garda siochana virus

baingal nancer · 31-01-2014 11:10am #1

Got this garda virus thing on my computor, it has blocked it totally,pops up as soon as i turn on askin for money etc, anyone any suggestions on how i can get rid of it without having to bring to a shop ?

The Narrator · 31-01-2014 11:13am

If you search boards for 'garda virus' there are numerous threads.

http://touch.boards.ie/thread/2056851486

jsa112 · 31-01-2014 1:40pm

run combofix and post its log

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

baingal nancer · 31-01-2014 1:43pm

jsa112 wrote: »

run combofix and post its log

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

i'm inable to run anything screen is locked with the garda message

jsa112 · 31-01-2014 2:08pm

can you run it in safe mode ?

baingal nancer · 31-01-2014 2:17pm

Not sure about that,not at the pc at the minute but will try give it a try later, thanks

johndoe99 · 31-01-2014 4:41pm

1.Start your computer in safe mode with command prompt.

2. type rstrui.exe and then press ENTER

3. Choose a restore point from before the Garda ransomware first appeared.

4. When your PC restarts download Malwarebytes (Free Version), leave the update box ticked.

Run a scan.

If you have the latest version of the ransomware virus, which won't allow you to boot into Windows you'll need Hitman Pro (30 days free), it will allow you to make a bootable USB, that bypasses the ransomware and then runs a scan to remove it.

http://www.surfright.nl/en

2014rfs · 02-02-2014 7:49pm

Hi, I got this virus on my laptop yesterday. I was able to shut down the computer when the bogus screen came up & I was able to restart in normal fashion (i.e. my computer wasn't locked out). When I restarted my system in the normal manner everything seemed ok in that the garda scam screen didn't come up again. When I ran AVG it said it found one "Trojanhorse" infection & removed it. Is there anything else I need to do at this time? Is it now removed?

I also went into safe mode & ran msconfig & unticked the unknown dodgy file. Then I restarted in normal fashion & I ran malwarebytes anti-malware & Hitman Pro & followed their instructions. A number of suspicious files were removed doing this.

I also tried safe mode with command prompt but couldn't restore to a previous setting.

Is the virus now gone?
Also does it infect your USB hard drive if connected to the laptop?
Even though the dodgy file in msconfig startup is unticked, is there a way of actually deleting it permanently? If it is reticked will the virus return?

thanks

jsa112 · 02-02-2014 7:52pm

probably not, can you post the avg and mbam logs ?

shouldnt infect your usb thing.

deleting something from msconfig doesn't really do much at all

2014rfs · 02-02-2014 9:30pm

Thanks for the reply. I don't know how to post the AVG log. It says in AVG it has the virus removed in the scan summary. What should I do at this point?

jsa112 · 02-02-2014 9:36pm

how bout the mbam one ? there should be a logs tab in the program

2014rfs · 02-02-2014 9:57pm

Mbam Log record shown below:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.02.02

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16386
owner :: OWNER-PC [administrator]

Protection: Enabled

02/02/2014 19:13:09
mbam-log-2014-02-02 (19-13-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212933
Time elapsed: 42 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\Software\Conduit\ValueApps (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Retrogamer Search Scope Monitor (PUP.Optional.MindSpark) -> Data: "C:\PROGRA~1\RETROG~4\bar\1.bin\4wsrchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

I'm not the only user of the laptop but there may be illegal music downloaded previously. Stupid question coming up (not very computer litterate) or know much about downloads etc: But is there any truth in the "scam" in that it may have tracked down the music downloads or is it a definite "scam"?
Is this "scam" page claiming to be from "guardians of the peace" in Ireland confirmed by the gardai to be a proven scam? I shouldn't expect a knock on my door so? :rolleyes:

Thanks again.

johndoe99 · 02-02-2014 10:20pm

2014rfs wrote: »

But is there any truth in the "scam" in that it may have tracked down the music downloads or is it a definite "scam"?
Is this "scam" page claiming to be from "guardians of the peace" in Ireland confirmed by the gardai to be a proven scam? I shouldn't expect a knock on my door so? :rolleyes:

Thanks again.

Its a 100% scam

Gardai Website:

http://www.garda.ie/Controller.aspx?Page=9445&Lang=1

jsa112 · 02-02-2014 11:33pm

what he said ^

run this

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

TheDoc · 28-02-2014 10:55am

Yo

I got the same virus last night., My first virus ever in over 15 years of home computing : /

Dropped my firewall and my anti virus protection on my main pc, trying to resolve an internet connectivity issue on my laptop. Was google hoping trying to find an solution ( had installed ubuntu onto my old laptop but couldnt get internet) and went to a site that said it had a solution then bang my PC restarted, and when I boot up the desktop this thing is locking me down.

I can boot into safe mode with networking so I can download things to remove it, just so far no luck.

Tried Malwarebytes which located some stuff and removed it, but virus is still present when I boot up into normal windows.
I ran spybot search and destroy and same thing.

Would appreciate some recommendations of tools that will remove it, and if anyone who got it, succesfully removed it and what you did to do so.

I'm in work until this evneing but please reply, and I'll try everything when I get home and let you know how I get on.

Thanks,
Doc.

jsa112 · 28-02-2014 12:09pm

can you post the malwarebytes log

also do the step above about running farbar recovery scan tool

TheDoc · 28-02-2014 1:39pm

jsa112 wrote: »

can you post the malwarebytes log

also do the step above about running farbar recovery scan tool

In work at the moment, will do when I get home.

It found a number of things yesterday and dealt with them all. Rebooted machine and virus was still there. Ran another scan via safemode with networking, and it returned a clean bill of health, but virus still was there.

