Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am infected with the ZeroAccess rootkit and need assistance.


  • This topic is locked This topic is locked
4 replies to this topic

#1 MrSnrub

MrSnrub

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 12 June 2013 - 06:26 PM

I am running Windows 7 64-bit. Attempts to download anti-spyware programs result in a message saying the file contained a virus and was deleted. I was able to download and run DDS by using another computer to download the file onto a USB key and then copy it over. I already posted my initial problem on this thread, but I was asked to post here after I ran DDS. The attach.txt file is attached, and the DDS.txt log is as follows. Please help.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.21.2
Run by Dan at 19:02:55 on 2013-06-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8138.5580 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Users\Dan\AppData\Roaming\WebCake\WebCakeDesktop.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\DAODx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchya.com/?f=1&a=SearchooD&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyE0C0DzztBtBzzzyyCtN0D0Tzu0CyDtBzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C1V0F1L1C1P1O1F2V&cr=1466751231&ir=
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.searchya.com/?f=1&a=SearchooD&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyE0C0DzztBtBzzzyyCtN0D0Tzu0CyDtBzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C1V0F1L1C1P1O1F2V&cr=1466751231&ir=
mSearch Page = hxxp://my.juno.com/s/search?r=minisearch
mDefault_Search_URL = hxxp://my.juno.com/s/search?r=minisearch
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://my.juno.com/s/search?r=minisearch
uURLSearchHooks: URLSearchHook Class: {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files (x86)\Juno\SearchEnh1.dll
mWinlogon: Userinit = userinit.exe
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SearchYa Helper Object: {25927741-5E5B-4D27-8D8B-9188FE64373F} - C:\Program Files (x86)\SearchYa!\1.8.8.0\bh\searchya.dll
BHO: WebCake: {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll
BHO: Pop-up Blocker: {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files (x86)\Juno\qsacc\X1IEBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: DealPly: {EF7BD87A-8024-11E2-F316-F3E56188709B} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
BHO: Juno Toolbar Helper: {FE3098B1-04A3-41fd-8CA9-BEA39CB14C87} - C:\Program Files (x86)\Juno\UCReg.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll
TB: SearchYa Toolbar: {33AA308B-B565-4376-AC66-59EE9B6AD13E} - C:\Program Files (x86)\SearchYa!\1.8.8.0\searchyaTlbr.dll
uRun: [WebCake Desktop] "C:\Users\Dan\AppData\Roaming\WebCake\WebCakeDesktop.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRunOnce: [Del12125957] cmd.exe /Q /D /c del "C:\Users\Dan\AppData\Local\Temp\0.del"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Display All Images with Full Quality - "res://C:\Program Files (x86)\Juno\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "res://C:\Program Files (x86)\Juno\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: mswsock.dll
Trusted Zone: javatester.org
Trusted Zone: juno.com
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://jport.uscourts.gov/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{AFB76AD2-E9E8-4CC5-8EBC-9A87D7E0AD52} : DHCPNameServer = 10.0.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
AppInit_DLLs= c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://www.searchya.com/?f=1&a=SearchooD&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyE0C0DzztBtBzzzyyCtN0D0Tzu0CyDtBzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C1V0F1L1C1P1O1F2V&cr=1466751231&ir=
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\44j8gv4k.default-1371004995375\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www.delta-search.com/?affID=119351&tt=110613_tb&babsrc=HP_ss&mntrId=C0D8C8600014CD82
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-06-11 22:46; plugin@getwebcake.com; C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\44j8gv4k.default-1371004995375\extensions\plugin@getwebcake.com
FF - ExtSQL: 2013-06-11 22:46; ffxtlbr@delta.com; C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\44j8gv4k.default-1371004995375\extensions\ffxtlbr@delta.com
FF - ExtSQL: 2013-06-12 09:45; ffxtlbr@searchya.com; C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\44j8gv4k.default-1371004995375\extensions\ffxtlbr@searchya.com
FF - ExtSQL: 2013-06-12 09:45; {5ebdca98-43b3-45bb-87e0-716029fb42ab}; C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\44j8gv4k.default-1371004995375\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}
FF - ExtSQL: 2013-06-12 10:01; avg@toolbar; C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.webcake.installId - 54b9a7d0-6654-4d24-bb17-5ddbec2e95b1
FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - c0d82896000000000000c8600014cd82
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15868
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.522:46:56
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119351&tt=110613_tb
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extensions.searchya.hmpg - true
FF - user.js: extensions.searchya.hmpgUrl - hxxp://www.searchya.com/?f=1&a=SearchooD&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyE0C0DzztBtBzzzyyCtN0D0Tzu0CyDtBzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C1V0F1L1C1P1O1F2V&cr=1466751231&ir=
FF - user.js: extensions.searchya.dfltSrch - true
FF - user.js: extensions.searchya.srchPrvdr - SearchYa!
FF - user.js: extensions.searchya.dnsErr - true
FF - user.js: extensions.searchya_i.newTab - false
FF - user.js: extensions.searchya.newTabUrl - hxxp://www.searchya.com/?f=2&a=SearchooD&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyE0C0DzztBtBzzzyyCtN0D0Tzu0CyDtBzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C1V0F1L1C1P1O1F2V&cr=1466751231&ir=
FF - user.js: extensions.searchya.tlbrSrchUrl - hxxp://www.searchya.com/?f=3&a=SearchooD&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyE0C0DzztBtBzzzyyCtN0D0Tzu0CyDtBzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C1V0F1L1C1P1O1F2V&cr=1466751231&ir=&q=
FF - user.js: extensions.searchya.id - C8600014CD822896
FF - user.js: extensions.searchya.instlDay - 15868
FF - user.js: extensions.searchya.vrsn - 1.8.8.0
FF - user.js: extensions.searchya.vrsni - 1.8.8.0
FF - user.js: extensions.searchya_i.vrsnTs - 1.8.8.09:45:22
FF - user.js: extensions.searchya.prtnrId - searchya
FF - user.js: extensions.searchya.prdct - searchya
FF - user.js: extensions.searchya.aflt - SearchooD
FF - user.js: extensions.searchya_i.smplGrp - none
FF - user.js: extensions.searchya.tlbrId - base
FF - user.js: extensions.searchya.instlRef -
FF - user.js: extensions.searchya.dfltLng -
FF - user.js: extensions.searchya.appId - {1973277F-87B0-4EA3-9ED2-470A91D284CF}
FF - user.js: extensions.searchya.excTlbr - false
FF - user.js: extensions.searchya_i.hmpg - true
FF - user.js: extensions.searchya.cr - 1466751231
FF - user.js: extensions.searchya.cd - 2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyE0C0DzztBtBzzzyyCtN0D0Tzu0CyDtBzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C1V0F1L1C1P1O1F2V
FF - user.js: extensions.irspeeddial.aflt - SearchooD
FF - user.js: extensions.irspeeddial.instlRef -
FF - user.js: extensions.irspeeddial.cr - 1466751231
FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyE0C0DzztBtBzzzyyCtN0D0Tzu0CyDtBzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C1V0F1L1C1P1O1F2V
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2008-1-1 78976]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2008-1-1 38528]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-6-11 45856]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
R2 BrowserDefendert;BrowserDefendert;C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2013-6-11 2827728]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-6-11 1015984]
R2 WebCake Desktop Updater;WebCake Desktop Updater;C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe [2013-6-11 23552]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-2-24 126952]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-2-24 389608]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2008-1-1 47232]
S0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-1 1255736]
.
