dasva Posted April 16, 2014 ID:819450 Share Posted April 16, 2014 Got the fbi ransom where. Tried some online guides but am unable to folllow them for various reasons. Specifically can't do recommended scans since the virus stops me from opening programs. Can't restart in any of the safemodes because as soon as it gets to log in screen it restarts the computer. Manage to access system restore thru the system recovery options but every restore point I try results in the same error with the following details "system restore failed to extract the file(C:Users\other\appdata\roaming\microsoft\windows\start menu\programs\startup) from the restore point. The restore point was damaged or was deleted during the restore."The system recovery options lets me run a command prompt so I tried running mbam.exe from there but I get "the subsystem needed to support the image type is not present."I can't make a try making a disk to run scan on boot right now since I wont have access to another computer for another day Link to post Share on other sites More sharing options...
Psychotic Posted April 16, 2014 ID:819454 Share Posted April 16, 2014 Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding. Scan with FRST (Recovery Environment)To run FRST on Vista and Windows7:For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive. For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options.To enter System Recovery Options from the Advanced Boot Options:Restart the computer. As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears. Use the arrow keys to select the Repair your computer menu item. Choose your language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account an click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc. Restart your computer. If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings. Click Repair your computer. Choose your language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup Repair System Restore Windows Complete PC Restore Windows Memory Diagnostic Tool Command Prompt Select Command PromptIn the command window: type in notepad and press Enter. The notepad opens. Under File menu select Open. Select "Computer" and find your flash drive letter and close the notepad. In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive. The tool will start to run. When the tool opens click Yes to disclaimer. Press Scan button.It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply. Link to post Share on other sites More sharing options...
dasva Posted April 16, 2014 Author ID:819487 Share Posted April 16, 2014 So I need another computer and flash drive to start? If so it will be a day before I can continue. Link to post Share on other sites More sharing options...
Psychotic Posted April 16, 2014 ID:819503 Share Posted April 16, 2014 Yes, you need another computer and a flash drive. I´ll await your log files. Link to post Share on other sites More sharing options...
dasva Posted April 17, 2014 Author ID:819863 Share Posted April 17, 2014 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 Ran by SYSTEM on MININT-T5EK2DS on 17-04-2014 06:55:16 Running from E:\ Windows 7 Ultimate (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation) HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation) HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation) HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-08-20] () HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation) HKLM-x32\...\Run: [ROC_roc_dec12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 HKLM-x32\...\Run: [HF_G_Jul] => "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-02] (AVAST Software) HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation) HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation) HKLM-x32\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic="&"inst=NzYtOTExNjgzNjUxLUNJQTEwKzItU1AxKzEtVFVHKzMtU1AxUzIrMS1TVUQrMS1TMUkrMS1TVTMrMS1DSVArMi1MU0QrMi1ERFQrNTMwNDgtU1QxMEFQUCsxLUREMTArMS1TMTBEREYrMS1QMTBNMTJDKzEtVEIrMS1GVUkrMi1QMTBUQisyLUMxMEFCKzIyLUNJQVYrNTYtUENURVhQKzEw"&"prod=0"&"ver=10.0.1430 [X] HKU\Others\...\Policies\system: [LogonHoursAction] 2 HKU\Others\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\Sean\...\Run: [bitTorrent] => C:\Users\Sean\AppData\Roaming\BitTorrent\BitTorrent.exe [1238616 2014-04-07] (BitTorrent Inc.) HKU\Sean\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-04-24] (Google Inc.) HKU\Sean\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation) HKU\Sean\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation) HKU\Sean\...\Policies\system: [LogonHoursAction] 2 HKU\Sean\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Startup: C:\Users\Others\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnk ShortcutTarget: fyelfvfr.lnk -> C:\ProgramData\2992199F9A\rfvfleyf.cpp (Корпорация Майкрософт) Startup: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnk ShortcutTarget: fyelfvfr.lnk -> C:\ProgramData\2992199F9A\rfvfleyf.cpp (Корпорация Майкрософт) Startup: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk ShortcutTarget: Impulse Now.lnk -> C:\Program Files (x86)\Impulse\Now\ImpulseNow.exe (GameStop Corporation) GroupPolicyUsers\S-1-5-21-3799292957-1194181936-1802369922-1003\User: Group Policy restriction detected <======= ATTENTION ==================== Services (Whitelisted) ================= S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-17] (AVAST Software) S2 Winmgmt; C:\ProgramData\2992199F9A\fyelfvfr.faa [332020 2014-04-15] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-17] (AVAST Software) S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-27] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-27] () S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-17] (AVAST Software) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-17] (AVAST Software) S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-17] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-08] () S3 GEARAspiWDM; C:\Windows\SysWOW64\Drivers\GEARAspiWDM.sys [15664 2012-02-20] (GEAR Software Inc.) S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.) S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () S3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1627520 2009-06-10] (NXP Semiconductors) S3 SUSTUCAM; C:\Windows\System32\DRIVERS\sustucam.sys [56832 2009-11-25] (Susteen, Inc.) S3 SUSTUCAU; C:\Windows\System32\DRIVERS\sustucau.sys [33792 2009-11-25] (Susteen, Inc.) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 SysInfo; \??\C:\Windows\system32\drivers\SysInfo.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-17 06:54 - 2014-04-17 06:55 - 00000000 ____D () C:\FRST 2014-04-15 23:43 - 2014-04-16 12:27 - 00000000 ____D () C:\ProgramData\2992199F9A 2014-04-15 21:06 - 2014-04-15 21:15 - 342490414 _____ () C:\Users\Sean\Downloads\[DeadFish] Kenzen Robo Daimidaler - 01v4 [720p][AAC].mp4 2014-04-15 21:06 - 2014-04-15 21:11 - 311423874 _____ () C:\Users\Sean\Downloads\[DeadFish] Kenzen Robo Daimidaler - 02 [720p][AAC].mp4 2014-04-15 20:09 - 2014-04-15 20:16 - 377098658 _____ () C:\Users\Sean\Downloads\[DeadFish] Broken Blade (2014) - 01v2 [720p][AAC].mp4 2014-04-15 20:09 - 2014-04-15 20:15 - 347630502 _____ () C:\Users\Sean\Downloads\[DeadFish] Broken Blade (2014) - 02v2 [720p][AAC].mp4 2014-04-15 20:08 - 2014-04-15 20:10 - 210867036 _____ () C:\Users\Sean\Downloads\[DeadFish] Mekakucity Actors - 01v2 [720p][AAC].mp4 2014-04-15 20:07 - 2014-04-15 21:04 - 276422156 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E18.HDTV.x264-KILLERS.mp4 2014-04-15 20:07 - 2014-04-15 20:11 - 200593046 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_12_END_[848x480][4002AE85].avi 2014-04-15 20:06 - 2014-04-15 20:10 - 208754229 _____ () C:\Users\Sean\Downloads\Supernatural.S09E18.HDTV.x264-LOL.mp4 2014-04-15 14:00 - 2014-04-15 15:11 - 266624155 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_08_[720p][2CF1E0F9].mp4 2014-04-15 13:53 - 2014-04-15 15:07 - 249009365 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_04_[1280x720][9EE23D3E].mp4 2014-04-15 13:50 - 2014-04-15 15:15 - 229971448 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_03_[1280x720][bE45F15E].mp4 2014-04-15 13:49 - 2014-04-15 14:53 - 294468336 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_02_[1280x720][9014E20F].mp4 2014-04-15 13:45 - 2014-04-15 15:19 - 285716589 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_01_[1280x720][E65209FF].mp4 2014-04-14 17:24 - 2014-04-14 17:36 - 257841154 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E19.HDTV.x264-LOL.mp4 2014-04-13 10:31 - 2014-04-13 10:34 - 258097932 _____ () C:\Users\Sean\Downloads\[DeadFish] Blade and Soul - 02 [720p][AAC].mp4 2014-04-12 22:20 - 2014-04-12 22:22 - 212374882 _____ () C:\Users\Sean\Downloads\[DeadFish] Akuma no Riddle - 01v2 [720p][AAC].mp4 2014-04-12 14:16 - 2014-04-12 14:19 - 203698686 _____ () C:\Users\Sean\Downloads\[DeadFish] Ryuugajou Nanana no Maizoukin - 01v2 [720p][AAC].mp4 2014-04-12 14:14 - 2014-04-12 14:16 - 255414994 _____ () C:\Users\Sean\Downloads\[DeadFish] Akuma no Riddle - 02 [720p][AAC].mp4 2014-04-11 20:40 - 2014-04-11 20:42 - 262885455 _____ () C:\Users\Sean\Downloads\[DeadFish] Selector Infected WIXOSS - 02 [720p][AAC].mp4 2014-04-11 20:39 - 2014-04-11 20:43 - 255260964 _____ () C:\Users\Sean\Downloads\[DeadFish] Ping Pong The Animation - 01v2 [720p][AAC].mp4 2014-04-10 16:55 - 2014-04-10 17:03 - 523180592 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Seikoku_no_Dragonar_-_01_[720p][FF8C474A].mp4 2014-04-10 16:55 - 2014-04-10 17:02 - 322766058 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_124_[720p][067D561F].mp4 2014-04-10 16:55 - 2014-04-10 17:01 - 265965661 _____ () C:\Users\Sean\Downloads\[DeadFish] Mahouka Koukou no Rettousei - 01 [720p][AAC].mp4 2014-04-10 16:55 - 2014-04-10 16:58 - 334666335 _____ () C:\Users\Sean\Downloads\[DeadFish] No Game No Life - 01 [720p][AAC].mp4 2014-04-09 19:42 - 2014-04-09 19:42 - 00000000 ____D () C:\Users\Sean\Downloads\FFACE41053_Dll 2014-04-09 18:54 - 2014-04-09 18:54 - 00034904 _____ () C:\Users\Sean\Downloads\FFACE41053_Dll.rar 2014-04-08 17:51 - 2014-04-08 17:58 - 216427728 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E17.PROPER.HDTV.x264-2HD.mp4 2014-04-06 22:01 - 2014-04-06 22:11 - 462533664 _____ () C:\Users\Sean\Downloads\Game.of.Thrones.S04E01.HDTV.x264-KILLERS.mp4 2014-04-06 16:45 - 2014-04-06 16:51 - 305116819 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Naruto_Shippuuden_-_357_[720p][5252DC22].mp4 2014-04-05 17:47 - 2014-04-05 17:50 - 223665481 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E16.HDTV.x264-2HD.mp4 2014-04-05 17:46 - 2014-04-05 17:53 - 286082616 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E18.HDTV.x264-LOL.mp4 2014-04-05 17:43 - 2014-04-05 17:44 - 262157529 _____ () C:\Users\Sean\Downloads\[DeadFish] Selector Infected WIXOSS - 01v2 [720p][AAC].mp4 2014-04-04 15:47 - 2014-04-04 15:49 - 310754395 _____ () C:\Users\Sean\Downloads\[DeadFish] Blade and Soul - 01 [720p][AAC].mp4 2014-04-03 17:19 - 2014-04-03 17:25 - 344565421 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_123_[720p][30672811].mp4 2014-04-01 18:13 - 2014-04-01 18:21 - 212956048 _____ () C:\Users\Sean\Downloads\[Tsuki]_Saint_Seiya_Omega_-_96_[848x480][D8B1363D].avi 2014-04-01 17:07 - 2014-04-01 17:07 - 00000000 ____D () C:\ProgramData\GRETECH 2014-03-31 15:50 - 2014-03-31 15:53 - 00000000 ____D () C:\Users\Sean\Downloads\[DeadFish] Tegami Bachi - Batch [720p][MP4][AAC] 2014-03-28 21:34 - 2014-03-28 21:45 - 73937278 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 11 [720p][AAC].mp4 2014-03-28 21:33 - 2014-03-28 21:57 - 69327146 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 05 [720p][AAC].mp4 2014-03-28 21:32 - 2014-03-28 23:23 - 63811922 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 03 [720p][AAC].mp4 2014-03-28 21:31 - 2014-03-28 23:23 - 60021615 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 04 [720p][AAC].mp4 2014-03-28 21:31 - 2014-03-28 23:20 - 64292691 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 08 [720p][AAC].mp4 2014-03-28 21:31 - 2014-03-28 22:58 - 72807264 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 10 [720p][AAC].mp4 2014-03-28 21:31 - 2014-03-28 22:17 - 63980155 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 02 [720p][AAC].mp4 2014-03-28 21:31 - 2014-03-28 22:16 - 60749909 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 07 [720p][AAC].mp4 2014-03-28 21:31 - 2014-03-28 22:12 - 61951333 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 06 [720p][AAC].mp4 2014-03-28 21:30 - 2014-03-28 21:41 - 76499395 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 09 [720p][AAC].mp4 2014-03-28 21:30 - 2014-03-28 21:37 - 69020700 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 01 [720p][AAC].mp4 2014-03-28 21:30 - 2014-03-28 21:32 - 57968983 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 12 [720p][AAC].mp4 2014-03-28 19:58 - 2014-03-28 20:13 - 256888986 _____ () C:\Users\Sean\Downloads\Helix.S01E13.HDTV.x264-EXCELLENCE.mp4 2014-03-27 16:57 - 2014-03-27 17:12 - 484423679 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_10_[8bit][720p][703A8A25].mp4 2014-03-27 16:56 - 2014-03-27 17:03 - 316139439 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_122_[720p][00BFFC65].mp4 2014-03-26 21:02 - 2014-03-26 21:04 - 232708804 _____ () C:\Users\Sean\Downloads\Supernatural.S09E16.HDTV.x264-LOL.mp4 2014-03-26 19:16 - 2014-03-26 19:24 - 292291554 _____ () C:\Users\Sean\Downloads\Arrow.S02E17.HDTV.x264-LOL.mp4 2014-03-26 19:16 - 2014-03-26 19:19 - 214057651 _____ () C:\Users\Sean\Downloads\Supernatural.S09E17.HDTV.x264-LOL.mp4 2014-03-25 16:02 - 2014-03-25 16:08 - 293888801 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Naruto_Shippuuden_-_356_[720p][16346B55].mp4 2014-03-24 22:25 - 2014-03-24 22:27 - 262207302 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.S01E16.HDTV.x264-LOL.mp4 2014-03-24 18:26 - 2014-03-24 18:42 - 226542199 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E17.HDTV.x264-LOL.mp4 2014-03-24 18:16 - 2014-03-24 18:23 - 215209292 _____ () C:\Users\Sean\Downloads\[Tsuki]_Saint_Seiya_Omega_-_95_[848x480][F62F6C47].avi 2014-03-22 16:40 - 2014-03-22 16:40 - 00000000 ____D () C:\Users\Sean\Downloads\Exiled v2 3%2e21%2e2014 2014-03-22 10:37 - 2014-03-22 10:45 - 238075412 _____ () C:\Users\Sean\Downloads\Helix.S01E12.HDTV.x264-KILLERS.mp4 2014-03-20 16:30 - 2014-03-23 00:15 - 00000000 ____D () C:\Users\Sean\Downloads\FFACE41051_Dll 2014-03-19 19:07 - 2014-03-19 19:15 - 237501922 _____ () C:\Users\Sean\Downloads\Revolution.2012.S02E17.HDTV.x264-LOL.mp4 2014-03-19 19:06 - 2014-03-19 19:12 - 289476504 _____ () C:\Users\Sean\Downloads\Arrow.S02E16.HDTV.x264-LOL.mp4 2014-03-19 18:33 - 2014-03-19 18:38 - 514363983 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_09_[8bit][720p][22DE39D1].mp4 2014-03-19 18:33 - 2014-03-19 18:38 - 344335683 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_121_[720p][F55FF846].mp4 2014-03-18 22:29 - 2014-03-18 22:37 - 502590185 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_08_[8bit][720p][07364FB5].mp4 2014-03-18 22:29 - 2014-03-18 22:29 - 00000000 ____D () C:\Windows\SysWOW64\- ==================== One Month Modified Files and Folders ======= 2014-04-17 06:55 - 2014-04-17 06:54 - 00000000 ____D () C:\FRST 2014-04-16 12:27 - 2014-04-15 23:43 - 00000000 ____D () C:\ProgramData\2992199F9A 2014-04-16 12:27 - 2011-04-24 07:11 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-16 12:26 - 2010-12-20 16:32 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-04-16 12:26 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-16 12:26 - 2009-07-13 20:51 - 00060304 _____ () C:\Windows\setupact.log 2014-04-16 10:56 - 2010-12-21 12:25 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\BitTorrent 2014-04-16 10:54 - 2010-12-20 16:19 - 00000000 ____D () C:\Users\Sean\Tracing 2014-04-16 02:10 - 2010-12-20 09:35 - 01816767 _____ () C:\Windows\WindowsUpdate.log 2014-04-16 01:45 - 2011-04-24 07:11 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-16 00:13 - 2009-07-13 20:45 - 00014224 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-16 00:13 - 2009-07-13 20:45 - 00014224 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-16 00:09 - 2012-07-13 06:31 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-04-15 23:54 - 2010-12-20 16:52 - 17008724 _____ () C:\Windows\PFRO.log 2014-04-15 21:15 - 2014-04-15 21:06 - 342490414 _____ () C:\Users\Sean\Downloads\[DeadFish] Kenzen Robo Daimidaler - 01v4 [720p][AAC].mp4 2014-04-15 21:11 - 2014-04-15 21:06 - 311423874 _____ () C:\Users\Sean\Downloads\[DeadFish] Kenzen Robo Daimidaler - 02 [720p][AAC].mp4 2014-04-15 21:04 - 2014-04-15 20:07 - 276422156 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E18.HDTV.x264-KILLERS.mp4 2014-04-15 20:16 - 2014-04-15 20:09 - 377098658 _____ () C:\Users\Sean\Downloads\[DeadFish] Broken Blade (2014) - 01v2 [720p][AAC].mp4 2014-04-15 20:15 - 2014-04-15 20:09 - 347630502 _____ () C:\Users\Sean\Downloads\[DeadFish] Broken Blade (2014) - 02v2 [720p][AAC].mp4 2014-04-15 20:11 - 2014-04-15 20:07 - 200593046 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_12_END_[848x480][4002AE85].avi 2014-04-15 20:10 - 2014-04-15 20:08 - 210867036 _____ () C:\Users\Sean\Downloads\[DeadFish] Mekakucity Actors - 01v2 [720p][AAC].mp4 2014-04-15 20:10 - 2014-04-15 20:06 - 208754229 _____ () C:\Users\Sean\Downloads\Supernatural.S09E18.HDTV.x264-LOL.mp4 2014-04-15 16:01 - 2013-03-30 09:39 - 04665321 _____ () C:\windower.txt 2014-04-15 15:19 - 2014-04-15 13:45 - 285716589 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_01_[1280x720][E65209FF].mp4 2014-04-15 15:15 - 2014-04-15 13:50 - 229971448 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_03_[1280x720][bE45F15E].mp4 2014-04-15 15:11 - 2014-04-15 14:00 - 266624155 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_08_[720p][2CF1E0F9].mp4 2014-04-15 15:07 - 2014-04-15 13:53 - 249009365 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_04_[1280x720][9EE23D3E].mp4 2014-04-15 14:53 - 2014-04-15 13:49 - 294468336 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_02_[1280x720][9014E20F].mp4 2014-04-15 14:50 - 2014-01-15 05:41 - 271777829 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_10_[720p][EDAD35E5].mp4 2014-04-15 14:42 - 2014-01-15 05:41 - 243685139 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_09_[720p][7EE148EB].mp4 2014-04-14 18:05 - 2011-04-12 15:40 - 00000000 ____D () C:\Users\Sean\Downloads\Exiled 1%2e2%2e3 2014-04-14 17:36 - 2014-04-14 17:24 - 257841154 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E19.HDTV.x264-LOL.mp4 2014-04-13 10:34 - 2014-04-13 10:31 - 258097932 _____ () C:\Users\Sean\Downloads\[DeadFish] Blade and Soul - 02 [720p][AAC].mp4 2014-04-12 22:22 - 2014-04-12 22:20 - 212374882 _____ () C:\Users\Sean\Downloads\[DeadFish] Akuma no Riddle - 01v2 [720p][AAC].mp4 2014-04-12 14:19 - 2014-04-12 14:16 - 203698686 _____ () C:\Users\Sean\Downloads\[DeadFish] Ryuugajou Nanana no Maizoukin - 01v2 [720p][AAC].mp4 2014-04-12 14:16 - 2014-04-12 14:14 - 255414994 _____ () C:\Users\Sean\Downloads\[DeadFish] Akuma no Riddle - 02 [720p][AAC].mp4 2014-04-11 20:43 - 2014-04-11 20:39 - 255260964 _____ () C:\Users\Sean\Downloads\[DeadFish] Ping Pong The Animation - 01v2 [720p][AAC].mp4 2014-04-11 20:42 - 2014-04-11 20:40 - 262885455 _____ () C:\Users\Sean\Downloads\[DeadFish] Selector Infected WIXOSS - 02 [720p][AAC].mp4 2014-04-10 17:03 - 2014-04-10 16:55 - 523180592 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Seikoku_no_Dragonar_-_01_[720p][FF8C474A].mp4 2014-04-10 17:02 - 2014-04-10 16:55 - 322766058 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_124_[720p][067D561F].mp4 2014-04-10 17:01 - 2014-04-10 16:55 - 265965661 _____ () C:\Users\Sean\Downloads\[DeadFish] Mahouka Koukou no Rettousei - 01 [720p][AAC].mp4 2014-04-10 16:58 - 2014-04-10 16:55 - 334666335 _____ () C:\Users\Sean\Downloads\[DeadFish] No Game No Life - 01 [720p][AAC].mp4 2014-04-09 19:42 - 2014-04-09 19:42 - 00000000 ____D () C:\Users\Sean\Downloads\FFACE41053_Dll 2014-04-09 18:54 - 2014-04-09 18:54 - 00034904 _____ () C:\Users\Sean\Downloads\FFACE41053_Dll.rar 2014-04-08 17:58 - 2014-04-08 17:51 - 216427728 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E17.PROPER.HDTV.x264-2HD.mp4 2014-04-08 10:48 - 2011-12-02 13:53 - 00002102 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-06 22:11 - 2014-04-06 22:01 - 462533664 _____ () C:\Users\Sean\Downloads\Game.of.Thrones.S04E01.HDTV.x264-KILLERS.mp4 2014-04-06 16:51 - 2014-04-06 16:45 - 305116819 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Naruto_Shippuuden_-_357_[720p][5252DC22].mp4 2014-04-05 17:53 - 2014-04-05 17:46 - 286082616 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E18.HDTV.x264-LOL.mp4 2014-04-05 17:50 - 2014-04-05 17:47 - 223665481 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E16.HDTV.x264-2HD.mp4 2014-04-05 17:44 - 2014-04-05 17:43 - 262157529 _____ () C:\Users\Sean\Downloads\[DeadFish] Selector Infected WIXOSS - 01v2 [720p][AAC].mp4 2014-04-04 15:49 - 2014-04-04 15:47 - 310754395 _____ () C:\Users\Sean\Downloads\[DeadFish] Blade and Soul - 01 [720p][AAC].mp4 2014-04-03 17:25 - 2014-04-03 17:19 - 344565421 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_123_[720p][30672811].mp4 2014-04-01 18:21 - 2014-04-01 18:13 - 212956048 _____ () C:\Users\Sean\Downloads\[Tsuki]_Saint_Seiya_Omega_-_96_[848x480][D8B1363D].avi 2014-04-01 17:07 - 2014-04-01 17:07 - 00000000 ____D () C:\ProgramData\GRETECH 2014-04-01 17:07 - 2010-12-22 00:29 - 00001189 _____ () C:\Users\Public\Desktop\GOM Player.lnk 2014-03-31 15:53 - 2014-03-31 15:50 - 00000000 ____D () C:\Users\Sean\Downloads\[DeadFish] Tegami Bachi - Batch [720p][MP4][AAC] 2014-03-31 08:35 - 2010-12-20 09:51 - 00270496 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2014-03-29 14:53 - 2009-07-13 21:13 - 00006622 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-03-28 23:23 - 2014-03-28 21:32 - 63811922 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 03 [720p][AAC].mp4 2014-03-28 23:23 - 2014-03-28 21:31 - 60021615 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 04 [720p][AAC].mp4 2014-03-28 23:20 - 2014-03-28 21:31 - 64292691 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 08 [720p][AAC].mp4 2014-03-28 22:58 - 2014-03-28 21:31 - 72807264 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 10 [720p][AAC].mp4 2014-03-28 22:17 - 2014-03-28 21:31 - 63980155 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 02 [720p][AAC].mp4 2014-03-28 22:16 - 2014-03-28 21:31 - 60749909 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 07 [720p][AAC].mp4 2014-03-28 22:12 - 2014-03-28 21:31 - 61951333 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 06 [720p][AAC].mp4 2014-03-28 21:57 - 2014-03-28 21:33 - 69327146 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 05 [720p][AAC].mp4 2014-03-28 21:45 - 2014-03-28 21:34 - 73937278 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 11 [720p][AAC].mp4 2014-03-28 21:41 - 2014-03-28 21:30 - 76499395 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 09 [720p][AAC].mp4 2014-03-28 21:37 - 2014-03-28 21:30 - 69020700 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 01 [720p][AAC].mp4 2014-03-28 21:32 - 2014-03-28 21:30 - 57968983 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 12 [720p][AAC].mp4 2014-03-28 20:13 - 2014-03-28 19:58 - 256888986 _____ () C:\Users\Sean\Downloads\Helix.S01E13.HDTV.x264-EXCELLENCE.mp4 2014-03-28 19:40 - 2011-04-24 07:11 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-28 19:40 - 2011-04-24 07:11 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-27 17:12 - 2014-03-27 16:57 - 484423679 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_10_[8bit][720p][703A8A25].mp4 2014-03-27 17:03 - 2014-03-27 16:56 - 316139439 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_122_[720p][00BFFC65].mp4 2014-03-26 21:04 - 2014-03-26 21:02 - 232708804 _____ () C:\Users\Sean\Downloads\Supernatural.S09E16.HDTV.x264-LOL.mp4 2014-03-26 19:24 - 2014-03-26 19:16 - 292291554 _____ () C:\Users\Sean\Downloads\Arrow.S02E17.HDTV.x264-LOL.mp4 2014-03-26 19:19 - 2014-03-26 19:16 - 214057651 _____ () C:\Users\Sean\Downloads\Supernatural.S09E17.HDTV.x264-LOL.mp4 2014-03-25 16:08 - 2014-03-25 16:02 - 293888801 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Naruto_Shippuuden_-_356_[720p][16346B55].mp4 2014-03-24 22:27 - 2014-03-24 22:25 - 262207302 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.S01E16.HDTV.x264-LOL.mp4 2014-03-24 18:42 - 2014-03-24 18:26 - 226542199 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E17.HDTV.x264-LOL.mp4 2014-03-24 18:23 - 2014-03-24 18:16 - 215209292 _____ () C:\Users\Sean\Downloads\[Tsuki]_Saint_Seiya_Omega_-_95_[848x480][F62F6C47].avi 2014-03-23 00:15 - 2014-03-20 16:30 - 00000000 ____D () C:\Users\Sean\Downloads\FFACE41051_Dll 2014-03-22 16:40 - 2014-03-22 16:40 - 00000000 ____D () C:\Users\Sean\Downloads\Exiled v2 3%2e21%2e2014 2014-03-22 10:45 - 2014-03-22 10:37 - 238075412 _____ () C:\Users\Sean\Downloads\Helix.S01E12.HDTV.x264-KILLERS.mp4 2014-03-19 19:15 - 2014-03-19 19:07 - 237501922 _____ () C:\Users\Sean\Downloads\Revolution.2012.S02E17.HDTV.x264-LOL.mp4 2014-03-19 19:12 - 2014-03-19 19:06 - 289476504 _____ () C:\Users\Sean\Downloads\Arrow.S02E16.HDTV.x264-LOL.mp4 2014-03-19 18:38 - 2014-03-19 18:33 - 514363983 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_09_[8bit][720p][22DE39D1].mp4 2014-03-19 18:38 - 2014-03-19 18:33 - 344335683 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_121_[720p][F55FF846].mp4 2014-03-18 22:37 - 2014-03-18 22:29 - 502590185 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_08_[8bit][720p][07364FB5].mp4 2014-03-18 22:29 - 2014-03-18 22:29 - 00000000 ____D () C:\Windows\SysWOW64\- Some content of TEMP: ==================== C:\Users\Sean\AppData\Local\Temp\0ozaolkf.dll C:\Users\Sean\AppData\Local\Temp\ExPromo.exe C:\Users\Sean\AppData\Local\Temp\GenericWndApi.dll C:\Users\Sean\AppData\Local\Temp\iqu_bootstrap.exe C:\Users\Sean\AppData\Local\Temp\J2Hy.dll C:\Users\Sean\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Sean\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Sean\AppData\Local\Temp\opera.dll C:\Users\Sean\AppData\Local\Temp\radqv.dll C:\Users\Sean\AppData\Local\Temp\SearchProtectionSetup.exe C:\Users\Sean\AppData\Local\Temp\SearchWithGoogleUpdate.exe C:\Users\Sean\AppData\Local\Temp\SkypeSetup.exe C:\Users\Sean\AppData\Local\Temp\swt-win32-3349.dll C:\Users\Sean\AppData\Local\Temp\Uninstall.exe C:\Users\Sean\AppData\Local\Temp\utt48C5.tmp.exe C:\Users\Sean\AppData\Local\Temp\uttDA1F.tmp.exe C:\Users\Sean\AppData\Local\Temp\wlsetup-cvr.exe C:\Users\Sean\AppData\Local\Temp\YontooSetup-S.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2014-01-22 10:27:00 Restore point made on: 2014-02-03 13:49:09 Restore point made on: 2014-02-10 03:42:56 Restore point made on: 2014-02-17 07:30:07 Restore point made on: 2014-02-19 07:51:46 Restore point made on: 2014-03-05 07:35:36 Restore point made on: 2014-03-10 03:00:46 Restore point made on: 2014-03-17 08:10:43 Restore point made on: 2014-04-07 07:41:31 Restore point made on: 2014-04-11 04:15:28 ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 4094.55 MB Available physical RAM: 3464.32 MB Total Pagefile: 4092.7 MB Available Pagefile: 3466.08 MB Total Virtual: 8192 MB Available Virtual: 8191.87 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.51 GB) (Free:286.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: () (Removable) (Total:0.94 GB) (Free:0.4 GB) FAT Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: C66D64C5) Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 961 MB) (Disk ID: 00000000) Partition: GPT Partition Type. LastRegBack: 2014-04-09 09:24 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Psychotic Posted April 17, 2014 ID:819925 Share Posted April 17, 2014 Fix with FRST (Recovery Environment)Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txtStartup: C:\Users\Others\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnkShortcutTarget: fyelfvfr.lnk -> C:\ProgramData\2992199F9A\rfvfleyf.cpp (Корпорация Майкрософт)Startup: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnkShortcutTarget: fyelfvfr.lnk -> C:\ProgramData\2992199F9A\rfvfleyf.cpp (Корпорация Майкрософт)GroupPolicyUsers\S-1-5-21-3799292957-1194181936-1802369922-1003\User: Group Policy restriction detected <======= ATTENTIONS2 Winmgmt; C:\ProgramData\2992199F9A\fyelfvfr.faa [332020 2014-04-15] (Microsoft Corporation)C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnkC:\Users\Others\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnkC:\ProgramData\2992199F9ANOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemNow please enter System Recovery Options again.Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply. Try to boot into windows now (we´re not finished yet!) Link to post Share on other sites More sharing options...
dasva Posted April 17, 2014 Author ID:819942 Share Posted April 17, 2014 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-04-2014 Ran by SYSTEM at 2014-04-17 07:04:25 Run:1 Running from E:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** Startup: C:\Users\Others\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnk ShortcutTarget: fyelfvfr.lnk -> C:\ProgramData\2992199F9A\rfvfleyf.cpp (?????????? ??????????) Startup: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnk ShortcutTarget: fyelfvfr.lnk -> C:\ProgramData\2992199F9A\rfvfleyf.cpp (?????????? ??????????) GroupPolicyUsers\S-1-5-21-3799292957-1194181936-1802369922-1003\User: Group Policy restriction detected <======= ATTENTION S2 Winmgmt; C:\ProgramData\2992199F9A\fyelfvfr.faa [332020 2014-04-15] (Microsoft Corporation) C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnk C:\Users\Others\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnk C:\ProgramData\2992199F9A ***************** C:\Users\Others\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnk => Moved successfully. C:\ProgramData\2992199F9A\rfvfleyf.cpp => Moved successfully. C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnk => Moved successfully. C:\ProgramData\2992199F9A\rfvfleyf.cpp not found. C:\Windows\System32\GroupPolicyUsers\S-1-5-21-3799292957-1194181936-1802369922-1003\User => Moved successfully. C:\Windows\System32\GroupPolicy\GPT.ini => Moved successfully. Winmgmt => Service restored successfully. "C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnk" => File/Directory not found. "C:\Users\Others\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnk" => File/Directory not found. C:\ProgramData\2992199F9A => Moved successfully. ==== End of Fixlog ==== Managed to log in. No lockout anymore. Had pop ups saying several drivers were installing, that my system restore didn't work with same error code as before, and lastly a pop up that says to finish making changes I need to restart Link to post Share on other sites More sharing options...
dasva Posted April 18, 2014 Author ID:820110 Share Posted April 18, 2014 After having left the computer on for awhile and doing a few things on it it restarted on it's own then when started back up again it started getting non-stop alerts from avast blocking stuff. Specifically h_rttunc-net_com__task__3034__, h_robertollo-green_net__task__3034__, h_brozblagrom-c2_com__online__521__, h_rottover-end_net__task__3034__ , h_r-ubmer5_com__task__3034__ , h_rummerstain2_com__task__3034__ , h_ruggersner8_net__task__3034__, and h_rancho-for-zomb0_net__task__3034__. I think that was all of them Link to post Share on other sites More sharing options...
Psychotic Posted April 18, 2014 ID:820201 Share Posted April 18, 2014 Scan with FRST in normal modePlease download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)Run FRST. Don´t change one of the checkboxes and hit Scan. Logfiles are created on your desktop. Poste the FRST.txt and (after the first scan only!) the Addition.txt. Scan with TDSS-KillerPlease read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.Download TDSSKiller.zip and extract to your desktopExecute TDSSKiller.exe by doubleclicking on it. Press Start ScanIf Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txtPlease attach this file to your next reply. Link to post Share on other sites More sharing options...
