Jump to content

fbi scam


Recommended Posts

Got the fbi ransom where. Tried some online guides but am unable to folllow them for various reasons. Specifically can't do recommended scans since the virus stops me from opening programs. Can't restart in any of the safemodes because as soon as it gets to log in screen it restarts the computer. Manage to access system restore thru the system recovery options but every restore point I try results in the same error with the following details "system restore failed to extract the file

(C:Users\other\appdata\roaming\microsoft\windows\start menu\programs\startup) from the restore point. The restore point was damaged or was deleted during the restore."

The system recovery options lets me run a command prompt so I tried running mbam.exe from there but I get "the subsystem needed to support the image type is not present."

I can't make a try making a disk to run scan on boot right now since I wont have access to another computer for another day

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.



On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt



  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.


It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014

Ran by SYSTEM on MININT-T5EK2DS on 17-04-2014 06:55:16

Running from E:\

Windows 7 Ultimate (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)

HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)

HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)

HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-08-20] ()

HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)

HKLM-x32\...\Run: [ROC_roc_dec12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

HKLM-x32\...\Run: [HF_G_Jul] => "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-02] (AVAST Software)

HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)

HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)

HKLM-x32\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic="&"inst=NzYtOTExNjgzNjUxLUNJQTEwKzItU1AxKzEtVFVHKzMtU1AxUzIrMS1TVUQrMS1TMUkrMS1TVTMrMS1DSVArMi1MU0QrMi1ERFQrNTMwNDgtU1QxMEFQUCsxLUREMTArMS1TMTBEREYrMS1QMTBNMTJDKzEtVEIrMS1GVUkrMi1QMTBUQisyLUMxMEFCKzIyLUNJQVYrNTYtUENURVhQKzEw"&"prod=0"&"ver=10.0.1430 [X]

HKU\Others\...\Policies\system: [LogonHoursAction] 2

HKU\Others\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Sean\...\Run: [bitTorrent] => C:\Users\Sean\AppData\Roaming\BitTorrent\BitTorrent.exe [1238616 2014-04-07] (BitTorrent Inc.)

HKU\Sean\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-04-24] (Google Inc.)

HKU\Sean\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)

HKU\Sean\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)

HKU\Sean\...\Policies\system: [LogonHoursAction] 2

HKU\Sean\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

Startup: C:\Users\Others\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnk

ShortcutTarget: fyelfvfr.lnk -> C:\ProgramData\2992199F9A\rfvfleyf.cpp (Корпорация Майкрософт)

Startup: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnk

ShortcutTarget: fyelfvfr.lnk -> C:\ProgramData\2992199F9A\rfvfleyf.cpp (Корпорация Майкрософт)

Startup: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk

ShortcutTarget: Impulse Now.lnk -> C:\Program Files (x86)\Impulse\Now\ImpulseNow.exe (GameStop Corporation)

GroupPolicyUsers\S-1-5-21-3799292957-1194181936-1802369922-1003\User: Group Policy restriction detected <======= ATTENTION

==================== Services (Whitelisted) =================

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-17] (AVAST Software)

S2 Winmgmt; C:\ProgramData\2992199F9A\fyelfvfr.faa [332020 2014-04-15] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-17] (AVAST Software)

S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-27] (AVAST Software)

S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-27] ()

S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-17] (AVAST Software)

S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-17] (AVAST Software)

S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-17] (AVAST Software)

S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-08] ()

S3 GEARAspiWDM; C:\Windows\SysWOW64\Drivers\GEARAspiWDM.sys [15664 2012-02-20] (GEAR Software Inc.)

S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)

S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()

S3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1627520 2009-06-10] (NXP Semiconductors)

S3 SUSTUCAM; C:\Windows\System32\DRIVERS\sustucam.sys [56832 2009-11-25] (Susteen, Inc.)

S3 SUSTUCAU; C:\Windows\System32\DRIVERS\sustucau.sys [33792 2009-11-25] (Susteen, Inc.)

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 SysInfo; \??\C:\Windows\system32\drivers\SysInfo.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-17 06:54 - 2014-04-17 06:55 - 00000000 ____D () C:\FRST

2014-04-15 23:43 - 2014-04-16 12:27 - 00000000 ____D () C:\ProgramData\2992199F9A

2014-04-15 21:06 - 2014-04-15 21:15 - 342490414 _____ () C:\Users\Sean\Downloads\[DeadFish] Kenzen Robo Daimidaler - 01v4 [720p][AAC].mp4

2014-04-15 21:06 - 2014-04-15 21:11 - 311423874 _____ () C:\Users\Sean\Downloads\[DeadFish] Kenzen Robo Daimidaler - 02 [720p][AAC].mp4

2014-04-15 20:09 - 2014-04-15 20:16 - 377098658 _____ () C:\Users\Sean\Downloads\[DeadFish] Broken Blade (2014) - 01v2 [720p][AAC].mp4

2014-04-15 20:09 - 2014-04-15 20:15 - 347630502 _____ () C:\Users\Sean\Downloads\[DeadFish] Broken Blade (2014) - 02v2 [720p][AAC].mp4

2014-04-15 20:08 - 2014-04-15 20:10 - 210867036 _____ () C:\Users\Sean\Downloads\[DeadFish] Mekakucity Actors - 01v2 [720p][AAC].mp4

2014-04-15 20:07 - 2014-04-15 21:04 - 276422156 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E18.HDTV.x264-KILLERS.mp4

2014-04-15 20:07 - 2014-04-15 20:11 - 200593046 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_12_END_[848x480][4002AE85].avi

2014-04-15 20:06 - 2014-04-15 20:10 - 208754229 _____ () C:\Users\Sean\Downloads\Supernatural.S09E18.HDTV.x264-LOL.mp4

2014-04-15 14:00 - 2014-04-15 15:11 - 266624155 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_08_[720p][2CF1E0F9].mp4

2014-04-15 13:53 - 2014-04-15 15:07 - 249009365 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_04_[1280x720][9EE23D3E].mp4

2014-04-15 13:50 - 2014-04-15 15:15 - 229971448 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_03_[1280x720][bE45F15E].mp4

2014-04-15 13:49 - 2014-04-15 14:53 - 294468336 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_02_[1280x720][9014E20F].mp4

2014-04-15 13:45 - 2014-04-15 15:19 - 285716589 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_01_[1280x720][E65209FF].mp4

2014-04-14 17:24 - 2014-04-14 17:36 - 257841154 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E19.HDTV.x264-LOL.mp4

2014-04-13 10:31 - 2014-04-13 10:34 - 258097932 _____ () C:\Users\Sean\Downloads\[DeadFish] Blade and Soul - 02 [720p][AAC].mp4

2014-04-12 22:20 - 2014-04-12 22:22 - 212374882 _____ () C:\Users\Sean\Downloads\[DeadFish] Akuma no Riddle - 01v2 [720p][AAC].mp4

2014-04-12 14:16 - 2014-04-12 14:19 - 203698686 _____ () C:\Users\Sean\Downloads\[DeadFish] Ryuugajou Nanana no Maizoukin - 01v2 [720p][AAC].mp4

2014-04-12 14:14 - 2014-04-12 14:16 - 255414994 _____ () C:\Users\Sean\Downloads\[DeadFish] Akuma no Riddle - 02 [720p][AAC].mp4

2014-04-11 20:40 - 2014-04-11 20:42 - 262885455 _____ () C:\Users\Sean\Downloads\[DeadFish] Selector Infected WIXOSS - 02 [720p][AAC].mp4

2014-04-11 20:39 - 2014-04-11 20:43 - 255260964 _____ () C:\Users\Sean\Downloads\[DeadFish] Ping Pong The Animation - 01v2 [720p][AAC].mp4

2014-04-10 16:55 - 2014-04-10 17:03 - 523180592 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Seikoku_no_Dragonar_-_01_[720p][FF8C474A].mp4

2014-04-10 16:55 - 2014-04-10 17:02 - 322766058 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_124_[720p][067D561F].mp4

2014-04-10 16:55 - 2014-04-10 17:01 - 265965661 _____ () C:\Users\Sean\Downloads\[DeadFish] Mahouka Koukou no Rettousei - 01 [720p][AAC].mp4

2014-04-10 16:55 - 2014-04-10 16:58 - 334666335 _____ () C:\Users\Sean\Downloads\[DeadFish] No Game No Life - 01 [720p][AAC].mp4

2014-04-09 19:42 - 2014-04-09 19:42 - 00000000 ____D () C:\Users\Sean\Downloads\FFACE41053_Dll

2014-04-09 18:54 - 2014-04-09 18:54 - 00034904 _____ () C:\Users\Sean\Downloads\FFACE41053_Dll.rar

2014-04-08 17:51 - 2014-04-08 17:58 - 216427728 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E17.PROPER.HDTV.x264-2HD.mp4

2014-04-06 22:01 - 2014-04-06 22:11 - 462533664 _____ () C:\Users\Sean\Downloads\Game.of.Thrones.S04E01.HDTV.x264-KILLERS.mp4

2014-04-06 16:45 - 2014-04-06 16:51 - 305116819 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Naruto_Shippuuden_-_357_[720p][5252DC22].mp4

2014-04-05 17:47 - 2014-04-05 17:50 - 223665481 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E16.HDTV.x264-2HD.mp4

2014-04-05 17:46 - 2014-04-05 17:53 - 286082616 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E18.HDTV.x264-LOL.mp4

2014-04-05 17:43 - 2014-04-05 17:44 - 262157529 _____ () C:\Users\Sean\Downloads\[DeadFish] Selector Infected WIXOSS - 01v2 [720p][AAC].mp4

2014-04-04 15:47 - 2014-04-04 15:49 - 310754395 _____ () C:\Users\Sean\Downloads\[DeadFish] Blade and Soul - 01 [720p][AAC].mp4

2014-04-03 17:19 - 2014-04-03 17:25 - 344565421 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_123_[720p][30672811].mp4

2014-04-01 18:13 - 2014-04-01 18:21 - 212956048 _____ () C:\Users\Sean\Downloads\[Tsuki]_Saint_Seiya_Omega_-_96_[848x480][D8B1363D].avi

2014-04-01 17:07 - 2014-04-01 17:07 - 00000000 ____D () C:\ProgramData\GRETECH

2014-03-31 15:50 - 2014-03-31 15:53 - 00000000 ____D () C:\Users\Sean\Downloads\[DeadFish] Tegami Bachi - Batch [720p][MP4][AAC]

2014-03-28 21:34 - 2014-03-28 21:45 - 73937278 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 11 [720p][AAC].mp4

2014-03-28 21:33 - 2014-03-28 21:57 - 69327146 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 05 [720p][AAC].mp4

2014-03-28 21:32 - 2014-03-28 23:23 - 63811922 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 03 [720p][AAC].mp4

2014-03-28 21:31 - 2014-03-28 23:23 - 60021615 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 04 [720p][AAC].mp4

2014-03-28 21:31 - 2014-03-28 23:20 - 64292691 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 08 [720p][AAC].mp4