=============== Created Last 30 ================
.
2013-06-12 14:01:02 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar
2013-06-12 14:01:00 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar
2013-06-12 14:00:48 -------- d--h--w- C:\$AVG
2013-06-12 14:00:11 -------- d-----w- C:\Program Files (x86)\AVG
2013-06-12 13:37:52 -------- d-----w- C:\Users\Dan\AppData\Local\{4A223137-BA92-4D5E-BBF7-7E92427EF5BB}
2013-06-12 13:31:18 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-12 02:47:04 -------- d-----w- C:\Users\Dan\AppData\Roaming\Zip Opener Packages
2013-06-12 02:47:00 -------- d-----w- C:\ProgramData\BrowserDefender
2013-06-12 02:46:57 -------- d-----w- C:\Users\Dan\AppData\Roaming\BabSolution
2013-06-12 02:46:56 -------- d-----w- C:\Program Files (x86)\Delta
2013-06-12 02:46:51 -------- d-----w- C:\Users\Dan\AppData\Roaming\WebCake
2013-06-12 02:46:51 -------- d-----w- C:\Program Files (x86)\WebCake
2013-06-12 02:46:43 -------- d-----w- C:\Users\Dan\AppData\Roaming\DSite
2013-06-12 02:46:41 -------- d-----w- C:\Users\Dan\AppData\Roaming\DealPly
2013-06-12 02:46:41 -------- d-----w- C:\Program Files (x86)\OpenIt
2013-06-12 02:46:40 -------- d-----w- C:\Program Files (x86)\DealPly
2013-06-12 02:46:39 -------- d-----w- C:\Users\Dan\AppData\Roaming\Babylon
2013-06-12 02:46:39 -------- d-----w- C:\ProgramData\Tarma Installer
2013-06-12 02:46:39 -------- d-----w- C:\ProgramData\Babylon
2013-06-12 02:22:47 -------- d-----w- C:\Windows\pss
2013-06-12 00:32:09 -------- d-----w- C:\Program Files\iTunes
2013-06-12 00:32:09 -------- d-----w- C:\Program Files\iPod
2013-06-12 00:32:09 -------- d-----w- C:\Program Files (x86)\iTunes
2013-06-11 15:55:57 -------- d-sh--w- C:\found.001
2013-06-11 14:11:57 -------- d-----w- C:\Users\Dan\AppData\Roaming\AVG2013
2013-06-11 14:11:42 -------- d-----w- C:\Users\Dan\AppData\Local\AVG SafeGuard toolbar
2013-06-11 14:11:31 -------- d-----w- C:\Users\Dan\AppData\Roaming\TuneUp Software
2013-06-11 14:11:26 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-06-11 14:11:24 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2013-06-11 14:10:48 -------- d-----w- C:\ProgramData\AVG2013
2013-06-11 14:07:54 -------- d--h--w- C:\ProgramData\Common Files
2013-06-11 14:07:54 -------- d-----w- C:\Users\Dan\AppData\Local\MFAData
2013-06-11 14:07:54 -------- d-----w- C:\Users\Dan\AppData\Local\Avg2013
2013-06-11 14:07:54 -------- d-----w- C:\ProgramData\MFAData
2013-06-11 13:40:53 -------- d-----w- C:\Users\Dan\AppData\Local\{76D47768-C49F-4D97-B237-CC75AE3CA862}
2013-06-11 06:42:42 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6D52EAA5-F444-4253-A2BB-2CCB1AC691D0}\mpengine.dll
2013-06-11 03:53:05 -------- d-sh--w- C:\found.000
2013-06-11 00:30:26 -------- d-----w- C:\Users\Dan\AppData\Local\{C62665C4-A1EB-4C45-9108-4E756DF26847}
2013-06-10 12:30:15 -------- d-----w- C:\Users\Dan\AppData\Local\{6C5E3099-7097-4532-B07C-F3170CBF116D}
2013-06-10 00:30:03 -------- d-----w- C:\Users\Dan\AppData\Local\{F5CBFA43-55F9-4AB8-A684-69A37DCD92AC}
2013-06-09 12:29:51 -------- d-----w- C:\Users\Dan\AppData\Local\{F8ED1855-6210-4AEB-823E-EBD2D8F83D58}
2013-06-09 00:29:40 -------- d-----w- C:\Users\Dan\AppData\Local\{3F2126DB-2AD3-42AF-8E3C-25F480855754}
2013-06-08 12:29:28 -------- d-----w- C:\Users\Dan\AppData\Local\{4DE8A74D-846A-4E32-BD8A-6299F1C6B721}
2013-06-08 00:29:17 -------- d-----w- C:\Users\Dan\AppData\Local\{CBF6400E-3CC4-427B-B81D-4ABED728B230}
2013-06-07 12:29:05 -------- d-----w- C:\Users\Dan\AppData\Local\{32DE3F6F-5FE2-4010-BC8A-FD4B84993334}
2013-06-07 00:28:53 -------- d-----w- C:\Users\Dan\AppData\Local\{37BD4AB4-F417-4EF3-BB23-81C720706866}
2013-06-06 12:28:42 -------- d-----w- C:\Users\Dan\AppData\Local\{09141C07-2D29-4EB8-A20E-FE1C13428740}
2013-06-06 00:28:30 -------- d-----w- C:\Users\Dan\AppData\Local\{6A056B45-FF40-4D19-A15B-39A0DCFCA871}
2013-06-05 23:32:57 -------- d-----w- C:\Users\Dan\AppData\Local\ElevatedDiagnostics
2013-06-05 12:28:19 -------- d-----w- C:\Users\Dan\AppData\Local\{E65EBA22-3E64-4783-8C54-3C0A37868004}
2013-06-04 03:57:29 -------- d-----w- C:\Users\Dan\AppData\Local\{BA6C611F-518F-4A4A-90DB-619D1E9B49F2}
2013-06-03 15:57:17 -------- d-----w- C:\Users\Dan\AppData\Local\{6E40D1C3-FB5A-4379-98D8-758CEAE3440D}
2013-06-03 03:57:06 -------- d-----w- C:\Users\Dan\AppData\Local\{9264DEEB-C4F6-4202-AC0A-00E175689A37}
2013-06-02 15:56:54 -------- d-----w- C:\Users\Dan\AppData\Local\{61422B03-C8A4-4B99-8CB2-9663699E493F}
2013-06-02 03:56:42 -------- d-----w- C:\Users\Dan\AppData\Local\{3E3FD70D-2EFC-4F72-91D9-5EECF97B373F}
2013-06-01 15:56:31 -------- d-----w- C:\Users\Dan\AppData\Local\{31A46251-9EEC-4066-9941-4832C723A3F4}
2013-06-01 03:26:46 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-31 15:27:10 -------- d-----w- C:\Users\Dan\AppData\Local\{D3909B83-3CC3-45F3-B432-53A66452E679}
2013-05-31 03:26:59 -------- d-----w- C:\Users\Dan\AppData\Local\{0B1E73EC-1D17-4830-85B0-F65CBBA1CB7B}