dasva Posted April 18, 2014 Author ID:820205 Share Posted April 18, 2014 FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01Ran by Sean (administrator) on SEAN-PC on 17-04-2014 13:42:29Running from C:\Users\Sean\DownloadsWindows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe(BitTorrent Inc.) C:\Users\Sean\AppData\Roaming\BitTorrent\BitTorrent.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingApp.exe(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingBar.exe(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingSurrogate.exe(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingSurrogate.exe(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingSurrogate.exe(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingSurrogate.exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-08-20] ()HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)HKLM-x32\...\Run: [ROC_roc_dec12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12HKLM-x32\...\Run: [HF_G_Jul] => "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoActionHKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-02] (AVAST Software)HKLM-x32\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic="&"inst=NzYtOTExNjgzNjUxLUNJQTEwKzItU1AxKzEtVFVHKzMtU1AxUzIrMS1TVUQrMS1TMUkrMS1TVTMrMS1DSVArMi1MU0QrMi1ERFQrNTMwNDgtU1QxMEFQUCsxLUREMTArMS1TMTBEREYrMS1QMTBNMTJDKzEtVEIrMS1GVUkrMi1QMTBUQisyLUMxMEFCKzIyLUNJQVYrNTYtUENURVhQKzEw"&"prod=0"&"ver=10.0.1430 [X]HKU\.DEFAULT\...\RunOnce: [sPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)HKU\S-1-5-21-3799292957-1194181936-1802369922-1000\...\Run: [bitTorrent] => C:\Users\Sean\AppData\Roaming\BitTorrent\BitTorrent.exe [1238616 2014-04-07] (BitTorrent Inc.)HKU\S-1-5-21-3799292957-1194181936-1802369922-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-04-24] (Google Inc.)HKU\S-1-5-21-3799292957-1194181936-1802369922-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)HKU\S-1-5-21-3799292957-1194181936-1802369922-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)HKU\S-1-5-21-3799292957-1194181936-1802369922-1000\...\Policies\system: [LogonHoursAction] 2HKU\S-1-5-21-3799292957-1194181936-1802369922-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1Startup: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnkShortcutTarget: Impulse Now.lnk -> C:\Program Files (x86)\Impulse\Now\ImpulseNow.exe (GameStop Corporation)==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE05CE58B3FD3CE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?PC=BNHPURLSearchHook: HKLM-x32 - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKCU - DefaultScope {3D3AB321-AC88-4017-BAF5-28B9AF34DAFF} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}SearchScopes: HKCU - {3D3AB321-AC88-4017-BAF5-28B9AF34DAFF} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No FileToolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileToolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No FileToolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No FileDPF: HKLM-x32 {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabDPF: HKLM-x32 {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cabDPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabDPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cabDPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No FileHandler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76FireFox:========FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Users\Sean\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)Chrome:=======CHR DefaultSearchKeyword: yahoo.comCHR DefaultSearchProvider: Yahoo!CHR DefaultSearchURL: http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=714647&p={searchTerms}CHR DefaultNewTabURL:CHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No FileCHR Plugin: (AVG Internet Security) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll No FileCHR Plugin: (Skype Toolbars) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll (Skype Technologies S.A.)CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No FileCHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No FileCHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Sean\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No FileCHR Extension: (YouTube) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]CHR Extension: (Google Search) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]CHR Extension: (avast! Online Security) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-06]CHR Extension: (Skype Click to Call) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-12-14]CHR Extension: (Google Wallet) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]CHR Extension: (Gmail) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-10-23]CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG10\Chrome\safesearch.crx [2013-10-23]CHR HKLM-x32\...\Chrome\Extension: [jplinpmadfkdgipabgcdchbdikologlh] - C:\Program Files (x86)\1ClickDownload\1click11.crx [2012-04-29]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-08-16]==================== Services (Whitelisted) =================R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-17] (AVAST Software)==================== Drivers (Whitelisted) ====================R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-17] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-27] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-27] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-17] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-17] (AVAST Software)R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-17] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-08] ()S3 GEARAspiWDM; C:\Windows\SysWOW64\Drivers\GEARAspiWDM.sys [15664 2012-02-20] (GEAR Software Inc.)R3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()R3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1627520 2009-06-10] (NXP Semiconductors)R3 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)S3 SUSTUCAM; C:\Windows\System32\DRIVERS\sustucam.sys [56832 2009-11-25] (Susteen, Inc.)S3 SUSTUCAU; C:\Windows\System32\DRIVERS\sustucau.sys [33792 2009-11-25] (Susteen, Inc.)S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]S3 SysInfo; \??\C:\Windows\system32\drivers\SysInfo.sys [X]S3 tsusbhub; system32\drivers\tsusbhub.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2014-04-17 13:42 - 2014-04-17 13:42 - 00020053 _____ () C:\Users\Sean\Downloads\FRST.txt2014-04-17 13:41 - 2014-04-17 13:41 - 02158592 _____ (Farbar) C:\Users\Sean\Downloads\FRST64.exe2014-04-17 10:45 - 2014-04-17 10:45 - 00000064 _____ () C:\Windows\system32\utmdfz.chu2014-04-17 10:45 - 2014-04-17 10:45 - 00000000 _____ () C:\Windows\system32\kmbac.bzw2014-04-17 10:29 - 2014-04-17 10:29 - 00301959 ____S () C:\Windows\system32\wggt.nxe2014-04-17 10:29 - 2014-04-17 10:29 - 00149504 _____ (Microsoft Corporation) C:\Users\Sean\AppData\Roaming\rfqjgh.dll2014-04-17 07:54 - 2014-04-17 13:42 - 00000000 ____D () C:\FRST2014-04-15 22:06 - 2014-04-15 22:15 - 342490414 _____ () C:\Users\Sean\Downloads\[DeadFish] Kenzen Robo Daimidaler - 01v4 [720p][AAC].mp42014-04-15 22:06 - 2014-04-15 22:11 - 311423874 _____ () C:\Users\Sean\Downloads\[DeadFish] Kenzen Robo Daimidaler - 02 [720p][AAC].mp42014-04-15 21:09 - 2014-04-15 21:16 - 377098658 _____ () C:\Users\Sean\Downloads\[DeadFish] Broken Blade (2014) - 01v2 [720p][AAC].mp42014-04-15 21:09 - 2014-04-15 21:15 - 347630502 _____ () C:\Users\Sean\Downloads\[DeadFish] Broken Blade (2014) - 02v2 [720p][AAC].mp42014-04-15 21:08 - 2014-04-15 21:10 - 210867036 _____ () C:\Users\Sean\Downloads\[DeadFish] Mekakucity Actors - 01v2 [720p][AAC].mp42014-04-15 21:07 - 2014-04-15 22:04 - 276422156 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E18.HDTV.x264-KILLERS.mp42014-04-15 21:07 - 2014-04-15 21:11 - 200593046 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_12_END_[848x480][4002AE85].avi2014-04-15 21:06 - 2014-04-15 21:10 - 208754229 _____ () C:\Users\Sean\Downloads\Supernatural.S09E18.HDTV.x264-LOL.mp42014-04-15 15:00 - 2014-04-15 16:11 - 266624155 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_08_[720p][2CF1E0F9].mp42014-04-15 14:53 - 2014-04-15 16:07 - 249009365 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_04_[1280x720][9EE23D3E].mp42014-04-15 14:50 - 2014-04-15 16:15 - 229971448 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_03_[1280x720][bE45F15E].mp42014-04-15 14:49 - 2014-04-15 15:53 - 294468336 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_02_[1280x720][9014E20F].mp42014-04-15 14:45 - 2014-04-15 16:19 - 285716589 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_01_[1280x720][E65209FF].mp42014-04-14 18:24 - 2014-04-14 18:36 - 257841154 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E19.HDTV.x264-LOL.mp42014-04-13 11:31 - 2014-04-13 11:34 - 258097932 _____ () C:\Users\Sean\Downloads\[DeadFish] Blade and Soul - 02 [720p][AAC].mp42014-04-12 23:20 - 2014-04-12 23:22 - 212374882 _____ () C:\Users\Sean\Downloads\[DeadFish] Akuma no Riddle - 01v2 [720p][AAC].mp42014-04-12 15:16 - 2014-04-12 15:19 - 203698686 _____ () C:\Users\Sean\Downloads\[DeadFish] Ryuugajou Nanana no Maizoukin - 01v2 [720p][AAC].mp42014-04-12 15:14 - 2014-04-12 15:16 - 255414994 _____ () C:\Users\Sean\Downloads\[DeadFish] Akuma no Riddle - 02 [720p][AAC].mp42014-04-11 21:40 - 2014-04-11 21:42 - 262885455 _____ () C:\Users\Sean\Downloads\[DeadFish] Selector Infected WIXOSS - 02 [720p][AAC].mp42014-04-11 21:39 - 2014-04-11 21:43 - 255260964 _____ () C:\Users\Sean\Downloads\[DeadFish] Ping Pong The Animation - 01v2 [720p][AAC].mp42014-04-10 17:55 - 2014-04-10 18:03 - 523180592 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Seikoku_no_Dragonar_-_01_[720p][FF8C474A].mp42014-04-10 17:55 - 2014-04-10 18:02 - 322766058 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_124_[720p][067D561F].mp42014-04-10 17:55 - 2014-04-10 18:01 - 265965661 _____ () C:\Users\Sean\Downloads\[DeadFish] Mahouka Koukou no Rettousei - 01 [720p][AAC].mp42014-04-10 17:55 - 2014-04-10 17:58 - 334666335 _____ () C:\Users\Sean\Downloads\[DeadFish] No Game No Life - 01 [720p][AAC].mp42014-04-09 20:42 - 2014-04-09 20:42 - 00000000 ____D () C:\Users\Sean\Downloads\FFACE41053_Dll2014-04-09 19:54 - 2014-04-09 19:54 - 00034904 _____ () C:\Users\Sean\Downloads\FFACE41053_Dll.rar2014-04-08 18:51 - 2014-04-08 18:58 - 216427728 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E17.PROPER.HDTV.x264-2HD.mp42014-04-06 23:01 - 2014-04-06 23:11 - 462533664 _____ () C:\Users\Sean\Downloads\Game.of.Thrones.S04E01.HDTV.x264-KILLERS.mp42014-04-06 17:45 - 2014-04-06 17:51 - 305116819 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Naruto_Shippuuden_-_357_[720p][5252DC22].mp42014-04-05 18:47 - 2014-04-05 18:50 - 223665481 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E16.HDTV.x264-2HD.mp42014-04-05 18:46 - 2014-04-05 18:53 - 286082616 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E18.HDTV.x264-LOL.mp42014-04-05 18:43 - 2014-04-05 18:44 - 262157529 _____ () C:\Users\Sean\Downloads\[DeadFish] Selector Infected WIXOSS - 01v2 [720p][AAC].mp42014-04-04 16:47 - 2014-04-04 16:49 - 310754395 _____ () C:\Users\Sean\Downloads\[DeadFish] Blade and Soul - 01 [720p][AAC].mp42014-04-03 18:19 - 2014-04-03 18:25 - 344565421 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_123_[720p][30672811].mp42014-04-01 19:13 - 2014-04-01 19:21 - 212956048 _____ () C:\Users\Sean\Downloads\[Tsuki]_Saint_Seiya_Omega_-_96_[848x480][D8B1363D].avi2014-04-01 18:07 - 2014-04-01 18:07 - 00000000 ____D () C:\ProgramData\GRETECH2014-03-31 16:50 - 2014-03-31 16:53 - 00000000 ____D () C:\Users\Sean\Downloads\[DeadFish] Tegami Bachi - Batch [720p][MP4][AAC]2014-03-28 22:34 - 2014-03-28 22:45 - 73937278 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 11 [720p][AAC].mp42014-03-28 22:33 - 2014-03-28 22:57 - 69327146 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 05 [720p][AAC].mp42014-03-28 22:32 - 2014-03-29 00:23 - 63811922 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 03 [720p][AAC].mp42014-03-28 22:31 - 2014-03-29 00:23 - 60021615 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 04 [720p][AAC].mp42014-03-28 22:31 - 2014-03-29 00:20 - 64292691 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 08 [720p][AAC].mp42014-03-28 22:31 - 2014-03-28 23:58 - 72807264 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 10 [720p][AAC].mp42014-03-28 22:31 - 2014-03-28 23:17 - 63980155 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 02 [720p][AAC].mp42014-03-28 22:31 - 2014-03-28 23:16 - 60749909 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 07 [720p][AAC].mp42014-03-28 22:31 - 2014-03-28 23:12 - 61951333 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 06 [720p][AAC].mp42014-03-28 22:30 - 2014-03-28 22:41 - 76499395 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 09 [720p][AAC].mp42014-03-28 22:30 - 2014-03-28 22:37 - 69020700 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 01 [720p][AAC].mp42014-03-28 22:30 - 2014-03-28 22:32 - 57968983 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 12 [720p][AAC].mp42014-03-28 20:58 - 2014-03-28 21:13 - 256888986 _____ () C:\Users\Sean\Downloads\Helix.S01E13.HDTV.x264-EXCELLENCE.mp42014-03-27 17:57 - 2014-03-27 18:12 - 484423679 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_10_[8bit][720p][703A8A25].mp42014-03-27 17:56 - 2014-03-27 18:03 - 316139439 