Sean\AppData\Local\PackageAware Folder Deleted : C:\Users\Sean\AppData\LocalLow\AVG Security Toolbar Folder Deleted : C:\Users\Sean\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Sean\AppData\LocalLow\PriceGong File Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\0\Extensions\OneClickDownloader@OneClickDownloader.com.xpi File Deleted : C:\Users\Sean\AppData\Local\Temp\Uninstall.exe ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}] Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownloader Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16476 -\\ Mozilla Firefox v [ File : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ] -\\ Google Chrome v34.0.1847.116 [ File : C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [Extension] : jplinpmadfkdgipabgcdchbdikologlh ************************* AdwCleaner[R0].txt - [5522 octets] - [24/04/2014 23:51:17] AdwCleaner[R1].txt - [5512 octets] - [24/04/2014 23:53:13] AdwCleaner[s0].txt - [5490 octets] - [24/04/2014 23:56:49] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5550 octets] ########## Running the Junkware Removal Tool now. Should I do anything other than post the log (such as confirming removal or something) after it's done scanning?
  5. C:\AcidXLite_132521_154461_120810230739.exe Win32/Toolbar.Zugo potentially unwanted application C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll Win32/Toolbar.Conduit.Y potentially unwanted application C:\Users\Sean\AppData\Local\Temp\SearchProtectionSetup.exe a variant of Win32/Toolbar.Widgi potentially unwanted application C:\Users\Sean\AppData\Local\Temp\tbBit2.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\Users\Sean\AppData\Local\Temp\YontooSetup-S.exe Win32/Adware.Yontoo application C:\Users\Sean\Downloads\rcsetup142.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
  6. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2014 Ran by Sean at 2014-04-23 06:38:29 Run:2 Running from C:\Users\Sean\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 Task: {DC095267-9429-48DC-8D01-97C36201CCA1} - System32\Tasks\4572 => Wscript.exe C:\Users\Sean\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {9C2C15B2-77B5-4E0B-9590-06152211B626} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2010-09-28] () <==== ATTENTION Task: {34ACF835-2AF0-439D-9A8F-7141AFF100CA} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION CHR HKLM-x32\...\Chrome\Extension: [jplinpmadfkdgipabgcdchbdikologlh] - C:\Program Files (x86)\1ClickDownload\1click11.crx [2012-04-29] Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKLM-x32 - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.) URLSearchHook: HKLM-x32 - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.) C:\Program Files (x86)\BitTorrentBar C:\Program Files (x86)\Ask.com C:\Program Files (x86)\1ClickDownload 2014-03-18 23:29 - 2014-03-18 23:29 - 00000000 ____D () C:\Windows\SysWOW64\- 2014-04-17 10:45 - 2014-04-17 10:45 - 00000064 _____ () C:\Windows\system32\utmdfz.chu 2014-04-17 10:45 - 2014-04-17 10:45 - 00000000 _____ () C:\Windows\system32\kmbac.bzw 2014-04-17 10:29 - 2014-04-17 10:29 - 00301959 ____S () C:\Windows\system32\wggt.nxe 2014-04-17 10:29 - 2014-04-17 10:29 - 00149504 _____ (Microsoft Corporation) C:\Users\Sean\AppData\Roaming\rfqjgh.dll Reboot: ***************** C:\Windows\System32\rpcss.dll => Moved successfully. C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC095267-9429-48DC-8D01-97C36201CCA1} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC095267-9429-48DC-8D01-97C36201CCA1} => Key deleted successfully. C:\Windows\System32\Tasks\4572 => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4572 => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C2C15B2-77B5-4E0B-9590-06152211B626} => Key deleted successfully. C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34ACF835-2AF0-439D-9A8F-7141AFF100CA} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34ACF835-2AF0-439D-9A8F-7141AFF100CA} => Key deleted successfully. C:\Windows\System32\Tasks\0 => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh => Key deleted successfully. C:\Program Files (x86)\1ClickDownload\1click11.crx => Moved successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully. HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} => Value deleted successfully. HKCR\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully. HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Value deleted successfully. HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value not found. HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Value not found. HKCR\Wow6432Node\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Key deleted successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Value not found. "C:\Program Files (x86)\BitTorrentBar" => File/Directory not found. "C:\Program Files (x86)\Ask.com" => File/Directory not found. C:\Program Files (x86)\1ClickDownload => Moved successfully. C:\Windows\SysWOW64\- => Moved successfully. C:\Windows\system32\utmdfz.chu => Moved successfully. Could not move "C:\Windows\system32\kmbac.bzw" => Scheduled to move on reboot. Could not move "C:\Windows\system32\wggt.nxe" => Scheduled to move on reboot. C:\Users\Sean\AppData\Roaming\rfqjgh.dll => Moved successfully. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-23 06:40:06)<= C:\Windows\system32\kmbac.bzw => Is moved successfully. C:\Windows\system32\wggt.nxe => Is moved successfully. ==== End of Fixlog ==== Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.04.23.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sean :: SEAN-PC [administrator] 4/23/2014 6:45:13 AM mbam-log-2014-04-23 (06-45-13).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 579480 Time elapsed: 1 hour(s), 25 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 5 C:\FRST\Quarantine\C\ProgramData\2992199F9A\rfvfleyf.cpp.xBAD (Trojan.FakeMS) -> Quarantined and deleted successfully. C:\FRST\Quarantine\C\ProgramData\2992199F9A\2992199F9A\fyelfvfr.faa (Trojan.FakeMS) -> Quarantined and deleted successfully. C:\FRST\Quarantine\C\Windows\System32\rpcss.dll.xBAD (Trojan.Zekos.Patched) -> Quarantined and deleted successfully. C:\Users\Sean\AppData\Local\Temp\J2Hy.dll (Trojan.FakeMS) -> Quarantined and deleted successfully. C:\Users\Sean\AppData\Local\Temp\radqv.dll (Trojan.FakeMS) -> Quarantined and deleted successfully. (end)
  7. Farbar Recovery Scan Tool (x64) Version: 17-04-2014 Ran by SYSTEM at 2014-04-21 17:50:15 Running from E:\ Boot Mode: Recovery ================== Search: "rpcss.dll" =================== C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll [2011-05-23 12:03] - [2010-11-20 05:27] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123 C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll [2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027 C:\Windows\System32\rpcss.dll [2011-05-23 12:03] - [2010-11-20 05:27] - 0515072 ____A (Microsoft Corporation) 6B23B4D153F20B26B564868B945457A5 C:\Windows\ERDNT\cache64\rpcss.dll [2012-02-26 15:52] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027 X:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll [2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027 X:\Windows\System32\rpcss.dll [2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027 ====== End Of Search ====== Also not sure if it's important but I noticed that while 1ClickDownloader isn't in programs and features for me to uninstall there is a 1ClickDownloader folder within the program files (x86) folder
  8. Search toolbar and 1clickdownloader were not in the list of programs. I uninstalled the rest
  9. FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01 Ran by Sean (administrator) on SEAN-PC on 17-04-2014 13:42:29 Running from C:\Users\Sean\Downloads Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe (BitTorrent Inc.) C:\Users\Sean\AppData\Roaming\BitTorrent\BitTorrent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingApp.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingBar.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingSurrogate.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingSurrogate.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingSurrogate.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingSurrogate.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation) HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation) HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation) HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-08-20] () HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation) HKLM-x32\...\Run: [ROC_roc_dec12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 HKLM-x32\...\Run: [HF_G_Jul] => "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-02] (AVAST Software) HKLM-x32\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic="&"inst=NzYtOTExNjgzNjUxLUNJQTEwKzItU1AxKzEtVFVHKzMtU1AxUzIrMS1TVUQrMS1TMUkrMS1TVTMrMS1DSVArMi1MU0QrMi1ERFQrNTMwNDgtU1QxMEFQUCsxLUREMTArMS1TMTBEREYrMS1QMTBNMTJDKzEtVEIrMS1GVUkrMi1QMTBUQisyLUMxMEFCKzIyLUNJQVYrNTYtUENURVhQKzEw"&"prod=0"&"ver=10.0.1430 [X] HKU\.DEFAULT\...\RunOnce: [sPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation) HKU\S-1-5-21-3799292957-1194181936-1802369922-1000\...