2013-05-30 15:26:47 -------- d-----w- C:\Users\Dan\AppData\Local\{5A31FC14-3003-4FA5-9997-4D1CAD2E8CF1}
2013-05-30 03:26:36 -------- d-----w- C:\Users\Dan\AppData\Local\{85E16AB3-AC19-44EF-9A71-8033ECDBEBB0}
2013-05-29 15:26:24 -------- d-----w- C:\Users\Dan\AppData\Local\{9EC7A281-A56F-453D-9A99-2DB4966A0E56}
2013-05-29 03:26:12 -------- d-----w- C:\Users\Dan\AppData\Local\{FBAFEA0E-22D6-4101-A731-B0C4C39219AA}
2013-05-28 15:26:01 -------- d-----w- C:\Users\Dan\AppData\Local\{B3DB85E2-0D47-4F86-B9F3-3D3FACDDCDB5}
2013-05-28 03:25:49 -------- d-----w- C:\Users\Dan\AppData\Local\{C708E47B-C739-4680-91EC-B221F38D19E0}
2013-05-27 15:25:37 -------- d-----w- C:\Users\Dan\AppData\Local\{79DCC3F8-D69F-4167-ABE1-A9279EDE72CB}
2013-05-27 03:25:26 -------- d-----w- C:\Users\Dan\AppData\Local\{40AB6EBF-489A-48BE-8768-CD5E565B22DB}
2013-05-26 15:25:14 -------- d-----w- C:\Users\Dan\AppData\Local\{E45E59E6-C28B-4B5F-916B-15318A5E57AE}
2013-05-26 03:25:02 -------- d-----w- C:\Users\Dan\AppData\Local\{A184E591-B057-4B0F-8EF0-AB6100C8ECF5}
2013-05-25 15:24:50 -------- d-----w- C:\Users\Dan\AppData\Local\{B7EF22E0-636C-4B97-AAF5-5555798F07C5}
2013-05-25 03:24:38 -------- d-----w- C:\Users\Dan\AppData\Local\{31CFC717-31E8-461E-B123-63EC56D0BD00}
2013-05-24 15:24:27 -------- d-----w- C:\Users\Dan\AppData\Local\{C2C76538-3675-4B99-930D-DF1B9BECF31B}
2013-05-24 03:24:15 -------- d-----w- C:\Users\Dan\AppData\Local\{AD32FA95-C6D9-417F-9320-7AE9C48DF173}
2013-05-23 15:24:03 -------- d-----w- C:\Users\Dan\AppData\Local\{A143CD11-9FDE-4BE4-A31B-4EC819BAABFF}
2013-05-23 03:23:52 -------- d-----w- C:\Users\Dan\AppData\Local\{14547564-C480-4C62-AC8B-9A6DC1B43B1E}
2013-05-22 15:23:40 -------- d-----w- C:\Users\Dan\AppData\Local\{625DE806-1BB0-41EA-8174-BD37F7501140}
2013-05-22 03:23:28 -------- d-----w- C:\Users\Dan\AppData\Local\{A4B02E2E-ABC3-4E45-AE19-71DE61DE8EB0}
2013-05-21 15:23:16 -------- d-----w- C:\Users\Dan\AppData\Local\{8E3E6828-E913-424B-9299-62B257F583D7}
2013-05-21 03:23:05 -------- d-----w- C:\Users\Dan\AppData\Local\{FAC5CC91-D729-4CD4-B861-9442A86EF311}
2013-05-20 15:22:53 -------- d-----w- C:\Users\Dan\AppData\Local\{B29F933F-FF34-46E4-8DE5-097B74487D0C}
2013-05-20 03:22:40 -------- d-----w- C:\Users\Dan\AppData\Local\{340BFF66-04A9-4AEC-B084-03218DA57B8F}
2013-05-19 15:22:28 -------- d-----w- C:\Users\Dan\AppData\Local\{87587E1C-FCBD-49F3-8F4C-65F6944C9083}
2013-05-19 03:22:04 -------- d-----w- C:\Users\Dan\AppData\Local\{507A3A05-F4F3-4EA1-9FF1-50C14E646B96}
2013-05-18 15:21:53 -------- d-----w- C:\Users\Dan\AppData\Local\{FAB9F551-9470-488E-89A6-4E397E9D38E1}
2013-05-18 15:00:55 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-18 15:00:53 96664 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-05-18 15:00:53 26520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-05-18 15:00:53 170232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-05-18 03:21:41 -------- d-----w- C:\Users\Dan\AppData\Local\{657DFE03-4696-4529-9590-ECA1AE3DB755}
2013-05-17 15:21:29 -------- d-----w- C:\Users\Dan\AppData\Local\{770F62A2-0853-4145-9CFF-A3DD194BD50F}
2013-05-17 03:21:18 -------- d-----w- C:\Users\Dan\AppData\Local\{1C48D65D-003C-474F-B644-B4405E3EE7EF}
2013-05-16 15:21:06 -------- d-----w- C:\Users\Dan\AppData\Local\{5BBEC8EB-0405-4D5B-BEEA-F2CBC9D65AE3}
2013-05-16 03:20:54 -------- d-----w- C:\Users\Dan\AppData\Local\{8D709147-61B1-47AB-86CB-FA9761FEC14F}
2013-05-15 14:34:07 -------- d-----w- C:\Users\Dan\AppData\Local\{EA7CBA1B-F922-4681-B1F4-E712A15F7C69}
2013-05-15 02:33:43 -------- d-----w- C:\Users\Dan\AppData\Local\{DDDAE294-1385-4AE0-8919-5191DF9ABFAB}
2013-05-14 22:41:03 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-14 22:41:03 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-14 22:41:03 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-14 22:40:56 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-14 22:40:55 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-14 22:40:55 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-14 22:40:55 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-14 22:40:51 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-05-14 22:40:51 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-05-14 22:40:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-14 14:33:32 -------- d-----w- C:\Users\Dan\AppData\Local\{1FA155EC-EA4A-41A6-BCAF-8DA5C580024E}
2013-05-14 02:33:20 -------- d-----w- C:\Users\Dan\AppData\Local\{B2871E7C-507E-4F81-84E5-545A44BFBDCC}
.
==================== Find3M  ====================
.
2013-06-12 12:14:08 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 12:14:08 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-04-02 14:09:52 4550656 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2013-03-29 06:53:48 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-03-21 07:08:24 240952 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
.