2014-03-28 21:31 - 2014-03-28 22:58 - 72807264 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 10 [720p][AAC].mp4

2014-03-28 21:31 - 2014-03-28 22:17 - 63980155 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 02 [720p][AAC].mp4

2014-03-28 21:31 - 2014-03-28 22:16 - 60749909 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 07 [720p][AAC].mp4

2014-03-28 21:31 - 2014-03-28 22:12 - 61951333 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 06 [720p][AAC].mp4

2014-03-28 21:30 - 2014-03-28 21:41 - 76499395 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 09 [720p][AAC].mp4

2014-03-28 21:30 - 2014-03-28 21:37 - 69020700 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 01 [720p][AAC].mp4

2014-03-28 21:30 - 2014-03-28 21:32 - 57968983 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 12 [720p][AAC].mp4

2014-03-28 19:58 - 2014-03-28 20:13 - 256888986 _____ () C:\Users\Sean\Downloads\Helix.S01E13.HDTV.x264-EXCELLENCE.mp4

2014-03-27 16:57 - 2014-03-27 17:12 - 484423679 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_10_[8bit][720p][703A8A25].mp4

2014-03-27 16:56 - 2014-03-27 17:03 - 316139439 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_122_[720p][00BFFC65].mp4

2014-03-26 21:02 - 2014-03-26 21:04 - 232708804 _____ () C:\Users\Sean\Downloads\Supernatural.S09E16.HDTV.x264-LOL.mp4

2014-03-26 19:16 - 2014-03-26 19:24 - 292291554 _____ () C:\Users\Sean\Downloads\Arrow.S02E17.HDTV.x264-LOL.mp4

2014-03-26 19:16 - 2014-03-26 19:19 - 214057651 _____ () C:\Users\Sean\Downloads\Supernatural.S09E17.HDTV.x264-LOL.mp4

2014-03-25 16:02 - 2014-03-25 16:08 - 293888801 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Naruto_Shippuuden_-_356_[720p][16346B55].mp4

2014-03-24 22:25 - 2014-03-24 22:27 - 262207302 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.S01E16.HDTV.x264-LOL.mp4

2014-03-24 18:26 - 2014-03-24 18:42 - 226542199 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E17.HDTV.x264-LOL.mp4

2014-03-24 18:16 - 2014-03-24 18:23 - 215209292 _____ () C:\Users\Sean\Downloads\[Tsuki]_Saint_Seiya_Omega_-_95_[848x480][F62F6C47].avi

2014-03-22 16:40 - 2014-03-22 16:40 - 00000000 ____D () C:\Users\Sean\Downloads\Exiled v2 3%2e21%2e2014

2014-03-22 10:37 - 2014-03-22 10:45 - 238075412 _____ () C:\Users\Sean\Downloads\Helix.S01E12.HDTV.x264-KILLERS.mp4

2014-03-20 16:30 - 2014-03-23 00:15 - 00000000 ____D () C:\Users\Sean\Downloads\FFACE41051_Dll

2014-03-19 19:07 - 2014-03-19 19:15 - 237501922 _____ () C:\Users\Sean\Downloads\Revolution.2012.S02E17.HDTV.x264-LOL.mp4

2014-03-19 19:06 - 2014-03-19 19:12 - 289476504 _____ () C:\Users\Sean\Downloads\Arrow.S02E16.HDTV.x264-LOL.mp4

2014-03-19 18:33 - 2014-03-19 18:38 - 514363983 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_09_[8bit][720p][22DE39D1].mp4

2014-03-19 18:33 - 2014-03-19 18:38 - 344335683 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_121_[720p][F55FF846].mp4

2014-03-18 22:29 - 2014-03-18 22:37 - 502590185 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_08_[8bit][720p][07364FB5].mp4

2014-03-18 22:29 - 2014-03-18 22:29 - 00000000 ____D () C:\Windows\SysWOW64\-

==================== One Month Modified Files and Folders =======

2014-04-17 06:55 - 2014-04-17 06:54 - 00000000 ____D () C:\FRST

2014-04-16 12:27 - 2014-04-15 23:43 - 00000000 ____D () C:\ProgramData\2992199F9A

2014-04-16 12:27 - 2011-04-24 07:11 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-16 12:26 - 2010-12-20 16:32 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-04-16 12:26 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-16 12:26 - 2009-07-13 20:51 - 00060304 _____ () C:\Windows\setupact.log

2014-04-16 10:56 - 2010-12-21 12:25 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\BitTorrent

2014-04-16 10:54 - 2010-12-20 16:19 - 00000000 ____D () C:\Users\Sean\Tracing

2014-04-16 02:10 - 2010-12-20 09:35 - 01816767 _____ () C:\Windows\WindowsUpdate.log

2014-04-16 01:45 - 2011-04-24 07:11 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-16 00:13 - 2009-07-13 20:45 - 00014224 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-16 00:13 - 2009-07-13 20:45 - 00014224 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-16 00:09 - 2012-07-13 06:31 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-04-15 23:54 - 2010-12-20 16:52 - 17008724 _____ () C:\Windows\PFRO.log

2014-04-15 21:15 - 2014-04-15 21:06 - 342490414 _____ () C:\Users\Sean\Downloads\[DeadFish] Kenzen Robo Daimidaler - 01v4 [720p][AAC].mp4

2014-04-15 21:11 - 2014-04-15 21:06 - 311423874 _____ () C:\Users\Sean\Downloads\[DeadFish] Kenzen Robo Daimidaler - 02 [720p][AAC].mp4

2014-04-15 21:04 - 2014-04-15 20:07 - 276422156 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E18.HDTV.x264-KILLERS.mp4

2014-04-15 20:16 - 2014-04-15 20:09 - 377098658 _____ () C:\Users\Sean\Downloads\[DeadFish] Broken Blade (2014) - 01v2 [720p][AAC].mp4

2014-04-15 20:15 - 2014-04-15 20:09 - 347630502 _____ () C:\Users\Sean\Downloads\[DeadFish] Broken Blade (2014) - 02v2 [720p][AAC].mp4

2014-04-15 20:11 - 2014-04-15 20:07 - 200593046 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_12_END_[848x480][4002AE85].avi

2014-04-15 20:10 - 2014-04-15 20:08 - 210867036 _____ () C:\Users\Sean\Downloads\[DeadFish] Mekakucity Actors - 01v2 [720p][AAC].mp4

2014-04-15 20:10 - 2014-04-15 20:06 - 208754229 _____ () C:\Users\Sean\Downloads\Supernatural.S09E18.HDTV.x264-LOL.mp4

2014-04-15 16:01 - 2013-03-30 09:39 - 04665321 _____ () C:\windower.txt

2014-04-15 15:19 - 2014-04-15 13:45 - 285716589 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_01_[1280x720][E65209FF].mp4

2014-04-15 15:15 - 2014-04-15 13:50 - 229971448 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_03_[1280x720][bE45F15E].mp4

2014-04-15 15:11 - 2014-04-15 14:00 - 266624155 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_08_[720p][2CF1E0F9].mp4

2014-04-15 15:07 - 2014-04-15 13:53 - 249009365 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_04_[1280x720][9EE23D3E].mp4

2014-04-15 14:53 - 2014-04-15 13:49 - 294468336 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_02_[1280x720][9014E20F].mp4

2014-04-15 14:50 - 2014-01-15 05:41 - 271777829 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_10_[720p][EDAD35E5].mp4

2014-04-15 14:42 - 2014-01-15 05:41 - 243685139 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_09_[720p][7EE148EB].mp4

2014-04-14 18:05 - 2011-04-12 15:40 - 00000000 ____D () C:\Users\Sean\Downloads\Exiled 1%2e2%2e3

2014-04-14 17:36 - 2014-04-14 17:24 - 257841154 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E19.HDTV.x264-LOL.mp4

2014-04-13 10:34 - 2014-04-13 10:31 - 258097932 _____ () C:\Users\Sean\Downloads\[DeadFish] Blade and Soul - 02 [720p][AAC].mp4

2014-04-12 22:22 - 2014-04-12 22:20 - 212374882 _____ () C:\Users\Sean\Downloads\[DeadFish] Akuma no Riddle - 01v2 [720p][AAC].mp4

2014-04-12 14:19 - 2014-04-12 14:16 - 203698686 _____ () C:\Users\Sean\Downloads\[DeadFish] Ryuugajou Nanana no Maizoukin - 01v2 [720p][AAC].mp4

2014-04-12 14:16 - 2014-04-12 14:14 - 255414994 _____ () C:\Users\Sean\Downloads\[DeadFish] Akuma no Riddle - 02 [720p][AAC].mp4

2014-04-11 20:43 - 2014-04-11 20:39 - 255260964 _____ () C:\Users\Sean\Downloads\[DeadFish] Ping Pong The Animation - 01v2 [720p][AAC].mp4

2014-04-11 20:42 - 2014-04-11 20:40 - 262885455 _____ () C:\Users\Sean\Downloads\[DeadFish] Selector Infected WIXOSS - 02 [720p][AAC].mp4

2014-04-10 17:03 - 2014-04-10 16:55 - 523180592 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Seikoku_no_Dragonar_-_01_[720p][FF8C474A].mp4

2014-04-10 17:02 - 2014-04-10 16:55 - 322766058 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_124_[720p][067D561F].mp4

2014-04-10 17:01 - 2014-04-10 16:55 - 265965661 _____ () C:\Users\Sean\Downloads\[DeadFish] Mahouka Koukou no Rettousei - 01 [720p][AAC].mp4

2014-04-10 16:58 - 2014-04-10 16:55 - 334666335 _____ () C:\Users\Sean\Downloads\[DeadFish] No Game No Life - 01 [720p][AAC].mp4

2014-04-09 19:42 - 2014-04-09 19:42 - 00000000 ____D () C:\Users\Sean\Downloads\FFACE41053_Dll

2014-04-09 18:54 - 2014-04-09 18:54 - 00034904 _____ () C:\Users\Sean\Downloads\FFACE41053_Dll.rar

2014-04-08 17:58 - 2014-04-08 17:51 - 216427728 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E17.PROPER.HDTV.x264-2HD.mp4

2014-04-08 10:48 - 2011-12-02 13:53 - 00002102 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-04-06 22:11 - 2014-04-06 22:01 - 462533664 _____ () C:\Users\Sean\Downloads\Game.of.Thrones.S04E01.HDTV.x264-KILLERS.mp4

2014-04-06 16:51 - 2014-04-06 16:45 - 305116819 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Naruto_Shippuuden_-_357_[720p][5252DC22].mp4

2014-04-05 17:53 - 2014-04-05 17:46 - 286082616 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E18.HDTV.x264-LOL.mp4

2014-04-05 17:50 - 2014-04-05 17:47 - 223665481 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E16.HDTV.x264-2HD.mp4

2014-04-05 17:44 - 2014-04-05 17:43 - 262157529 _____ () C:\Users\Sean\Downloads\[DeadFish] Selector Infected WIXOSS - 01v2 [720p][AAC].mp4