Was running quick scans as per guides I found on google to removing, should I run a full scan perhaps?

jsa112 · 28-02-2014 2:19pm

na dont waste your time, wont make a difference

the farbar scan is more important

TheDoc · 28-02-2014 7:04pm

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.27.11

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Doc :: DOC-PC [limited]

28/02/2014 18:05:06
mbam-log-2014-02-28 (18-05-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219714
Time elapsed: 2 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OK so the farbar scan is done and below is the output of the two files

First file

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02
Ran by Doc (administrator) on DOC-PC on 28-02-2014 17:57:41
Running from \Users\Doc\Desktop
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Google Inc.) \Users\Doc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) \Users\Doc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) \Users\Doc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) \Users\Doc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) \Users\Doc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) \Users\Doc\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - \Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [THXCfg64] - \Windows\system32\THXCfg64.dll [26624 2011-05-13] (Creative Technology Ltd.)
HKLM\...\Run: [Ask Mr. Robot] - \Program Files\AskMrRobot\AmrTray.exe [792576 2014-02-03] ()
HKLM-x32\...\Run: [Copperhead] - \Program Files (x86)\Razer\Copperhead\razerhid.exe [135168 2009-11-19] ()
HKLM-x32\...\Run: [THX TruStudio NB Settings] - \Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - \Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Razer Synapse] - \Program Files (x86)\Razer\Synapse\RzSynapse.exe [338864 2012-12-10] (Razer USA Ltd)
HKLM-x32\...\Run: [SDTray] - \Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [StartCCC] - \Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-11-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LifeCam] - \Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1221496590-4222248944-626801956-1001\...\Run: [Google Update] - \Users\Doc\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-01-01] (Google Inc.)
HKU\S-1-5-21-1221496590-4222248944-626801956-1001\...\Run: [ASRockXTU] - [X]
HKU\S-1-5-21-1221496590-4222248944-626801956-1001\...\Run: [zASRockInstantBoot] - [X]
HKU\S-1-5-21-1221496590-4222248944-626801956-1001\...\Run: [RESTART_STICKY_NOTES] - \Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1221496590-4222248944-626801956-1001\...\Run: [AVG-Secure-Search-Update_0913b] - \Users\Doc\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 598799461b1447d0876bbdb90fcb175f-ad1491be2ce6c122f6b66faa90e70c2decf7d34c --CMPID 0913b
HKU\S-1-5-21-1221496590-4222248944-626801956-1001\...\Run: [HydraVisionDesktopManager] - \Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-11-22] (AMD)
HKU\S-1-5-21-1221496590-4222248944-626801956-1001\...\Run: [Spotify Web Helper] - \Users\Doc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-13] (Spotify Ltd)
HKU\S-1-5-21-1221496590-4222248944-626801956-1001\...\Run: [Battle.net] - M:\Battle.net\Battle.net Launcher.exe [2561072 2014-02-12] (Blizzard Entertainment)
HKU\S-1-5-21-1221496590-4222248944-626801956-1001\...\MountPoints2: {315fbe21-f728-11de-8550-806e6f6e6963} - F:\Setup.exe
HKU\S-1-5-21-1221496590-4222248944-626801956-1001\...\MountPoints2: {79f61fd8-3548-11e1-b5fe-6cf0492ffeac} - G:\autorun.exe
Startup: \Users\Doc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: \Users\Doc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mqbzjodab.lnk
ShortcutTarget: mqbzjodab.lnk -> \ProgramData\badojzbqm.cpp ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA8A092B12134CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
URLSearchHook: HKCU - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
StartMenuInternet: IEXPLORE.EXE - \Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - \Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - \Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - \Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - \Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - \Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - \Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - \Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - \Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - \Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - \Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - \Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - \Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: \Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\xzlb0dee.default
FF Plugin: @adobe.com/FlashPlayer - \Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - \Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - \Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - \PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - \Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - \Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.104.0 - \Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 - \Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - \Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - \Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - \Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - \Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - \Program Files (x86)\Microsoft Silverlight\4.0.50826.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - \PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - \PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - \Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - \Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin - \Users\Doc\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - \Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - \Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - \Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - \Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - \Users\Doc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - \Users\Doc\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - \Users\Doc\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - \Users\Doc\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - \Users\Doc\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - \Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Plugin ProgramFiles/Appdata: \Users\Doc\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: \Users\Doc\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: \Users\Doc\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Vuze Remote - \Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\xzlb0dee.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} [2013-01-20]
FF Extension: ytbyclick - \Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\xzlb0dee.default\Extensions\{d4f1c433-f9c3-49f2-8645-37dbeca19e90} [2014-01-23]
FF Extension: Translate This! - \Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\xzlb0dee.default\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi [2012-10-13]
FF Extension: Socialite - \Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\xzlb0dee.default\Extensions\socialite@chromakode.xpi [2012-09-15]
FF Extension: Gmail Manager - \Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\xzlb0dee.default\Extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi [2012-09-15]
FF Extension: Youtube to mp3 converter - AudioThief.com - \Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\xzlb0dee.default\Extensions\{B2CEA309-6B58-4B8C-9D0D-6E65D88F6603}.xpi [2012-09-17]
FF Extension: Adblock Plus - \Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\xzlb0dee.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-15]
FF Extension: No Name - \Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2013-02-02]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - \Users\Doc\AppData\Local\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - \Users\Doc\AppData\Local\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - \Users\Doc\AppData\Local\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - \Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - \Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U30) - \Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Talk Plugin) - \Users\Doc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - \Users\Doc\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - \Users\Doc\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Microsoft Office 2010) - \PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - \PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - \Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - \Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Picasa) - \Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - \Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - \Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
CHR Plugin: (NVIDIA 3D VISION) - \Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
CHR Plugin: (Pando Web Plugin) - \Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Uplay PC) - \Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (Photo Gallery) - \Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - \Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Shockwave Flash) - \Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
CHR Extension: (Google Translate) - \Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2013-11-28]
CHR Extension: (Google Docs) - \Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-10]
CHR Extension: (Google Drive) - \Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-10]
CHR Extension: (YouTube) - \Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-10]
CHR Extension: (Adblock Plus) - \Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-05-10]
CHR Extension: (Google Search) - \Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-10]
CHR Extension: (ytbyclick) - \Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\edflbdjfhpiboilnedfoiepbmcllkedb [2014-01-23]
CHR Extension: (Google Calendar) - \Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-11-28]
CHR Extension: (AdBlock) - \Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-28]
CHR Extension: (goo.gl URL Shortener) - \Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2013-11-28]
CHR Extension: (Evernote Web) - \Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2013-11-28]
CHR Extension: (Bookolio) - \Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbgmbgopjppdjfopndcniomnhpodajba [2013-11-28]
CHR Extension: (Google Maps) - \Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-08-06]
CHR Extension: (RSS Subscription Extension (by Google)) - \Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2013-11-28]
CHR Extension: (Google Wallet) - \Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - \Users\Doc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-10]
CHR HKCU\...\Chrome\Extension: [edflbdjfhpiboilnedfoiepbmcllkedb] - \Users\Doc\AppData\Local\CRE\edflbdjfhpiboilnedfoiepbmcllkedb.crx [2014-01-23]
CHR HKCU\...\Chrome\Extension: [ojpijjmpahflnipadmlpgbjmagmjchkk] - \Users\Doc\AppData\Local\CRE\ojpijjmpahflnipadmlpgbjmagmjchkk.crx [2014-01-23]
CHR HKLM-x32\...\Chrome\Extension: [edflbdjfhpiboilnedfoiepbmcllkedb] - \Users\Doc\AppData\Local\CRE\edflbdjfhpiboilnedfoiepbmcllkedb.crx [2014-01-23]
CHR HKLM-x32\...\Chrome\Extension: [ojpijjmpahflnipadmlpgbjmagmjchkk] - \Users\Doc\AppData\Local\CRE\ojpijjmpahflnipadmlpgbjmagmjchkk.crx [2014-01-23]
CHR StartMenuInternet: Google Chrome - \Users\Doc\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