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_122_[720p][00BFFC65].mp42014-03-26 22:02 - 2014-03-26 22:04 - 232708804 _____ () C:\Users\Sean\Downloads\Supernatural.S09E16.HDTV.x264-LOL.mp42014-03-26 20:16 - 2014-03-26 20:24 - 292291554 _____ () C:\Users\Sean\Downloads\Arrow.S02E17.HDTV.x264-LOL.mp42014-03-26 20:16 - 2014-03-26 20:19 - 214057651 _____ () C:\Users\Sean\Downloads\Supernatural.S09E17.HDTV.x264-LOL.mp42014-03-25 17:02 - 2014-03-25 17:08 - 293888801 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Naruto_Shippuuden_-_356_[720p][16346B55].mp42014-03-24 23:25 - 2014-03-24 23:27 - 262207302 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.S01E16.HDTV.x264-LOL.mp42014-03-24 19:26 - 2014-03-24 19:42 - 226542199 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E17.HDTV.x264-LOL.mp42014-03-24 19:16 - 2014-03-24 19:23 - 215209292 _____ () C:\Users\Sean\Downloads\[Tsuki]_Saint_Seiya_Omega_-_95_[848x480][F62F6C47].avi2014-03-22 17:40 - 2014-03-22 17:40 - 00000000 ____D () C:\Users\Sean\Downloads\Exiled v2 3%2e21%2e20142014-03-22 11:37 - 2014-03-22 11:45 - 238075412 _____ () C:\Users\Sean\Downloads\Helix.S01E12.HDTV.x264-KILLERS.mp42014-03-20 17:30 - 2014-03-23 01:15 - 00000000 ____D () C:\Users\Sean\Downloads\FFACE41051_Dll2014-03-19 20:07 - 2014-03-19 20:15 - 237501922 _____ () C:\Users\Sean\Downloads\Revolution.2012.S02E17.HDTV.x264-LOL.mp42014-03-19 20:06 - 2014-03-19 20:12 - 289476504 _____ () C:\Users\Sean\Downloads\Arrow.S02E16.HDTV.x264-LOL.mp42014-03-19 19:33 - 2014-03-19 19:38 - 514363983 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_09_[8bit][720p][22DE39D1].mp42014-03-19 19:33 - 2014-03-19 19:38 - 344335683 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_121_[720p][F55FF846].mp42014-03-18 23:29 - 2014-03-18 23:37 - 502590185 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_08_[8bit][720p][07364FB5].mp42014-03-18 23:29 - 2014-03-18 23:29 - 00000000 ____D () C:\Windows\SysWOW64\-==================== One Month Modified Files and Folders =======2014-04-17 13:42 - 2014-04-17 13:42 - 00020053 _____ () C:\Users\Sean\Downloads\FRST.txt2014-04-17 13:42 - 2014-04-17 07:54 - 00000000 ____D () C:\FRST2014-04-17 13:41 - 2014-04-17 13:41 - 02158592 _____ (Farbar) C:\Users\Sean\Downloads\FRST64.exe2014-04-17 13:41 - 2010-12-21 13:25 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\BitTorrent2014-04-17 13:40 - 2012-07-13 07:31 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-04-17 13:39 - 2010-12-20 17:19 - 00000000 ____D () C:\Users\Sean\Tracing2014-04-17 13:38 - 2011-04-24 08:11 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-04-17 13:38 - 2010-12-20 17:32 - 00000000 ____D () C:\ProgramData\NVIDIA2014-04-17 13:38 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-04-17 13:38 - 2009-07-13 21:51 - 00060618 _____ () C:\Windows\setupact.log2014-04-17 13:37 - 2010-12-20 10:35 - 01888275 _____ () C:\Windows\WindowsUpdate.log2014-04-17 12:45 - 2011-04-24 08:11 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-04-17 11:42 - 2013-03-30 10:39 - 04715689 _____ () C:\windower.txt2014-04-17 10:54 - 2009-07-13 21:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-04-17 10:54 - 2009-07-13 21:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-04-17 10:51 - 2009-07-13 22:13 - 00006622 _____ () C:\Windows\system32\PerfStringBackup.INI2014-04-17 10:45 - 2014-04-17 10:45 - 00000064 _____ () C:\Windows\system32\utmdfz.chu2014-04-17 10:45 - 2014-04-17 10:45 - 00000000 _____ () C:\Windows\system32\kmbac.bzw2014-04-17 10:29 - 2014-04-17 10:29 - 00301959 ____S () C:\Windows\system32\wggt.nxe2014-04-17 10:29 - 2014-04-17 10:29 - 00149504 _____ (Microsoft Corporation) C:\Users\Sean\AppData\Roaming\rfqjgh.dll2014-04-17 08:04 - 2011-07-25 23:08 - 00000000 ___RD () C:\Users\Others\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-04-17 08:04 - 2010-12-20 11:18 - 00000000 ___RD () C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-04-17 08:04 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy2014-04-17 07:07 - 2011-07-25 23:05 - 00000008 __RSH () C:\Users\Sean\ntuser.pol2014-04-17 07:07 - 2010-12-20 11:17 - 00000000 ____D () C:\Users\Sean2014-04-16 00:54 - 2010-12-20 17:52 - 17008724 _____ () C:\Windows\PFRO.log2014-04-15 22:15 - 2014-04-15 22:06 - 342490414 _____ () C:\Users\Sean\Downloads\[DeadFish] Kenzen Robo Daimidaler - 01v4 [720p][AAC].mp42014-04-15 22:11 - 2014-04-15 22:06 - 311423874 _____ () C:\Users\Sean\Downloads\[DeadFish] Kenzen Robo Daimidaler - 02 [720p][AAC].mp42014-04-15 22:04 - 2014-04-15 21:07 - 276422156 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E18.HDTV.x264-KILLERS.mp42014-04-15 21:16 - 2014-04-15 21:09 - 377098658 _____ () C:\Users\Sean\Downloads\[DeadFish] Broken Blade (2014) - 01v2 [720p][AAC].mp42014-04-15 21:15 - 2014-04-15 21:09 - 347630502 _____ () C:\Users\Sean\Downloads\[DeadFish] Broken Blade (2014) - 02v2 [720p][AAC].mp42014-04-15 21:11 - 2014-04-15 21:07 - 200593046 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_12_END_[848x480][4002AE85].avi2014-04-15 21:10 - 2014-04-15 21:08 - 210867036 _____ () C:\Users\Sean\Downloads\[DeadFish] Mekakucity Actors - 01v2 [720p][AAC].mp42014-04-15 21:10 - 2014-04-15 21:06 - 208754229 _____ () C:\Users\Sean\Downloads\Supernatural.S09E18.HDTV.x264-LOL.mp42014-04-15 16:19 - 2014-04-15 14:45 - 285716589 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_01_[1280x720][E65209FF].mp42014-04-15 16:15 - 2014-04-15 14:50 - 229971448 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_03_[1280x720][bE45F15E].mp42014-04-15 16:11 - 2014-04-15 15:00 - 266624155 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_08_[720p][2CF1E0F9].mp42014-04-15 16:07 - 2014-04-15 14:53 - 249009365 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_04_[1280x720][9EE23D3E].mp42014-04-15 15:53 - 2014-04-15 14:49 - 294468336 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_02_[1280x720][9014E20F].mp42014-04-15 15:50 - 2014-01-15 06:41 - 271777829 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_10_[720p][EDAD35E5].mp42014-04-15 15:42 - 2014-01-15 06:41 - 243685139 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_09_[720p][7EE148EB].mp42014-04-14 19:05 - 2011-04-12 16:40 - 00000000 ____D () C:\Users\Sean\Downloads\Exiled 1%2e2%2e32014-04-14 18:36 - 2014-04-14 18:24 - 257841154 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E19.HDTV.x264-LOL.mp42014-04-13 11:34 - 2014-04-13 11:31 - 258097932 _____ () C:\Users\Sean\Downloads\[DeadFish] Blade and Soul - 02 [720p][AAC].mp42014-04-12 23:22 - 2014-04-12 23:20 - 212374882 _____ () C:\Users\Sean\Downloads\[DeadFish] Akuma no Riddle - 01v2 [720p][AAC].mp42014-04-12 15:19 - 2014-04-12 15:16 - 203698686 _____ () C:\Users\Sean\Downloads\[DeadFish] Ryuugajou Nanana no Maizoukin - 01v2 [720p][AAC].mp42014-04-12 15:16 - 2014-04-12 15:14 - 255414994 _____ () C:\Users\Sean\Downloads\[DeadFish] Akuma no Riddle - 02 [720p][AAC].mp42014-04-11 21:43 - 2014-04-11 21:39 - 255260964 _____ () C:\Users\Sean\Downloads\[DeadFish] Ping Pong The Animation - 01v2 [720p][AAC].mp42014-04-11 21:42 - 2014-04-11 21:40 - 262885455 _____ () C:\Users\Sean\Downloads\[DeadFish] Selector Infected WIXOSS - 02 [720p][AAC].mp42014-04-10 18:03 - 2014-04-10 17:55 - 523180592 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Seikoku_no_Dragonar_-_01_[720p][FF8C474A].mp42014-04-10 18:02 - 2014-04-10 17:55 - 322766058 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_124_[720p][067D561F].mp42014-04-10 18:01 - 2014-04-10 17:55 - 265965661 _____ () C:\Users\Sean\Downloads\[DeadFish] Mahouka Koukou no Rettousei - 01 [720p][AAC].mp42014-04-10 17:58 - 2014-04-10 17:55 - 334666335 _____ () C:\Users\Sean\Downloads\[DeadFish] No Game No Life - 01 [720p][AAC].mp42014-04-09 20:42 - 2014-04-09 20:42 - 00000000 ____D () C:\Users\Sean\Downloads\FFACE41053_Dll2014-04-09 19:54 - 2014-04-09 19:54 - 00034904 _____ () C:\Users\Sean\Downloads\FFACE41053_Dll.rar2014-04-08 18:58 - 2014-04-08 18:51 - 216427728 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E17.PROPER.HDTV.x264-2HD.mp42014-04-08 11:48 - 2011-12-02 14:53 - 00002102 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-04-06 23:11 - 2014-04-06 23:01 - 462533664 _____ () C:\Users\Sean\Downloads\Game.of.Thrones.S04E01.HDTV.x264-KILLERS.mp42014-04-06 17:51 - 2014-04-06 17:45 - 305116819 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Naruto_Shippuuden_-_357_[720p][5252DC22].mp42014-04-05 18:53 - 2014-04-05 18:46 - 286082616 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E18.HDTV.x264-LOL.mp42014-04-05 18:50 - 2014-04-05 18:47 - 223665481 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E16.HDTV.x264-2HD.mp42014-04-05 18:44 - 2014-04-05 18:43 - 262157529 _____ () C:\Users\Sean\Downloads\[DeadFish] Selector Infected WIXOSS - 01v2 [720p][AAC].mp42014-04-04 16:49 - 2014-04-04 16:47 - 310754395 _____ () C:\Users\Sean\Downloads\[DeadFish] Blade and Soul - 01 [720p][AAC].mp42014-04-03 18:25 - 2014-04-03 18:19 - 344565421 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_123_[720p][30672811].mp42014-04-01 19:21 - 2014-04-01 19:13 - 212956048 _____ () C:\Users\Sean\Downloads\[Tsuki]_Saint_Seiya_Omega_-_96_[848x480][D8B1363D].avi2014-04-01 18:07 - 2014-04-01 18:07 - 00000000 ____D () C:\ProgramData\GRETECH2014-04-01 18:07 - 2010-12-22 01:29 - 00001213 _____ () C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk2014-04-01 18:07 - 2010-12-22 01:29 - 00001189 _____ () C:\Users\Public\Desktop\GOM Player.lnk2014-03-31 16:53 - 2014-03-31 16:50 - 00000000 ____D () C:\Users\Sean\Downloads\[DeadFish] Tegami Bachi - Batch [720p][MP4][AAC]2014-03-31 09:35 - 2010-12-20 10:51 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-03-29 00:23 - 2014-03-28 22:32 - 63811922 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 03 [720p][AAC].mp42014-03-29 00:23 - 2014-03-28 22:31 - 60021615 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 04 [720p][AAC].mp42014-03-29 00:20 - 2014-03-28 22:31 - 64292691 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 08 [720p][AAC].mp42014-03-28 23:58 - 2014-03-28 22:31 - 72807264 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 10 [720p][AAC].mp42014-03-28 23:17 - 2014-03-28 22:31 - 63980155 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 02 [720p][AAC].mp42014-03-28 23:16 - 2014-03-28 22:31 - 60749909 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 07 [720p][AAC].mp42014-03-28 23:12 - 2014-03-28 22:31 - 61951333 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 06 [720p][AAC].mp42014-03-28 22:57 - 2014-03-28 22:33 - 69327146 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 05 [720p][AAC].mp42014-03-28 22:45 - 2014-03-28 22:34 - 73937278 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 11 [720p][AAC].mp42014-03-28 22:41 - 2014-03-28 22:30 - 76499395 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 09 [720p][AAC].mp42014-03-28 22:37 - 2014-03-28 22:30 - 69020700 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 01 [720p][AAC].mp42014-03-28 22:32 - 2014-03-28 22:30 - 57968983 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 12 [720p][AAC].mp42014-03-28 21:13 - 2014-03-28 20:58 - 256888986 _____ () C:\Users\Sean\Downloads\Helix.S01E13.HDTV.x264-EXCELLENCE.mp42014-03-28 20:40 - 2011-04-24 08:11 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-03-28 20:40 - 2011-04-24 08:11 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-03-27 18:12 - 2014-03-27 17:57 - 484423679 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_10_[8bit][720p][703A8A25].mp42014-03-27 18:03 - 2014-03-27 17:56 - 316139439 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_122_[720p][00BFFC65].mp42014-03-26 22:04 - 2014-03-26 22:02 - 232708804 _____ () C:\Users\Sean\Downloads\Supernatural.S09E16.HDTV.x264-LOL.mp42014-03-26 20:24 - 2014-03-26 20:16 - 292291554 _____ () C:\Users\Sean\Downloads\Arrow.S02E17.HDTV.x264-LOL.mp42014-03-26 20:19 - 2014-03-26 20:16 - 214057651 _____ () C:\Users\Sean\Downloads\Supernatural.S09E17.HDTV.x264-LOL.mp42014-03-25 17:08 - 2014-03-25 17:02 - 293888801 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Naruto_Shippuuden_-_356_[720p][16346B55].mp42014-03-24 23:27 - 2014-03-24 23:25 - 262207302 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.S01E16.HDTV.x264-LOL.mp42014-03-24 19:42 - 2014-03-24 19:26 - 226542199 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E17.HDTV.x264-LOL.mp42014-03-24 19:23 - 2014-03-24 19:16 - 215209292 _____ () C:\Users\Sean\Downloads\[Tsuki]_Saint_Seiya_Omega_-_95_[848x480][F62F6C47].avi2014-03-23 01:15 - 2014-03-20 17:30 - 00000000 ____D () C:\Users\Sean\Downloads\FFACE41051_Dll2014-03-22 17:40 - 2014-03-22 17:40 - 00000000 ____D () C:\Users\Sean\Downloads\Exiled v2 3%2e21%2e20142014-03-22 11:45 - 2014-03-22 11:37 - 238075412 _____ () C:\Users\Sean\Downloads\Helix.S01E12.HDTV.x264-KILLERS.mp42014-03-19 20:15 - 2014-03-19 20:07 - 237501922 _____ () C:\Users\Sean\Downloads\Revolution.2012.S02E17.HDTV.x264-LOL.mp42014-03-19 20:12 - 2014-03-19 20:06 - 289476504 _____ () C:\Users\Sean\Downloads\Arrow.S02E16.HDTV.x264-LOL.mp42014-03-19 19:38 - 2014-03-19 19:33 - 514363983 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_09_[8bit][720p][22DE39D1].mp42014-03-19 19:38 - 2014-03-19 19:33 - 344335683 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_121_[720p][F55FF846].mp42014-03-18 23:37 - 2014-03-18 23:29 - 502590185 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_08_[8bit][720p][07364FB5].mp42014-03-18 23:29 - 2014-03-18 23:29 - 00000000 ____D () C:\Windows\SysWOW64\-Some content of TEMP:====================C:\Users\Sean\AppData\Local\Temp\0ozaolkf.dllC:\Users\Sean\AppData\Local\Temp\ExPromo.exeC:\Users\Sean\AppData\Local\Temp\GenericWndApi.dllC:\Users\Sean\AppData\Local\Temp\iqu_bootstrap.exeC:\Users\Sean\AppData\Local\Temp\J2Hy.dllC:\Users\Sean\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exeC:\Users\Sean\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exeC:\Users\Sean\AppData\Local\Temp\opera.dllC:\Users\Sean\AppData\Local\Temp\radqv.dllC:\Users\Sean\AppData\Local\Temp\SearchProtectionSetup.exeC:\Users\Sean\AppData\Local\Temp\SearchWithGoogleUpdate.exeC:\Users\Sean\AppData\Local\Temp\SkypeSetup.exeC:\Users\Sean\AppData\Local\Temp\swt-win32-3349.dllC:\Users\Sean\AppData\Local\Temp\Uninstall.exeC:\Users\Sean\AppData\Local\Temp\utt48C5.tmp.exeC:\Users\Sean\AppData\Local\Temp\uttDA1F.tmp.exeC:\Users\Sean\AppData\Local\Temp\wlsetup-cvr.exeC:\Users\Sean\AppData\Local\Temp\YontooSetup-S.exe==================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll[2011-05-23 13:03] - [2010-11-20 06:27] - 0515072 ____A (Microsoft Corporation) 6B23B4D153F20B26B564868B945457A5 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.C:\Windows\System32\Drivers\volsnap.sys => MD5 is legitLastRegBack: 2014-04-09 10:24==================== End Of Log ============================ Addition.txt. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014 01Ran by Sean at 2014-04-17 13:43:14Running from C:\Users\Sean\DownloadsBoot Mode: Normal============================================================================== Security Center ========================AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}==================== Installed Programs ======================1ClickDownloader (HKLM-x32\...\1ClickDownloader) (Version: 2.1 Build 26473 - 1ClickDownload) <==== ATTENTIONAdblockIE (HKLM-x32\...\{5508128A-2C7B-46B5-81F9-58E8E8115F0B}) (Version: 1.2 - af0.net)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) HiddenAdobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)Adobe Reader X (10.1.7) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)ApRadar 3.3.0.14 (HKLM-x32\...\{ED90F5E3-960A-4BED-B1EF-777D6E4E080F}_is1) (Version: - ApneaSoft)Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.9.1.0 - Ask.com) <==== ATTENTIONAtlantis Word Processor (HKLM-x32\...\Atlantis Word Processor) (Version: - )avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)BitTorrent (HKCU\...\BitTorrent) (Version: 7.8.2.30332 - BitTorrent Inc.)BitTorrentBar Toolbar (HKLM-x32\...\BitTorrentBar Toolbar) (Version: 6.8.5.1 - BitTorrentBar)Click to Call with Skype (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8153 - Skype Technologies S.A.)Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Corel WordPerfect Office - iFilter 64 Bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.01.000 - Corel Corporation)DataPilot 7 (HKLM-x32\...\InstallShield_{27CAB1BD-7AED-46AE-855C-D6E3B45FF24B}) (Version: 7.00.0001 - Susteen)DataPilot 7 (x32 Version: 7.00.0001 - Susteen) HiddenDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{131CD369-AA3B-424F-A83C-54DF3534B95C}) (Version: - Microsoft)Driver Detective (HKLM-x32\...\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}) (Version: 8.0.1 - PC Drivers HeadQuarters)EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)FINAL FANTASY XI (HKLM-x32\...\InstallShield_{678F6475-D227-432A-94FF-806178A34520}) (Version: 1.00 - SQUARE ENIX CO., LTD.)FINAL FANTASY XI (x32 Version: 1.00 - SQUARE ENIX CO., LTD.) HiddenFINAL FANTASY XI Seekers of Adoulin (x32 Version: 1.50.0 - SQUARE ENIX CO., LTD.) HiddenFINAL FANTASY XI Test Client (HKLM-x32\...\InstallShield_{27DDD216-365D-4FB8-8E2A-038B971990C2}) (Version: 1.0.0 - SQUARE ENIX CO., LTD.)FINAL FANTASY XI Test Client (x32 Version: 1.0.0 - SQUARE ENIX CO., LTD.) HiddenFINAL FANTASY XI: Chains of Promathia (HKLM-x32\...\InstallShield_{3C0619B4-4A2C-4244-8077-488E420DF907}) (Version: 1.20.1 - SQUARE ENIX CO., LTD.)FINAL FANTASY XI: Chains of Promathia (x32 Version: 1.20.1 - SQUARE ENIX CO., LTD.) HiddenFINAL FANTASY XI: Rise of the Zilart (HKLM-x32\...\InstallShield_{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}) (Version: 1.00 - SQUARE ENIX CO., LTD.)FINAL FANTASY XI: Rise of the Zilart (x32 Version: 1.00 - SQUARE ENIX CO., LTD.) HiddenFINAL FANTASY XI: Seekers of Adoulin (HKLM-x32\...\InstallShield_{E86A33A7-6C77-48F3-9D72-2D8F4C1AD5AC}) (Version: 1.50.0 - SQUARE ENIX CO., LTD.)FINAL FANTASY XI: Treasures of Aht Urhgan (HKLM-x32\...\InstallShield_{A606C6FF-12E7-40BE-B777-D8F360FF00CD}) (Version: 1.30.1 - SQUARE ENIX CO., LTD.)FINAL FANTASY XI: Treasures of Aht Urhgan (x32 Version: 1.30.1 - SQUARE ENIX CO., LTD.) HiddenFINAL FANTASY XI: Wings of the Goddess (HKLM-x32\...\InstallShield_{5B037ED7-0755-48D4-9554-808E5AF50F17}) (Version: 1.40.1 - SQUARE ENIX CO., LTD.)FINAL FANTASY XI: Wings of the Goddess (x32 Version: 1.40.1 - SQUARE ENIX CO., LTD.) HiddenGOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.57.5189 - Gretech Corporation)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.23.9 - Google Inc.) HiddenImpulse® (HKLM-x32\...\Impulse®) (Version: 3.29 - GameStop)Impulse® (x32 Version: 3.29 - GameStop) HiddenInstaCodecs (HKLM-x32\...\InstaCodecs_is1) (Version: 1.0 - )InstallIQ Updater (HKLM-x32\...\{5EFA68C8-CFFD-407F-8B17-7D7C61D2F93A}) (Version: 1.1.2.0 - W3i, LLC)Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) HiddenJMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.58.2 - JMicron Technology Corp.)Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) HiddenLeague of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)LSI PCI-SV92PP Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) HiddenMicrosoft IntelliPoint 8.1 (HKLM\...\Microsoft IntelliPoint 8.1) (Version: 8.15.406.0 - Microsoft)Microsoft IntelliPoint 8.1 (Version: 8.15.406.0 - Microsoft) HiddenMicrosoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0 - Microsoft Corporation) HiddenMicrosoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) HiddenMPEG2 Codec(libmpeg2/mad) (HKLM-x32\...\MPEG2 Codec(libmpeg2/mad)) (Version: - )MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) HiddenMumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) HiddenNVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) HiddenNVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) HiddenNVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) HiddenNVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) HiddenPando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.6 - Pando Networks Inc.)PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)PL-2303 USB-to-Serial (x32 Version: 1.00.000 - Prolific Technology INC) HiddenPlayOnline Viewer & Tetra Master (HKLM-x32\...\InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}) (Version: 1.18.00 - SQUARE ENIX CO., LTD.)PlayOnline Viewer & Tetra Master (x32 Version: 1.18.00 - SQUARE ENIX CO., LTD.) HiddenPOLUtils (HKLM-x32\...\POLUtils) (Version: - )Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)Search Protection (HKCU\...\Search Protection) (Version: 7.5.0.1 - Spigot, Inc.)Search Toolbar (HKLM-x32\...\Search Toolbar) (Version: 1.2 - Zugo Ltd)Skype™ 6.0 (HKLM-x32\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.)Songbird 1.8.0 (Build 1800) (HKLM-x32\...\Songbird-release-1800) (Version: - )Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2553092) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7AC49FC8-F8D2-4DD8-9086-09E52385A21F}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.7.0 - Flagship Industries, Inc.)VideoLAN VLC media player 0.8.6f (HKLM-x32\...\VLC media player) (Version: 0.8.6f - VideoLAN Team)VideoMate T, M, P, S Series Driver (HKLM-x32\...\{41E340F0-0BD6-4A87-AF29-E9E584471756}) (Version: 1.38.800 - )Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)Windower (HKCU\...\Windower) (Version: 3.4.3.2 - Windower Team)Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) HiddenWindows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) HiddenWindows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) HiddenWindows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 14.0.8117.416 - Microsoft Corporation) HiddenWindows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) HiddenWindows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) HiddenWinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )Yahoo! BrowserPlus 2.9.8 (HKCU\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.)Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - )Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)Zune (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden==================== Restore Points =========================22-01-2014 18:26:48 Scheduled Checkpoint03-02-2014 21:48:47 Scheduled Checkpoint10-02-2014 11:42:35 Windows Update17-02-2014 15:29:10 avast! antivirus system restore point19-02-2014 15:51:30 Windows Update05-03-2014 15:35:24 Scheduled Checkpoint10-03-2014 11:00:26 Windows Update17-03-2014 16:10:23 Scheduled Checkpoint07-04-2014 15:41:12 Windows Update11-04-2014 12:15:03 Windows Update==================== Hosts content: ==========================2009-07-13 19:34 - 2012-03-10 07:47 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost::1 localhost==================== Scheduled Tasks (whitelisted) =============Task: {11672CE8-3161-4934-96B8-20B4B3C3F009} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)Task: {152EF018-8FB2-48C1-8D21-915203097DD1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-24] (Google Inc.)Task: {20B287DB-1EC1-47DC-AFE7-8EE34D396890} - System32\Tasks\{C9447FCA-1018-42B0-B03C-53C1F70959E3} => Iexplore.exe http://ui.skype.com/ui/0/5.3.0.111/en/abandoninstall?page=tsChrome&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-installed;madedefaultTask: {20BB3E39-1966-47E1-B3DA-4F4F02D69969} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-17] (AVAST Software)Task: {30A3076B-D20C-4554-9B8D-8CB02E411E03} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-24] (Google Inc.)Task: {34ACF835-2AF0-439D-9A8F-7141AFF100CA} - System32\Tasks\0 => Iexplore.exe <==== ATTENTIONTask: {452ECD47-45E4-4413-B2BA-A3E3B16E62D9} - System32\Tasks\{CC8B934B-8922-4D3B-BFD9-0B6DC75CB768} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2012-11-09] (Skype Technologies S.A.)Task: {50DB27F7-D3A9-4676-8505-464F74275E15} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)Task: {9C2C15B2-77B5-4E0B-9590-06152211B626} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2010-09-28] () <==== ATTENTIONTask: {DC095267-9429-48DC-8D01-97C36201CCA1} - System32\Tasks\4572 => Wscript.exe C:\Users\Sean\AppData\Local\Temp\launchie.vbs //B <==== ATTENTIONTask: {E15CC46E-1D7C-4FD2-87C9-EB1E75B57E0E} - System32\Tasks\{13885368-E5CC-4CEE-90EE-4CE75EC59E12} => C:\Program Files (x86)\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe [2011-08-29] (SQUARE ENIX CO., LTD.)Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe==================== Loaded Modules (whitelisted) =============2012-11-18 04:05 - 2013-01-18 08:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2014-04-17 09:04 - 2014-04-17 12:28 - 02215424 _____ () C:\Program Files\AVAST Software\Avast\defs\14041703\algo.dll2013-10-27 11:12 - 2013-10-27 11:12 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll==================== Alternate Data Streams (whitelisted) =========AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4==================== Safe Mode (whitelisted) ======================================= Disabled items from MSCONFIG ==============MSCONFIG\Services: ehRecvr => 3MSCONFIG\Services: ehSched => 3MSCONFIG\Services: WMPNetworkSvc => 3==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (04/17/2014 01:38:40 PM) (Source: CVHSVC) (User: )Description: Information only.Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.Error: (04/17/2014 10:51:37 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.Error: (04/17/2014 10:51:37 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.Error: (04/17/2014 10:45:48 AM) (Source: CVHSVC) (User: )Description: Information only.Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.Error: (04/17/2014 09:07:18 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.Error: (04/17/2014 09:07:18 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.Error: (04/17/2014 09:02:14 AM) (Source: CVHSVC) (User: )Description: Information only.Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.Error: (04/17/2014 08:56:47 AM) (Source: CVHSVC) (User: )Description: Information only.Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.Error: (04/17/2014 07:25:54 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.Component identity found in manifest does not match the identity of the component requested.Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".Please use sxstrace.exe for detailed diagnosis.Error: (04/17/2014 07:10:25 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.System errors:=============Error: (04/17/2014 01:42:07 PM) (Source: Service Control Manager) (User: )Description: The NVIDIA Update Service Daemon service failed to start due to the following error:%%1069Error: (04/17/2014 01:42:07 PM) (Source: Service Control Manager) (User: )Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:%%1330To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).Error: (04/17/2014 01:40:06 PM) (Source: Service Control Manager) (User: )Description: The Client Virtualization Handler service hung on starting.Error: (04/17/2014 01:38:37 PM) (Source: Service Control Manager) (User: )Description: The Power service terminated with the following error:%%4203Error: (04/17/2014 01:38:18 PM) (Source: Application Popup) (User: )Description: \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.Error: (04/17/2014 10:49:16 AM) (Source: Service Control Manager) (User: )Description: The NVIDIA Update Service Daemon service failed to start due to the following error:%%1069Error: (04/17/2014 10:49:16 AM) (Source: Service Control Manager) (User: )Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:%%1330To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).Error: (04/17/2014 10:47:16 AM) (Source: Service Control Manager) (User: )Description: The Client Virtualization Handler service hung on starting.Error: (04/17/2014 10:45:41 AM) (Source: Service Control Manager) (User: )Description: The Power service terminated with the following error:%%4203Error: (04/17/2014 10:45:26 AM) (Source: Application Popup) (User: )Description: \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.Microsoft Office Sessions:=========================Error: (04/17/2014 01:38:40 PM) (Source: CVHSVC)(User: )Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.Error: (04/17/2014 10:51:37 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)Description: WmiApRplWmiApRpl8F20300004D070000Error: (04/17/2014 10:51:37 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)Description: Performance1637070000000000000000000009030000Error: (04/17/2014 10:45:48 AM) (Source: CVHSVC)(User: )Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.Error: (04/17/2014 09:07:18 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)Description: WmiApRplWmiApRpl8F20300004D070000Error: (04/17/2014 09:07:18 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)Description: Performance1637070000000000000000000009030000Error: (04/17/2014 09:02:14 AM) (Source: CVHSVC)(User: )Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.Error: (04/17/2014 08:56:47 AM) (Source: CVHSVC)(User: )Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.Error: (04/17/2014 07:25:54 AM) (Source: SideBySide)(User: )Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8Error: (04/17/2014 07:10:25 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)Description: WmiApRplWmiApRpl8F20300004D070000CodeIntegrity Errors:=================================== Date: 2013-10-27 05:02:26.368 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-27 05:02:25.980 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-27 05:02:25.617 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-27 04:56:08.960 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-27 04:56:08.608 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-27 04:56:08.264 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-27 04:56:07.880 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-27 04:56:07.540 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-27 04:56:07.196 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-27 04:51:57.726 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.==================== Memory info ===========================Percentage of memory in use: 36%Total physical RAM: 4094.55 MBAvailable physical RAM: 2597.6 MBTotal Pagefile: 8187.29 MBAvailable Pagefile: 6572.32 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.81 MB==================== Drives ================================Drive c: () (Fixed) (Total:931.51 GB) (Free:286.66 GB) NTFS ==>[Drive with boot components (obtained from BCD)]==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: C66D64C5)Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)==================== End Of Log ============================ TDSSKiller didn't find any threats so I didn't see any options to skip or save Link to post Share on other sites More sharing options...
Psychotic Posted April 21, 2014 ID:821493 Share Posted April 21, 2014 Going over your logs I noticed that you have BitTorrent installed.Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.It is pretty much certain that if you continue to use P2P programs, you will get infected again.I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.If you wish to keep it, please do not use it until your computer is cleaned. Add-/remove programmsClick on start-->control panel.Vista/7: Open Programs and FeaturesXP: Open add/remove programsSearch for and remove the following programsYahoo! BrowserPlus 2.9.8Yahoo! MessengerYahoo! ToolbarSearch ProtectionSearch ToolbarBitTorrentBar ToolbarAsk Toolbar1ClickDownloaderClose the window. Search for files with FRST (Recovery Environment)Run FRST.Type the following in the edit box after "Search:"rpcss.dllClick Search button and post the log (Search.txt) it makes to your reply. Link to post Share on other sites More sharing options...
dasva Posted April 22, 2014 Author ID:821752 Share Posted April 22, 2014 Search toolbar and 1clickdownloader were not in the list of programs. I uninstalled the rest Link to post Share on other sites More sharing options...
Psychotic Posted April 22, 2014 ID:821855 Share Posted April 22, 2014 OK, then proceed with the other step, please. Link to post Share on other sites More sharing options...
dasva Posted April 22, 2014 Author ID:821946 Share Posted April 22, 2014 Farbar Recovery Scan Tool (x64) Version: 17-04-2014Ran by SYSTEM at 2014-04-21 17:50:15Running from E:\Boot Mode: Recovery================== Search: "rpcss.dll" ===================C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll[2011-05-23 12:03] - [2010-11-20 05:27] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll[2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027C:\Windows\System32\rpcss.dll[2011-05-23 12:03] - [2010-11-20 05:27] - 0515072 ____A (Microsoft Corporation) 6B23B4D153F20B26B564868B945457A5C:\Windows\ERDNT\cache64\rpcss.dll[2012-02-26 15:52] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027X:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll[2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027X:\Windows\System32\rpcss.dll[2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027====== End Of Search ====== Also not sure if it's important but I noticed that while 1ClickDownloader isn't in programs and features for me to uninstall there is a 1ClickDownloader folder within the program files (x86) folder Link to post Share on other sites More sharing options...
Psychotic Posted April 23, 2014 ID:822237 Share Posted April 23, 2014 Fix with FRST (normal mode)WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Download the attached fixlist.txt and save it to the location where FRST is saved to.Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply. Full System Scan with Malwarebytes Antimalware If not existing, please download Malwarebytes Anti-Malware to your desktop.Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to the following:Launch Malwarebytes Anti-MalwareA 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.Click Finish.If the program is already installed:Run Malwarebytes AntimalwareOn the Dashboard, click the 'Update Now >>' linkAfter the update completes, click the 'Scan Now >>' button.Or, on the Dashboard, click the Scan Now >> button.If an update is available, click the Update Now button.A Threat Scan will begin.When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.In most cases, a restart will be required.Wait for the prompt to restart the computer to appear, then click on Yes.After the restart once you are back at your desktop, open MBAM once more.Click on the History tab > Application Logs.Double click on the scan log which shows the Date and time of the scan just performed.Click 'Copy to Clipboard'Paste the contents of the clipboard into your reply. fixlist.txt Link to post Share on other sites More sharing options...
dasva Posted April 23, 2014 Author ID:822606 Share Posted April 23, 2014 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2014Ran by Sean at 2014-04-23 06:38:29 Run:2Running from C:\Users\Sean\DownloadsBoot Mode: Normal==============================================Content of fixlist:*****************Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dllAlternateDataStreams: C:\ProgramData\TEMP:0B4227B4Task: {DC095267-9429-48DC-8D01-97C36201CCA1} - System32\Tasks\4572 => Wscript.exe C:\Users\Sean\AppData\Local\Temp\launchie.vbs //B <==== ATTENTIONTask: {9C2C15B2-77B5-4E0B-9590-06152211B626} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2010-09-28] () <==== ATTENTIONTask: {34ACF835-2AF0-439D-9A8F-7141AFF100CA} - System32\Tasks\0 => Iexplore.exe <==== ATTENTIONCHR HKLM-x32\...\Chrome\Extension: [jplinpmadfkdgipabgcdchbdikologlh] - C:\Program Files (x86)\1ClickDownload\1click11.crx [2012-04-29]Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No FileToolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No FileToolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileToolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No FileToolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)Toolbar: HKLM-x32 - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)URLSearchHook: HKLM-x32 - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)C:\Program Files (x86)\BitTorrentBarC:\Program Files (x86)\Ask.comC:\Program Files (x86)\1ClickDownload2014-03-18 23:29 - 2014-03-18 23:29 - 00000000 ____D () C:\Windows\SysWOW64\-2014-04-17 10:45 - 2014-04-17 10:45 - 00000064 _____ () C:\Windows\system32\utmdfz.chu2014-04-17 10:45 - 2014-04-17 10:45 - 00000000 _____ () C:\Windows\system32\kmbac.bzw2014-04-17 10:29 - 2014-04-17 10:29 - 00301959 ____S () C:\Windows\system32\wggt.nxe2014-04-17 10:29 - 2014-04-17 10:29 - 00149504 _____ (Microsoft Corporation) C:\Users\Sean\AppData\Roaming\rfqjgh.dllReboot:*****************C:\Windows\System32\rpcss.dll => Moved successfully.C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dllC:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC095267-9429-48DC-8D01-97C36201CCA1} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC095267-9429-48DC-8D01-97C36201CCA1} => Key deleted successfully.C:\Windows\System32\Tasks\4572 => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4572 => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C2C15B2-77B5-4E0B-9590-06152211B626} => Key deleted successfully.C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar not found.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34ACF835-2AF0-439D-9A8F-7141AFF100CA} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34ACF835-2AF0-439D-9A8F-7141AFF100CA} => Key deleted successfully.C:\Windows\System32\Tasks\0 => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key deleted successfully.HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh => Key deleted successfully.C:\Program Files (x86)\1ClickDownload\1click11.crx => Moved successfully.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key deleted successfully.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} => Value deleted successfully.HKCR\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} => Key deleted successfully.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Value deleted successfully.HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Key deleted successfully.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value not found.HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Value not found.HKCR\Wow6432Node\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Key deleted successfully.HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Value not found."C:\Program Files (x86)\BitTorrentBar" => File/Directory not found."C:\Program Files (x86)\Ask.com" => File/Directory not found.C:\Program Files (x86)\1ClickDownload => Moved successfully.C:\Windows\SysWOW64\- => Moved successfully.C:\Windows\system32\utmdfz.chu => Moved successfully.Could not move "C:\Windows\system32\kmbac.bzw" => Scheduled to move on reboot.Could not move "C:\Windows\system32\wggt.nxe" => Scheduled to move on reboot.C:\Users\Sean\AppData\Roaming\rfqjgh.dll => Moved successfully.=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-23 06:40:06)<=C:\Windows\system32\kmbac.bzw => Is moved successfully.C:\Windows\system32\wggt.nxe => Is moved successfully.==== End of Fixlog ==== Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2014.04.23.05Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Sean :: SEAN-PC [administrator]4/23/2014 6:45:13 AMmbam-log-2014-04-23 (06-45-13).txtScan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 579480Time elapsed: 1 hour(s), 25 minute(s), 9 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 5C:\FRST\Quarantine\C\ProgramData\2992199F9A\rfvfleyf.cpp.xBAD (Trojan.FakeMS) -> Quarantined and deleted successfully.C:\FRST\Quarantine\C\ProgramData\2992199F9A\2992199F9A\fyelfvfr.faa (Trojan.FakeMS) -> Quarantined and deleted successfully.C:\FRST\Quarantine\C\Windows\System32\rpcss.dll.xBAD (Trojan.Zekos.Patched) -> Quarantined and deleted successfully.C:\Users\Sean\AppData\Local\Temp\J2Hy.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.C:\Users\Sean\AppData\Local\Temp\radqv.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.(end) Link to post Share on other sites More sharing options...