\Run: [bitTorrent] => C:\Users\Sean\AppData\Roaming\BitTorrent\BitTorrent.exe [1238616 2014-04-07] (BitTorrent Inc.) HKU\S-1-5-21-3799292957-1194181936-1802369922-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-04-24] (Google Inc.) HKU\S-1-5-21-3799292957-1194181936-1802369922-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation) HKU\S-1-5-21-3799292957-1194181936-1802369922-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation) HKU\S-1-5-21-3799292957-1194181936-1802369922-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-3799292957-1194181936-1802369922-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Startup: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk ShortcutTarget: Impulse Now.lnk -> C:\Program Files (x86)\Impulse\Now\ImpulseNow.exe (GameStop Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE05CE58B3FD3CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?PC=BNHP URLSearchHook: HKLM-x32 - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.) StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - DefaultScope {3D3AB321-AC88-4017-BAF5-28B9AF34DAFF} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms} SearchScopes: HKCU - {3D3AB321-AC88-4017-BAF5-28B9AF34DAFF} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms} BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.) Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File DPF: HKLM-x32 {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: HKLM-x32 {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Users\Sean\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) Chrome: ======= CHR DefaultSearchKeyword: yahoo.com CHR DefaultSearchProvider: Yahoo! CHR DefaultSearchURL: http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=714647&p={searchTerms} CHR DefaultNewTabURL: CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File CHR Plugin: (AVG Internet Security) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll No File CHR Plugin: (Skype Toolbars) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll (Skype Technologies S.A.) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Sean\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Extension: (YouTube) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15] CHR Extension: (Google Search) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15] CHR Extension: (avast! Online Security) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-06] CHR Extension: (Skype Click to Call) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-12-14] CHR Extension: (Google Wallet) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29] CHR Extension: (Gmail) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-10-23] CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG10\Chrome\safesearch.crx [2013-10-23] CHR HKLM-x32\...\Chrome\Extension: [jplinpmadfkdgipabgcdchbdikologlh] - C:\Program Files (x86)\1ClickDownload\1click11.crx [2012-04-29] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-08-16] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-17] (AVAST Software) ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-17] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-27] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-27] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-17] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-17] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-17] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-08] () S3 GEARAspiWDM; C:\Windows\SysWOW64\Drivers\GEARAspiWDM.sys [15664 2012-02-20] (GEAR Software Inc.) R3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () R3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1627520 2009-06-10] (NXP Semiconductors) R3 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) S3 SUSTUCAM; C:\Windows\System32\DRIVERS\sustucam.sys [56832 2009-11-25] (Susteen, Inc.) S3 SUSTUCAU; C:\Windows\System32\DRIVERS\sustucau.sys [33792 2009-11-25] (Susteen, Inc.) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 SysInfo; \??\C:\Windows\system32\drivers\SysInfo.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-17 13:42 - 2014-04-17 13:42 - 00020053 _____ () C:\Users\Sean\Downloads\FRST.txt 2014-04-17 13:41 - 2014-04-17 13:41 - 02158592 _____ (Farbar) C:\Users\Sean\Downloads\FRST64.exe 2014-04-17 10:45 - 2014-04-17 10:45 - 00000064 _____ () C:\Windows\system32\utmdfz.chu 2014-04-17 10:45 - 2014-04-17 10:45 - 00000000 _____ () C:\Windows\system32\kmbac.bzw 2014-04-17 10:29 - 2014-04-17 10:29 - 00301959 ____S () C:\Windows\system32\wggt.nxe 2014-04-17 10:29 - 2014-04-17 10:29 - 00149504 _____ (Microsoft Corporation) C:\Users\Sean\AppData\Roaming\rfqjgh.dll 2014-04-17 07:54 - 2014-04-17 13:42 - 00000000 ____D () C:\FRST 2014-04-15 22:06 - 2014-04-15 22:15 - 342490414 _____ () C:\Users\Sean\Downloads\[DeadFish] Kenzen Robo Daimidaler - 01v4 [720p][AAC].mp4 2014-04-15 22:06 - 2014-04-15 22:11 - 311423874 _____ () C:\Users\Sean\Downloads\[DeadFish] Kenzen Robo Daimidaler - 02 [720p][AAC].mp4 2014-04-15 21:09 - 2014-04-15 21:16 - 377098658 _____ () C:\Users\Sean\Downloads\[DeadFish] Broken Blade (2014) - 01v2 [720p][AAC].mp4 2014-04-15 21:09 - 2014-04-15 21:15 - 347630502 _____ () C:\Users\Sean\Downloads\[DeadFish] Broken Blade (2014) - 02v2 [720p][AAC].mp4 2014-04-15 21:08 - 2014-04-15 21:10 - 210867036 _____ () C:\Users\Sean\Downloads\[DeadFish] Mekakucity Actors - 01v2 [720p][AAC].mp4 2014-04-15 21:07 - 2014-04-15 22:04 - 276422156 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E18.HDTV.x264-KILLERS.mp4 2014-04-15 21:07 - 2014-04-15 21:11 - 200593046 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_12_END_[848x480][4002AE85].avi 2014-04-15 21:06 - 2014-04-15 21:10 - 208754229 _____ () C:\Users\Sean\Downloads\Supernatural.S09E18.HDTV.x264-LOL.mp4 2014-04-15 15:00 - 2014-04-15 16:11 - 266624155 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_08_[720p][2CF1E0F9].mp4 2014-04-15 14:53 - 2014-04-15 16:07 - 249009365 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_04_[1280x720][9EE23D3E].mp4 2014-04-15 14:50 - 2014-04-15 16:15 - 229971448 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_03_[1280x720][bE45F15E].mp4 2014-04-15 14:49 - 2014-04-15 15:53 - 294468336 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_02_[1280x720][9014E20F].mp4 2014-04-15 14:45 - 2014-04-15 16:19 - 285716589 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_01_[1280x720][E65209FF].mp4 2014-04-14 18:24 - 2014-04-14 18:36 - 257841154 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E19.HDTV.x264-LOL.mp4 2014-04-13 11:31 - 2014-04-13 11:34 - 258097932 _____ () C:\Users\Sean\Downloads\[DeadFish] Blade and Soul - 02 [720p][AAC].mp4 2014-04-12 23:20 - 2014-04-12 23:22 - 212374882 _____ () C:\Users\Sean\Downloads\[DeadFish] Akuma no Riddle - 01v2 [720p][AAC].mp4 2014-04-12 15:16 - 2014-04-12 15:19 - 203698686 _____ () C:\Users\Sean\Downloads\[DeadFish] Ryuugajou Nanana no Maizoukin - 01v2 [720p][AAC].mp4 2014-04-12 15:14 - 2014-04-12 15:16 - 255414994 _____ () C:\Users\Sean\Downloads\[DeadFish] Akuma no Riddle - 02 [720p][AAC].mp4 2014-04-11 21:40 - 2014-04-11 21:42 - 262885455 _____ () C:\Users\Sean\Downloads\[DeadFish] Selector Infected WIXOSS - 02 [720p][AAC].mp4 2014-04-11 21:39 - 2014-04-11 21:43 - 255260964 _____ () C:\Users\Sean\Downloads\[DeadFish] Ping Pong The Animation - 01v2 [720p][AAC].mp4 2014-04-10 17:55 - 2014-04-10 18:03 - 523180592 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Seikoku_no_Dragonar_-_01_[720p][FF8C474A].mp4 2014-04-10 17:55 - 2014-04-10 18:02 - 322766058 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_124_[720p][067D561F].mp4 2014-04-10 17:55 - 2014-04-10 18:01 - 265965661 _____ () C:\Users\Sean\Downloads\[DeadFish] Mahouka Koukou no Rettousei - 01 [720p][AAC].mp4 2014-04-10 17:55 - 2014-04-10 17:58 - 334666335 _____ () C:\Users\Sean\Downloads\[DeadFish] No Game No Life - 01 [720p][AAC].mp4 2014-04-09 20:42 - 2014-04-09 20:42 - 00000000 ____D () C:\Users\Sean\Downloads\FFACE41053_Dll 2014-04-09 19:54 - 2014-04-09 19:54 - 00034904 _____ () C:\Users\Sean\Downloads\FFACE41053_Dll.rar 2014-04-08 18:51 - 2014-04-08 18:58 - 216427728 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E17.PROPER.HDTV.x264-2HD.mp4 2014-04-06 23:01 - 2014-04-06 23:11 - 462533664 _____ () C:\Users\Sean\Downloads\Game.of.Thrones.S04E01.HDTV.x264-KILLERS.mp4 2014-04-06 17:45 - 2014-04-06 17:51 - 305116819 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Naruto_Shippuuden_-_357_[720p][5252DC22].mp4 2014-04-05 18:47 - 2014-04-05 18:50 - 223665481 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E16.HDTV.x264-2HD.mp4 2014-04-05 18:46 - 2014-04-05 18:53 - 286082616 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E18.HDTV.x264-LOL.mp4 2014-04-05 18:43 - 2014-04-05 18:44 - 262157529 _____ () C:\Users\Sean\Downloads\[DeadFish] Selector Infected WIXOSS - 01v2 [720p][AAC].mp4 2014-04-04 16:47 - 2014-04-04 16:49 - 310754395 _____ () C:\Users\Sean\Downloads\[DeadFish] Blade and Soul - 01 [720p][AAC].mp4 2014-04-03 18:19 - 2014-04-03 18:25 - 344565421 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_123_[720p][30672811].mp4 2014-04-01 19:13 - 2014-04-01 19:21 - 212956048 _____ () C:\Users\Sean\Downloads\[Tsuki]_Saint_Seiya_Omega_-_96_[848x480][D8B1363D].avi 2014-04-01 18:07 - 2014-04-01 18:07 - 00000000 ____D () C:\ProgramData\GRETECH 2014-03-31 16:50 - 2014-03-31 16:53 - 00000000 ____D () C:\Users\Sean\Downloads\[DeadFish] Tegami Bachi - Batch [720p][MP4][AAC] 2014-03-28 22:34 - 2014-03-28 22:45 - 73937278 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 11 [720p][AAC].mp4 2014-03-28 22:33 - 2014-03-28 22:57 - 69327146 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 05 [720p][AAC].mp4 2014-03-28 22:32 - 2014-03-29 00:23 - 63811922 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 03 [720p][AAC].mp4 2014-03-28 22:31 - 2014-03-29 00:23 - 60021615 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 04 [720p][AAC].mp4 2014-03-28 22:31 - 2014-03-29 00:20 - 64292691 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 08 [720p][AAC].mp4 2014-03-28 22:31 - 2014-03-28 23:58 - 72807264 