S2 AMD FUEL Service; \Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-11-22] (Advanced Micro Devices, Inc.)
S4 EaseUS Agent; \Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36936 2013-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
S2 Guard Agent; \Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd)
S2 PassThru Service; \Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
S2 PnkBstrA; \Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-31] ()
S2 SDScannerService; \Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; \Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; \Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S3 vncserver; \Program Files\RealVNC\VNC Server\vncservice.exe [502592 2013-12-06] (RealVNC Ltd)
S2 Winmgmt; \PROGRA~3\mqbzjodab.zvv [X]

==================== Drivers (Whitelisted) ====================

S2 AODDriver4.2.0; \Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
S3 copperhd; \Windows\System32\drivers\copperhd.sys [14336 2009-11-10] (Razer (Asia-Pacific) Pte Ltd)
R0 EUBKMON; \Windows\System32\drivers\EUBKMON.sys [48200 2013-09-04] ()
S3 FNETTBOH_305; \Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-08-01] (FNet Co., Ltd.)
R1 FNETURPX; \Windows\System32\drivers\FNETURPX.SYS [15936 2012-01-31] (FNet Co., Ltd.)
S3 gbridge; \Windows\System32\DRIVERS\gbridge64.sys [48192 2009-10-13] (Gbridge LLC)
S3 MRV6X64U; \Windows\System32\DRIVERS\WUBS300N.sys [337792 2007-09-10] (Marvell Semiconductor, Inc)
S3 RimUsb; \Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RTCore64; \Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
R3 rzdaendpt; \Windows\System32\DRIVERS\rzdaendpt.sys [25600 2012-11-07] (Razer USA Ltd)
R3 rzvkeyboard; \Windows\System32\DRIVERS\rzvkeyboard.sys [23040 2012-11-07] (Razer USA Ltd)
S3 cpuz136; \??\D:\Users\Doc\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-28 17:55 - 2014-02-28 17:57 - 00021457 _____ () \Users\Doc\Desktop\FRST.txt
2014-02-28 17:55 - 2014-02-28 17:55 - 00000324 _____ () \Users\Doc\Desktop\Addition.txt
2014-02-28 17:54 - 2014-02-28 17:55 - 00000000 ____D () \FRST
2014-02-28 17:54 - 2014-02-28 17:54 - 02155520 _____ (Farbar) \Users\Doc\Desktop\FRST64.exe
2014-02-28 01:37 - 2011-11-29 17:46 - 00438754 _____ () \Windows\system32\Drivers\etc\hosts.20140228-013741.backup
2014-02-28 01:14 - 2014-02-28 01:14 - 00001109 _____ () \Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-28 01:14 - 2014-02-28 01:14 - 00000000 ____D () \Users\Doc\AppData\Roaming\Malwarebytes
2014-02-28 01:14 - 2014-02-28 01:14 - 00000000 ____D () \ProgramData\Malwarebytes
2014-02-28 01:14 - 2014-02-28 01:14 - 00000000 ____D () \Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-28 01:14 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) \Windows\system32\Drivers\mbam.sys
2014-02-28 01:13 - 2014-02-28 01:13 - 10285040 _____ (Malwarebytes Corporation ) \Users\Doc\Downloads\mbam2.exe
2014-02-28 01:12 - 2014-02-28 01:12 - 01933048 _____ (Bleeping Computer, LLC) \Users\Doc\Downloads\rkill.com
2014-02-28 01:12 - 2014-02-28 01:12 - 00004202 _____ () \Users\Doc\Desktop\Rkill.txt
2014-02-28 00:55 - 2014-02-28 01:39 - 95027928 ____T () \ProgramData\mqbzjodab.fee
2014-02-28 00:55 - 2014-02-28 00:55 - 00154624 _____ () \ProgramData\badojzbqm.cpp
2014-02-28 00:07 - 2014-02-28 00:07 - 00103867 _____ () \Users\Doc\Downloads\b43.zip
2014-02-27 22:54 - 2014-02-27 22:54 - 01596823 _____ () \Users\Doc\Downloads\broadcom-wl-5.10.56.27.3_mipsel.tar.bz2
2014-02-27 22:44 - 2014-02-27 22:44 - 00019139 _____ () \Users\Doc\Downloads\b43-fwcutter_017.orig.tar.bz2
2014-02-27 22:41 - 2014-02-27 22:41 - 00017355 _____ () \Users\Doc\Downloads\b43-fwcutter_017-2.debian.tar.gz
2014-02-27 22:21 - 2014-02-27 22:22 - 03942580 _____ () \Users\Doc\Downloads\linux-firmware-nonfree_1.14ubuntu1_all.deb
2014-02-27 20:09 - 2014-02-27 20:09 - 01095461 _____ (pendrivelinux.com) \Users\Doc\Downloads\Universal-USB-Installer-1.9.5.2.exe