2014-04-04 15:49 - 2014-04-04 15:47 - 310754395 _____ () C:\Users\Sean\Downloads\[DeadFish] Blade and Soul - 01 [720p][AAC].mp4

2014-04-03 17:25 - 2014-04-03 17:19 - 344565421 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_123_[720p][30672811].mp4

2014-04-01 18:21 - 2014-04-01 18:13 - 212956048 _____ () C:\Users\Sean\Downloads\[Tsuki]_Saint_Seiya_Omega_-_96_[848x480][D8B1363D].avi

2014-04-01 17:07 - 2014-04-01 17:07 - 00000000 ____D () C:\ProgramData\GRETECH

2014-04-01 17:07 - 2010-12-22 00:29 - 00001189 _____ () C:\Users\Public\Desktop\GOM Player.lnk

2014-03-31 15:53 - 2014-03-31 15:50 - 00000000 ____D () C:\Users\Sean\Downloads\[DeadFish] Tegami Bachi - Batch [720p][MP4][AAC]

2014-03-31 08:35 - 2010-12-20 09:51 - 00270496 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2014-03-29 14:53 - 2009-07-13 21:13 - 00006622 _____ () C:\Windows\System32\PerfStringBackup.INI

2014-03-28 23:23 - 2014-03-28 21:32 - 63811922 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 03 [720p][AAC].mp4

2014-03-28 23:23 - 2014-03-28 21:31 - 60021615 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 04 [720p][AAC].mp4

2014-03-28 23:20 - 2014-03-28 21:31 - 64292691 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 08 [720p][AAC].mp4

2014-03-28 22:58 - 2014-03-28 21:31 - 72807264 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 10 [720p][AAC].mp4

2014-03-28 22:17 - 2014-03-28 21:31 - 63980155 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 02 [720p][AAC].mp4

2014-03-28 22:16 - 2014-03-28 21:31 - 60749909 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 07 [720p][AAC].mp4

2014-03-28 22:12 - 2014-03-28 21:31 - 61951333 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 06 [720p][AAC].mp4

2014-03-28 21:57 - 2014-03-28 21:33 - 69327146 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 05 [720p][AAC].mp4

2014-03-28 21:45 - 2014-03-28 21:34 - 73937278 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 11 [720p][AAC].mp4

2014-03-28 21:41 - 2014-03-28 21:30 - 76499395 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 09 [720p][AAC].mp4

2014-03-28 21:37 - 2014-03-28 21:30 - 69020700 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 01 [720p][AAC].mp4

2014-03-28 21:32 - 2014-03-28 21:30 - 57968983 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 12 [720p][AAC].mp4

2014-03-28 20:13 - 2014-03-28 19:58 - 256888986 _____ () C:\Users\Sean\Downloads\Helix.S01E13.HDTV.x264-EXCELLENCE.mp4

2014-03-28 19:40 - 2011-04-24 07:11 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-03-28 19:40 - 2011-04-24 07:11 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-03-27 17:12 - 2014-03-27 16:57 - 484423679 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_10_[8bit][720p][703A8A25].mp4

2014-03-27 17:03 - 2014-03-27 16:56 - 316139439 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_122_[720p][00BFFC65].mp4

2014-03-26 21:04 - 2014-03-26 21:02 - 232708804 _____ () C:\Users\Sean\Downloads\Supernatural.S09E16.HDTV.x264-LOL.mp4

2014-03-26 19:24 - 2014-03-26 19:16 - 292291554 _____ () C:\Users\Sean\Downloads\Arrow.S02E17.HDTV.x264-LOL.mp4

2014-03-26 19:19 - 2014-03-26 19:16 - 214057651 _____ () C:\Users\Sean\Downloads\Supernatural.S09E17.HDTV.x264-LOL.mp4

2014-03-25 16:08 - 2014-03-25 16:02 - 293888801 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Naruto_Shippuuden_-_356_[720p][16346B55].mp4

2014-03-24 22:27 - 2014-03-24 22:25 - 262207302 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.S01E16.HDTV.x264-LOL.mp4

2014-03-24 18:42 - 2014-03-24 18:26 - 226542199 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E17.HDTV.x264-LOL.mp4

2014-03-24 18:23 - 2014-03-24 18:16 - 215209292 _____ () C:\Users\Sean\Downloads\[Tsuki]_Saint_Seiya_Omega_-_95_[848x480][F62F6C47].avi

2014-03-23 00:15 - 2014-03-20 16:30 - 00000000 ____D () C:\Users\Sean\Downloads\FFACE41051_Dll

2014-03-22 16:40 - 2014-03-22 16:40 - 00000000 ____D () C:\Users\Sean\Downloads\Exiled v2 3%2e21%2e2014

2014-03-22 10:45 - 2014-03-22 10:37 - 238075412 _____ () C:\Users\Sean\Downloads\Helix.S01E12.HDTV.x264-KILLERS.mp4

2014-03-19 19:15 - 2014-03-19 19:07 - 237501922 _____ () C:\Users\Sean\Downloads\Revolution.2012.S02E17.HDTV.x264-LOL.mp4

2014-03-19 19:12 - 2014-03-19 19:06 - 289476504 _____ () C:\Users\Sean\Downloads\Arrow.S02E16.HDTV.x264-LOL.mp4

2014-03-19 18:38 - 2014-03-19 18:33 - 514363983 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_09_[8bit][720p][22DE39D1].mp4

2014-03-19 18:38 - 2014-03-19 18:33 - 344335683 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_121_[720p][F55FF846].mp4

2014-03-18 22:37 - 2014-03-18 22:29 - 502590185 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_08_[8bit][720p][07364FB5].mp4

2014-03-18 22:29 - 2014-03-18 22:29 - 00000000 ____D () C:\Windows\SysWOW64\-

Some content of TEMP:

====================

C:\Users\Sean\AppData\Local\Temp\0ozaolkf.dll

C:\Users\Sean\AppData\Local\Temp\ExPromo.exe

C:\Users\Sean\AppData\Local\Temp\GenericWndApi.dll

C:\Users\Sean\AppData\Local\Temp\iqu_bootstrap.exe

C:\Users\Sean\AppData\Local\Temp\J2Hy.dll

C:\Users\Sean\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\Sean\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe

C:\Users\Sean\AppData\Local\Temp\opera.dll

C:\Users\Sean\AppData\Local\Temp\radqv.dll

C:\Users\Sean\AppData\Local\Temp\SearchProtectionSetup.exe

C:\Users\Sean\AppData\Local\Temp\SearchWithGoogleUpdate.exe

C:\Users\Sean\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Sean\AppData\Local\Temp\swt-win32-3349.dll

C:\Users\Sean\AppData\Local\Temp\Uninstall.exe

C:\Users\Sean\AppData\Local\Temp\utt48C5.tmp.exe

C:\Users\Sean\AppData\Local\Temp\uttDA1F.tmp.exe

C:\Users\Sean\AppData\Local\Temp\wlsetup-cvr.exe

C:\Users\Sean\AppData\Local\Temp\YontooSetup-S.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2014-01-22 10:27:00

Restore point made on: 2014-02-03 13:49:09

Restore point made on: 2014-02-10 03:42:56

Restore point made on: 2014-02-17 07:30:07

Restore point made on: 2014-02-19 07:51:46

Restore point made on: 2014-03-05 07:35:36

Restore point made on: 2014-03-10 03:00:46

Restore point made on: 2014-03-17 08:10:43

Restore point made on: 2014-04-07 07:41:31

Restore point made on: 2014-04-11 04:15:28

==================== Memory info ===========================

Percentage of memory in use: 15%

Total physical RAM: 4094.55 MB

Available physical RAM: 3464.32 MB

Total Pagefile: 4092.7 MB

Available Pagefile: 3466.08 MB

Total Virtual: 8192 MB

Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:286.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive e: () (Removable) (Total:0.94 GB) (Free:0.4 GB) FAT

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: C66D64C5)

Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (Size: 961 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.

LastRegBack: 2014-04-09 09:24

==================== End Of Log ============================

Link to post
Share on other sites

Fix with FRST (Recovery Environment)


  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    Startup: C:\Users\Others\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnkShortcutTarget: fyelfvfr.lnk -> C:\ProgramData\2992199F9A\rfvfleyf.cpp (Корпорация Майкрософт)Startup: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnkShortcutTarget: fyelfvfr.lnk -> C:\ProgramData\2992199F9A\rfvfleyf.cpp (Корпорация Майкрософт)GroupPolicyUsers\S-1-5-21-3799292957-1194181936-1802369922-1003\User: Group Policy restriction detected <======= ATTENTIONS2 Winmgmt; C:\ProgramData\2992199F9A\fyelfvfr.faa [332020 2014-04-15] (Microsoft Corporation)C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnkC:\Users\Others\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnkC:\ProgramData\2992199F9A


    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

 

Try to boot into windows now (we´re not finished yet!)

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-04-2014

Ran by SYSTEM at 2014-04-17 07:04:25 Run:1

Running from E:\

Boot Mode: Recovery

==============================================

Content of fixlist:

*****************

Startup: C:\Users\Others\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnk

ShortcutTarget: fyelfvfr.lnk -> C:\ProgramData\2992199F9A\rfvfleyf.cpp (?????????? ??????????)

Startup: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnk

ShortcutTarget: fyelfvfr.lnk -> C:\ProgramData\2992199F9A\rfvfleyf.cpp (?????????? ??????????)

GroupPolicyUsers\S-1-5-21-3799292957-1194181936-1802369922-1003\User: Group Policy restriction detected <======= ATTENTION

S2 Winmgmt; C:\ProgramData\2992199F9A\fyelfvfr.faa [332020 2014-04-15] (Microsoft Corporation)

C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnk

C:\Users\Others\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnk

C:\ProgramData\2992199F9A

*****************

C:\Users\Others\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnk => Moved successfully.

C:\ProgramData\2992199F9A\rfvfleyf.cpp => Moved successfully.

C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnk => Moved successfully.

C:\ProgramData\2992199F9A\rfvfleyf.cpp not found.

C:\Windows\System32\GroupPolicyUsers\S-1-5-21-3799292957-1194181936-1802369922-1003\User => Moved successfully.

C:\Windows\System32\GroupPolicy\GPT.ini => Moved successfully.

Winmgmt => Service restored successfully.

"C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnk" => File/Directory not found.

"C:\Users\Others\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fyelfvfr.lnk" => File/Directory not found.

C:\ProgramData\2992199F9A => Moved successfully.

==== End of Fixlog ====

Managed to log in. No lockout anymore. Had pop ups saying several drivers were installing, that my system restore didn't work with same error code as before, and lastly a pop up that says to finish making changes I need to restart

Link to post
Share on other sites

After having left the computer on for awhile and doing a few things on it it restarted on it's own then when started back up again it started getting non-stop alerts from avast blocking stuff. Specifically h_rttunc-net_com__task__3034__,  h_robertollo-green_net__task__3034__,  h_brozblagrom-c2_com__online__521__, h_rottover-end_net__task__3034__ ,

    h_r-ubmer5_com__task__3034__ , h_rummerstain2_com__task__3034__ , h_ruggersner8_net__task__3034__, and h_rancho-for-zomb0_net__task__3034__. I think that was all of them
Link to post
Share on other sites

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.