Psychotic Posted April 24, 2014 ID:822727 Share Posted April 24, 2014 Fine! Scan with ESET Online ScanPlease go to here to run the online scannner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
dasva Posted April 25, 2014 Author ID:823100 Share Posted April 25, 2014 C:\AcidXLite_132521_154461_120810230739.exe Win32/Toolbar.Zugo potentially unwanted applicationC:\Program Files (x86)\Conduit\Community Alerts\Alert.dll Win32/Toolbar.Conduit.Y potentially unwanted applicationC:\Users\Sean\AppData\Local\Temp\SearchProtectionSetup.exe a variant of Win32/Toolbar.Widgi potentially unwanted applicationC:\Users\Sean\AppData\Local\Temp\tbBit2.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationC:\Users\Sean\AppData\Local\Temp\YontooSetup-S.exe Win32/Adware.Yontoo applicationC:\Users\Sean\Downloads\rcsetup142.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application Link to post Share on other sites More sharing options...
Psychotic Posted April 25, 2014 ID:823119 Share Posted April 25, 2014 Then we can do the cleanup - if you are facing any issues, report that immediately.Delete junk with adwCleanerPlease download AdwCleaner to your desktop.Run adwcleaner.exe Hit Scan and wait for the scan to finish. Confirm the message but don´t uncheck anything. Hit Clean When the run is finished, it will open up a text file Please post its contents within your next reply You´ll find the log file at C:\AdwCleaner[s1].txt alsoDelete junk with JRT Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message.SecurityCheckReboot your system before starting!Please download SecurityCheck: LINK1 LINK2Save it to your desktop, start it and follow the instructions in the window. After the scan finished the (checkup.txt) will open. Copy its content to your thread. Link to post Share on other sites More sharing options...
dasva Posted April 25, 2014 Author ID:823129 Share Posted April 25, 2014 # AdwCleaner v3.202 - Report created 24/04/2014 at 23:56:49# Updated 23/04/2014 by Xplode# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)# Username : Sean - SEAN-PC# Running from : C:\Users\Sean\Desktop\adwcleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\AVG Security ToolbarFolder Deleted : C:\ProgramData\w3iFolder Deleted : C:\Program Files (x86)\ConduitFolder Deleted : C:\Program Files (x86)\w3iFolder Deleted : C:\Users\Sean\AppData\Local\ConduitFolder Deleted : C:\Users\Sean\AppData\Local\PackageAwareFolder Deleted : C:\Users\Sean\AppData\LocalLow\AVG Security ToolbarFolder Deleted : C:\Users\Sean\AppData\LocalLow\ConduitFolder Deleted : C:\Users\Sean\AppData\LocalLow\PriceGongFile Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\0\Extensions\OneClickDownloader@OneClickDownloader.com.xpiFile Deleted : C:\Users\Sean\AppData\Local\Temp\Uninstall.exe***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahlaKey Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLLKey Deleted : HKLM\SOFTWARE\Classes\Conduit.EngineKey Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbhoKey Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancsKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancsKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCSKey Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]Key Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\Freeze.comKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownloaderKey Deleted : [x64] HKLM\SOFTWARE\Tarma Installer***** [ Browsers ] *****-\\ Internet Explorer v9.0.8112.16476-\\ Mozilla Firefox v[ File : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]-\\ Google Chrome v34.0.1847.116[ File : C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\preferences ]Deleted [Extension] : jplinpmadfkdgipabgcdchbdikologlh*************************AdwCleaner[R0].txt - [5522 octets] - [24/04/2014 23:51:17]AdwCleaner[R1].txt - [5512 octets] - [24/04/2014 23:53:13]AdwCleaner[s0].txt - [5490 octets] - [24/04/2014 23:56:49]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5550 octets] ########## Running the Junkware Removal Tool now. Should I do anything other than post the log (such as confirming removal or something) after it's done scanning? Link to post Share on other sites More sharing options...
Psychotic Posted April 26, 2014 ID:823715 Share Posted April 26, 2014 No, simply post the logs Link to post Share on other sites More sharing options...
dasva Posted April 26, 2014 Author ID:823825 Share Posted April 26, 2014 Ah well the log didn't open or save on it's own... <?xml version="1.0" encoding="utf-8" standalone="yes"?><?xml-stylesheet type='text/xsl' href='C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\log.xslt'?><info><LangStrings><string1>Scan Date</string1><string2>Database Version</string2><string3>Total Items Found</string3><string4>Objects Scanned :</string4><string5>Time Elapsed :</string5><string6>Name</string6><string7>Found Items</string7><string8>Item Name</string8><string9>Category</string9><string10>Threat Level</string10><string11>Action Performed</string11><string12>Items Found</string12><string13>Found Area</string13><string14>Details</string14><string15>File Name</string15><string16>MD5</string16><string17>Signature</string17><string18>Registry Key</string18><string19>No Infections Found.</string19><string20 /></LangStrings><loginfo><date>4/26/2014 11:59:39 AM</date><key /><istrial>True</istrial><system>SEAN-PC|67.174.229.78|00-22-15-02-BC-7B</system><scantype>DeepScan</scantype><os>Windows 7 64 Bit, Version : Microsoft Windows NT 6.1.7601 Service Pack 1</os><dbversion>1771</dbversion><time>00:25:53</time><objectscanned>340259</objectscanned><objectfound>21</objectfound><cultureinfo>English (United States)</cultureinfo><version>2.1.1000.10798</version></loginfo><companyinfo><companyname>Nico Mak Computing</companyname><productname>WinZip Malware Protector</productname><copyright>© 2013 WinZip International LLC. All rights reserved.</copyright></companyinfo><log logdate="Friday, April 25, 2014" databaseversion="1769" objectscanned="340259" timeelapsed="00:25:53"><SerializableDictionaryOfStringListOfcFoundItems><Item><Key><string>trojan-downloader.genome</string></Key><Value><ArrayOfFI><FI><C>Trojan-Downloader</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\search toolbar</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>210809</ID></FI><FI><C>Trojan-Downloader</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\search toolbar</V2><V3>nomodify</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Trojan-Downloader</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\search toolbar</V2><V3>norepair</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Trojan-Downloader</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\search toolbar</V2><V3>displayname</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Trojan-Downloader</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\search toolbar</V2><V3>displayversion</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Trojan-Downloader</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\search toolbar</V2><V3>urlinfoabout</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Trojan-Downloader</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\search toolbar</V2><V3>publisher</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Trojan-Downloader</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\search toolbar</V2><V3>estimatedsize</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Trojan-Downloader</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\search toolbar</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>210809</ID></FI><FI><C>Trojan-Downloader</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\search toolbar</V2><V3>updatepage</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI></ArrayOfFI></Value></Item><Item><Key><string>roguesecurityprogram.winantivirus-pro-2006</string></Key><Value><ArrayOfFI><FI><C>Rogue Antispyware Program</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_classes_root</V1><V2>*\shellex\contextmenuhandlers\shellextension</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>212507</ID></FI><FI><C>Rogue Antispyware Program</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_classes_root</V1><V2>directory\shellex\contextmenuhandlers\shellextension</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>212507</ID></FI><FI><C>Rogue Antispyware Program</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_classes_root</V1><V2>drive\shellex\contextmenuhandlers\shellextension</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>212507</ID></FI><FI><C>Rogue Antispyware Program</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\classes\*\shellex\contextmenuhandlers\shellextension</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>212507</ID></FI><FI><C>Rogue Antispyware Program</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\classes\directory\shellex\contextmenuhandlers\shellextension</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>212507</ID></FI><FI><C>Rogue Antispyware Program</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\classes\drive\shellex\contextmenuhandlers\shellextension</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>212507</ID></FI></ArrayOfFI></Value></Item><Item><Key><string>roguesecurityprogram.pro-antispyware-2009</string></Key><Value><ArrayOfFI><FI><C>Rogue Antispyware Program</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_current_user</V1><V2>software\microsoft\windows\currentversion\drivers\video</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>212916</ID></FI><FI><C>Rogue Antispyware Program</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_current_user</V1><V2>software\microsoft\windows\currentversion\drivers\video\options</V2><V3 /><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI></ArrayOfFI></Value></Item><Item><Key><string>roguesecurityprogram.ms-antispyware-2009</string></Key><Value><ArrayOfFI><FI><C>Rogue Antispyware Program</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_current_user</V1><V2>software\microsoft\windows\currentversion\drivers</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>213393</ID></FI></ArrayOfFI></Value></Item><Item><Key><string>trojan.agent</string></Key><Value><ArrayOfFI><FI><C>Trojan</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>FileSignature</FT><V1>c:\users\sean\appdata\local\temp\jar_cache6048616669573384924.tmp</V1><V2>0</V2><V3>1265843400897794383</V3><V4>5bed1cbd6923f7e32b071aa623864f66</V4><V5>0|</V5><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV>c:\users\sean\appdata\local\temp\jar_cache6048616669573384924.tmp</DV><FA>FileSystem</FA><RBT>None</RBT><ID>218671</ID></FI></ArrayOfFI></Value></Item><Item><Key><string>monitoring.employees-pc-monitor</string></Key><Value><ArrayOfFI><FI><C>Monitoring Tool</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_users</V1><V2>s-1-5-18\software\microsoft\windows\currentversion\policies\system</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>214701</ID></FI></ArrayOfFI></Value></Item></SerializableDictionaryOfStringListOfcFoundItems></log></info> Results of screen317's Security Check version 0.99.82 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 25 Java version out of Date! Adobe Reader 10.1.7 Adobe Reader out of Date! Google Chrome 33.0.1750.154 Google Chrome 34.0.1847.116 ````````Process Check: objlist.exe by Laurent```````` WinZip Malware Protector WinZipMalwareProtector.exe PlayOnline SquareEnix PlayOnlineViewer pol.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0%````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
Psychotic Posted April 28, 2014 ID:824326 Share Posted April 28, 2014 Your system is clean now! Java runtime Environment out of dateYour Java runtime environment is outdated. We will fix this. Get the actual JRE from here Save jxpiinstall.exe to your desktop Close all running programs, especially your browser(s) Run jxpiinstall.exe. This will download the newest JRE installer and install the software when finished, go toStart-->control panel-->add/remove programs and remove all older Java versions. (if existing) When finished, reboot your computer.After the reboot Open control panel again and click the java symbol. Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears. Click Delete Files.The Delete Temporary Files dialog box appearsClick OK on Delete Temporary Files window.Click OK again. Adobe Reader out of dateYour Adobe Reader is outdated. We will fix this.Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered. Run setup and follow the instructions. Click upon Start-->control panel-->add/remove programs. Search for and remove any older reader versions. Uninstall our tools using delfixPlease follow these steps in order: In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed. In any case please download delfix to your desktop. Close all other programms and start delfix. Please check all the boxes and run the tool. delfix will now delete all found traces of our removal process [*] If there is still something left please delete it manualy.Delete System Restore PointsTo ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points. Recommendations: How to protect yourselfSystem UpdatesPlease ensure to have automatic updates activated in your control panel.For further information and a tutorial, see this Microsoft Support article. ProtectionWhat you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.To keep your browser free of advertising, you may install the Adblock Plus browser extension.It will filter unwanted advertising out of the website´s content. To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.In addition, before accessing a dangerous classified web site, a warning screen is displayed. [*]Up to date SoftwareKeep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:Secunia Personal Software Inspector - checks if your software has updates available. SecurityCheck (by screen317) - scans your computer for most vulnerable outdated software. Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins running in your Firefox browser. [*]BackupHardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]BehaviourThe commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware. Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything. When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system. Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Link to post Share on other sites More sharing options...
dasva Posted April 29, 2014 Author ID:824638 Share Posted April 29, 2014 Thank you very much. I shall take most your reccommendations to heart though since I use my comp mostly for watching shows and games not sure I can avoid those . I saw you linked 2 sites to check for software updates... should I use both? And how often do you recommend I use them to check? Link to post Share on other sites More sharing options...
Psychotic Posted April 29, 2014 ID:825055 Share Posted April 29, 2014 If you have the Secunia Inspector installed, it will have an eye on your software and inform you if it is outdated! Link to post Share on other sites More sharing options...
Recommended Posts