2014-02-27 16:37 - 2014-02-27 16:37 - 00000000 ____D () \Python32
2014-02-27 16:31 - 2014-02-27 16:32 - 17829888 _____ () \Users\Doc\Downloads\python-3.2.3.msi
2014-02-27 14:34 - 2014-02-27 14:34 - 00000000 ____D () \Users\Doc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
2014-02-27 14:34 - 2014-02-27 14:34 - 00000000 ____D () \Users\Doc\AppData\Local\Vitalwerks
2014-02-27 14:34 - 2014-02-27 14:34 - 00000000 ____D () \Program Files (x86)\No-IP
2014-02-27 14:33 - 2014-02-27 14:34 - 00219648 _____ () \Users\Doc\Downloads\DUCSetup_v4_0_2.exe
2014-02-27 14:08 - 2014-02-27 14:08 - 00000000 ____D () \Program Files\RealVNC
2014-02-27 14:07 - 2014-02-27 14:07 - 00000000 ____D () \Users\Doc\AppData\Local\RealVNC
2014-02-27 13:55 - 2014-02-27 13:56 - 11755344 _____ (RealVNC Ltd ) \Users\Doc\Downloads\VNC-5.1.0-Windows.exe
2014-02-27 10:59 - 2014-02-27 11:09 - 766509056 _____ () \Users\Doc\Downloads\ubuntu-12.04.4-desktop-i386.iso
2014-02-26 23:31 - 2014-02-26 23:31 - 00843265 _____ () \Users\Doc\Downloads\oQueue_530b7746.zip
2014-02-25 22:25 - 2014-02-25 22:25 - 00000000 ____D () \Users\Doc\AppData\Roaming\NCSOFT
2014-02-25 22:25 - 2014-02-25 22:25 - 00000000 ____D () \Users\Doc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCSOFT
2014-02-25 22:25 - 2014-02-25 22:25 - 00000000 ____D () \Users\Doc\AppData\Local\NCSOFT
2014-02-25 22:24 - 2014-02-25 22:24 - 04495208 _____ (NCSOFT) \Users\Doc\Downloads\Wildstar.exe
2014-02-23 23:36 - 2014-02-23 23:36 - 00050844 _____ () \Users\Doc\Downloads\diablo_h.ttf
2014-02-22 19:50 - 2014-02-22 19:50 - 00009084 _____ () \Users\Doc\Downloads\[katproxy.se]true.detective.s01e03.720p.hdtv.x264.killers.publichd.torrent
2014-02-22 19:50 - 2014-02-22 19:50 - 00008924 _____ () \Users\Doc\Downloads\[katproxy.se]true.detective.s01e02.720p.hdtv.x264.killers.publichd.torrent
2014-02-22 19:48 - 2014-02-22 19:48 - 00009124 _____ () \Users\Doc\Downloads\[katproxy.se]true.detective.s01e01.720p.hdtv.x264.killers.publichd.torrent
2014-02-22 19:26 - 2014-02-22 19:26 - 04112872 _____ () \Users\Doc\Downloads\sabnzbd (1).log
2014-02-22 19:24 - 2014-02-22 19:24 - 00000991 _____ () \Users\Doc\Desktop\SABnzbd.lnk
2014-02-22 19:22 - 2014-02-22 19:23 - 10805387 _____ () \Users\Doc\Downloads\SABnzbd-0.7.16-win32-setup.exe
2014-02-22 19:22 - 2014-02-22 19:22 - 04111837 _____ () \Users\Doc\Downloads\sabnzbd.log
2014-02-16 01:04 - 2014-02-16 01:05 - 06385207 _____ () \Users\Doc\Downloads\TSM_App_Full.zip
2014-02-11 00:19 - 2014-02-11 00:20 - 00081256 _____ () \Windows\SysWOW64\Accounting-Sales.csv
2014-02-06 21:03 - 2014-02-06 21:03 - 04107697 _____ () \Users\Doc\Documents\sabnzbd (1).log
2014-02-06 20:49 - 2014-02-06 20:49 - 04105886 _____ () \Users\Doc\Documents\sabnzbd.log
2014-02-06 19:14 - 2014-02-06 19:14 - 01584331 _____ () \TSMTHEDOC1988140206191404.zip
2014-02-06 19:14 - 2014-02-06 19:14 - 00006554 _____ () \TSM2051268#1140206191404.zip
2014-02-06 19:14 - 2014-02-06 19:14 - 00006554 _____ () \TSM2051268#1140206191403.zip
2014-02-06 19:14 - 2014-02-06 19:14 - 00002040 _____ () \TSMMINIGIRV140206191404.zip
2014-02-06 19:14 - 2014-02-06 19:14 - 00000022 _____ () \TSMWindows140206191404.zip
2014-02-05 23:02 - 2014-02-05 23:02 - 00000000 ____D () \Program Files\AskMrRobot
2014-02-05 22:56 - 2014-02-05 22:56 - 00000000 ____D () \Users\Doc\AppData\Local\TSMDataExtractor
2014-01-29 21:30 - 2014-01-29 21:30 - 01322566 _____ () \Users\Doc\Downloads\20433484_50d122ba06d65e62c9bcdb9ef2bb1d1d9b697ac8.cab
2014-01-29 21:28 - 2014-01-29 21:28 - 02816072 _____ (LionSea SoftWare ) \Users\Doc\Downloads\setup (1).exe
2014-01-29 21:27 - 2014-01-29 21:27 - 00000000 ____D () \Program Files (x86)\DriverTuner
2014-01-29 21:26 - 2014-01-29 21:27 - 02816072 _____ (LionSea SoftWare ) \Users\Doc\Downloads\setup.exe
2014-01-29 21:21 - 2014-01-29 21:21 - 00040960 _____ (Benq Corporation) \Users\Doc\Downloads\auto.exe