============= FINISH: 19:03:22.03 ===============

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 AM

Posted 12 June 2013 - 08:04 PM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 MrSnrub

MrSnrub
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 12 June 2013 - 09:25 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2013 04
Ran by Dan (administrator) on 12-06-2013 22:00:01
Running from C:\Users\Dan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
(WebCake LLC) C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(WebCake LLC) C:\Users\Dan\AppData\Roaming\WebCake\WebCakeDesktop.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(AVG Secure Search) C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
() C:\Windows\DAODx.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Ipswitch) C:\Program Files (x86)\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Runonce: [Del12125957] cmd.exe /Q /D /c del "C:\Users\Dan\AppData\Local\Temp\0.del" [x]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$70d69c06749f9b4f58918c1f97028f88\n. ATTENTION! ====> ZeroAccess
HKCU\...\Run: [WebCake Desktop] "C:\Users\Dan\AppData\Roaming\WebCake\WebCakeDesktop.exe" [47896 2013-06-07] (WebCake LLC)
HKLM-x32\...\Runonce: [Del12125957] cmd.exe /Q /D /c del "C:\Users\Dan\AppData\Local\Temp\0.del" [x]
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3865744635-3339371233-2930824626-1000\$70d69c06749f9b4f58918c1f97028f88\n. ATTENTION! ====> ZeroAccess
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" [1226928 2013-06-12] (AVG Secure Search)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchya.com/?f=1&a=SearchooD&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyE0C0DzztBtBzzzyyCtN0D0Tzu0CyDtBzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C1V0F1L1C1P1O1F2V&cr=1466751231&ir=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchya.com/?f=1&a=SearchooD&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyE0C0DzztBtBzzzyyCtN0D0Tzu0CyDtBzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C1V0F1L1C1P1O1F2V&cr=1466751231&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.searchya.com/?f=1&a=SearchooD&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyE0C0DzztBtBzzzyyCtN0D0Tzu0CyDtBzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C1V0F1L1C1P1O1F2V&cr=1466751231&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
URLSearchHook: (No Name) - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} -  No File
HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.searchya.com/?q={searchTerms}&f=4&a=SearchooD&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyE0C0DzztBtBzzzyyCtN0D0Tzu0CyDtBzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C1V0F1L1C1P1O1F2V&cr=1466751231&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.searchya.com/?q={searchTerms}&f=4&a=SearchooD&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyE0C0DzztBtBzzzyyCtN0D0Tzu0CyDtBzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C1V0F1L1C1P1O1F2V&cr=1466751231&ir=
HKLM-x32 SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.searchya.com/?q={searchTerms}&f=4&a=SearchooD&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyE0C0DzztBtBzzzyyCtN0D0Tzu0CyDtBzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C1V0F1L1C1P1O1F2V&cr=1466751231&ir=
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.searchya.com/?q={searchTerms}&f=4&a=SearchooD&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyE0C0DzztBtBzzzyyCtN0D0Tzu0CyDtBzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C1V0F1L1C1P1O1F2V&cr=1466751231&ir=
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.searchya.com/?q={searchTerms}&f=4&a=SearchooD&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyE0C0DzztBtBzzzyyCtN0D0Tzu0CyDtBzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C1V0F1L1C1P1O1F2V&cr=1466751231&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.searchya.com/?q={searchTerms}&f=4&a=SearchooD&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyE0C0DzztBtBzzzyyCtN0D0Tzu0CyDtBzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C1V0F1L1C1P1O1F2V&cr=1466751231&ir=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119351&tt=110613_tb&babsrc=SP_ss&mntrId=C0D8C8600014CD82
SearchScopes: HKCU - {3CCA4B1C-FEE3-4ABF-9CFB-3B14A8691F1B} URL = http://search.juno.com/search?action=search&source=browserbox&query={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={681FC145-FF3A-483D-A121-2B41E98BF96D}&mid=85837ae8c4a347d389d9192946f02471-2891a55962a3e0ede2539db4eeb025973b7617d2&lang=en&ds=AVG&pr=sa&d=2013-06-11 10:41:27&v=15.2.0.5&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: SearchYa Helper Object - {25927741-5E5B-4D27-8D8B-9188FE64373F} - C:\Program Files (x86)\SearchYa!\1.8.8.0\bh\searchya.dll (Montera Technologeis LTD)
BHO-x32: WebCake - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (WebCake LLC)
BHO-x32: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files (x86)\Juno\qsacc\X1IEBHO.dll (Juno, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DealPly - {EF7BD87A-8024-11E2-F316-F3E56188709B} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly)
BHO-x32: Juno Toolbar Helper - {FE3098B1-04A3-41fd-8CA9-BEA39CB14C87} - C:\Program Files (x86)\Juno\ucreg.dll (Juno, Inc.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM-x32 - SearchYa Toolbar - {33AA308B-B565-4376-AC66-59EE9B6AD13E} - C:\Program Files (x86)\SearchYa!\1.8.8.0\searchyaTlbr.dll (Montera Technologeis LTD)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://jport.uscourts.gov/dana-cached/sc/JuniperSetupClient.cab
Handler: msdaipp - No CLSID Value -
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\44j8gv4k.default-1371004995375
FF SelectedSearchEngine: Delta Search
FF Homepage: hxxp://www.delta-search.com/?affID=119351&tt=110613_tb&babsrc=HP_ss&mntrId=C0D8C8600014CD82
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Delta Toolbar - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\44j8gv4k.default-1371004995375\Extensions\ffxtlbr@delta.com
FF Extension: searchya.com - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\44j8gv4k.default-1371004995375\Extensions\ffxtlbr@searchya.com
FF Extension: WebCake - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\44j8gv4k.default-1371004995375\Extensions\plugin@getwebcake.com
FF Extension: No Name - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\44j8gv4k.default-1371004995375\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728 2013-05-23] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 vToolbarUpdater15.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-06-11] (AVG Secure Search)
R2 WebCake Desktop Updater; C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe [23552 2013-06-07] (WebCake LLC)

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-11] (AVG Technologies)
S2 ScFBPNT; C:\Windows\SysWow64\drivers\ScFBPNT.SYS [16288 1998-07-07] ()
S2 ScFBPNT; \??\C:\Windows\system32\drivers\ScFBPNT.SYS [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-12 21:57 - 2013-06-12 21:57 - 00000000 ____D C:\FRST
2013-06-12 21:56 - 2013-06-12 21:51 - 01920280 ____A (Farbar) C:\Users\Dan\Desktop\FRST64.exe
2013-06-12 19:03 - 2013-06-12 19:03 - 00030356 ____A C:\Users\Dan\Desktop\dds.txt
2013-06-12 19:03 - 2013-06-12 19:03 - 00014390 ____A C:\Users\Dan\Desktop\attach.txt
2013-06-12 10:01 - 2013-06-12 10:01 - 00003723 ____A C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-06-12 10:01 - 2013-06-12 10:01 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-06-12 10:01 - 2013-06-12 10:01 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-06-12 10:01 - 2013-06-12 10:01 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-06-12 10:00 - 2013-06-12 10:00 - 00000000 ___HD C:\$AVG
2013-06-12 10:00 - 2013-06-12 10:00 - 00000000 ____D C:\Program Files (x86)\AVG
2013-06-12 09:58 - 2013-06-12 09:58 - 04464544 ____A (AVG Technologies) C:\Users\Dan\Downloads\avg_free_stb_all_2013_3345_cnet.exe
2013-06-12 09:45 - 2013-06-12 09:45 - 21289608 ____A (Mozilla) C:\Users\Dan\Downloads\Firefox_Setup_21.0.exe
2013-06-12 09:45 - 2013-06-12 09:45 - 00338820 ____A C:\Users\Dan\AppData\Local\searchya_speeddial_v7.0.21.crx
2013-06-12 09:45 - 2013-06-12 09:45 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-12 09:45 - 2013-06-12 09:45 - 00000433 ____A C:\Users\Public\Desktop\SearchYa.url
2013-06-12 09:45 - 2013-06-12 09:45 - 00000432 ____A C:\Users\Public\Desktop\FREE Games.url
2013-06-12 09:45 - 2013-06-12 09:45 - 00000000 ____D C:\Users\Dan\AppData\Roaming\searchya
2013-06-12 09:45 - 2013-06-12 09:45 - 00000000 ____D C:\Users\Dan\AppData\Roaming\0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C
2013-06-12 09:45 - 2013-06-12 09:45 - 00000000 ____D C:\Program Files (x86)\SearchYa!