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 10 [720p][AAC].mp4 2014-03-28 22:31 - 2014-03-28 23:17 - 63980155 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 02 [720p][AAC].mp4 2014-03-28 22:31 - 2014-03-28 23:16 - 60749909 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 07 [720p][AAC].mp4 2014-03-28 22:31 - 2014-03-28 23:12 - 61951333 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 06 [720p][AAC].mp4 2014-03-28 22:30 - 2014-03-28 22:41 - 76499395 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 09 [720p][AAC].mp4 2014-03-28 22:30 - 2014-03-28 22:37 - 69020700 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 01 [720p][AAC].mp4 2014-03-28 22:30 - 2014-03-28 22:32 - 57968983 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 12 [720p][AAC].mp4 2014-03-28 20:58 - 2014-03-28 21:13 - 256888986 _____ () C:\Users\Sean\Downloads\Helix.S01E13.HDTV.x264-EXCELLENCE.mp4 2014-03-27 17:57 - 2014-03-27 18:12 - 484423679 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_10_[8bit][720p][703A8A25].mp4 2014-03-27 17:56 - 2014-03-27 18:03 - 316139439 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_122_[720p][00BFFC65].mp4 2014-03-26 22:02 - 2014-03-26 22:04 - 232708804 _____ () C:\Users\Sean\Downloads\Supernatural.S09E16.HDTV.x264-LOL.mp4 2014-03-26 20:16 - 2014-03-26 20:24 - 292291554 _____ () C:\Users\Sean\Downloads\Arrow.S02E17.HDTV.x264-LOL.mp4 2014-03-26 20:16 - 2014-03-26 20:19 - 214057651 _____ () C:\Users\Sean\Downloads\Supernatural.S09E17.HDTV.x264-LOL.mp4 2014-03-25 17:02 - 2014-03-25 17:08 - 293888801 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Naruto_Shippuuden_-_356_[720p][16346B55].mp4 2014-03-24 23:25 - 2014-03-24 23:27 - 262207302 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.S01E16.HDTV.x264-LOL.mp4 2014-03-24 19:26 - 2014-03-24 19:42 - 226542199 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E17.HDTV.x264-LOL.mp4 2014-03-24 19:16 - 2014-03-24 19:23 - 215209292 _____ () C:\Users\Sean\Downloads\[Tsuki]_Saint_Seiya_Omega_-_95_[848x480][F62F6C47].avi 2014-03-22 17:40 - 2014-03-22 17:40 - 00000000 ____D () C:\Users\Sean\Downloads\Exiled v2 3%2e21%2e2014 2014-03-22 11:37 - 2014-03-22 11:45 - 238075412 _____ () C:\Users\Sean\Downloads\Helix.S01E12.HDTV.x264-KILLERS.mp4 2014-03-20 17:30 - 2014-03-23 01:15 - 00000000 ____D () C:\Users\Sean\Downloads\FFACE41051_Dll 2014-03-19 20:07 - 2014-03-19 20:15 - 237501922 _____ () C:\Users\Sean\Downloads\Revolution.2012.S02E17.HDTV.x264-LOL.mp4 2014-03-19 20:06 - 2014-03-19 20:12 - 289476504 _____ () C:\Users\Sean\Downloads\Arrow.S02E16.HDTV.x264-LOL.mp4 2014-03-19 19:33 - 2014-03-19 19:38 - 514363983 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_09_[8bit][720p][22DE39D1].mp4 2014-03-19 19:33 - 2014-03-19 19:38 - 344335683 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_121_[720p][F55FF846].mp4 2014-03-18 23:29 - 2014-03-18 23:37 - 502590185 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_08_[8bit][720p][07364FB5].mp4 2014-03-18 23:29 - 2014-03-18 23:29 - 00000000 ____D () C:\Windows\SysWOW64\- ==================== One Month Modified Files and Folders ======= 2014-04-17 13:42 - 2014-04-17 13:42 - 00020053 _____ () C:\Users\Sean\Downloads\FRST.txt 2014-04-17 13:42 - 2014-04-17 07:54 - 00000000 ____D () C:\FRST 2014-04-17 13:41 - 2014-04-17 13:41 - 02158592 _____ (Farbar) C:\Users\Sean\Downloads\FRST64.exe 2014-04-17 13:41 - 2010-12-21 13:25 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\BitTorrent 2014-04-17 13:40 - 2012-07-13 07:31 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-04-17 13:39 - 2010-12-20 17:19 - 00000000 ____D () C:\Users\Sean\Tracing 2014-04-17 13:38 - 2011-04-24 08:11 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-17 13:38 - 2010-12-20 17:32 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-04-17 13:38 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-17 13:38 - 2009-07-13 21:51 - 00060618 _____ () C:\Windows\setupact.log 2014-04-17 13:37 - 2010-12-20 10:35 - 01888275 _____ () C:\Windows\WindowsUpdate.log 2014-04-17 12:45 - 2011-04-24 08:11 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-17 11:42 - 2013-03-30 10:39 - 04715689 _____ () C:\windower.txt 2014-04-17 10:54 - 2009-07-13 21:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-17 10:54 - 2009-07-13 21:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-17 10:51 - 2009-07-13 22:13 - 00006622 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-17 10:45 - 2014-04-17 10:45 - 00000064 _____ () C:\Windows\system32\utmdfz.chu 2014-04-17 10:45 - 2014-04-17 10:45 - 00000000 _____ () C:\Windows\system32\kmbac.bzw 2014-04-17 10:29 - 2014-04-17 10:29 - 00301959 ____S () C:\Windows\system32\wggt.nxe 2014-04-17 10:29 - 2014-04-17 10:29 - 00149504 _____ (Microsoft Corporation) C:\Users\Sean\AppData\Roaming\rfqjgh.dll 2014-04-17 08:04 - 2011-07-25 23:08 - 00000000 ___RD () C:\Users\Others\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-17 08:04 - 2010-12-20 11:18 - 00000000 ___RD () C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-17 08:04 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-04-17 07:07 - 2011-07-25 23:05 - 00000008 __RSH () C:\Users\Sean\ntuser.pol 2014-04-17 07:07 - 2010-12-20 11:17 - 00000000 ____D () C:\Users\Sean 2014-04-16 00:54 - 2010-12-20 17:52 - 17008724 _____ () C:\Windows\PFRO.log 2014-04-15 22:15 - 2014-04-15 22:06 - 342490414 _____ () C:\Users\Sean\Downloads\[DeadFish] Kenzen Robo Daimidaler - 01v4 [720p][AAC].mp4 2014-04-15 22:11 - 2014-04-15 22:06 - 311423874 _____ () C:\Users\Sean\Downloads\[DeadFish] Kenzen Robo Daimidaler - 02 [720p][AAC].mp4 2014-04-15 22:04 - 2014-04-15 21:07 - 276422156 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E18.HDTV.x264-KILLERS.mp4 2014-04-15 21:16 - 2014-04-15 21:09 - 377098658 _____ () C:\Users\Sean\Downloads\[DeadFish] Broken Blade (2014) - 01v2 [720p][AAC].mp4 2014-04-15 21:15 - 2014-04-15 21:09 - 347630502 _____ () C:\Users\Sean\Downloads\[DeadFish] Broken Blade (2014) - 02v2 [720p][AAC].mp4 2014-04-15 21:11 - 2014-04-15 21:07 - 200593046 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_12_END_[848x480][4002AE85].avi 2014-04-15 21:10 - 2014-04-15 21:08 - 210867036 _____ () C:\Users\Sean\Downloads\[DeadFish] Mekakucity Actors - 01v2 [720p][AAC].mp4 2014-04-15 21:10 - 2014-04-15 21:06 - 208754229 _____ () C:\Users\Sean\Downloads\Supernatural.S09E18.HDTV.x264-LOL.mp4 2014-04-15 16:19 - 2014-04-15 14:45 - 285716589 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_01_[1280x720][E65209FF].mp4 2014-04-15 16:15 - 2014-04-15 14:50 - 229971448 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_03_[1280x720][bE45F15E].mp4 2014-04-15 16:11 - 2014-04-15 15:00 - 266624155 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_08_[720p][2CF1E0F9].mp4 2014-04-15 16:07 - 2014-04-15 14:53 - 249009365 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_04_[1280x720][9EE23D3E].mp4 2014-04-15 15:53 - 2014-04-15 14:49 - 294468336 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_02_[1280x720][9014E20F].mp4 2014-04-15 15:50 - 2014-01-15 06:41 - 271777829 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_10_[720p][EDAD35E5].mp4 2014-04-15 15:42 - 2014-01-15 06:41 - 243685139 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_09_[720p][7EE148EB].mp4 2014-04-14 19:05 - 2011-04-12 16:40 - 00000000 ____D () C:\Users\Sean\Downloads\Exiled 1%2e2%2e3 2014-04-14 18:36 - 2014-04-14 18:24 - 257841154 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E19.HDTV.x264-LOL.mp4 2014-04-13 11:34 - 2014-04-13 11:31 - 258097932 _____ () C:\Users\Sean\Downloads\[DeadFish] Blade and Soul - 02 [720p][AAC].mp4 2014-04-12 23:22 - 2014-04-12 23:20 - 212374882 _____ () C:\Users\Sean\Downloads\[DeadFish] Akuma no Riddle - 01v2 [720p][AAC].mp4 2014-04-12 15:19 - 2014-04-12 15:16 - 203698686 _____ () C:\Users\Sean\Downloads\[DeadFish] Ryuugajou Nanana no Maizoukin - 01v2 [720p][AAC].mp4 2014-04-12 15:16 - 2014-04-12 15:14 - 255414994 _____ () C:\Users\Sean\Downloads\[DeadFish] Akuma no Riddle - 02 [720p][AAC].mp4 2014-04-11 21:43 - 2014-04-11 21:39 - 255260964 _____ () C:\Users\Sean\Downloads\[DeadFish] Ping Pong The Animation - 01v2 [720p][AAC].mp4 2014-04-11 21:42 - 2014-04-11 21:40 - 262885455 _____ () C:\Users\Sean\Downloads\[DeadFish] Selector Infected WIXOSS - 02 [720p][AAC].mp4 2014-04-10 18:03 - 2014-04-10 17:55 - 523180592 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Seikoku_no_Dragonar_-_01_[720p][FF8C474A].mp4 2014-04-10 18:02 - 2014-04-10 17:55 - 322766058 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_124_[720p][067D561F].mp4 2014-04-10 18:01 - 2014-04-10 17:55 - 265965661 _____ () C:\Users\Sean\Downloads\[DeadFish] Mahouka Koukou no Rettousei - 01 [720p][AAC].mp4 2014-04-10 17:58 - 2014-04-10 17:55 - 334666335 _____ () C:\Users\Sean\Downloads\[DeadFish] No Game No Life - 01 [720p][AAC].mp4 2014-04-09 20:42 - 2014-04-09 20:42 - 00000000 ____D () C:\Users\Sean\Downloads\FFACE41053_Dll 2014-04-09 19:54 - 2014-04-09 19:54 - 00034904 _____ () C:\Users\Sean\Downloads\FFACE41053_Dll.rar 2014-04-08 18:58 - 2014-04-08 18:51 - 216427728 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E17.PROPER.HDTV.x264-2HD.mp4 2014-04-08 11:48 - 2011-12-02 14:53 - 00002102 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-06 23:11 - 2014-04-06 23:01 - 462533664 _____ () C:\Users\Sean\Downloads\Game.of.Thrones.S04E01.HDTV.x264-KILLERS.mp4 2014-04-06 17:51 - 2014-04-06 17:45 - 305116819 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Naruto_Shippuuden_-_357_[720p][5252DC22].mp4 2014-04-05 18:53 - 2014-04-05 18:46 - 286082616 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E18.HDTV.x264-LOL.mp4 2014-04-05 18:50 - 2014-04-05 18:47 - 223665481 