==================== One Month Modified Files and Folders =======

2014-02-28 17:57 - 2014-02-28 17:55 - 00021457 _____ () \Users\Doc\Desktop\FRST.txt
2014-02-28 17:55 - 2014-02-28 17:55 - 00000324 _____ () \Users\Doc\Desktop\Addition.txt
2014-02-28 17:55 - 2014-02-28 17:54 - 00000000 ____D () \FRST
2014-02-28 17:54 - 2014-02-28 17:54 - 02155520 _____ (Farbar) \Users\Doc\Desktop\FRST64.exe
2014-02-28 01:39 - 2014-02-28 00:55 - 95027928 ____T () \ProgramData\mqbzjodab.fee
2014-02-28 01:39 - 2009-07-14 04:45 - 00017168 ____H () \Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-28 01:39 - 2009-07-14 04:45 - 00017168 ____H () \Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-28 01:38 - 2014-01-18 01:18 - 00003484 _____ () \Windows\setupact.log
2014-02-28 01:38 - 2013-08-19 20:37 - 00000000 ____D () \Users\Doc\AppData\Local\Battle.net
2014-02-28 01:38 - 2012-11-21 22:28 - 00000888 _____ () \Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-28 01:38 - 2010-01-01 16:25 - 00000000 ____D () \Users\Doc\AppData\Local\Deployment
2014-02-28 01:38 - 2009-07-14 05:08 - 00000006 ____H () \Windows\Tasks\SA.DAT
2014-02-28 01:22 - 2010-01-01 16:26 - 01931586 _____ () \Windows\WindowsUpdate.log
2014-02-28 01:19 - 2014-01-23 23:14 - 00003358 _____ () \Windows\System32\Tasks\BackgroundContainer Startup Task
2014-02-28 01:19 - 2014-01-18 01:18 - 00029544 _____ () \Windows\PFRO.log
2014-02-28 01:18 - 2014-01-23 23:13 - 00000000 ____D () \ProgramData\Conduit
2014-02-28 01:15 - 2011-11-29 17:38 - 00000000 ____D () \ProgramData\Spybot - Search & Destroy
2014-02-28 01:14 - 2014-02-28 01:14 - 00001109 _____ () \Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-28 01:14 - 2014-02-28 01:14 - 00000000 ____D () \Users\Doc\AppData\Roaming\Malwarebytes
2014-02-28 01:14 - 2014-02-28 01:14 - 00000000 ____D () \ProgramData\Malwarebytes
2014-02-28 01:14 - 2014-02-28 01:14 - 00000000 ____D () \Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-28 01:13 - 2014-02-28 01:13 - 10285040 _____ (Malwarebytes Corporation ) \Users\Doc\Downloads\mbam2.exe
2014-02-28 01:12 - 2014-02-28 01:12 - 01933048 _____ (Bleeping Computer, LLC) \Users\Doc\Downloads\rkill.com
2014-02-28 01:12 - 2014-02-28 01:12 - 00004202 _____ () \Users\Doc\Desktop\Rkill.txt
2014-02-28 00:55 - 2014-02-28 00:55 - 00154624 _____ () \ProgramData\badojzbqm.cpp
2014-02-28 00:55 - 2010-01-01 16:25 - 00000000 ___RD () \Users\Doc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-28 00:52 - 2012-11-26 21:21 - 00000000 ____D () \Users\Doc\AppData\Local\CrashDumps
2014-02-28 00:30 - 2010-01-01 16:26 - 00000900 _____ () \Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1221496590-4222248944-626801956-1001UA.job
2014-02-28 00:08 - 2012-11-21 22:28 - 00000892 _____ () \Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-28 00:07 - 2014-02-28 00:07 - 00103867 _____ () \Users\Doc\Downloads\b43.zip
2014-02-27 22:54 - 2014-02-27 22:54 - 01596823 _____ () \Users\Doc\Downloads\broadcom-wl-5.10.56.27.3_mipsel.tar.bz2
2014-02-27 22:44 - 2014-02-27 22:44 - 00019139 _____ () \Users\Doc\Downloads\b43-fwcutter_017.orig.tar.bz2
2014-02-27 22:41 - 2014-02-27 22:41 - 00017355 _____ () \Users\Doc\Downloads\b43-fwcutter_017-2.debian.tar.gz
2014-02-27 22:30 - 2010-01-01 16:26 - 00000848 _____ () \Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1221496590-4222248944-626801956-1001Core.job
2014-02-27 22:22 - 2014-02-27 22:21 - 03942580 _____ () \Users\Doc\Downloads\linux-firmware-nonfree_1.14ubuntu1_all.deb
2014-02-27 21:51 - 2014-01-01 17:21 - 00000000 ____D () \Users\Doc\AppData\Roaming\ACEStream
2014-02-27 21:51 - 2014-01-01 17:21 - 00000000 ____D () \Users\Doc\AppData\Roaming\.ACEStream
2014-02-27 20:13 - 2009-07-14 05:13 - 00784588 _____ () \Windows\system32\PerfStringBackup.INI
2014-02-27 20:09 - 2014-02-27 20:09 - 01095461 _____ (pendrivelinux.com) \Users\Doc\Downloads\Universal-USB-Installer-1.9.5.2.exe
2014-02-27 16:37 - 2014-02-27 16:37 - 00000000 ____D () \Python32
2014-02-27 16:32 - 2014-02-27 16:31 - 17829888 _____ () \Users\Doc\Downloads\python-3.2.3.msi
2014-02-27 14:34 - 2014-02-27 14:34 - 00000000 ____D () \Users\Doc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
2014-02-27 14:34 - 2014-02-27 14:34 - 00000000 ____D () \Users\Doc\AppData\Local\Vitalwerks
2014-02-27 14:34 - 2014-02-27 14:34 - 00000000 ____D () \Program Files (x86)\No-IP
2014-02-27 14:34 - 2014-02-27 14:33 - 00219648 _____ () \Users\Doc\Downloads\DUCSetup_v4_0_2.exe
2014-02-27 14:08 - 2014-02-27 14:08 - 00000000 ____D () \Program Files\RealVNC
2014-02-27 14:07 - 2014-02-27 14:07 - 00000000 ____D () \Users\Doc\AppData\Local\RealVNC
2014-02-27 13:56 - 2014-02-27 13:55 - 11755344 _____ (RealVNC Ltd ) \Users\Doc\Downloads\VNC-5.1.0-Windows.exe