2013-06-12 09:45 - 2013-06-12 09:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-12 09:37 - 2013-06-12 09:38 - 00000000 ____D C:\Users\Dan\AppData\Local\{4A223137-BA92-4D5E-BBF7-7E92427EF5BB}
2013-06-12 09:31 - 2013-04-04 05:35 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 09:31 - 2013-04-04 05:30 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 09:31 - 2013-04-04 05:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-12 09:30 - 2013-06-12 09:31 - 00003915 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-06-11 22:47 - 2013-06-11 22:47 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Zip Opener Packages
2013-06-11 22:47 - 2013-06-11 22:47 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-06-11 22:46 - 2013-06-12 21:46 - 00000278 ____A C:\Windows\Tasks\DSite.job
2013-06-11 22:46 - 2013-06-11 22:46 - 00774592 ____A C:\Users\Dan\Downloads\ZipOpenerSetup.exe
2013-06-11 22:46 - 2013-06-11 22:46 - 00001114 ____A C:\Users\Public\Desktop\Open It!.lnk
2013-06-11 22:46 - 2013-06-11 22:46 - 00000000 ____D C:\Users\Dan\AppData\Roaming\WebCake
2013-06-11 22:46 - 2013-06-11 22:46 - 00000000 ____D C:\Users\Dan\AppData\Roaming\DSite
2013-06-11 22:46 - 2013-06-11 22:46 - 00000000 ____D C:\Users\Dan\AppData\Roaming\DealPly
2013-06-11 22:46 - 2013-06-11 22:46 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Babylon
2013-06-11 22:46 - 2013-06-11 22:46 - 00000000 ____D C:\Users\Dan\AppData\Roaming\BabSolution
2013-06-11 22:46 - 2013-06-11 22:46 - 00000000 ____D C:\ProgramData\Babylon
2013-06-11 22:46 - 2013-06-11 22:46 - 00000000 ____D C:\Program Files (x86)\WebCake
2013-06-11 22:46 - 2013-06-11 22:46 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-06-11 22:46 - 2013-06-11 22:46 - 00000000 ____D C:\Program Files (x86)\Delta
2013-06-11 22:46 - 2013-06-11 22:46 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-06-11 22:43 - 2013-06-11 22:43 - 00000000 ____D C:\Users\Dan\Desktop\Old Firefox Data
2013-06-11 22:22 - 2013-06-11 22:22 - 00000000 ____D C:\Windows\pss
2013-06-11 20:32 - 2013-06-11 20:32 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-11 20:32 - 2013-06-11 20:32 - 00000000 ____D C:\Program Files\iTunes
2013-06-11 20:32 - 2013-06-11 20:32 - 00000000 ____D C:\Program Files\iPod
2013-06-11 20:32 - 2013-06-11 20:32 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-11 20:29 - 2013-06-11 20:30 - 90917712 ____A (Apple Inc.) C:\Users\Dan\Downloads\iTunes64Setup.exe
2013-06-11 11:55 - 2013-06-11 11:55 - 00000000 __SHD C:\found.001
2013-06-11 10:11 - 2013-06-11 10:11 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-06-11 10:11 - 2013-06-11 10:11 - 00000000 ____D C:\Users\Dan\AppData\Roaming\TuneUp Software
2013-06-11 10:11 - 2013-06-11 10:11 - 00000000 ____D C:\Users\Dan\AppData\Roaming\AVG2013
2013-06-11 10:11 - 2013-06-11 10:11 - 00000000 ____D C:\Users\Dan\AppData\Local\AVG SafeGuard toolbar
2013-06-11 10:10 - 2013-06-12 10:01 - 00000000 ____D C:\ProgramData\AVG2013
2013-06-11 10:07 - 2013-06-12 18:44 - 00000000 ____D C:\ProgramData\MFAData
2013-06-11 10:07 - 2013-06-12 10:09 - 00000000 ____D C:\Users\Dan\AppData\Local\Avg2013
2013-06-11 10:07 - 2013-06-11 10:07 - 00000000 ____D C:\Users\Dan\AppData\Local\MFAData
2013-06-11 09:40 - 2013-06-11 09:41 - 00000000 ____D C:\Users\Dan\AppData\Local\{76D47768-C49F-4D97-B237-CC75AE3CA862}
2013-06-11 09:36 - 2013-06-11 09:36 - 00001110 ____A C:\Users\Public\Desktop\Picasa 3.lnk
2013-06-10 23:53 - 2013-06-10 23:53 - 00000000 __SHD C:\found.000
2013-06-10 20:30 - 2013-06-10 20:30 - 00000000 ____D C:\Users\Dan\AppData\Local\{C62665C4-A1EB-4C45-9108-4E756DF26847}
2013-06-10 08:30 - 2013-06-10 08:30 - 00000000 ____D C:\Users\Dan\AppData\Local\{6C5E3099-7097-4532-B07C-F3170CBF116D}
2013-06-09 20:30 - 2013-06-09 20:30 - 00000000 ____D C:\Users\Dan\AppData\Local\{F5CBFA43-55F9-4AB8-A684-69A37DCD92AC}
2013-06-09 08:29 - 2013-06-09 08:30 - 00000000 ____D C:\Users\Dan\AppData\Local\{F8ED1855-6210-4AEB-823E-EBD2D8F83D58}
2013-06-08 20:29 - 2013-06-08 20:29 - 00000000 ____D C:\Users\Dan\AppData\Local\{3F2126DB-2AD3-42AF-8E3C-25F480855754}
2013-06-08 08:29 - 2013-06-08 08:29 - 00000000 ____D C:\Users\Dan\AppData\Local\{4DE8A74D-846A-4E32-BD8A-6299F1C6B721}
2013-06-07 20:29 - 2013-06-07 20:29 - 00000000 ____D C:\Users\Dan\AppData\Local\{CBF6400E-3CC4-427B-B81D-4ABED728B230}
2013-06-07 08:29 - 2013-06-07 08:29 - 00000000 ____D C:\Users\Dan\AppData\Local\{32DE3F6F-5FE2-4010-BC8A-FD4B84993334}
2013-06-06 20:28 - 2013-06-06 20:29 - 00000000 ____D C:\Users\Dan\AppData\Local\{37BD4AB4-F417-4EF3-BB23-81C720706866}
2013-06-06 08:28 - 2013-06-06 08:28 - 00000000 ____D C:\Users\Dan\AppData\Local\{09141C07-2D29-4EB8-A20E-FE1C13428740}
2013-06-05 20:28 - 2013-06-05 20:28 - 00000000 ____D C:\Users\Dan\AppData\Local\{6A056B45-FF40-4D19-A15B-39A0DCFCA871}
2013-06-05 08:28 - 2013-06-05 08:28 - 00000000 ____D C:\Users\Dan\AppData\Local\{E65EBA22-3E64-4783-8C54-3C0A37868004}
2013-06-03 23:57 - 2013-06-03 23:57 - 00000000 ____D C:\Users\Dan\AppData\Local\{BA6C611F-518F-4A4A-90DB-619D1E9B49F2}
2013-06-03 11:57 - 2013-06-03 11:57 - 00000000 ____D C:\Users\Dan\AppData\Local\{6E40D1C3-FB5A-4379-98D8-758CEAE3440D}
2013-06-02 23:57 - 2013-06-02 23:57 - 00000000 ____D C:\Users\Dan\AppData\Local\{9264DEEB-C4F6-4202-AC0A-00E175689A37}
2013-06-02 11:56 - 2013-06-02 11:57 - 00000000 ____D C:\Users\Dan\AppData\Local\{61422B03-C8A4-4B99-8CB2-9663699E493F}
2013-06-01 23:56 - 2013-06-01 23:56 - 00000000 ____D C:\Users\Dan\AppData\Local\{3E3FD70D-2EFC-4F72-91D9-5EECF97B373F}