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E16.HDTV.x264-2HD.mp4 2014-04-05 18:44 - 2014-04-05 18:43 - 262157529 _____ () C:\Users\Sean\Downloads\[DeadFish] Selector Infected WIXOSS - 01v2 [720p][AAC].mp4 2014-04-04 16:49 - 2014-04-04 16:47 - 310754395 _____ () C:\Users\Sean\Downloads\[DeadFish] Blade and Soul - 01 [720p][AAC].mp4 2014-04-03 18:25 - 2014-04-03 18:19 - 344565421 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_123_[720p][30672811].mp4 2014-04-01 19:21 - 2014-04-01 19:13 - 212956048 _____ () C:\Users\Sean\Downloads\[Tsuki]_Saint_Seiya_Omega_-_96_[848x480][D8B1363D].avi 2014-04-01 18:07 - 2014-04-01 18:07 - 00000000 ____D () C:\ProgramData\GRETECH 2014-04-01 18:07 - 2010-12-22 01:29 - 00001213 _____ () C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk 2014-04-01 18:07 - 2010-12-22 01:29 - 00001189 _____ () C:\Users\Public\Desktop\GOM Player.lnk 2014-03-31 16:53 - 2014-03-31 16:50 - 00000000 ____D () C:\Users\Sean\Downloads\[DeadFish] Tegami Bachi - Batch [720p][MP4][AAC] 2014-03-31 09:35 - 2010-12-20 10:51 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-03-29 00:23 - 2014-03-28 22:32 - 63811922 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 03 [720p][AAC].mp4 2014-03-29 00:23 - 2014-03-28 22:31 - 60021615 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 04 [720p][AAC].mp4 2014-03-29 00:20 - 2014-03-28 22:31 - 64292691 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 08 [720p][AAC].mp4 2014-03-28 23:58 - 2014-03-28 22:31 - 72807264 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 10 [720p][AAC].mp4 2014-03-28 23:17 - 2014-03-28 22:31 - 63980155 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 02 [720p][AAC].mp4 2014-03-28 23:16 - 2014-03-28 22:31 - 60749909 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 07 [720p][AAC].mp4 2014-03-28 23:12 - 2014-03-28 22:31 - 61951333 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 06 [720p][AAC].mp4 2014-03-28 22:57 - 2014-03-28 22:33 - 69327146 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 05 [720p][AAC].mp4 2014-03-28 22:45 - 2014-03-28 22:34 - 73937278 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 11 [720p][AAC].mp4 2014-03-28 22:41 - 2014-03-28 22:30 - 76499395 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 09 [720p][AAC].mp4 2014-03-28 22:37 - 2014-03-28 22:30 - 69020700 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 01 [720p][AAC].mp4 2014-03-28 22:32 - 2014-03-28 22:30 - 57968983 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 12 [720p][AAC].mp4 2014-03-28 21:13 - 2014-03-28 20:58 - 256888986 _____ () C:\Users\Sean\Downloads\Helix.S01E13.HDTV.x264-EXCELLENCE.mp4 2014-03-28 20:40 - 2011-04-24 08:11 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-28 20:40 - 2011-04-24 08:11 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-27 18:12 - 2014-03-27 17:57 - 484423679 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_10_[8bit][720p][703A8A25].mp4 2014-03-27 18:03 - 2014-03-27 17:56 - 316139439 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_122_[720p][00BFFC65].mp4 2014-03-26 22:04 - 2014-03-26 22:02 - 232708804 _____ () C:\Users\Sean\Downloads\Supernatural.S09E16.HDTV.x264-LOL.mp4 2014-03-26 20:24 - 2014-03-26 20:16 - 292291554 _____ () C:\Users\Sean\Downloads\Arrow.S02E17.HDTV.x264-LOL.mp4 2014-03-26 20:19 - 2014-03-26 20:16 - 214057651 _____ () C:\Users\Sean\Downloads\Supernatural.S09E17.HDTV.x264-LOL.mp4 2014-03-25 17:08 - 2014-03-25 17:02 - 293888801 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Naruto_Shippuuden_-_356_[720p][16346B55].mp4 2014-03-24 23:27 - 2014-03-24 23:25 - 262207302 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.S01E16.HDTV.x264-LOL.mp4 2014-03-24 19:42 - 2014-03-24 19:26 - 226542199 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E17.HDTV.x264-LOL.mp4 2014-03-24 19:23 - 2014-03-24 19:16 - 215209292 _____ () C:\Users\Sean\Downloads\[Tsuki]_Saint_Seiya_Omega_-_95_[848x480][F62F6C47].avi 2014-03-23 01:15 - 2014-03-20 17:30 - 00000000 ____D () C:\Users\Sean\Downloads\FFACE41051_Dll 2014-03-22 17:40 - 2014-03-22 17:40 - 00000000 ____D () C:\Users\Sean\Downloads\Exiled v2 3%2e21%2e2014 2014-03-22 11:45 - 2014-03-22 11:37 - 238075412 _____ () C:\Users\Sean\Downloads\Helix.S01E12.HDTV.x264-KILLERS.mp4 2014-03-19 20:15 - 2014-03-19 20:07 - 237501922 _____ () C:\Users\Sean\Downloads\Revolution.2012.S02E17.HDTV.x264-LOL.mp4 2014-03-19 20:12 - 2014-03-19 20:06 - 289476504 _____ () C:\Users\Sean\Downloads\Arrow.S02E16.HDTV.x264-LOL.mp4 2014-03-19 19:38 - 2014-03-19 19:33 - 514363983 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_09_[8bit][720p][22DE39D1].mp4 2014-03-19 19:38 - 2014-03-19 19:33 - 344335683 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_121_[720p][F55FF846].mp4 2014-03-18 23:37 - 2014-03-18 23:29 - 502590185 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_08_[8bit][720p][07364FB5].mp4 2014-03-18 23:29 - 2014-03-18 23:29 - 00000000 ____D () C:\Windows\SysWOW64\- Some content of TEMP: ==================== C:\Users\Sean\AppData\Local\Temp\0ozaolkf.dll C:\Users\Sean\AppData\Local\Temp\ExPromo.exe C:\Users\Sean\AppData\Local\Temp\GenericWndApi.dll C:\Users\Sean\AppData\Local\Temp\iqu_bootstrap.exe C:\Users\Sean\AppData\Local\Temp\J2Hy.dll C:\Users\Sean\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Sean\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Sean\AppData\Local\Temp\opera.dll C:\Users\Sean\AppData\Local\Temp\radqv.dll C:\Users\Sean\AppData\Local\Temp\SearchProtectionSetup.exe C:\Users\Sean\AppData\Local\Temp\SearchWithGoogleUpdate.exe C:\Users\Sean\AppData\Local\Temp\SkypeSetup.exe C:\Users\Sean\AppData\Local\Temp\swt-win32-3349.dll C:\Users\Sean\AppData\Local\Temp\Uninstall.exe C:\Users\Sean\AppData\Local\Temp\utt48C5.tmp.exe C:\Users\Sean\AppData\Local\Temp\uttDA1F.tmp.exe C:\Users\Sean\AppData\Local\Temp\wlsetup-cvr.exe C:\Users\Sean\AppData\Local\Temp\YontooSetup-S.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll [2011-05-23 13:03] - [2010-11-20 06:27] - 0515072 ____A (Microsoft Corporation) 6B23B4D153F20B26B564868B945457A5 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-09 10:24 ==================== End Of Log ============================ Addition.txt. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014 01 Ran by Sean at 2014-04-17 13:43:14 Running from C:\Users\Sean\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== 1ClickDownloader (HKLM-x32\...\1ClickDownloader) (Version: 2.1 Build 26473 - 1ClickDownload) <==== ATTENTION AdblockIE (HKLM-x32\...\{5508128A-2C7B-46B5-81F9-58E8E8115F0B}) (Version: 1.2 - af0.net) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.) Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated) Adobe Reader X (10.1.7) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated) ApRadar 3.3.0.14 (HKLM-x32\...\{ED90F5E3-960A-4BED-B1EF-777D6E4E080F}_is1) (Version: - ApneaSoft) Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.9.1.0 - Ask.com) <==== ATTENTION Atlantis Word Processor (HKLM-x32\...\Atlantis Word Processor) (Version: - ) avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software) Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation) BitTorrent (HKCU\...\BitTorrent) (Version: 7.8.2.30332 - BitTorrent Inc.) BitTorrentBar Toolbar (HKLM-x32\...\BitTorrentBar Toolbar) (Version: 6.8.5.1 - BitTorrentBar) Click to Call with Skype (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8153 - Skype Technologies S.A.) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Corel WordPerfect Office - iFilter 64 Bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.01.000 - Corel Corporation) DataPilot 7 (HKLM-x32\...\InstallShield_{27CAB1BD-7AED-46AE-855C-D6E3B45FF24B}) (Version: 7.00.0001 - Susteen) DataPilot 7 (x32 Version: 7.00.0001 - Susteen) Hidden Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{131CD369-AA3B-424F-A83C-54DF3534B95C}) (Version: - Microsoft) Driver Detective (HKLM-x32\...\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}) (Version: 8.0.1 - PC Drivers HeadQuarters) EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc) FINAL FANTASY XI (HKLM-x32\...\InstallShield_{678F6475-D227-432A-94FF-806178A34520}) (Version: 1.00 - SQUARE ENIX CO., LTD.) FINAL FANTASY XI (x32 Version: 1.00 - SQUARE ENIX CO., LTD.) Hidden FINAL FANTASY XI Seekers of Adoulin (x32 Version: 1.50.0 - SQUARE ENIX CO., LTD.) Hidden FINAL FANTASY XI Test Client (HKLM-x32\...\InstallShield_{27DDD216-365D-4FB8-8E2A-038B971990C2}) (Version: 1.0.0 - SQUARE ENIX CO., LTD.) FINAL FANTASY XI Test Client (x32 Version: 1.0.0 - SQUARE ENIX CO., LTD.) Hidden FINAL FANTASY XI: Chains of Promathia (HKLM-x32\...\InstallShield_{3C0619B4-4A2C-4244-8077-488E420DF907}) (Version: 1.20.1 - SQUARE ENIX CO., LTD.) FINAL FANTASY XI: Chains of Promathia (x32 Version: 1.20.1 - SQUARE ENIX CO., LTD.) Hidden FINAL FANTASY XI: Rise of the Zilart (HKLM-x32\...\InstallShield_{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}) (Version: 1.00 - SQUARE ENIX CO., LTD.) FINAL FANTASY XI: Rise of the Zilart (x32 Version: 1.00 - SQUARE ENIX CO., LTD.) Hidden FINAL FANTASY XI: Seekers of Adoulin (HKLM-x32\...\InstallShield_{E86A33A7-6C77-48F3-9D72-2D8F4C1AD5AC}) (Version: 1.50.0 - SQUARE ENIX CO., LTD.) FINAL FANTASY XI: Treasures of Aht Urhgan (HKLM-x32\...\InstallShield_{A606C6FF-12E7-40BE-B777-D8F360FF00CD}) (Version: 1.30.1 - SQUARE ENIX CO., LTD.) FINAL FANTASY XI: Treasures of Aht Urhgan (x32 Version: 1.30.1 - SQUARE ENIX CO., LTD.) Hidden FINAL FANTASY XI: Wings of the Goddess (HKLM-x32\...