2014-02-27 11:09 - 2014-02-27 10:59 - 766509056 _____ () \Users\Doc\Downloads\ubuntu-12.04.4-desktop-i386.iso
2014-02-27 10:32 - 2012-08-25 17:46 - 00000000 ____D () \Users\Doc\AppData\Roaming\Mozilla
2014-02-27 01:08 - 2010-01-01 16:24 - 00000000 ____D () \Users\Doc
2014-02-26 23:59 - 2012-11-13 15:13 - 00000000 ____D () \Users\Doc\AppData\Roaming\Spotify
2014-02-26 23:31 - 2014-02-26 23:31 - 00843265 _____ () \Users\Doc\Downloads\oQueue_530b7746.zip
2014-02-25 23:19 - 2012-11-13 15:13 - 00000000 ____D () \Users\Doc\AppData\Local\Spotify
2014-02-25 22:25 - 2014-02-25 22:25 - 00000000 ____D () \Users\Doc\AppData\Roaming\NCSOFT
2014-02-25 22:25 - 2014-02-25 22:25 - 00000000 ____D () \Users\Doc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCSOFT
2014-02-25 22:25 - 2014-02-25 22:25 - 00000000 ____D () \Users\Doc\AppData\Local\NCSOFT
2014-02-25 22:24 - 2014-02-25 22:24 - 04495208 _____ (NCSOFT) \Users\Doc\Downloads\Wildstar.exe
2014-02-25 22:20 - 2011-11-29 17:38 - 00000000 ____D () \Users\Doc\AppData\Roaming\Mumble
2014-02-24 00:44 - 2011-12-13 19:22 - 00000600 _____ () \Users\Doc\AppData\Local\PUTTY.RND
2014-02-23 23:36 - 2014-02-23 23:36 - 00050844 _____ () \Users\Doc\Downloads\diablo_h.ttf
2014-02-22 19:50 - 2014-02-22 19:50 - 00009084 _____ () \Users\Doc\Downloads\[katproxy.se]true.detective.s01e03.720p.hdtv.x264.killers.publichd.torrent
2014-02-22 19:50 - 2014-02-22 19:50 - 00008924 _____ () \Users\Doc\Downloads\[katproxy.se]true.detective.s01e02.720p.hdtv.x264.killers.publichd.torrent
2014-02-22 19:48 - 2014-02-22 19:48 - 00009124 _____ () \Users\Doc\Downloads\[katproxy.se]true.detective.s01e01.720p.hdtv.x264.killers.publichd.torrent
2014-02-22 19:26 - 2014-02-22 19:26 - 04112872 _____ () \Users\Doc\Downloads\sabnzbd (1).log
2014-02-22 19:24 - 2014-02-22 19:24 - 00000991 _____ () \Users\Doc\Desktop\SABnzbd.lnk
2014-02-22 19:23 - 2014-02-22 19:22 - 10805387 _____ () \Users\Doc\Downloads\SABnzbd-0.7.16-win32-setup.exe
2014-02-22 19:22 - 2014-02-22 19:22 - 04111837 _____ () \Users\Doc\Downloads\sabnzbd.log
2014-02-22 01:36 - 2011-11-29 22:11 - 00000000 ____D () \Users\Doc\AppData\Roaming\vlc
2014-02-19 22:25 - 2010-01-01 16:26 - 00003870 _____ () \Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1221496590-4222248944-626801956-1001UA
2014-02-19 22:25 - 2010-01-01 16:26 - 00003474 _____ () \Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1221496590-4222248944-626801956-1001Core
2014-02-16 18:10 - 2012-10-15 22:54 - 00000124 _____ () \Users\Doc\Desktop\CKSSettings.ini
2014-02-16 01:06 - 2013-11-15 22:33 - 00000000 ____D () \Users\Doc\Desktop\TSM APP
2014-02-16 01:05 - 2014-02-16 01:04 - 06385207 _____ () \Users\Doc\Downloads\TSM_App_Full.zip
2014-02-14 00:03 - 2012-11-21 22:28 - 00003888 _____ () \Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-14 00:03 - 2012-11-21 22:28 - 00003636 _____ () \Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-11 00:20 - 2014-02-11 00:19 - 00081256 _____ () \Windows\SysWOW64\Accounting-Sales.csv
2014-02-10 20:25 - 2014-01-05 13:08 - 00000000 ____D () \Users\Doc\Downloads\NZB
2014-02-07 21:25 - 2014-01-23 23:19 - 00000000 ____D () \Users\Doc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-02-06 21:03 - 2014-02-06 21:03 - 04107697 _____ () \Users\Doc\Documents\sabnzbd (1).log
2014-02-06 20:49 - 2014-02-06 20:49 - 04105886 _____ () \Users\Doc\Documents\sabnzbd.log
2014-02-06 19:14 - 2014-02-06 19:14 - 01584331 _____ () \TSMTHEDOC1988140206191404.zip
2014-02-06 19:14 - 2014-02-06 19:14 - 00006554 _____ () \TSM2051268#1140206191404.zip
2014-02-06 19:14 - 2014-02-06 19:14 - 00006554 _____ () \TSM2051268#1140206191403.zip
2014-02-06 19:14 - 2014-02-06 19:14 - 00002040 _____ () \TSMMINIGIRV140206191404.zip
2014-02-06 19:14 - 2014-02-06 19:14 - 00000022 _____ () \TSMWindows140206191404.zip
2014-02-05 23:02 - 2014-02-05 23:02 - 00000000 ____D () \Program Files\AskMrRobot
2014-02-05 23:02 - 2013-10-05 12:51 - 00000000 ____D () \ProgramData\Package Cache
2014-02-05 22:56 - 2014-02-05 22:56 - 00000000 ____D () \Users\Doc\AppData\Local\TSMDataExtractor
2014-02-03 19:33 - 2012-11-10 20:37 - 00000000 ____D () \Users\Doc\AppData\Roaming\CouchPotato
2014-01-29 21:30 - 2014-01-29 21:30 - 01322566 _____ () \Users\Doc\Downloads\20433484_50d122ba06d65e62c9bcdb9ef2bb1d1d9b697ac8.cab
2014-01-29 21:28 - 2014-01-29 21:28 - 02816072 _____ (LionSea SoftWare ) \Users\Doc\Downloads\setup (1).exe
2014-01-29 21:27 - 2014-01-29 21:27 - 00000000 ____D () \Program Files (x86)\DriverTuner
2014-01-29 21:27 - 2014-01-29 21:26 - 02816072 _____ (LionSea SoftWare ) \Users\Doc\Downloads\setup.exe
2014-01-29 21:21 - 2014-01-29 21:21 - 00040960 _____ (Benq Corporation) \Users\Doc\Downloads\auto.exe