Link to post
Share on other sites

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01
Ran by Sean (administrator) on SEAN-PC on 17-04-2014 13:42:29
Running from C:\Users\Sean\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(BitTorrent Inc.) C:\Users\Sean\AppData\Roaming\BitTorrent\BitTorrent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingApp.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingBar.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingSurrogate.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingSurrogate.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingSurrogate.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingSurrogate.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-08-20] ()
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [ROC_roc_dec12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
HKLM-x32\...\Run: [HF_G_Jul] => "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe"  /DoAction
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-02] (AVAST Software)
HKLM-x32\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic="&"inst=NzYtOTExNjgzNjUxLUNJQTEwKzItU1AxKzEtVFVHKzMtU1AxUzIrMS1TVUQrMS1TMUkrMS1TVTMrMS1DSVArMi1MU0QrMi1ERFQrNTMwNDgtU1QxMEFQUCsxLUREMTArMS1TMTBEREYrMS1QMTBNMTJDKzEtVEIrMS1GVUkrMi1QMTBUQisyLUMxMEFCKzIyLUNJQVYrNTYtUENURVhQKzEw"&"prod=0"&"ver=10.0.1430 [X]
HKU\.DEFAULT\...\RunOnce: [sPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
HKU\S-1-5-21-3799292957-1194181936-1802369922-1000\...\Run: [bitTorrent] => C:\Users\Sean\AppData\Roaming\BitTorrent\BitTorrent.exe [1238616 2014-04-07] (BitTorrent Inc.)
HKU\S-1-5-21-3799292957-1194181936-1802369922-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-04-24] (Google Inc.)
HKU\S-1-5-21-3799292957-1194181936-1802369922-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)
HKU\S-1-5-21-3799292957-1194181936-1802369922-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-3799292957-1194181936-1802369922-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3799292957-1194181936-1802369922-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk
ShortcutTarget: Impulse Now.lnk -> C:\Program Files (x86)\Impulse\Now\ImpulseNow.exe (GameStop Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE05CE58B3FD3CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?PC=BNHP
URLSearchHook: HKLM-x32 - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {3D3AB321-AC88-4017-BAF5-28B9AF34DAFF} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {3D3AB321-AC88-4017-BAF5-28B9AF34DAFF} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: HKLM-x32 {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Users\Sean\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

Chrome:
=======


CHR DefaultSearchKeyword: yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultSearchURL: http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=714647&p={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll (Skype Technologies S.A.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Sean\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Google Search) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (avast! Online Security) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-06]
CHR Extension: (Skype Click to Call) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-12-14]
CHR Extension: (Google Wallet) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Gmail) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-10-23]
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG10\Chrome\safesearch.crx [2013-10-23]
CHR HKLM-x32\...\Chrome\Extension: [jplinpmadfkdgipabgcdchbdikologlh] - C:\Program Files (x86)\1ClickDownload\1click11.crx [2012-04-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-08-16]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-17] (AVAST Software)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-17] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-08] ()
S3 GEARAspiWDM; C:\Windows\SysWOW64\Drivers\GEARAspiWDM.sys [15664 2012-02-20] (GEAR Software Inc.)
R3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1627520 2009-06-10] (NXP Semiconductors)
R3 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 SUSTUCAM; C:\Windows\System32\DRIVERS\sustucam.sys [56832 2009-11-25] (Susteen, Inc.)
S3 SUSTUCAU; C:\Windows\System32\DRIVERS\sustucau.sys [33792 2009-11-25] (Susteen, Inc.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 SysInfo; \??\C:\Windows\system32\drivers\SysInfo.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-17 13:42 - 2014-04-17 13:42 - 00020053 _____ () C:\Users\Sean\Downloads\FRST.txt
2014-04-17 13:41 - 2014-04-17 13:41 - 02158592 _____ (Farbar) C:\Users\Sean\Downloads\FRST64.exe
2014-04-17 10:45 - 2014-04-17 10:45 - 00000064 _____ () C:\Windows\system32\utmdfz.chu
2014-04-17 10:45 - 2014-04-17 10:45 - 00000000 _____ () C:\Windows\system32\kmbac.bzw
2014-04-17 10:29 - 2014-04-17 10:29 - 00301959 ____S () C:\Windows\system32\wggt.nxe
2014-04-17 10:29 - 2014-04-17 10:29 - 00149504 _____ (Microsoft Corporation) C:\Users\Sean\AppData\Roaming\rfqjgh.dll
2014-04-17 07:54 - 2014-04-17 13:42 - 00000000 ____D () C:\FRST
2014-04-15 22:06 - 2014-04-15 22:15 - 342490414 _____ () C:\Users\Sean\Downloads\[DeadFish] Kenzen Robo Daimidaler - 01v4 [720p][AAC].mp4
2014-04-15 22:06 - 2014-04-15 22:11 - 311423874 _____ () C:\Users\Sean\Downloads\[DeadFish] Kenzen Robo Daimidaler - 02 [720p][AAC].mp4
2014-04-15 21:09 - 2014-04-15 21:16 - 377098658 _____ () C:\Users\Sean\Downloads\[DeadFish] Broken Blade (2014) - 01v2 [720p][AAC].mp4
2014-04-15 21:09 - 2014-04-15 21:15 - 347630502 _____ () C:\Users\Sean\Downloads\[DeadFish] Broken Blade (2014) - 02v2 [720p][AAC].mp4
2014-04-15 21:08 - 2014-04-15 21:10 - 210867036 _____ () C:\Users\Sean\Downloads\[DeadFish] Mekakucity Actors - 01v2 [720p][AAC].mp4
2014-04-15 21:07 - 2014-04-15 22:04 - 276422156 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E18.HDTV.x264-KILLERS.mp4
2014-04-15 21:07 - 2014-04-15 21:11 - 200593046 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_12_END_[848x480][4002AE85].avi
2014-04-15 21:06 - 2014-04-15 21:10 - 208754229 _____ () C:\Users\Sean\Downloads\Supernatural.S09E18.HDTV.x264-LOL.mp4
2014-04-15 15:00 - 2014-04-15 16:11 - 266624155 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_08_[720p][2CF1E0F9].mp4
2014-04-15 14:53 - 2014-04-15 16:07 - 249009365 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_04_[1280x720][9EE23D3E].mp4
2014-04-15 14:50 - 2014-04-15 16:15 - 229971448 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_03_[1280x720][bE45F15E].mp4
2014-04-15 14:49 - 2014-04-15 15:53 - 294468336 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_02_[1280x720][9014E20F].mp4
2014-04-15 14:45 - 2014-04-15 16:19 - 285716589 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_01_[1280x720][E65209FF].mp4
2014-04-14 18:24 - 2014-04-14 18:36 - 257841154 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E19.HDTV.x264-LOL.mp4
2014-04-13 11:31 - 2014-04-13 11:34 - 258097932 _____ () C:\Users\Sean\Downloads\[DeadFish] Blade and Soul - 02 [720p][AAC].mp4
2014-04-12 23:20 - 2014-04-12 23:22 - 212374882 _____ () C:\Users\Sean\Downloads\[DeadFish] Akuma no Riddle - 01v2 [720p][AAC].mp4
2014-04-12 15:16 - 2014-04-12 15:19 - 203698686 _____ () C:\Users\Sean\Downloads\[DeadFish] Ryuugajou Nanana no Maizoukin - 01v2 [720p][AAC].mp4
2014-04-12 15:14 - 2014-04-12 15:16 - 255414994 _____ () C:\Users\Sean\Downloads\[DeadFish] Akuma no Riddle - 02 [720p][AAC].mp4
2014-04-11 21:40 - 2014-04-11 21:42 - 262885455 _____ () C:\Users\Sean\Downloads\[DeadFish] Selector Infected WIXOSS - 02 [720p][AAC].mp4
2014-04-11 21:39 - 2014-04-11 21:43 - 255260964 _____ () C:\Users\Sean\Downloads\[DeadFish] Ping Pong The Animation - 01v2 [720p][AAC].mp4
2014-04-10 17:55 - 2014-04-10 18:03 - 523180592 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Seikoku_no_Dragonar_-_01_[720p][FF8C474A].mp4
2014-04-10 17:55 - 2014-04-10 18:02 - 322766058 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_124_[720p][067D561F].mp4
2014-04-10 17:55 - 2014-04-10 18:01 - 265965661 _____ () C:\Users\Sean\Downloads\[DeadFish] Mahouka Koukou no Rettousei - 01 [720p][AAC].mp4
2014-04-10 17:55 - 2014-04-10 17:58 - 334666335 _____ () C:\Users\Sean\Downloads\[DeadFish] No Game No Life - 01 [720p][AAC].mp4
2014-04-09 20:42 - 2014-04-09 20:42 - 00000000 ____D () C:\Users\Sean\Downloads\FFACE41053_Dll
2014-04-09 19:54 - 2014-04-09 19:54 - 00034904 _____ () C:\Users\Sean\Downloads\FFACE41053_Dll.rar
2014-04-08 18:51 - 2014-04-08 18:58 - 216427728 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E17.PROPER.HDTV.x264-2HD.mp4
2014-04-06 23:01 - 2014-04-06 23:11 - 462533664 _____ () C:\Users\Sean\Downloads\Game.of.Thrones.S04E01.HDTV.x264-KILLERS.mp4
2014-04-06 17:45 - 2014-04-06 17:51 - 305116819 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Naruto_Shippuuden_-_357_[720p][5252DC22].mp4
2014-04-05 18:47 - 2014-04-05 18:50 - 223665481 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E16.HDTV.x264-2HD.mp4
2014-04-05 18:46 - 2014-04-05 18:53 - 286082616 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E18.HDTV.x264-LOL.mp4
2014-04-05 18:43 - 2014-04-05 18:44 - 262157529 _____ () C:\Users\Sean\Downloads\[DeadFish] Selector Infected WIXOSS - 01v2 [720p][AAC].mp4
2014-04-04 16:47 - 2014-04-04 16:49 - 310754395 _____ () C:\Users\Sean\Downloads\[DeadFish] Blade and Soul - 01 [720p][AAC].mp4
2014-04-03 18:19 - 2014-04-03 18:25 - 344565421 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_123_[720p][30672811].mp4
2014-04-01 19:13 - 2014-04-01 19:21 - 212956048 _____ () C:\Users\Sean\Downloads\[Tsuki]_Saint_Seiya_Omega_-_96_[848x480][D8B1363D].avi
2014-04-01 18:07 - 2014-04-01 18:07 - 00000000 ____D () C:\ProgramData\GRETECH
2014-03-31 16:50 - 2014-03-31 16:53 - 00000000 ____D () C:\Users\Sean\Downloads\[DeadFish] Tegami Bachi - Batch [720p][MP4][AAC]
2014-03-28 22:34 - 2014-03-28 22:45 - 73937278 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 11 [720p][AAC].mp4
2014-03-28 22:33 - 2014-03-28 22:57 - 69327146 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 05 [720p][AAC].mp4
2014-03-28 22:32 - 2014-03-29 00:23 - 63811922 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 03 [720p][AAC].mp4
2014-03-28 22:31 - 2014-03-29 00:23 - 60021615 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 04 [720p][AAC].mp4
2014-03-28 22:31 - 2014-03-29 00:20 - 64292691 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 08 [720p][AAC].mp4
2014-03-28 22:31 - 2014-03-28 23:58 - 72807264 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 10 [720p][AAC].mp4
2014-03-28 22:31 - 2014-03-28 23:17 - 63980155 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 02 [720p][AAC].mp4
2014-03-28 22:31 - 2014-03-28 23:16 - 60749909 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 07 [720p][AAC].mp4
2014-03-28 22:31 - 2014-03-28 23:12 - 61951333 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 06 [720p][AAC].mp4
2014-03-28 22:30 - 2014-03-28 22:41 - 76499395 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 09 [720p][AAC].mp4
2014-03-28 22:30 - 2014-03-28 22:37 - 69020700 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 01 [720p][AAC].mp4
2014-03-28 22:30 - 2014-03-28 22:32 - 57968983 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 12 [720p][AAC].mp4
2014-03-28 20:58 - 2014-03-28 21:13 - 256888986 _____ () C:\Users\Sean\Downloads\Helix.S01E13.HDTV.x264-EXCELLENCE.mp4
2014-03-27 17:57 - 2014-03-27 18:12 - 484423679 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_10_[8bit][720p][703A8A25].mp4
2014-03-27 17:56 - 2014-03-27 18:03 - 316139439 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_122_[720p][00BFFC65].mp4
2014-03-26 22:02 - 2014-03-26 22:04 - 232708804 _____ () C:\Users\Sean\Downloads\Supernatural.S09E16.HDTV.x264-LOL.mp4
2014-03-26 20:16 - 2014-03-26 20:24 - 292291554 _____ () C:\Users\Sean\Downloads\Arrow.S02E17.HDTV.x264-LOL.mp4
2014-03-26 20:16 - 2014-03-26 20:19 - 214057651 _____ () C:\Users\Sean\Downloads\Supernatural.S09E17.HDTV.x264-LOL.mp4
2014-03-25 17:02 - 2014-03-25 17:08 - 293888801 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Naruto_Shippuuden_-_356_[720p][16346B55].mp4
2014-03-24 23:25 - 2014-03-24 23:27 - 262207302 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.S01E16.HDTV.x264-LOL.mp4
2014-03-24 19:26 - 2014-03-24 19:42 - 226542199 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E17.HDTV.x264-LOL.mp4
2014-03-24 19:16 - 2014-03-24 19:23 - 215209292 _____ () C:\Users\Sean\Downloads\[Tsuki]_Saint_Seiya_Omega_-_95_[848x480][F62F6C47].avi
2014-03-22 17:40 - 2014-03-22 17:40 - 00000000 ____D () C:\Users\Sean\Downloads\Exiled v2 3%2e21%2e2014
2014-03-22 11:37 - 2014-03-22 11:45 - 238075412 _____ () C:\Users\Sean\Downloads\Helix.S01E12.HDTV.x264-KILLERS.mp4
2014-03-20 17:30 - 2014-03-23 01:15 - 00000000 ____D () C:\Users\Sean\Downloads\FFACE41051_Dll
2014-03-19 20:07 - 2014-03-19 20:15 - 237501922 _____ () C:\Users\Sean\Downloads\Revolution.2012.S02E17.HDTV.x264-LOL.mp4
2014-03-19 20:06 - 2014-03-19 20:12 - 289476504 _____ () C:\Users\Sean\Downloads\Arrow.S02E16.HDTV.x264-LOL.mp4
2014-03-19 19:33 - 2014-03-19 19:38 - 514363983 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_09_[8bit][720p][22DE39D1].mp4
2014-03-19 19:33 - 2014-03-19 19:38 - 344335683 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_121_[720p][F55FF846].mp4
2014-03-18 23:29 - 2014-03-18 23:37 - 502590185 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_08_[8bit][720p][07364FB5].mp4
2014-03-18 23:29 - 2014-03-18 23:29 - 00000000 ____D () C:\Windows\SysWOW64\-