\InstallShield_{5B037ED7-0755-48D4-9554-808E5AF50F17}) (Version: 1.40.1 - SQUARE ENIX CO., LTD.) FINAL FANTASY XI: Wings of the Goddess (x32 Version: 1.40.1 - SQUARE ENIX CO., LTD.) Hidden GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.57.5189 - Gretech Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden Impulse® (HKLM-x32\...\Impulse®) (Version: 3.29 - GameStop) Impulse® (x32 Version: 3.29 - GameStop) Hidden InstaCodecs (HKLM-x32\...\InstaCodecs_is1) (Version: 1.0 - ) InstallIQ Updater (HKLM-x32\...\{5EFA68C8-CFFD-407F-8B17-7D7C61D2F93A}) (Version: 1.1.2.0 - W3i, LLC) Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle) Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.58.2 - JMicron Technology Corp.) Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games) LSI PCI-SV92PP Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation) Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft IntelliPoint 8.1 (HKLM\...\Microsoft IntelliPoint 8.1) (Version: 8.15.406.0 - Microsoft) Microsoft IntelliPoint 8.1 (Version: 8.15.406.0 - Microsoft) Hidden Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation) Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0 - Microsoft Corporation) Hidden Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden MPEG2 Codec(libmpeg2/mad) (HKLM-x32\...\MPEG2 Codec(libmpeg2/mad)) (Version: - ) MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig) NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation) NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.6 - Pando Networks Inc.) PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC) PL-2303 USB-to-Serial (x32 Version: 1.00.000 - Prolific Technology INC) Hidden PlayOnline Viewer & Tetra Master (HKLM-x32\...\InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}) (Version: 1.18.00 - SQUARE ENIX CO., LTD.) PlayOnline Viewer & Tetra Master (x32 Version: 1.18.00 - SQUARE ENIX CO., LTD.) Hidden POLUtils (HKLM-x32\...\POLUtils) (Version: - ) Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung) Search Protection (HKCU\...\Search Protection) (Version: 7.5.0.1 - Spigot, Inc.) Search Toolbar (HKLM-x32\...\Search Toolbar) (Version: 1.2 - Zugo Ltd) Skype™ 6.0 (HKLM-x32\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.) Songbird 1.8.0 (Build 1800) (HKLM-x32\...\Songbird-release-1800) (Version: - ) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553092) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7AC49FC8-F8D2-4DD8-9086-09E52385A21F}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.7.0 - Flagship Industries, Inc.) VideoLAN VLC media player 0.8.6f (HKLM-x32\...\VLC media player) (Version: 0.8.6f - VideoLAN Team) VideoMate T, M, P, S Series Driver (HKLM-x32\...\{41E340F0-0BD6-4A87-AF29-E9E584471756}) (Version: 1.38.800 - ) Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies) Windower (HKCU\...\Windower) (Version: 3.4.3.2 - Windower Team) Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - ) Yahoo! BrowserPlus 2.9.8 (HKCU\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.) Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - ) Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation) Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 22-01-2014 18:26:48 Scheduled Checkpoint 03-02-2014 21:48:47 Scheduled Checkpoint 10-02-2014 11:42:35 Windows Update 17-02-2014 15:29:10 avast! antivirus system restore point 19-02-2014 15:51:30 Windows Update 05-03-2014 15:35:24 Scheduled Checkpoint 10-03-2014 11:00:26 Windows Update 17-03-2014 16:10:23 Scheduled Checkpoint 07-04-2014 15:41:12 Windows Update 11-04-2014 12:15:03 Windows Update ==================== Hosts content: ========================== 2009-07-13 19:34 - 2012-03-10 07:47 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {11672CE8-3161-4934-96B8-20B4B3C3F009} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation) Task: {152EF018-8FB2-48C1-8D21-915203097DD1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-24] (Google Inc.) Task: {20B287DB-1EC1-47DC-AFE7-8EE34D396890} - System32\Tasks\{C9447FCA-1018-42B0-B03C-53C1F70959E3} => Iexplore.exe http://ui.skype.com/ui/0/5.3.0.111/en/abandoninstall?page=tsChrome&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-installed;madedefault Task: {20BB3E39-1966-47E1-B3DA-4F4F02D69969} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-17] (AVAST Software) Task: {30A3076B-D20C-4554-9B8D-8CB02E411E03} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-24] (Google Inc.) Task: {34ACF835-2AF0-439D-9A8F-7141AFF100CA} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {452ECD47-45E4-4413-B2BA-A3E3B16E62D9} - System32\Tasks\{CC8B934B-8922-4D3B-BFD9-0B6DC75CB768} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2012-11-09] (Skype Technologies S.A.) Task: {50DB27F7-D3A9-4676-8505-464F74275E15} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation) Task: {9C2C15B2-77B5-4E0B-9590-06152211B626} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2010-09-28] () <==== ATTENTION Task: {DC095267-9429-48DC-8D01-97C36201CCA1} - System32\Tasks\4572 => Wscript.exe C:\Users\Sean\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {E15CC46E-1D7C-4FD2-87C9-EB1E75B57E0E} - System32\Tasks\{13885368-E5CC-4CEE-90EE-4CE75EC59E12} => C:\Program Files (x86)\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe [2011-08-29] (SQUARE ENIX CO., LTD.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-11-18 04:05 - 2013-01-18 08:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2014-04-17 09:04 - 2014-04-17 12:28 - 02215424 _____ () C:\Program Files\AVAST Software\Avast\defs\14041703\algo.dll 2013-10-27 11:12 - 2013-10-27 11:12 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: ehRecvr => 3 MSCONFIG\Services: ehSched => 3 MSCONFIG\Services: WMPNetworkSvc => 3 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/17/2014 01:38:40 PM) (Source: CVHSVC) (User: ) Description: Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (04/17/2014 10:51:37 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (04/17/2014 10:51:37 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (04/17/2014 10:45:48 AM) (Source: CVHSVC) (User: ) Description: Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (04/17/2014 09:07:18 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (04/17/2014 09:07:18 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (04/17/2014 09:02:14 AM) (Source: CVHSVC) (User: ) Description: Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (04/17/2014 08:56:47 AM) (Source: CVHSVC) (User: ) Description: Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (04/17/2014 07:25:54 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error: (04/17/2014 07:10:25 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. System errors: ============= Error: (04/17/2014 01:42:07 PM) (Source: Service Control Manager) (User: ) Description: The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error: (04/17/2014 01:42:07 PM) (Source: Service Control Manager) (User: ) Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (04/17/2014 01:40:06 PM) (Source: Service Control Manager) (User: ) Description: The Client Virtualization Handler service hung on starting. Error: (04/17/2014 01:38:37 PM) (Source: Service Control Manager) (User: ) Description: The Power service terminated with the following error: %%4203 Error: (04/17/2014 01:38:18 PM) (Source: Application Popup) (User: ) Description: \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (04/17/2014 10:49:16 AM) (Source: Service Control Manager) (User: ) Description: The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error: (04/17/2014 10:49:16 AM) (Source: Service Control Manager) (User: ) Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (04/17/2014 10:47:16 AM) (Source: Service Control Manager) (User: ) Description: The Client Virtualization Handler service hung on starting. Error: (04/17/2014 10:45:41 AM) (Source: Service Control Manager) (User: ) Description: The Power service terminated with the following error: %%4203 Error: (04/17/2014 10:45:26 AM) (Source: Application Popup) (User: ) Description: \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Microsoft Office Sessions: ========================= Error: (04/17/2014 01:38:40 PM) (Source: CVHSVC)(User: ) Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (04/17/2014 10:51:37 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (04/17/2014 10:51:37 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY) Description: Performance1637070000000000000000000009030000 Error: (04/17/2014 10:45:48 AM) (Source: CVHSVC)(User: ) Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (04/17/2014 09:07:18 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (04/17/2014 09:07:18 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY) Description: Performance1637070000000000000000000009030000 Error: (04/17/2014 09:02:14 AM) (Source: CVHSVC)(User: ) Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (04/17/2014 08:56:47 AM) (Source: CVHSVC)(User: ) Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (04/17/2014 07:25:54 AM) (Source: SideBySide)(User: ) Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8 Error: (04/17/2014 07:10:25 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY) Description: WmiApRplWmiApRpl8F20300004D070000 CodeIntegrity Errors: =================================== Date: 2013-10-27 05:02:26.368 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-27 05:02:25.980 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-27 05:02:25.617 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-27 04:56:08.960 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-27 04:56:08.608 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-27 04:56:08.264 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-27 04:56:07.880 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-27 04:56:07.540 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-27 04:56:07.196 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-27 04:51:57.726 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 36% Total physical RAM: 4094.55 MB Available physical RAM: 2597.6 MB Total Pagefile: 8187.29 MB Available Pagefile: 6572.32 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.51 GB) (Free:286.66 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: C66D64C5) Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS) ==================== End Of Log ============================ TDSSKiller didn't find any threats so I didn't see any options to skip or save