2013-06-01 11:56 - 2013-06-01 11:56 - 00000000 ____D C:\Users\Dan\AppData\Local\{31A46251-9EEC-4066-9941-4832C723A3F4}
2013-05-31 23:26 - 2013-06-12 19:40 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-31 11:27 - 2013-05-31 11:27 - 00000000 ____D C:\Users\Dan\AppData\Local\{D3909B83-3CC3-45F3-B432-53A66452E679}
2013-05-30 23:26 - 2013-05-30 23:27 - 00000000 ____D C:\Users\Dan\AppData\Local\{0B1E73EC-1D17-4830-85B0-F65CBBA1CB7B}
2013-05-30 11:26 - 2013-05-30 11:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{5A31FC14-3003-4FA5-9997-4D1CAD2E8CF1}
2013-05-29 23:26 - 2013-05-29 23:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{85E16AB3-AC19-44EF-9A71-8033ECDBEBB0}
2013-05-29 11:26 - 2013-05-29 11:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{9EC7A281-A56F-453D-9A99-2DB4966A0E56}
2013-05-28 23:26 - 2013-05-28 23:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{FBAFEA0E-22D6-4101-A731-B0C4C39219AA}
2013-05-28 11:26 - 2013-05-28 11:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{B3DB85E2-0D47-4F86-B9F3-3D3FACDDCDB5}
2013-05-27 23:25 - 2013-05-27 23:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{C708E47B-C739-4680-91EC-B221F38D19E0}
2013-05-27 11:25 - 2013-05-27 11:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{79DCC3F8-D69F-4167-ABE1-A9279EDE72CB}
2013-05-26 23:25 - 2013-05-26 23:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{40AB6EBF-489A-48BE-8768-CD5E565B22DB}
2013-05-26 11:25 - 2013-05-26 11:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{E45E59E6-C28B-4B5F-916B-15318A5E57AE}
2013-05-25 23:25 - 2013-05-25 23:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{A184E591-B057-4B0F-8EF0-AB6100C8ECF5}
2013-05-25 11:24 - 2013-05-25 11:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{B7EF22E0-636C-4B97-AAF5-5555798F07C5}
2013-05-24 23:24 - 2013-05-24 23:24 - 00000000 ____D C:\Users\Dan\AppData\Local\{31CFC717-31E8-461E-B123-63EC56D0BD00}
2013-05-24 11:24 - 2013-05-24 11:24 - 00000000 ____D C:\Users\Dan\AppData\Local\{C2C76538-3675-4B99-930D-DF1B9BECF31B}
2013-05-23 23:24 - 2013-05-23 23:24 - 00000000 ____D C:\Users\Dan\AppData\Local\{AD32FA95-C6D9-417F-9320-7AE9C48DF173}
2013-05-23 11:24 - 2013-05-23 11:24 - 00000000 ____D C:\Users\Dan\AppData\Local\{A143CD11-9FDE-4BE4-A31B-4EC819BAABFF}
2013-05-22 23:23 - 2013-05-22 23:24 - 00000000 ____D C:\Users\Dan\AppData\Local\{14547564-C480-4C62-AC8B-9A6DC1B43B1E}
2013-05-22 11:23 - 2013-05-22 11:23 - 00000000 ____D C:\Users\Dan\AppData\Local\{625DE806-1BB0-41EA-8174-BD37F7501140}
2013-05-21 23:23 - 2013-05-21 23:23 - 00000000 ____D C:\Users\Dan\AppData\Local\{A4B02E2E-ABC3-4E45-AE19-71DE61DE8EB0}
2013-05-21 11:23 - 2013-05-21 11:23 - 00000000 ____D C:\Users\Dan\AppData\Local\{8E3E6828-E913-424B-9299-62B257F583D7}
2013-05-20 23:23 - 2013-05-20 23:23 - 00000000 ____D C:\Users\Dan\AppData\Local\{FAC5CC91-D729-4CD4-B861-9442A86EF311}
2013-05-20 11:22 - 2013-05-20 11:23 - 00000000 ____D C:\Users\Dan\AppData\Local\{B29F933F-FF34-46E4-8DE5-097B74487D0C}
2013-05-19 23:22 - 2013-05-19 23:22 - 00000000 ____D C:\Users\Dan\AppData\Local\{340BFF66-04A9-4AEC-B084-03218DA57B8F}
2013-05-19 11:22 - 2013-05-19 11:22 - 00000000 ____D C:\Users\Dan\AppData\Local\{87587E1C-FCBD-49F3-8F4C-65F6944C9083}
2013-05-18 23:22 - 2013-05-18 23:22 - 00000000 ____D C:\Users\Dan\AppData\Local\{507A3A05-F4F3-4EA1-9FF1-50C14E646B96}
2013-05-18 11:21 - 2013-05-18 11:22 - 00000000 ____D C:\Users\Dan\AppData\Local\{FAB9F551-9470-488E-89A6-4E397E9D38E1}
2013-05-18 11:00 - 2013-06-12 09:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-17 23:21 - 2013-05-17 23:21 - 00000000 ____D C:\Users\Dan\AppData\Local\{657DFE03-4696-4529-9590-ECA1AE3DB755}
2013-05-17 11:21 - 2013-05-17 11:21 - 00000000 ____D C:\Users\Dan\AppData\Local\{770F62A2-0853-4145-9CFF-A3DD194BD50F}
2013-05-16 23:21 - 2013-05-16 23:21 - 00000000 ____D C:\Users\Dan\AppData\Local\{1C48D65D-003C-474F-B644-B4405E3EE7EF}
2013-05-16 11:21 - 2013-05-16 11:21 - 00000000 ____D C:\Users\Dan\AppData\Local\{5BBEC8EB-0405-4D5B-BEEA-F2CBC9D65AE3}
2013-05-15 23:20 - 2013-05-15 23:21 - 00000000 ____D C:\Users\Dan\AppData\Local\{8D709147-61B1-47AB-86CB-FA9761FEC14F}
2013-05-15 10:34 - 2013-05-15 10:34 - 00000000 ____D C:\Users\Dan\AppData\Local\{EA7CBA1B-F922-4681-B1F4-E712A15F7C69}
2013-05-15 03:00 - 2013-04-05 02:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-15 03:00 - 2013-04-05 02:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-15 03:00 - 2013-04-05 02:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-15 03:00 - 2013-04-05 02:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 03:00 - 2013-04-05 02:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-15 03:00 - 2013-04-05 02:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-15 03:00 - 2013-04-05 02:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-15 03:00 - 2013-04-05 02:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-15 03:00 - 2013-04-05 02:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-15 03:00 - 2013-04-05 02:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 03:00 - 2013-04-05 02:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-15 03:00 - 2013-04-05 02:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-15 03:00 - 2013-04-05 02:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-15 03:00 - 2013-04-05 02:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-15 03:00 - 2013-04-05 01:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-15 