==================== One Month Modified Files and Folders =======

2014-04-17 13:42 - 2014-04-17 13:42 - 00020053 _____ () C:\Users\Sean\Downloads\FRST.txt
2014-04-17 13:42 - 2014-04-17 07:54 - 00000000 ____D () C:\FRST
2014-04-17 13:41 - 2014-04-17 13:41 - 02158592 _____ (Farbar) C:\Users\Sean\Downloads\FRST64.exe
2014-04-17 13:41 - 2010-12-21 13:25 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\BitTorrent
2014-04-17 13:40 - 2012-07-13 07:31 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-17 13:39 - 2010-12-20 17:19 - 00000000 ____D () C:\Users\Sean\Tracing
2014-04-17 13:38 - 2011-04-24 08:11 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-17 13:38 - 2010-12-20 17:32 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-17 13:38 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-17 13:38 - 2009-07-13 21:51 - 00060618 _____ () C:\Windows\setupact.log
2014-04-17 13:37 - 2010-12-20 10:35 - 01888275 _____ () C:\Windows\WindowsUpdate.log
2014-04-17 12:45 - 2011-04-24 08:11 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-17 11:42 - 2013-03-30 10:39 - 04715689 _____ () C:\windower.txt
2014-04-17 10:54 - 2009-07-13 21:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-17 10:54 - 2009-07-13 21:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-17 10:51 - 2009-07-13 22:13 - 00006622 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-17 10:45 - 2014-04-17 10:45 - 00000064 _____ () C:\Windows\system32\utmdfz.chu
2014-04-17 10:45 - 2014-04-17 10:45 - 00000000 _____ () C:\Windows\system32\kmbac.bzw
2014-04-17 10:29 - 2014-04-17 10:29 - 00301959 ____S () C:\Windows\system32\wggt.nxe
2014-04-17 10:29 - 2014-04-17 10:29 - 00149504 _____ (Microsoft Corporation) C:\Users\Sean\AppData\Roaming\rfqjgh.dll
2014-04-17 08:04 - 2011-07-25 23:08 - 00000000 ___RD () C:\Users\Others\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-17 08:04 - 2010-12-20 11:18 - 00000000 ___RD () C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-17 08:04 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-17 07:07 - 2011-07-25 23:05 - 00000008 __RSH () C:\Users\Sean\ntuser.pol
2014-04-17 07:07 - 2010-12-20 11:17 - 00000000 ____D () C:\Users\Sean
2014-04-16 00:54 - 2010-12-20 17:52 - 17008724 _____ () C:\Windows\PFRO.log
2014-04-15 22:15 - 2014-04-15 22:06 - 342490414 _____ () C:\Users\Sean\Downloads\[DeadFish] Kenzen Robo Daimidaler - 01v4 [720p][AAC].mp4
2014-04-15 22:11 - 2014-04-15 22:06 - 311423874 _____ () C:\Users\Sean\Downloads\[DeadFish] Kenzen Robo Daimidaler - 02 [720p][AAC].mp4
2014-04-15 22:04 - 2014-04-15 21:07 - 276422156 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E18.HDTV.x264-KILLERS.mp4
2014-04-15 21:16 - 2014-04-15 21:09 - 377098658 _____ () C:\Users\Sean\Downloads\[DeadFish] Broken Blade (2014) - 01v2 [720p][AAC].mp4
2014-04-15 21:15 - 2014-04-15 21:09 - 347630502 _____ () C:\Users\Sean\Downloads\[DeadFish] Broken Blade (2014) - 02v2 [720p][AAC].mp4
2014-04-15 21:11 - 2014-04-15 21:07 - 200593046 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_12_END_[848x480][4002AE85].avi
2014-04-15 21:10 - 2014-04-15 21:08 - 210867036 _____ () C:\Users\Sean\Downloads\[DeadFish] Mekakucity Actors - 01v2 [720p][AAC].mp4
2014-04-15 21:10 - 2014-04-15 21:06 - 208754229 _____ () C:\Users\Sean\Downloads\Supernatural.S09E18.HDTV.x264-LOL.mp4
2014-04-15 16:19 - 2014-04-15 14:45 - 285716589 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_01_[1280x720][E65209FF].mp4
2014-04-15 16:15 - 2014-04-15 14:50 - 229971448 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_03_[1280x720][bE45F15E].mp4
2014-04-15 16:11 - 2014-04-15 15:00 - 266624155 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_08_[720p][2CF1E0F9].mp4
2014-04-15 16:07 - 2014-04-15 14:53 - 249009365 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_04_[1280x720][9EE23D3E].mp4
2014-04-15 15:53 - 2014-04-15 14:49 - 294468336 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_02_[1280x720][9014E20F].mp4
2014-04-15 15:50 - 2014-01-15 06:41 - 271777829 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_10_[720p][EDAD35E5].mp4
2014-04-15 15:42 - 2014-01-15 06:41 - 243685139 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Amnesia_-_09_[720p][7EE148EB].mp4
2014-04-14 19:05 - 2011-04-12 16:40 - 00000000 ____D () C:\Users\Sean\Downloads\Exiled 1%2e2%2e3
2014-04-14 18:36 - 2014-04-14 18:24 - 257841154 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E19.HDTV.x264-LOL.mp4
2014-04-13 11:34 - 2014-04-13 11:31 - 258097932 _____ () C:\Users\Sean\Downloads\[DeadFish] Blade and Soul - 02 [720p][AAC].mp4
2014-04-12 23:22 - 2014-04-12 23:20 - 212374882 _____ () C:\Users\Sean\Downloads\[DeadFish] Akuma no Riddle - 01v2 [720p][AAC].mp4
2014-04-12 15:19 - 2014-04-12 15:16 - 203698686 _____ () C:\Users\Sean\Downloads\[DeadFish] Ryuugajou Nanana no Maizoukin - 01v2 [720p][AAC].mp4
2014-04-12 15:16 - 2014-04-12 15:14 - 255414994 _____ () C:\Users\Sean\Downloads\[DeadFish] Akuma no Riddle - 02 [720p][AAC].mp4
2014-04-11 21:43 - 2014-04-11 21:39 - 255260964 _____ () C:\Users\Sean\Downloads\[DeadFish] Ping Pong The Animation - 01v2 [720p][AAC].mp4
2014-04-11 21:42 - 2014-04-11 21:40 - 262885455 _____ () C:\Users\Sean\Downloads\[DeadFish] Selector Infected WIXOSS - 02 [720p][AAC].mp4
2014-04-10 18:03 - 2014-04-10 17:55 - 523180592 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Seikoku_no_Dragonar_-_01_[720p][FF8C474A].mp4
2014-04-10 18:02 - 2014-04-10 17:55 - 322766058 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_124_[720p][067D561F].mp4
2014-04-10 18:01 - 2014-04-10 17:55 - 265965661 _____ () C:\Users\Sean\Downloads\[DeadFish] Mahouka Koukou no Rettousei - 01 [720p][AAC].mp4
2014-04-10 17:58 - 2014-04-10 17:55 - 334666335 _____ () C:\Users\Sean\Downloads\[DeadFish] No Game No Life - 01 [720p][AAC].mp4
2014-04-09 20:42 - 2014-04-09 20:42 - 00000000 ____D () C:\Users\Sean\Downloads\FFACE41053_Dll
2014-04-09 19:54 - 2014-04-09 19:54 - 00034904 _____ () C:\Users\Sean\Downloads\FFACE41053_Dll.rar
2014-04-08 18:58 - 2014-04-08 18:51 - 216427728 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E17.PROPER.HDTV.x264-2HD.mp4
2014-04-08 11:48 - 2011-12-02 14:53 - 00002102 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-06 23:11 - 2014-04-06 23:01 - 462533664 _____ () C:\Users\Sean\Downloads\Game.of.Thrones.S04E01.HDTV.x264-KILLERS.mp4
2014-04-06 17:51 - 2014-04-06 17:45 - 305116819 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Naruto_Shippuuden_-_357_[720p][5252DC22].mp4
2014-04-05 18:53 - 2014-04-05 18:46 - 286082616 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E18.HDTV.x264-LOL.mp4