  10. After having left the computer on for awhile and doing a few things on it it restarted on it's own then when started back up again it started getting non-stop alerts from avast blocking stuff. Specifically h_rttunc-net_com__task__3034__, h_robertollo-green_net__task__3034__, h_brozblagrom-c2_com__online__521__, h_rottover-end_net__task__3034__ , h_r-ubmer5_com__task__3034__ , h_rummerstain2_com__task__3034__ , h_ruggersner8_net__task__3034__, and h_rancho-for-zomb0_net__task__3034__. I think that was all of them
  11. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-04-2014 Ran by SYSTEM at 2014-04-17 07:04:25 Run:1 Running from E:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** Startup: C:\Users\Others\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnk ShortcutTarget: fyelfvfr.lnk -> C:\ProgramData\2992199F9A\rfvfleyf.cpp (?????????? ??????????) Startup: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnk ShortcutTarget: fyelfvfr.lnk -> C:\ProgramData\2992199F9A\rfvfleyf.cpp (?????????? ??????????) GroupPolicyUsers\S-1-5-21-3799292957-1194181936-1802369922-1003\User: Group Policy restriction detected <======= ATTENTION S2 Winmgmt; C:\ProgramData\2992199F9A\fyelfvfr.faa [332020 2014-04-15] (Microsoft Corporation) C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnk C:\Users\Others\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnk C:\ProgramData\2992199F9A ***************** C:\Users\Others\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnk => Moved successfully. C:\ProgramData\2992199F9A\rfvfleyf.cpp => Moved successfully. C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnk => Moved successfully. C:\ProgramData\2992199F9A\rfvfleyf.cpp not found. C:\Windows\System32\GroupPolicyUsers\S-1-5-21-3799292957-1194181936-1802369922-1003\User => Moved successfully. C:\Windows\System32\GroupPolicy\GPT.ini => Moved successfully. Winmgmt => Service restored successfully. "C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnk" => File/Directory not found. "C:\Users\Others\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnk" => File/Directory not found. C:\ProgramData\2992199F9A => Moved successfully. ==== End of Fixlog ==== Managed to log in. No lockout anymore. Had pop ups saying several drivers were installing, that my system restore didn't work with same error code as before, and lastly a pop up that says to finish making changes I need to restart
  12. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 Ran by SYSTEM on MININT-T5EK2DS on 17-04-2014 06:55:16 Running from E:\ Windows 7 Ultimate (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation) HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation) HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation) HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-08-20] () HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation) HKLM-x32\...\Run: [ROC_roc_dec12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 HKLM-x32\...\Run: [HF_G_Jul] => "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-02] (AVAST Software) HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation) HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation) HKLM-x32\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic="&"inst=NzYtOTExNjgzNjUxLUNJQTEwKzItU1AxKzEtVFVHKzMtU1AxUzIrMS1TVUQrMS1TMUkrMS1TVTMrMS1DSVArMi1MU0QrMi1ERFQrNTMwNDgtU1QxMEFQUCsxLUREMTArMS1TMTBEREYrMS1QMTBNMTJDKzEtVEIrMS1GVUkrMi1QMTBUQisyLUMxMEFCKzIyLUNJQVYrNTYtUENURVhQKzEw"&"prod=0"&"ver=10.0.1430 [X] HKU\Others\...\Policies\system: [LogonHoursAction] 2 HKU\Others\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\Sean\...\Run: [bitTorrent] => C:\Users\Sean\AppData\Roaming\BitTorrent\BitTorrent.exe [1238616 2014-04-07] (BitTorrent Inc.) HKU\Sean\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-04-24] (Google Inc.) HKU\Sean\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation) HKU\Sean\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation) HKU\Sean\...\Policies\system: [LogonHoursAction] 2 HKU\Sean\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Startup: C:\Users\Others\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnk ShortcutTarget: fyelfvfr.lnk -> C:\ProgramData\2992199F9A\rfvfleyf.cpp (Корпорация Майкрософт) Startup: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnk ShortcutTarget: fyelfvfr.lnk -> C:\ProgramData\2992199F9A\rfvfleyf.cpp (Корпорация Майкрософт) Startup: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk ShortcutTarget: Impulse Now.lnk -> C:\Program Files (x86)\Impulse\Now\ImpulseNow.exe (GameStop Corporation) GroupPolicyUsers\S-1-5-21-3799292957-1194181936-1802369922-1003\User: Group Policy restriction detected <======= ATTENTION ==================== Services (Whitelisted) ================= S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-17] (AVAST Software) S2 Winmgmt; C:\ProgramData\2992199F9A\fyelfvfr.faa [332020 2014-04-15] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-17] (AVAST Software) S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-27] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-27] () S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-17] (AVAST Software) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-17] (AVAST Software) S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-17] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-08] () S3 GEARAspiWDM; C:\Windows\SysWOW64\Drivers\GEARAspiWDM.sys [15664 2012-02-20] (GEAR Software Inc.) S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.) S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () S3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1627520 2009-06-10] (NXP Semiconductors) S3 SUSTUCAM; C:\Windows\System32\DRIVERS\sustucam.sys [56832 2009-11-25] (Susteen, Inc.) S3 SUSTUCAU; C:\Windows\System32\DRIVERS\sustucau.sys [33792 2009-11-25] (Susteen, Inc.) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 SysInfo; \??\C:\Windows\system32\drivers\SysInfo.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-17 06:54 - 2014-04-17 06:55 - 00000000 ____D () C:\FRST 2014-04-15 23:43 - 2014-04-16 12:27 - 00000000 ____D () C:\ProgramData\2992199F9A 2014-04-15 21:06 - 2014-04-15 21:15 - 342490414 _____ () C:\Users\Sean\Downloads\[DeadFish] Kenzen Robo Daimidaler - 01v4 [720p][AAC].mp4 2014-04-15 21:06 - 2014-04-15 21:11 - 311423874 _____ () C:\Users\Sean\Downloads\[DeadFish] Kenzen Robo Daimidaler - 02 [720p][AAC].mp4 2014-04-15 20:09 - 2014-04-15 20:16 - 377098658 _____ () C:\Users\Sean\Downloads\[DeadFish] Broken Blade (2014) - 01v2 [720p][AAC].mp4 2014-04-15 20:09 - 2014-04-15 20:15 - 347630502 _____ () C:\Users\Sean\Downloads\[DeadFish] Broken Blade (2014) - 02v2 [720p][AAC].mp4 2014-04-15 20:08 - 2014-04-15 20:10 - 210867036 _____ () C:\Users\Sean\Downloads\[DeadFish] Mekakucity Actors - 01v2 [720p][AAC].mp4 2014-04-15 20:07 - 2014-04-15 21:04 - 276422156 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E18.HDTV.x264-KILLERS.mp4 2014-04-15 20:07 - 2014-04-15 20:11 - 200593046 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_12_END_[848x480][4002AE85].avi 2014-04-15 20:06 - 2014-04-15 20:10 - 208754229 _____ () C:\Users\Sean\Downloads\Supernatural.S09E18.HDTV.x264-LOL.mp4 2014-04-15 14:00 - 2014-04-15 15:11 - 266624155 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_08_[720p][2CF1E0F9].mp4 2014-04-15 13:53 - 2014-04-15 15:07 - 249009365 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_04_[1280x720][9EE23D3E].mp4 2014-04-15 13:50 - 2014-04-15 15:15 - 229971448 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_03_[1280x720][bE45F15E].mp4 2014-04-15 13:49 - 2014-04-15 14:53 - 294468336 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_02_[1280x720][9014E20F].mp4 2014-04-15 13:45 - 2014-04-15 15:19 - 285716589 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_01_[1280x720][E65209FF].mp4 2014-04-14 17:24 - 2014-04-14 17:36 - 257841154 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E19.HDTV.x264-LOL.mp4 2014-04-13 10:31 - 2014-04-13 10:34 - 258097932 _____ () C:\Users\Sean\Downloads\[DeadFish] Blade and Soul - 02 [720p][AAC].mp4 2014-04-12 22:20 - 2014-04-12 22:22 - 212374882 _____ () C:\Users\Sean\Downloads\[DeadFish] Akuma no Riddle - 01v2 [720p][AAC].mp4 2014-04-12 14:16 - 2014-04-12 14:19 - 203698686 _____ () C:\Users\Sean\Downloads\[DeadFish] Ryuugajou Nanana no Maizoukin - 01v2 [720p][AAC].mp4 2014-04-12 14:14 - 2014-04-12 14:16 - 255414994 _____ () C:\Users\Sean\Downloads\[DeadFish] Akuma no Riddle - 02 [720p][AAC].mp4 2014-04-11 20:40 - 2014-04-11 20:42 - 262885455 _____ () C:\Users\Sean\Downloads\[DeadFish] Selector Infected WIXOSS - 02 [720p][AAC].mp4 2014-04-11 20:39 - 2014-04-11 20:43 - 255260964 _____ () C:\Users\Sean\Downloads\[DeadFish] Ping Pong The Animation - 01v2 [720p][AAC].mp4 2014-04-10 16:55 - 2014-04-10 17:03 - 523180592 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Seikoku_no_Dragonar_-_01_[720p][FF8C474A].mp4 2014-04-10 16:55 - 2014-04-10 17:02 - 322766058 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_124_[720p][067D561F].mp4 