03:00 - 2013-04-05 01:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-15 03:00 - 2013-04-05 01:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-15 03:00 - 2013-04-05 01:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-15 03:00 - 2013-04-05 01:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-15 03:00 - 2013-04-05 01:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-15 03:00 - 2013-04-05 01:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-15 03:00 - 2013-04-05 01:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-15 03:00 - 2013-04-05 01:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-15 03:00 - 2013-04-05 01:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-15 03:00 - 2013-04-05 01:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-15 03:00 - 2013-04-05 01:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-15 03:00 - 2013-04-05 01:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-15 03:00 - 2013-04-05 00:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-15 03:00 - 2013-04-05 00:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 03:00 - 2013-04-04 23:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-15 03:00 - 2013-04-04 23:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-14 22:33 - 2013-05-14 22:33 - 00000000 ____D C:\Users\Dan\AppData\Local\{DDDAE294-1385-4AE0-8919-5191DF9ABFAB}
2013-05-14 18:41 - 2013-04-10 02:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-14 18:41 - 2013-04-10 02:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-14 18:41 - 2011-02-03 07:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-14 18:40 - 2013-04-09 23:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-14 18:40 - 2013-03-19 01:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-14 18:40 - 2013-03-19 01:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-14 18:40 - 2013-02-27 02:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-14 18:40 - 2013-02-27 01:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-14 18:40 - 2013-02-27 01:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-14 18:40 - 2013-02-27 01:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-14 18:40 - 2013-02-27 01:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-14 18:40 - 2013-02-27 00:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-14 18:40 - 2013-02-27 00:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-14 18:40 - 2013-02-27 00:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-14 10:33 - 2013-05-14 10:33 - 00000000 ____D C:\Users\Dan\AppData\Local\{1FA155EC-EA4A-41A6-BCAF-8DA5C580024E}
2013-05-13 22:33 - 2013-05-13 22:33 - 00000000 ____D C:\Users\Dan\AppData\Local\{B2871E7C-507E-4F81-84E5-545A44BFBDCC}
2013-05-13 10:33 - 2013-05-13 10:33 - 00000000 ____D C:\Users\Dan\AppData\Local\{6E38AEC9-1E22-4CA1-BF1F-7CBD04E9CA60}

==================== One Month Modified Files and Folders =======

2013-06-12 21:57 - 2013-06-12 21:57 - 00000000 ____D C:\FRST
2013-06-12 21:51 - 2013-06-12 21:56 - 01920280 ____A (Farbar) C:\Users\Dan\Desktop\FRST64.exe
2013-06-12 21:46 - 2013-06-11 22:46 - 00000278 ____A C:\Windows\Tasks\DSite.job
2013-06-12 21:14 - 2012-04-08 00:10 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-12 19:40 - 2013-05-31 23:26 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-12 19:03 - 2013-06-12 19:03 - 00030356 ____A C:\Users\Dan\Desktop\dds.txt
2013-06-12 19:03 - 2013-06-12 19:03 - 00014390 ____A C:\Users\Dan\Desktop\attach.txt
2013-06-12 19:02 - 2009-07-14 01:13 - 00004994 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-12 19:00 - 2012-03-04 10:58 - 00000055 ____A C:\Windows\mail.ini
2013-06-12 18:44 - 2013-06-11 10:07 - 00000000 ____D C:\ProgramData\MFAData
2013-06-12 11:31 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-12 11:30 - 2009-07-14 01:08 - 00028132 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-12 10:09 - 2013-06-11 10:07 - 00000000 ____D C:\Users\Dan\AppData\Local\Avg2013
2013-06-12 10:01 - 2013-06-12 10:01 - 00003723 ____A C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-06-12 10:01 - 2013-06-12 10:01 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-06-12 10:01 - 2013-06-12 10:01 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-06-12 10:01 - 2013-06-12 10:01 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-06-12 10:01 - 2013-06-11 10:10 - 00000000 ____D C:\ProgramData\AVG2013
2013-06-12 10:00 - 2013-06-12 10:00 - 00000000 ___HD C:\$AVG
2013-06-12 10:00 - 2013-06-12 10:00 - 00000000 ____D C:\Program Files (x86)\AVG
2013-06-12 09:58 - 2013-06-12 09:58 - 04464544 ____A (AVG Technologies) C:\Users\Dan\Downloads\avg_free_stb_all_2013_3345_cnet.exe
2013-06-12 09:45 - 2013-06-12 09:45 - 21289608 ____A (Mozilla) C:\Users\Dan\Downloads\Firefox_Setup_21.0.exe
2013-06-12 09:45 - 2013-06-12 09:45 - 00338820 ____A C:\Users\Dan\AppData\Local\searchya_speeddial_v7.0.21.crx
2013-06-12 09:45 - 2013-06-12 09:45 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-12 09:45 - 2013-06-12 09:45 - 00000433 ____A C:\Users\Public\Desktop\SearchYa.url
2013-06-12 09:45 - 2013-06-12 09:45 - 00000432 ____A C:\Users\Public\Desktop\FREE Games.url
2013-06-12 09:45 - 2013-06-12 09:45 - 00000000 ____D C:\Users\Dan\AppData\Roaming\searchya
2013-06-12 09:45 - 2013-06-12 09:45 - 00000000 ____D C:\Users\Dan\AppData\Roaming\0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C
2013-06-12 09:45 - 2013-06-12 09:45 - 00000000 ____D C:\Program Files (x86)\SearchYa!