Files to move or delete:
====================
\ProgramData\mqbzjodab.fee

==================== Bamital & volsnap Check =================

\Windows\System32\winlogon.exe => MD5 is legit
\Windows\System32\wininit.exe => MD5 is legit
\Windows\SysWOW64\wininit.exe => MD5 is legit
\Windows\explorer.exe => MD5 is legit
\Windows\SysWOW64\explorer.exe => MD5 is legit
\Windows\System32\svchost.exe => MD5 is legit
\Windows\SysWOW64\svchost.exe => MD5 is legit
\Windows\System32\services.exe => MD5 is legit
\Windows\System32\User32.dll => MD5 is legit
\Windows\SysWOW64\User32.dll => MD5 is legit
\Windows\System32\userinit.exe => MD5 is legit
\Windows\SysWOW64\userinit.exe => MD5 is legit
\Windows\System32\rpcss.dll => MD5 is legit
\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-22 10:58

==================== End Of Log ============================

Addition file

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2014 02
Ran by Doc at 2014-02-28 17:57:57
Running from \Users\Doc\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

==================== Installed Programs ======================

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.2.28595 - BitTorrent Inc.)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.4.402.278 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.4.402.278 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.230 - Adobe Systems Incorporated.) Hidden
AMD Accelerated Video Transcoding (Version: 13.20.100.31122 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1122.1036.18947 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{82DC611C-A1EE-D784-4449-6E46E2EBD9F6}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1122.1036.18947 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81122.1054 - Advanced Micro Devices, Inc.) Hidden
AMD USB Filter Driver (x32 Version: 1.0.14.91 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.12 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
AMIP (remove only) (HKLM-x32\...\AMIP) (Version: - )
AmrAddonInstall (Version: 1.2.8.0 - Microsoft) Hidden
Any Video Converter 3.3.3 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{343666E2-A059-48AC-AD67-230BF74E2DB2}) (Version: 2.1.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{75104836-CAC7-444E-A39E-3F54151942F5}) (Version: 4.0.0.97 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Mr. Robot (HKLM-x32\...\{86e39a0a-85dd-4d6f-b1cd-46d8208bd2e9}) (Version: 1.3.17.0 - Ask Mr. Robot)
Ask Mr. Robot (Version: 1.3.17.0 - Ask Mr. Robot) Hidden
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version: - ASRock Inc.)
ASRock eXtreme Tuner v0.1.122 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version: - )
ASRock InstantBoot v1.29 (HKLM-x32\...\ASRock InstantBoot_is1) (Version: - )
AutoHotkey 1.1.10.01 (HKLM\...\AutoHotkey) (Version: 1.1.10.01 - Lexikos)
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version: - Rocksteady Studios Ltd.)
Batman: Arkham City™ (HKLM-x32\...\Steam App 57400) (Version: - Rocksteady)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
CaddieSync Express 1.5.14 (HKLM-x32\...\CaddieSync Express) (Version: 1.5.14 - SkyHawke Technologies)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1122.1036.18947 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1122.1036.18947 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1122.1036.18947 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1122.1035.18947 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1122.1035.18947 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1122.1035.18947 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1122.1035.18947 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1122.1035.18947 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1122.1035.18947 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1122.1035.18947 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1122.1035.18947 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1122.1035.18947 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1122.1035.18947 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1122.1035.18947 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1122.1035.18947 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1122.1035.18947 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1122.1035.18947 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1122.1035.18947 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1122.1035.18947 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1122.1035.18947 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1122.1035.18947 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1122.1035.18947 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1122.1035.18947 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1122.1035.18947 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1122.1035.18947 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1122.1036.18947 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CouchPotato (HKLM-x32\...\CouchPotato_is1) (Version: 2 - Your Mom)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - )
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
CPUID CPU-Z 1.62 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.792 - Curse)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1611_37043 - CyberLink Corp.)
CyberLink MediaEspresso (x32 Version: 6.5.1611_37043 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Darksiders (HKLM-x32\...\Steam App 50620) (Version: - Vigil Games)
Day of Defeat (HKLM-x32\...\Steam App 30) (Version: - Valve)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{18636D65-B3A5-4B6A-A869-A2D57FAC2512}) (Version: - Microsoft)
DriverTuner 3.1.0.1 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.1.0.1 - LionSea SoftWare)
Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
Dxtory 2.0.108 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.108 - Dxtory Software)
EaseUS Todo Backup Free 6.5 (HKLM-x32\...\EaseUS Todo Backup Free 6.5_is1) (Version: 6.5 - CHENGDU YIWO Tech Development Co., Ltd)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Etron USB3.0 Host Controller (x32 Version: 0.104 - Etron Technology) Hidden
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