2014-04-10 16:55 - 2014-04-10 17:01 - 265965661 _____ () C:\Users\Sean\Downloads\[DeadFish] Mahouka Koukou no Rettousei - 01 [720p][AAC].mp4 2014-04-10 16:55 - 2014-04-10 16:58 - 334666335 _____ () C:\Users\Sean\Downloads\[DeadFish] No Game No Life - 01 [720p][AAC].mp4 2014-04-09 19:42 - 2014-04-09 19:42 - 00000000 ____D () C:\Users\Sean\Downloads\FFACE41053_Dll 2014-04-09 18:54 - 2014-04-09 18:54 - 00034904 _____ () C:\Users\Sean\Downloads\FFACE41053_Dll.rar 2014-04-08 17:51 - 2014-04-08 17:58 - 216427728 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E17.PROPER.HDTV.x264-2HD.mp4 2014-04-06 22:01 - 2014-04-06 22:11 - 462533664 _____ () C:\Users\Sean\Downloads\Game.of.Thrones.S04E01.HDTV.x264-KILLERS.mp4 2014-04-06 16:45 - 2014-04-06 16:51 - 305116819 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Naruto_Shippuuden_-_357_[720p][5252DC22].mp4 2014-04-05 17:47 - 2014-04-05 17:50 - 223665481 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E16.HDTV.x264-2HD.mp4 2014-04-05 17:46 - 2014-04-05 17:53 - 286082616 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E18.HDTV.x264-LOL.mp4 2014-04-05 17:43 - 2014-04-05 17:44 - 262157529 _____ () C:\Users\Sean\Downloads\[DeadFish] Selector Infected WIXOSS - 01v2 [720p][AAC].mp4 2014-04-04 15:47 - 2014-04-04 15:49 - 310754395 _____ () C:\Users\Sean\Downloads\[DeadFish] Blade and Soul - 01 [720p][AAC].mp4 2014-04-03 17:19 - 2014-04-03 17:25 - 344565421 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_123_[720p][30672811].mp4 2014-04-01 18:13 - 2014-04-01 18:21 - 212956048 _____ () C:\Users\Sean\Downloads\[Tsuki]_Saint_Seiya_Omega_-_96_[848x480][D8B1363D].avi 2014-04-01 17:07 - 2014-04-01 17:07 - 00000000 ____D () C:\ProgramData\GRETECH 2014-03-31 15:50 - 2014-03-31 15:53 - 00000000 ____D () C:\Users\Sean\Downloads\[DeadFish] Tegami Bachi - Batch [720p][MP4][AAC] 2014-03-28 21:34 - 2014-03-28 21:45 - 73937278 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 11 [720p][AAC].mp4 2014-03-28 21:33 - 2014-03-28 21:57 - 69327146 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 05 [720p][AAC].mp4 2014-03-28 21:32 - 2014-03-28 23:23 - 63811922 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 03 [720p][AAC].mp4 2014-03-28 21:31 - 2014-03-28 23:23 - 60021615 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 04 [720p][AAC].mp4 2014-03-28 21:31 - 2014-03-28 23:20 - 64292691 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 08 [720p][AAC].mp4 2014-03-28 21:31 - 2014-03-28 22:58 - 72807264 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 10 [720p][AAC].mp4 2014-03-28 21:31 - 2014-03-28 22:17 - 63980155 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 02 [720p][AAC].mp4 2014-03-28 21:31 - 2014-03-28 22:16 - 60749909 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 07 [720p][AAC].mp4 2014-03-28 21:31 - 2014-03-28 22:12 - 61951333 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 06 [720p][AAC].mp4 2014-03-28 21:30 - 2014-03-28 21:41 - 76499395 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 09 [720p][AAC].mp4 2014-03-28 21:30 - 2014-03-28 21:37 - 69020700 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 01 [720p][AAC].mp4 2014-03-28 21:30 - 2014-03-28 21:32 - 57968983 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 12 [720p][AAC].mp4 2014-03-28 19:58 - 2014-03-28 20:13 - 256888986 _____ () C:\Users\Sean\Downloads\Helix.S01E13.HDTV.x264-EXCELLENCE.mp4 2014-03-27 16:57 - 2014-03-27 17:12 - 484423679 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_10_[8bit][720p][703A8A25].mp4 2014-03-27 16:56 - 2014-03-27 17:03 - 316139439 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_122_[720p][00BFFC65].mp4 2014-03-26 21:02 - 2014-03-26 21:04 - 232708804 _____ () C:\Users\Sean\Downloads\Supernatural.S09E16.HDTV.x264-LOL.mp4 2014-03-26 19:16 - 2014-03-26 19:24 - 292291554 _____ () C:\Users\Sean\Downloads\Arrow.S02E17.HDTV.x264-LOL.mp4 2014-03-26 19:16 - 2014-03-26 19:19 - 214057651 _____ () C:\Users\Sean\Downloads\Supernatural.S09E17.HDTV.x264-LOL.mp4 2014-03-25 16:02 - 2014-03-25 16:08 - 293888801 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Naruto_Shippuuden_-_356_[720p][16346B55].mp4 2014-03-24 22:25 - 2014-03-24 22:27 - 262207302 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.S01E16.HDTV.x264-LOL.mp4 2014-03-24 18:26 - 2014-03-24 18:42 - 226542199 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E17.HDTV.x264-LOL.mp4 2014-03-24 18:16 - 2014-03-24 18:23 - 215209292 _____ () C:\Users\Sean\Downloads\[Tsuki]_Saint_Seiya_Omega_-_95_[848x480][F62F6C47].avi 2014-03-22 16:40 - 2014-03-22 16:40 - 00000000 ____D () C:\Users\Sean\Downloads\Exiled v2 3%2e21%2e2014 2014-03-22 10:37 - 2014-03-22 10:45 - 238075412 _____ () C:\Users\Sean\Downloads\Helix.S01E12.HDTV.x264-KILLERS.mp4 2014-03-20 16:30 - 2014-03-23 00:15 - 00000000 ____D () C:\Users\Sean\Downloads\FFACE41051_Dll 2014-03-19 19:07 - 2014-03-19 19:15 - 237501922 _____ () C:\Users\Sean\Downloads\Revolution.2012.S02E17.HDTV.x264-LOL.mp4 2014-03-19 19:06 - 2014-03-19 19:12 - 289476504 _____ () C:\Users\Sean\Downloads\Arrow.S02E16.HDTV.x264-LOL.mp4 2014-03-19 18:33 - 2014-03-19 18:38 - 514363983 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_09_[8bit][720p][22DE39D1].mp4 2014-03-19 18:33 - 2014-03-19 18:38 - 344335683 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_121_[720p][F55FF846].mp4 2014-03-18 22:29 - 2014-03-18 22:37 - 502590185 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_08_[8bit][720p][07364FB5].mp4 2014-03-18 22:29 - 2014-03-18 22:29 - 00000000 ____D () C:\Windows\SysWOW64\- ==================== One Month Modified Files and Folders ======= 2014-04-17 06:55 - 2014-04-17 06:54 - 00000000 ____D () C:\FRST 2014-04-16 12:27 - 2014-04-15 23:43 - 00000000 ____D () C:\ProgramData\2992199F9A 2014-04-16 12:27 - 2011-04-24 07:11 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-16 12:26 - 2010-12-20 16:32 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-04-16 12:26 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-16 12:26 - 2009-07-13 20:51 - 00060304 _____ () C:\Windows\setupact.log 2014-04-16 10:56 - 2010-12-21 12:25 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\BitTorrent 2014-04-16 10:54 - 2010-12-20 16:19 - 00000000 ____D () C:\Users\Sean\Tracing 2014-04-16 02:10 - 2010-12-20 09:35 - 01816767 _____ () C:\Windows\WindowsUpdate.log 2014-04-16 01:45 - 2011-04-24 07:11 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-16 00:13 - 2009-07-13 20:45 - 00014224 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-16 00:13 - 2009-07-13 20:45 - 00014224 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-16 00:09 - 2012-07-13 06:31 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-04-15 23:54 - 2010-12-20 16:52 - 17008724 _____ () C:\Windows\PFRO.log 2014-04-15 21:15 - 2014-04-15 21:06 - 342490414 _____ () C:\Users\Sean\Downloads\[DeadFish] Kenzen Robo Daimidaler - 01v4 [720p][AAC].mp4 2014-04-15 21:11 - 2014-04-15 21:06 - 311423874 _____ () C:\Users\Sean\Downloads\[DeadFish] Kenzen Robo Daimidaler - 02 [720p][AAC].mp4 2014-04-15 21:04 - 2014-04-15 20:07 - 276422156 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E18.HDTV.x264-KILLERS.mp4 2014-04-15 20:16 - 2014-04-15 20:09 - 377098658 _____ () C:\Users\Sean\Downloads\[DeadFish] Broken Blade (2014) - 01v2 [720p][AAC].mp4 2014-04-15 20:15 - 2014-04-15 20:09 - 347630502 _____ () C:\Users\Sean\Downloads\[DeadFish] Broken Blade (2014) - 02v2 [720p][AAC].mp4 2014-04-15 20:11 - 2014-04-15 20:07 - 200593046 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_12_END_[848x480][4002AE85].avi 2014-04-15 20:10 - 2014-04-15 20:08 - 210867036 _____ () C:\Users\Sean\Downloads\[DeadFish] Mekakucity Actors - 01v2 [720p][AAC].mp4 2014-04-15 20:10 - 2014-04-15 20:06 - 208754229 _____ () C:\Users\Sean\Downloads\Supernatural.S09E18.HDTV.x264-LOL.mp4 2014-04-15 16:01 - 2013-03-30 09:39 - 04665321 _____ () C:\windower.txt 2014-04-15 15:19 - 2014-04-15 13:45 - 285716589 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_01_[1280x720][E65209FF].mp4 2014-04-15 15:15 - 2014-04-15 13:50 - 229971448 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_03_[1280x720][bE45F15E].mp4 2014-04-15 15:11 - 2014-04-15 14:00 - 266624155 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_08_[720p][2CF1E0F9].mp4 2014-04-15 15:07 - 2014-04-15 13:53 - 249009365 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_04_[1280x720][9EE23D3E].mp4 2014-04-15 14:53 - 2014-04-15 13:49 - 294468336 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_02_[1280x720][9014E20F].mp4 2014-04-15 14:50 - 2014-01-15 05:41 - 271777829 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_10_[720p][EDAD35E5].mp4 2014-04-15 14:42 - 2014-01-15 05:41 - 243685139 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_09_[720p][7EE148EB].mp4 2014-04-14 18:05 - 2011-04-12 15:40 - 00000000 ____D () C:\Users\Sean\Downloads\Exiled 1%2e2%2e3 2014-04-14 17:36 - 2014-04-14 17:24 - 257841154 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E19.HDTV.x264-LOL.mp4 2014-04-13 10:34 - 2014-04-13 10:31 - 258097932 _____ () C:\Users\Sean\Downloads\[DeadFish] Blade and Soul - 02 [720p][AAC].mp4 2014-04-12 22:22 - 2014-04-12 22:20 - 212374882 _____ () C:\Users\Sean\Downloads\[DeadFish] Akuma no Riddle - 01v2 [720p][AAC].mp4 2014-04-12 14:19 - 2014-04-12 14:16 - 203698686 _____ () C:\Users\Sean\Downloads\[DeadFish] Ryuugajou Nanana no Maizoukin - 01v2 [720p][AAC].mp4 2014-04-12 14:16 - 2014-04-12 14:14 - 255414994 _____ () C:\Users\Sean\Downloads\[DeadFish] Akuma no Riddle - 02 [720p][AAC].mp4 2014-04-11 20:43 - 2014-04-11 20:39 - 255260964 _____ () C:\Users\Sean\Downloads\[DeadFish] Ping Pong The Animation - 