2014-04-05 18:50 - 2014-04-05 18:47 - 223665481 _____ () C:\Users\Sean\Downloads\Marvels.Agents.of.S.H.I.E.L.D.S01E16.HDTV.x264-2HD.mp4
2014-04-05 18:44 - 2014-04-05 18:43 - 262157529 _____ () C:\Users\Sean\Downloads\[DeadFish] Selector Infected WIXOSS - 01v2 [720p][AAC].mp4
2014-04-04 16:49 - 2014-04-04 16:47 - 310754395 _____ () C:\Users\Sean\Downloads\[DeadFish] Blade and Soul - 01 [720p][AAC].mp4
2014-04-03 18:25 - 2014-04-03 18:19 - 344565421 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_123_[720p][30672811].mp4
2014-04-01 19:21 - 2014-04-01 19:13 - 212956048 _____ () C:\Users\Sean\Downloads\[Tsuki]_Saint_Seiya_Omega_-_96_[848x480][D8B1363D].avi
2014-04-01 18:07 - 2014-04-01 18:07 - 00000000 ____D () C:\ProgramData\GRETECH
2014-04-01 18:07 - 2010-12-22 01:29 - 00001213 _____ () C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2014-04-01 18:07 - 2010-12-22 01:29 - 00001189 _____ () C:\Users\Public\Desktop\GOM Player.lnk
2014-03-31 16:53 - 2014-03-31 16:50 - 00000000 ____D () C:\Users\Sean\Downloads\[DeadFish] Tegami Bachi - Batch [720p][MP4][AAC]
2014-03-31 09:35 - 2010-12-20 10:51 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-29 00:23 - 2014-03-28 22:32 - 63811922 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 03 [720p][AAC].mp4
2014-03-29 00:23 - 2014-03-28 22:31 - 60021615 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 04 [720p][AAC].mp4
2014-03-29 00:20 - 2014-03-28 22:31 - 64292691 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 08 [720p][AAC].mp4
2014-03-28 23:58 - 2014-03-28 22:31 - 72807264 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 10 [720p][AAC].mp4
2014-03-28 23:17 - 2014-03-28 22:31 - 63980155 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 02 [720p][AAC].mp4
2014-03-28 23:16 - 2014-03-28 22:31 - 60749909 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 07 [720p][AAC].mp4
2014-03-28 23:12 - 2014-03-28 22:31 - 61951333 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 06 [720p][AAC].mp4
2014-03-28 22:57 - 2014-03-28 22:33 - 69327146 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 05 [720p][AAC].mp4
2014-03-28 22:45 - 2014-03-28 22:34 - 73937278 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 11 [720p][AAC].mp4
2014-03-28 22:41 - 2014-03-28 22:30 - 76499395 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 09 [720p][AAC].mp4
2014-03-28 22:37 - 2014-03-28 22:30 - 69020700 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 01 [720p][AAC].mp4
2014-03-28 22:32 - 2014-03-28 22:30 - 57968983 _____ () C:\Users\Sean\Downloads\[DeadFish] Pupa - 12 [720p][AAC].mp4
2014-03-28 21:13 - 2014-03-28 20:58 - 256888986 _____ () C:\Users\Sean\Downloads\Helix.S01E13.HDTV.x264-EXCELLENCE.mp4
2014-03-28 20:40 - 2011-04-24 08:11 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-28 20:40 - 2011-04-24 08:11 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-27 18:12 - 2014-03-27 17:57 - 484423679 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_10_[8bit][720p][703A8A25].mp4
2014-03-27 18:03 - 2014-03-27 17:56 - 316139439 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_122_[720p][00BFFC65].mp4
2014-03-26 22:04 - 2014-03-26 22:02 - 232708804 _____ () C:\Users\Sean\Downloads\Supernatural.S09E16.HDTV.x264-LOL.mp4
2014-03-26 20:24 - 2014-03-26 20:16 - 292291554 _____ () C:\Users\Sean\Downloads\Arrow.S02E17.HDTV.x264-LOL.mp4
2014-03-26 20:19 - 2014-03-26 20:16 - 214057651 _____ () C:\Users\Sean\Downloads\Supernatural.S09E17.HDTV.x264-LOL.mp4
2014-03-25 17:08 - 2014-03-25 17:02 - 293888801 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Naruto_Shippuuden_-_356_[720p][16346B55].mp4
2014-03-24 23:27 - 2014-03-24 23:25 - 262207302 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.S01E16.HDTV.x264-LOL.mp4
2014-03-24 19:42 - 2014-03-24 19:26 - 226542199 _____ () C:\Users\Sean\Downloads\The.Tomorrow.People.US.S01E17.HDTV.x264-LOL.mp4
2014-03-24 19:23 - 2014-03-24 19:16 - 215209292 _____ () C:\Users\Sean\Downloads\[Tsuki]_Saint_Seiya_Omega_-_95_[848x480][F62F6C47].avi
2014-03-23 01:15 - 2014-03-20 17:30 - 00000000 ____D () C:\Users\Sean\Downloads\FFACE41051_Dll
2014-03-22 17:40 - 2014-03-22 17:40 - 00000000 ____D () C:\Users\Sean\Downloads\Exiled v2 3%2e21%2e2014
2014-03-22 11:45 - 2014-03-22 11:37 - 238075412 _____ () C:\Users\Sean\Downloads\Helix.S01E12.HDTV.x264-KILLERS.mp4
2014-03-19 20:15 - 2014-03-19 20:07 - 237501922 _____ () C:\Users\Sean\Downloads\Revolution.2012.S02E17.HDTV.x264-LOL.mp4
2014-03-19 20:12 - 2014-03-19 20:06 - 289476504 _____ () C:\Users\Sean\Downloads\Arrow.S02E16.HDTV.x264-LOL.mp4
2014-03-19 19:38 - 2014-03-19 19:33 - 514363983 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_09_[8bit][720p][22DE39D1].mp4
2014-03-19 19:38 - 2014-03-19 19:33 - 344335683 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Hunter_X_Hunter_-_121_[720p][F55FF846].mp4
2014-03-18 23:37 - 2014-03-18 23:29 - 502590185 _____ () C:\Users\Sean\Downloads\[Hatsuyuki]_Maken-ki!_Two_-_08_[8bit][720p][07364FB5].mp4
2014-03-18 23:29 - 2014-03-18 23:29 - 00000000 ____D () C:\Windows\SysWOW64\-

Some content of TEMP:
====================
C:\Users\Sean\AppData\Local\Temp\0ozaolkf.dll
C:\Users\Sean\AppData\Local\Temp\ExPromo.exe
C:\Users\Sean\AppData\Local\Temp\GenericWndApi.dll
C:\Users\Sean\AppData\Local\Temp\iqu_bootstrap.exe
C:\Users\Sean\AppData\Local\Temp\J2Hy.dll
C:\Users\Sean\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Sean\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Sean\AppData\Local\Temp\opera.dll
C:\Users\Sean\AppData\Local\Temp\radqv.dll
C:\Users\Sean\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Sean\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Sean\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sean\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Sean\AppData\Local\Temp\Uninstall.exe
C:\Users\Sean\AppData\Local\Temp\utt48C5.tmp.exe
C:\Users\Sean\AppData\Local\Temp\uttDA1F.tmp.exe
C:\Users\Sean\AppData\Local\Temp\wlsetup-cvr.exe
C:\Users\Sean\AppData\Local\Temp\YontooSetup-S.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2011-05-23 13:03] - [2010-11-20 06:27] - 0515072 ____A (Microsoft Corporation) 6B23B4D153F20B26B564868B945457A5

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-09 10:24

==================== End Of Log ============================

 

Addition.txt.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014 01
Ran by Sean at 2014-04-17 13:43:14
Running from C:\Users\Sean\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