gamelauncher-ps2-psg (HKCU\...\SOE-M:/PS2) (Version: - Sony Online Entertainment)
Git version 1.8.1.2-preview20130201 (HKLM-x32\...\Git_is1) (Version: 1.8.1.2-preview20130201 - The Git Development Community)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{CCE68200-4ED0-3E0A-A7F2-504897E356AB}) (Version: 5.1.5.17733 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.22.105 - Google, Inc.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Java 7 Update 10 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417010FF}) (Version: 7.0.100 - Oracle)
Java Auto Updater (x32 Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 10 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170100}) (Version: 1.7.0.100 - Oracle)
Java(TM) 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.300 - Oracle)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.8.19851 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Juniper Terminal Services Client (HKCU\...\Juniper_Term_Services) (Version: 7.1.8.20737 - Juniper Networks)
KakaoTalk (HKLM-x32\...\KakaoTalk) (Version: 1.1.5.484 - Kakao)
KeePass Password Safe 1.26 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.26 - Dominik Reichl)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Livestreamer 1.5.2 (HKLM-x32\...\Livestreamer) (Version: - )
Logitech Gaming Software (Version: 8.20.74 - Logitech Inc.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Max Payne 3 (HKLM-x32\...\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}) (Version: 1.0.0.0 - Rockstar Games)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{E30E7561-A466-4393-B8BF-FD93E733EF3C}) (Version: 8.0.6362.202 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
mIRC (HKLM-x32\...\mIRC) (Version: 7.22 - mIRC Co. Ltd.)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSI GamingApp (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 1.0.0.6 - MSI)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
Music Manager (HKCU\...\MusicManager) (Version: - Google, Inc.)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.2 - Vitalwerks Internet Solutions LLC)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.2.3 - )
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Open Broadcaster Software version 0.448a (HKLM-x32\...\{F017778C-11C7-4E57-8124-F10C5AD74B1E}_is1) (Version: 0.448a - ) <==== ATTENTION
Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.9.13.22054 - Grinding Gear Games)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python 2.6.5 (64-bit) (HKLM\...\{4723f199-fa64-4233-8e6e-9fccc95a18ef}) (Version: 2.6.5150 - Python Software Foundation)
Python 3.2.3 (HKLM-x32\...\{789C9644-9F82-44d3-B4CA-AC31F46F5882}) (Version: 3.2.3150 - Python Software Foundation)
qBittorrent 3.1.2 (HKLM-x32\...\qbittorrent) (Version: 3.1.2 - The qBittorrent project)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.0-1.0.10926.49 - raidcall.com)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Razer Copperhead (HKLM-x32\...\{28A946E1-E83B-4662-BC7C-23451851489E}) (Version: 6.10 - Razer USA Ltd.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.7.15 - Razer USA Ltd.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6378 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.0.9.5 - Rockstar Games)
SABnzbd 0.7.16 (HKLM-x32\...\SABnzbd) (Version: 0.7.16 - The SABnzbd Team)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.5.0 - SAMSUNG Electronics Co., Ltd.)
Setup - Latest Version version Final (HKLM-x32\...\{5BE6D7D6-393F-46B2-965E-83602880443B}_is1) (Version: Final - Promotion)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - Silicon Laboratories)
SkyCaddie Desktop (HKLM-x32\...\SkyCaddieDesktop) (Version: - SkyHawke Technologies)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.5.0.1 - Splashtop Inc.)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stora Desktop Applications (HKLM-x32\...\{D323C27E-5DB7-4EE6-B75D-35C0F4D3FABD}) (Version: 1.3.3.1073 - Axentra Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.10 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
THX TruStudio (HKLM-x32\...\{AFB907F5-C0E6-4753-8284-DE955EF86AC2}) (Version: 1.00.01 - Creative Technology Limited)
Tukui Update Utility (HKLM-x32\...\{B5EDE97F-29A3-4A18-B9AE-CBE33DD2ED61}) (Version: 1.0.0 - Tukui)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7AC49FC8-F8D2-4DD8-9086-09E52385A21F}) (Version: - Microsoft)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
Viber (HKCU\...\Viber) (Version: 3.0.0.132799 - Viber Media Inc)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
VNC Server 5.1.0 (HKLM\...\{14F49183-A3E7-4400-A904-132D65E405F9}) (Version: 5.1.0 - RealVNC Ltd)
WildStar (HKLM-x32\...\WildStar) (Version: 1.0.0.6525 - NCSOFT)
Winamp (HKLM-x32\...\Winamp) (Version: 5.622 - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.10 beta 5 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.5 - win.rar GmbH)
World of Logs Client (4.2) (HKCU\...\World of Logs Client (4.2)) (Version: - Digibites Technology)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
XFast USB (HKLM-x32\...\XFast USB) (Version: - )
XSplit (HKLM-x32\...\{9C684A01-7F9C-40E7-AF94-BFE24BC89C97}) (Version: 1.0.1201.0504 - SplitMediaLabs)

==================== Restore Points =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

2009-07-14 02:34 - 2014-02-28 01:37 - 00450770 ____R \Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {00980193-9CB6-43B6-8B89-C33579A79292} - System32\Tasks\{3BD4DC1B-4397-4875-84DF-ECA4C3B3C28D} => \Pr

TheDoc · 28-02-2014 7:13pm

Found the culprit, went into msconfig and saw something I didnt recognise

Startup:

\Users\Doc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mqbzjodab.lnk
ShortcutTarget: mqbzjodab.lnk ->

\ProgramData\badojzbqm.cpp ()

Disabled and now im back on main desktop fine, problem being virus scans arnt picking it up, so need to remove it

jsa112 · 28-02-2014 8:28pm

don't fix anything yourself as it will probably respawn and we will be going round in circles. this fix should do the job. also whatever this is, its what caused the infection

2014-02-28 00:07 - 2014-02-28 00:07 - 00103867 _____ ()

\Users\Doc\Downloads\b43.zip

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

garda siochana virus

Comments