01v2 [720p][AAC].mp4 2014-04-11 20:42 - 2014-04-11 20:40 - 262885455 _____ () C:\Users\Sean\Downloads\[DeadFish] Selector Infected WIXOSS - 02 [720p][AAC].mp4 2014-04-10 17:03 - 2014-04-10 16:55 - 523180592 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Seikoku_no_Dragonar_-_01_[720p][FF8C474A].mp4 2014-04-10 17:02 - 2014-04-10 16:55 - 322766058 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_124_[720p][067D561F].mp4 2014-04-10 17:01 - 2014-04-10 16:55 - 265965661 _____ () C:\Users\Sean\Downloads\[DeadFish] Mahouka Koukou no Rettousei - 01 [720p][AAC].mp4 2014-04-10 16:58 - 2014-04-10 16:55 - 334666335 _____ () C:\Users\Sean\Downloads\[DeadFish] No Game No Life - 01 [720p][AAC].mp4 2014-04-09 19:42 - 2014-04-09 19:42 - 00000000 ____D () C:\Users\Sean\Downloads\FFACE41053_Dll 2014-04-09 18:54 - 2014-04-09 18:54 - 00034904 _____ () C:\Users\Sean\Downloads\FFACE41053_Dll.rar 2014-04-08 17:58 - 2014-04-08 17:51 - 216427728 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E17.PROPER.HDTV.x264-2HD.mp4 2014-04-08 10:48 - 2011-12-02 13:53 - 00002102 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-06 22:11 - 2014-04-06 22:01 - 462533664 _____ () C:\Users\Sean\Downloads\Game.of.Thrones.S04E01.HDTV.x264-KILLERS.mp4 2014-04-06 16:51 - 2014-04-06 16:45 - 305116819 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Naruto_Shippuuden_-_357_[720p][5252DC22].mp4 2014-04-05 17:53 - 2014-04-05 17:46 - 286082616 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E18.HDTV.x264-LOL.mp4 2014-04-05 17:50 - 2014-04-05 17:47 - 223665481 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E16.HDTV.x264-2HD.mp4 2014-04-05 17:44 - 2014-04-05 17:43 - 262157529 _____ () C:\Users\Sean\Downloads\[DeadFish] Selector Infected WIXOSS - 01v2 [720p][AAC].mp4 2014-04-04 15:49 - 2014-04-04 15:47 - 310754395 _____ () C:\Users\Sean\Downloads\[DeadFish] Blade and Soul - 01 [720p][AAC].mp4 2014-04-03 17:25 - 2014-04-03 17:19 - 344565421 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_123_[720p][30672811].mp4 2014-04-01 18:21 - 2014-04-01 18:13 - 212956048 _____ () C:\Users\Sean\Downloads\[Tsuki]_Saint_Seiya_Omega_-_96_[848x480][D8B1363D].avi 2014-04-01 17:07 - 2014-04-01 17:07 - 00000000 ____D () C:\ProgramData\GRETECH 2014-04-01 17:07 - 2010-12-22 00:29 - 00001189 _____ () C:\Users\Public\Desktop\GOM Player.lnk 2014-03-31 15:53 - 2014-03-31 15:50 - 00000000 ____D () C:\Users\Sean\Downloads\[DeadFish] Tegami Bachi - Batch [720p][MP4][AAC] 2014-03-31 08:35 - 2010-12-20 09:51 - 00270496 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2014-03-29 14:53 - 2009-07-13 21:13 - 00006622 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-03-28 23:23 - 2014-03-28 21:32 - 63811922 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 03 [720p][AAC].mp4 2014-03-28 23:23 - 2014-03-28 21:31 - 60021615 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 04 [720p][AAC].mp4 2014-03-28 23:20 - 2014-03-28 21:31 - 64292691 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 08 [720p][AAC].mp4 2014-03-28 22:58 - 2014-03-28 21:31 - 72807264 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 10 [720p][AAC].mp4 2014-03-28 22:17 - 2014-03-28 21:31 - 63980155 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 02 [720p][AAC].mp4 2014-03-28 22:16 - 2014-03-28 21:31 - 60749909 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 07 [720p][AAC].mp4 2014-03-28 22:12 - 2014-03-28 21:31 - 61951333 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 06 [720p][AAC].mp4 2014-03-28 21:57 - 2014-03-28 21:33 - 69327146 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 05 [720p][AAC].mp4 2014-03-28 21:45 - 2014-03-28 21:34 - 73937278 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 11 [720p][AAC].mp4 2014-03-28 21:41 - 2014-03-28 21:30 - 76499395 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 09 [720p][AAC].mp4 2014-03-28 21:37 - 2014-03-28 21:30 - 69020700 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 01 [720p][AAC].mp4 2014-03-28 21:32 - 2014-03-28 21:30 - 57968983 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 12 [720p][AAC].mp4 2014-03-28 20:13 - 2014-03-28 19:58 - 256888986 _____ () C:\Users\Sean\Downloads\Helix.S01E13.HDTV.x264-EXCELLENCE.mp4 2014-03-28 19:40 - 2011-04-24 07:11 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-28 19:40 - 2011-04-24 07:11 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-27 17:12 - 2014-03-27 16:57 - 484423679 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_10_[8bit][720p][703A8A25].mp4 2014-03-27 17:03 - 2014-03-27 16:56 - 316139439 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_122_[720p][00BFFC65].mp4 2014-03-26 21:04 - 2014-03-26 21:02 - 232708804 _____ () C:\Users\Sean\Downloads\Supernatural.S09E16.HDTV.x264-LOL.mp4 2014-03-26 19:24 - 2014-03-26 19:16 - 292291554 _____ () C:\Users\Sean\Downloads\Arrow.S02E17.HDTV.x264-LOL.mp4 2014-03-26 19:19 - 2014-03-26 19:16 - 214057651 _____ () C:\Users\Sean\Downloads\Supernatural.S09E17.HDTV.x264-LOL.mp4 2014-03-25 16:08 - 2014-03-25 16:02 - 293888801 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Naruto_Shippuuden_-_356_[720p][16346B55].mp4 2014-03-24 22:27 - 2014-03-24 22:25 - 262207302 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.S01E16.HDTV.x264-LOL.mp4 2014-03-24 18:42 - 2014-03-24 18:26 - 226542199 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E17.HDTV.x264-LOL.mp4 2014-03-24 18:23 - 2014-03-24 18:16 - 215209292 _____ () C:\Users\Sean\Downloads\[Tsuki]_Saint_Seiya_Omega_-_95_[848x480][F62F6C47].avi 2014-03-23 00:15 - 2014-03-20 16:30 - 00000000 ____D () C:\Users\Sean\Downloads\FFACE41051_Dll 2014-03-22 16:40 - 2014-03-22 16:40 - 00000000 ____D () C:\Users\Sean\Downloads\Exiled v2 3%2e21%2e2014 2014-03-22 10:45 - 2014-03-22 10:37 - 238075412 _____ () C:\Users\Sean\Downloads\Helix.S01E12.HDTV.x264-KILLERS.mp4 2014-03-19 19:15 - 2014-03-19 19:07 - 237501922 _____ () C:\Users\Sean\Downloads\Revolution.2012.S02E17.HDTV.x264-LOL.mp4 2014-03-19 19:12 - 2014-03-19 19:06 - 289476504 _____ () C:\Users\Sean\Downloads\Arrow.S02E16.HDTV.x264-LOL.mp4 2014-03-19 18:38 - 2014-03-19 18:33 - 514363983 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_09_[8bit][720p][22DE39D1].mp4 2014-03-19 18:38 - 2014-03-19 18:33 - 344335683 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_121_[720p][F55FF846].mp4 2014-03-18 22:37 - 2014-03-18 22:29 - 502590185 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_08_[8bit][720p][07364FB5].mp4 2014-03-18 22:29 - 2014-03-18 22:29 - 00000000 ____D () C:\Windows\SysWOW64\- Some content of TEMP: ==================== C:\Users\Sean\AppData\Local\Temp\0ozaolkf.dll C:\Users\Sean\AppData\Local\Temp\ExPromo.exe C:\Users\Sean\AppData\Local\Temp\GenericWndApi.dll C:\Users\Sean\AppData\Local\Temp\iqu_bootstrap.exe C:\Users\Sean\AppData\Local\Temp\J2Hy.dll C:\Users\Sean\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Sean\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Sean\AppData\Local\Temp\opera.dll C:\Users\Sean\AppData\Local\Temp\radqv.dll C:\Users\Sean\AppData\Local\Temp\SearchProtectionSetup.exe C:\Users\Sean\AppData\Local\Temp\SearchWithGoogleUpdate.exe C:\Users\Sean\AppData\Local\Temp\SkypeSetup.exe C:\Users\Sean\AppData\Local\Temp\swt-win32-3349.dll C:\Users\Sean\AppData\Local\Temp\Uninstall.exe C:\Users\Sean\AppData\Local\Temp\utt48C5.tmp.exe C:\Users\Sean\AppData\Local\Temp\uttDA1F.tmp.exe C:\Users\Sean\AppData\Local\Temp\wlsetup-cvr.exe C:\Users\Sean\AppData\Local\Temp\YontooSetup-S.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2014-01-22 10:27:00 Restore point made on: 2014-02-03 13:49:09 Restore point made on: 2014-02-10 03:42:56 Restore point made on: 2014-02-17 07:30:07 Restore point made on: 2014-02-19 07:51:46 Restore point made on: 2014-03-05 07:35:36 Restore point made on: 2014-03-10 03:00:46 Restore point made on: 2014-03-17 08:10:43 Restore point made on: 2014-04-07 07:41:31 Restore point made on: 2014-04-11 04:15:28 ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 4094.55 MB Available physical RAM: 3464.32 MB Total Pagefile: 4092.7 MB Available Pagefile: 3466.08 MB Total Virtual: 8192 MB Available Virtual: 8191.87 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.51 GB) (Free:286.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: () (Removable) (Total:0.94 GB) (Free:0.4 GB) FAT Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: C66D64C5) Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 961 MB) (Disk ID: 00000000) Partition: GPT Partition Type. LastRegBack: 2014-04-09 09:24 ==================== End Of Log ============================
  13. So I need another computer and flash drive to start? If so it will be a day before I can continue.
  14. Got the fbi ransom where. Tried some online guides but am unable to folllow them for various reasons. Specifically can't do recommended scans since the virus stops me from opening programs. Can't restart in any of the safemodes because as soon as it gets to log in screen it restarts the computer. Manage to access system restore thru the system recovery options but every restore point I try results in the same error with the following details "system restore failed to extract the file (C:Users\other\appdata\roaming\microsoft\windows\start menu\programs\startup) from the restore point. The restore point was damaged or was deleted during the restore." The system recovery options lets me run a command prompt so I tried running mbam.exe from there but I get "the subsystem needed to support the image type is not present." I can't make a try making a disk to run scan on boot right now since I wont have access to another computer for another day
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.