1ClickDownloader (HKLM-x32\...\1ClickDownloader) (Version: 2.1 Build 26473 - 1ClickDownload) <==== ATTENTION
AdblockIE (HKLM-x32\...\{5508128A-2C7B-46B5-81F9-58E8E8115F0B}) (Version: 1.2 - af0.net)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
ApRadar 3.3.0.14 (HKLM-x32\...\{ED90F5E3-960A-4BED-B1EF-777D6E4E080F}_is1) (Version:  - ApneaSoft)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.9.1.0 - Ask.com) <==== ATTENTION
Atlantis Word Processor (HKLM-x32\...\Atlantis Word Processor) (Version:  - )
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.8.2.30332 - BitTorrent Inc.)
BitTorrentBar Toolbar (HKLM-x32\...\BitTorrentBar Toolbar) (Version: 6.8.5.1 - BitTorrentBar)
Click to Call with Skype (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8153 - Skype Technologies S.A.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel WordPerfect Office - iFilter 64 Bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.01.000 - Corel Corporation)
DataPilot 7 (HKLM-x32\...\InstallShield_{27CAB1BD-7AED-46AE-855C-D6E3B45FF24B}) (Version: 7.00.0001 - Susteen)
DataPilot 7 (x32 Version: 7.00.0001 - Susteen) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{131CD369-AA3B-424F-A83C-54DF3534B95C}) (Version:  - Microsoft)
Driver Detective (HKLM-x32\...\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}) (Version: 8.0.1 - PC Drivers HeadQuarters)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
FINAL FANTASY XI (HKLM-x32\...\InstallShield_{678F6475-D227-432A-94FF-806178A34520}) (Version: 1.00 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XI (x32 Version: 1.00 - SQUARE ENIX CO., LTD.) Hidden
FINAL FANTASY XI Seekers of Adoulin (x32 Version: 1.50.0 - SQUARE ENIX CO., LTD.) Hidden
FINAL FANTASY XI Test Client (HKLM-x32\...\InstallShield_{27DDD216-365D-4FB8-8E2A-038B971990C2}) (Version: 1.0.0 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XI Test Client (x32 Version: 1.0.0 - SQUARE ENIX CO., LTD.) Hidden
FINAL FANTASY XI: Chains of Promathia (HKLM-x32\...\InstallShield_{3C0619B4-4A2C-4244-8077-488E420DF907}) (Version: 1.20.1 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XI: Chains of Promathia (x32 Version: 1.20.1 - SQUARE ENIX CO., LTD.) Hidden
FINAL FANTASY XI: Rise of the Zilart (HKLM-x32\...\InstallShield_{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}) (Version: 1.00 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XI: Rise of the Zilart (x32 Version: 1.00 - SQUARE ENIX CO., LTD.) Hidden
FINAL FANTASY XI: Seekers of Adoulin (HKLM-x32\...\InstallShield_{E86A33A7-6C77-48F3-9D72-2D8F4C1AD5AC}) (Version: 1.50.0 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XI: Treasures of Aht Urhgan (HKLM-x32\...\InstallShield_{A606C6FF-12E7-40BE-B777-D8F360FF00CD}) (Version: 1.30.1 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XI: Treasures of Aht Urhgan (x32 Version: 1.30.1 - SQUARE ENIX CO., LTD.) Hidden
FINAL FANTASY XI: Wings of the Goddess (HKLM-x32\...\InstallShield_{5B037ED7-0755-48D4-9554-808E5AF50F17}) (Version: 1.40.1 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XI: Wings of the Goddess (x32 Version: 1.40.1 - SQUARE ENIX CO., LTD.) Hidden
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.57.5189 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Impulse® (HKLM-x32\...\Impulse®) (Version: 3.29 - GameStop)
Impulse® (x32 Version: 3.29 - GameStop) Hidden
InstaCodecs (HKLM-x32\...\InstaCodecs_is1) (Version: 1.0 - )
InstallIQ Updater (HKLM-x32\...\{5EFA68C8-CFFD-407F-8B17-7D7C61D2F93A}) (Version: 1.1.2.0 - W3i, LLC)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.58.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
LSI PCI-SV92PP Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.1 (HKLM\...\Microsoft IntelliPoint 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0 - Microsoft) Hidden
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
MPEG2 Codec(libmpeg2/mad) (HKLM-x32\...\MPEG2 Codec(libmpeg2/mad)) (Version:  - )
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.6 - Pando Networks Inc.)
PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
PL-2303 USB-to-Serial (x32 Version: 1.00.000 - Prolific Technology INC) Hidden
PlayOnline Viewer & Tetra Master (HKLM-x32\...\InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}) (Version: 1.18.00 - SQUARE ENIX CO., LTD.)
PlayOnline Viewer & Tetra Master (x32 Version: 1.18.00 - SQUARE ENIX CO., LTD.) Hidden
POLUtils (HKLM-x32\...\POLUtils) (Version:  - )
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Search Protection (HKCU\...\Search Protection) (Version: 7.5.0.1 - Spigot, Inc.)
Search Toolbar (HKLM-x32\...\Search Toolbar) (Version: 1.2 - Zugo Ltd)
Skype™ 6.0 (HKLM-x32\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.)
Songbird 1.8.0 (Build 1800) (HKLM-x32\...\Songbird-release-1800) (Version:  - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7AC49FC8-F8D2-4DD8-9086-09E52385A21F}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.7.0 - Flagship Industries, Inc.)
VideoLAN VLC media player 0.8.6f (HKLM-x32\...\VLC media player) (Version: 0.8.6f - VideoLAN Team)
VideoMate T, M, P, S Series  Driver (HKLM-x32\...\{41E340F0-0BD6-4A87-AF29-E9E584471756}) (Version: 1.38.800 - )
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Windower (HKCU\...\Windower) (Version: 3.4.3.2 - Windower Team)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Yahoo! BrowserPlus 2.9.8 (HKCU\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

22-01-2014 18:26:48 Scheduled Checkpoint
03-02-2014 21:48:47 Scheduled Checkpoint
10-02-2014 11:42:35 Windows Update
17-02-2014 15:29:10 avast! antivirus system restore point
19-02-2014 15:51:30 Windows Update
05-03-2014 15:35:24 Scheduled Checkpoint
10-03-2014 11:00:26 Windows Update
17-03-2014 16:10:23 Scheduled Checkpoint
07-04-2014 15:41:12 Windows Update
11-04-2014 12:15:03 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:34 - 2012-03-10 07:47 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {11672CE8-3161-4934-96B8-20B4B3C3F009} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)
Task: {152EF018-8FB2-48C1-8D21-915203097DD1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-24] (Google Inc.)
Task: {20B287DB-1EC1-47DC-AFE7-8EE34D396890} - System32\Tasks\{C9447FCA-1018-42B0-B03C-53C1F70959E3} => Iexplore.exe http://ui.skype.com/ui/0/5.3.0.111/en/abandoninstall?page=tsChrome&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-installed;madedefault
Task: {20BB3E39-1966-47E1-B3DA-4F4F02D69969} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-17] (AVAST Software)
Task: {30A3076B-D20C-4554-9B8D-8CB02E411E03} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-24] (Google Inc.)
Task: {34ACF835-2AF0-439D-9A8F-7141AFF100CA} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {452ECD47-45E4-4413-B2BA-A3E3B16E62D9} - System32\Tasks\{CC8B934B-8922-4D3B-BFD9-0B6DC75CB768} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2012-11-09] (Skype Technologies S.A.)
Task: {50DB27F7-D3A9-4676-8505-464F74275E15} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {9C2C15B2-77B5-4E0B-9590-06152211B626} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2010-09-28] () <==== ATTENTION
Task: {DC095267-9429-48DC-8D01-97C36201CCA1} - System32\Tasks\4572 => Wscript.exe C:\Users\Sean\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {E15CC46E-1D7C-4FD2-87C9-EB1E75B57E0E} - System32\Tasks\{13885368-E5CC-4CEE-90EE-4CE75EC59E12} => C:\Program Files (x86)\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe [2011-08-29] (SQUARE ENIX CO., LTD.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-11-18 04:05 - 2013-01-18 08:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-04-17 09:04 - 2014-04-17 12:28 - 02215424 _____ () C:\Program Files\AVAST Software\Avast\defs\14041703\algo.dll
2013-10-27 11:12 - 2013-10-27 11:12 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: WMPNetworkSvc => 3

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/17/2014 01:38:40 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error: (04/17/2014 10:51:37 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/17/2014 10:51:37 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/17/2014 10:45:48 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error: (04/17/2014 09:07:18 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/17/2014 09:07:18 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/17/2014 09:02:14 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error: (04/17/2014 08:56:47 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error: (04/17/2014 07:25:54 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/17/2014 07:10:25 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

System errors:
=============
Error: (04/17/2014 01:42:07 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (04/17/2014 01:42:07 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (04/17/2014 01:40:06 PM) (Source: Service Control Manager) (User: )
Description: The Client Virtualization Handler service hung on starting.

Error: (04/17/2014 01:38:37 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (04/17/2014 01:38:18 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (04/17/2014 10:49:16 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (04/17/2014 10:49:16 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (04/17/2014 10:47:16 AM) (Source: Service Control Manager) (User: )
Description: The Client Virtualization Handler service hung on starting.

Error: (04/17/2014 10:45:41 AM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (04/17/2014 10:45:26 AM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Microsoft Office Sessions:
=========================
Error: (04/17/2014 01:38:40 PM) (Source: CVHSVC)(User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error: (04/17/2014 10:51:37 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (04/17/2014 10:51:37 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (04/17/2014 10:45:48 AM) (Source: CVHSVC)(User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error: (04/17/2014 09:07:18 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (04/17/2014 09:07:18 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (04/17/2014 09:02:14 AM) (Source: CVHSVC)(User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error: (04/17/2014 08:56:47 AM) (Source: CVHSVC)(User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error: (04/17/2014 07:25:54 AM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (04/17/2014 07:10:25 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

CodeIntegrity Errors:
===================================
  Date: 2013-10-27 05:02:26.368
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-27 05:02:25.980
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-27 05:02:25.617
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-27 04:56:08.960
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-27 04:56:08.608
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-27 04:56:08.264
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-27 04:56:07.880
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-27 04:56:07.540
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-27 04:56:07.196
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-27 04:51:57.726
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 4094.55 MB
Available physical RAM: 2597.6 MB
Total Pagefile: 8187.29 MB
Available Pagefile: 6572.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:286.66 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: C66D64C5)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

TDSSKiller didn't find any threats so I didn't see any options to skip or save

Link to post
Share on other sites

Going over your logs I noticed that you have BitTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.


It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

 

 

 

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs

Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Toolbar
Search Protection
Search Toolbar
BitTorrentBar Toolbar
Ask Toolbar
1ClickDownloader


Close the window.

 

 

 

Search for files with FRST (Recovery Environment)


Run FRST.

Type the following in the edit box after "Search:"

rpcss.dll

Click Search button and post the log (Search.txt) it makes to your reply.
Link to post
Share on other sites

Farbar Recovery Scan Tool (x64) Version: 17-04-2014
Ran by SYSTEM at 2014-04-21 17:50:15
Running from E:\
Boot Mode: Recovery

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2011-05-23 12:03] - [2010-11-20 05:27] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027

C:\Windows\System32\rpcss.dll
[2011-05-23 12:03] - [2010-11-20 05:27] - 0515072 ____A (Microsoft Corporation) 6B23B4D153F20B26B564868B945457A5

C:\Windows\ERDNT\cache64\rpcss.dll
[2012-02-26 15:52] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027

X:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027

X:\Windows\System32\rpcss.dll
[2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027

====== End Of Search ======

 

Also not sure if it's important but I noticed that while 1ClickDownloader isn't in programs and features for me to uninstall there is a 1ClickDownloader folder within the program files (x86) folder

Link to post
Share on other sites

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2014
Ran by Sean at 2014-04-23 06:38:29 Run:2
Running from C:\Users\Sean\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
Task: {DC095267-9429-48DC-8D01-97C36201CCA1} - System32\Tasks\4572 => Wscript.exe C:\Users\Sean\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {9C2C15B2-77B5-4E0B-9590-06152211B626} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2010-09-28] () <==== ATTENTION
Task: {34ACF835-2AF0-439D-9A8F-7141AFF100CA} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [jplinpmadfkdgipabgcdchbdikologlh] - C:\Program Files (x86)\1ClickDownload\1click11.crx [2012-04-29]
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)

C:\Program Files (x86)\BitTorrentBar
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\1ClickDownload
2014-03-18 23:29 - 2014-03-18 23:29 - 00000000 ____D () C:\Windows\SysWOW64\-
2014-04-17 10:45 - 2014-04-17 10:45 - 00000064 _____ () C:\Windows\system32\utmdfz.chu
2014-04-17 10:45 - 2014-04-17 10:45 - 00000000 _____ () C:\Windows\system32\kmbac.bzw
2014-04-17 10:29 - 2014-04-17 10:29 - 00301959 ____S () C:\Windows\system32\wggt.nxe
2014-04-17 10:29 - 2014-04-17 10:29 - 00149504 _____ (Microsoft Corporation) C:\Users\Sean\AppData\Roaming\rfqjgh.dll

Reboot:
*****************

C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC095267-9429-48DC-8D01-97C36201CCA1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC095267-9429-48DC-8D01-97C36201CCA1} => Key deleted successfully.
C:\Windows\System32\Tasks\4572 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4572 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C2C15B2-77B5-4E0B-9590-06152211B626} => Key deleted successfully.
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34ACF835-2AF0-439D-9A8F-7141AFF100CA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34ACF835-2AF0-439D-9A8F-7141AFF100CA} => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh => Key deleted successfully.
C:\Program Files (x86)\1ClickDownload\1click11.crx => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} => Value deleted successfully.
HKCR\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Value deleted successfully.
HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value not found.
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Value not found.
HKCR\Wow6432Node\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Value not found.
"C:\Program Files (x86)\BitTorrentBar" => File/Directory not found.
"C:\Program Files (x86)\Ask.com" => File/Directory not found.
C:\Program Files (x86)\1ClickDownload => Moved successfully.
C:\Windows\SysWOW64\- => Moved successfully.
C:\Windows\system32\utmdfz.chu => Moved successfully.
Could not move "C:\Windows\system32\kmbac.bzw" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\wggt.nxe" => Scheduled to move on reboot.
C:\Users\Sean\AppData\Roaming\rfqjgh.dll => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-23 06:40:06)<=

C:\Windows\system32\kmbac.bzw => Is moved successfully.
C:\Windows\system32\wggt.nxe => Is moved successfully.

==== End of Fixlog ====

 

 

 

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.23.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sean :: SEAN-PC [administrator]

4/23/2014 6:45:13 AM
mbam-log-2014-04-23 (06-45-13).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 579480
Time elapsed: 1 hour(s), 25 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\FRST\Quarantine\C\ProgramData\2992199F9A\rfvfleyf.cpp.xBAD (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\C\ProgramData\2992199F9A\2992199F9A\fyelfvfr.faa (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\C\Windows\System32\rpcss.dll.xBAD (Trojan.Zekos.Patched) -> Quarantined and deleted successfully.
C:\Users\Sean\AppData\Local\Temp\J2Hy.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\Sean\AppData\Local\Temp\radqv.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Fine! :)

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

C:\AcidXLite_132521_154461_120810230739.exe Win32/Toolbar.Zugo potentially unwanted application
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Users\Sean\AppData\Local\Temp\SearchProtectionSetup.exe a variant of Win32/Toolbar.Widgi potentially unwanted application
C:\Users\Sean\AppData\Local\Temp\tbBit2.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\Sean\AppData\Local\Temp\YontooSetup-S.exe Win32/Adware.Yontoo application
C:\Users\Sean\Downloads\rcsetup142.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
 

Link to post
Share on other sites

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.





SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

# AdwCleaner v3.202 - Report created 24/04/2014 at 23:56:49
# Updated 23/04/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Sean - SEAN-PC
# Running from : C:\Users\Sean\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\w3i
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\w3i
Folder Deleted : C:\Users\Sean\AppData\Local\Conduit
Folder Deleted : C:\Users\Sean\AppData\Local\PackageAware
Folder Deleted : C:\Users\Sean\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Sean\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Sean\AppData\LocalLow\PriceGong
File Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\0\Extensions\OneClickDownloader@OneClickDownloader.com.xpi
File Deleted : C:\Users\Sean\AppData\Local\Temp\Uninstall.exe

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownloader
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16476

-\\ Mozilla Firefox v

[ File : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]

-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\preferences ]



Deleted [Extension] : jplinpmadfkdgipabgcdchbdikologlh

*************************

AdwCleaner[R0].txt - [5522 octets] - [24/04/2014 23:51:17]
AdwCleaner[R1].txt - [5512 octets] - [24/04/2014 23:53:13]
AdwCleaner[s0].txt - [5490 octets] - [24/04/2014 23:56:49]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5550 octets] ##########

 

Running the Junkware Removal Tool now.  Should I do anything other than post the log (such as confirming removal or something) after it's done scanning?

Link to post
Share on other sites

Ah well the log didn't open or save on it's own...

 

 

<?xml version="1.0" encoding="utf-8" standalone="yes"?><?xml-stylesheet type='text/xsl' href='C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\log.xslt'?><info><LangStrings><string1>Scan Date</string1><string2>Database Version</string2><string3>Total Items Found</string3><string4>Objects Scanned :</string4><string5>Time Elapsed :</string5><string6>Name</string6><string7>Found Items</string7><string8>Item Name</string8><string9>Category</string9><string10>Threat Level</string10><string11>Action Performed</string11><string12>Items Found</string12><string13>Found Area</string13><string14>Details</string14><string15>File Name</string15><string16>MD5</string16><string17>Signature</string17><string18>Registry Key</string18><string19>No Infections Found.</string19><string20 /></LangStrings><loginfo><date>4/26/2014 11:59:39 AM</date><key /><istrial>True</istrial><system>SEAN-PC|67.174.229.78|00-22-15-02-BC-7B</system><scantype>DeepScan</scantype><os>Windows 7 64 Bit, Version : Microsoft Windows NT 6.1.7601 Service Pack 1</os><dbversion>1771</dbversion><time>00:25:53</time><objectscanned>340259</objectscanned><objectfound>21</objectfound><cultureinfo>English (United States)</cultureinfo><version>2.1.1000.10798</version></loginfo><companyinfo><companyname>Nico Mak Computing</companyname><productname>WinZip Malware Protector</productname><copyright>© 2013 WinZip International LLC. All rights reserved.</copyright></companyinfo><log logdate="Friday, April 25, 2014" databaseversion="1769" objectscanned="340259" timeelapsed="00:25:53"><SerializableDictionaryOfStringListOfcFoundItems><Item><Key><string>trojan-downloader.genome</string></Key><Value><ArrayOfFI><FI><C>Trojan-Downloader</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\search toolbar</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>210809</ID></FI><FI><C>Trojan-Downloader</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\search toolbar</V2><V3>nomodify</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Trojan-Downloader</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\search toolbar</V2><V3>norepair</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Trojan-Downloader</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\search toolbar</V2><V3>displayname</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Trojan-Downloader</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\search toolbar</V2><V3>displayversion</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Trojan-Downloader</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\search toolbar</V2><V3>urlinfoabout</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Trojan-Downloader</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\search toolbar</V2><V3>publisher</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Trojan-Downloader</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\search toolbar</V2><V3>estimatedsize</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Trojan-Downloader</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\search toolbar</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>210809</ID></FI><FI><C>Trojan-Downloader</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\search toolbar</V2><V3>updatepage</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI></ArrayOfFI></Value></Item><Item><Key><string>roguesecurityprogram.winantivirus-pro-2006</string></Key><Value><ArrayOfFI><FI><C>Rogue Antispyware Program</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_classes_root</V1><V2>*\shellex\contextmenuhandlers\shellextension</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>212507</ID></FI><FI><C>Rogue Antispyware Program</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_classes_root</V1><V2>directory\shellex\contextmenuhandlers\shellextension</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>212507</ID></FI><FI><C>Rogue Antispyware Program</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_classes_root</V1><V2>drive\shellex\contextmenuhandlers\shellextension</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>212507</ID></FI><FI><C>Rogue Antispyware Program</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\classes\*\shellex\contextmenuhandlers\shellextension</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>212507</ID></FI><FI><C>Rogue Antispyware Program</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\classes\directory\shellex\contextmenuhandlers\shellextension</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>212507</ID></FI><FI><C>Rogue Antispyware Program</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\classes\drive\shellex\contextmenuhandlers\shellextension</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>212507</ID></FI></ArrayOfFI></Value></Item><Item><Key><string>roguesecurityprogram.pro-antispyware-2009</string></Key><Value><ArrayOfFI><FI><C>Rogue Antispyware Program</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_current_user</V1><V2>software\microsoft\windows\currentversion\drivers\video</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>212916</ID></FI><FI><C>Rogue Antispyware Program</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_current_user</V1><V2>software\microsoft\windows\currentversion\drivers\video\options</V2><V3 /><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI></ArrayOfFI></Value></Item><Item><Key><string>roguesecurityprogram.ms-antispyware-2009</string></Key><Value><ArrayOfFI><FI><C>Rogue Antispyware Program</C><TL>Severe</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_current_user</V1><V2>software\microsoft\windows\currentversion\drivers</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>213393</ID></FI></ArrayOfFI></Value></Item><Item><Key><string>trojan.agent</string></Key><Value><ArrayOfFI><FI><C>Trojan</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>FileSignature</FT><V1>c:\users\sean\appdata\local\temp\jar_cache6048616669573384924.tmp</V1><V2>0</V2><V3>1265843400897794383</V3><V4>5bed1cbd6923f7e32b071aa623864f66</V4><V5>0|</V5><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV>c:\users\sean\appdata\local\temp\jar_cache6048616669573384924.tmp</DV><FA>FileSystem</FA><RBT>None</RBT><ID>218671</ID></FI></ArrayOfFI></Value></Item><Item><Key><string>monitoring.employees-pc-monitor</string></Key><Value><ArrayOfFI><FI><C>Monitoring Tool</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_users</V1><V2>s-1-5-18\software\microsoft\windows\currentversion\policies\system</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>214701</ID></FI></ArrayOfFI></Value></Item></SerializableDictionaryOfStringListOfcFoundItems></log></info>

 

 

 

 Results of screen317's Security Check version 0.99.82 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled! 
avast! Antivirus  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 7 Update 25 
 Java version out of Date!
 Adobe Reader 10.1.7 Adobe Reader out of Date! 
 Google Chrome 33.0.1750.154 
 Google Chrome 34.0.1847.116 
````````Process Check: objlist.exe by Laurent```````` 
 WinZip Malware Protector WinZipMalwareProtector.exe  
 PlayOnline SquareEnix PlayOnlineViewer pol.exe
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Link to post
Share on other sites

Your system is clean now! :)

 

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.


After the reboot

  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.


  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.





Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.

 

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.


    [*]Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

    [*]Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.

    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.



Link to post
Share on other sites

Thank you very much. I shall take most your reccommendations to heart though since I use my comp mostly for watching shows and games not sure I can avoid those :(.

 

I saw you linked 2 sites to check for software updates... should I use both? And how often do you recommend I use them to check?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.