2013-06-12 09:45 - 2013-06-12 09:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-12 09:45 - 2013-05-18 11:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-12 09:38 - 2013-06-12 09:37 - 00000000 ____D C:\Users\Dan\AppData\Local\{4A223137-BA92-4D5E-BBF7-7E92427EF5BB}
2013-06-12 09:31 - 2013-06-12 09:30 - 00003915 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-06-12 09:31 - 2013-03-09 18:47 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-12 08:14 - 2012-04-08 00:10 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 08:14 - 2012-03-01 11:36 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 06:30 - 2009-07-14 00:45 - 00022064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-12 06:30 - 2009-07-14 00:45 - 00022064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-12 06:23 - 2012-03-02 18:57 - 00012208 ____A C:\Windows\setupact.log
2013-06-12 06:23 - 2012-03-01 08:44 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-12 06:23 - 2010-11-20 23:47 - 00027484 ____A C:\Windows\PFRO.log
2013-06-11 22:47 - 2013-06-11 22:47 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Zip Opener Packages
2013-06-11 22:47 - 2013-06-11 22:47 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-06-11 22:46 - 2013-06-11 22:46 - 00774592 ____A C:\Users\Dan\Downloads\ZipOpenerSetup.exe
2013-06-11 22:46 - 2013-06-11 22:46 - 00001114 ____A C:\Users\Public\Desktop\Open It!.lnk
2013-06-11 22:46 - 2013-06-11 22:46 - 00000000 ____D C:\Users\Dan\AppData\Roaming\WebCake
2013-06-11 22:46 - 2013-06-11 22:46 - 00000000 ____D C:\Users\Dan\AppData\Roaming\DSite
2013-06-11 22:46 - 2013-06-11 22:46 - 00000000 ____D C:\Users\Dan\AppData\Roaming\DealPly
2013-06-11 22:46 - 2013-06-11 22:46 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Babylon
2013-06-11 22:46 - 2013-06-11 22:46 - 00000000 ____D C:\Users\Dan\AppData\Roaming\BabSolution
2013-06-11 22:46 - 2013-06-11 22:46 - 00000000 ____D C:\ProgramData\Babylon
2013-06-11 22:46 - 2013-06-11 22:46 - 00000000 ____D C:\Program Files (x86)\WebCake
2013-06-11 22:46 - 2013-06-11 22:46 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-06-11 22:46 - 2013-06-11 22:46 - 00000000 ____D C:\Program Files (x86)\Delta
2013-06-11 22:46 - 2013-06-11 22:46 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-06-11 22:46 - 2012-03-03 22:49 - 00000000 ____D C:\Users\Dan\AppData\Local\Google
2013-06-11 22:43 - 2013-06-11 22:43 - 00000000 ____D C:\Users\Dan\Desktop\Old Firefox Data
2013-06-11 22:22 - 2013-06-11 22:22 - 00000000 ____D C:\Windows\pss
2013-06-11 20:43 - 2008-01-01 01:22 - 01316028 ____A C:\Windows\WindowsUpdate.log
2013-06-11 20:32 - 2013-06-11 20:32 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-11 20:32 - 2013-06-11 20:32 - 00000000 ____D C:\Program Files\iTunes
2013-06-11 20:32 - 2013-06-11 20:32 - 00000000 ____D C:\Program Files\iPod
2013-06-11 20:32 - 2013-06-11 20:32 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-11 20:30 - 2013-06-11 20:29 - 90917712 ____A (Apple Inc.) C:\Users\Dan\Downloads\iTunes64Setup.exe
2013-06-11 11:55 - 2013-06-11 11:55 - 00000000 __SHD C:\found.001
2013-06-11 10:11 - 2013-06-11 10:11 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-06-11 10:11 - 2013-06-11 10:11 - 00000000 ____D C:\Users\Dan\AppData\Roaming\TuneUp Software
2013-06-11 10:11 - 2013-06-11 10:11 - 00000000 ____D C:\Users\Dan\AppData\Roaming\AVG2013
2013-06-11 10:11 - 2013-06-11 10:11 - 00000000 ____D C:\Users\Dan\AppData\Local\AVG SafeGuard toolbar
2013-06-11 10:07 - 2013-06-11 10:07 - 00000000 ____D C:\Users\Dan\AppData\Local\MFAData
2013-06-11 09:41 - 2013-06-11 09:40 - 00000000 ____D C:\Users\Dan\AppData\Local\{76D47768-C49F-4D97-B237-CC75AE3CA862}
2013-06-11 09:36 - 2013-06-11 09:36 - 00001110 ____A C:\Users\Public\Desktop\Picasa 3.lnk
2013-06-11 09:35 - 2012-03-03 22:49 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-11 02:44 - 2008-01-01 01:22 - 00000000 ____D C:\users\Dan
2013-06-10 23:53 - 2013-06-10 23:53 - 00000000 __SHD C:\found.000
2013-06-10 20:30 - 2013-06-10 20:30 - 00000000 ____D C:\Users\Dan\AppData\Local\{C62665C4-A1EB-4C45-9108-4E756DF26847}
2013-06-10 08:30 - 2013-06-10 08:30 - 00000000 ____D C:\Users\Dan\AppData\Local\{6C5E3099-7097-4532-B07C-F3170CBF116D}
2013-06-09 20:30 - 2013-06-09 20:30 - 00000000 ____D C:\Users\Dan\AppData\Local\{F5CBFA43-55F9-4AB8-A684-69A37DCD92AC}
2013-06-09 08:30 - 2013-06-09 08:29 - 00000000 ____D C:\Users\Dan\AppData\Local\{F8ED1855-6210-4AEB-823E-EBD2D8F83D58}
2013-06-08 20:29 - 2013-06-08 20:29 - 00000000 ____D C:\Users\Dan\AppData\Local\{3F2126DB-2AD3-42AF-8E3C-25F480855754}
2013-06-08 08:29 - 2013-06-08 08:29 - 00000000 ____D C:\Users\Dan\AppData\Local\{4DE8A74D-846A-4E32-BD8A-6299F1C6B721}
2013-06-07 20:29 - 2013-06-07 20:29 - 00000000 ____D C:\Users\Dan\AppData\Local\{CBF6400E-3CC4-427B-B81D-4ABED728B230}
2013-06-07 08:29 - 2013-06-07 08:29 - 00000000 ____D C:\Users\Dan\AppData\Local\{32DE3F6F-5FE2-4010-BC8A-FD4B84993334}
2013-06-06 20:29 - 2013-06-06 20:28 - 00000000 ____D C:\Users\Dan\AppData\Local\{37BD4AB4-F417-4EF3-BB23-81C720706866}
2013-06-06 08:28 - 2013-06-06 08:28 - 00000000 ____D C:\Users\Dan\AppData\Local\{09141C07-2D29-4EB8-A20E-FE1C13428740}
2013-06-05 20:28 - 2013-06-05 20:28 - 00000000 ____D C:\Users\Dan\AppData\Local\{6A056B45-FF40-4D19-A15B-39A0DCFCA871}
2013-06-05 19:33 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-05 08:28 - 2013-06-05 08:28 - 00000000 ____D C:\Users\Dan\AppData\Local\{E65EBA22-3E64-4783-8C54-3C0A37868004}
2013-06-03 23:57 - 2013-06-03 23:57 - 00000000 ____D C:\Users\Dan\AppData\Local\{BA6C611F-518F-4A4A-90DB-619D1E9B49F2}
2013-06-03 11:57 - 2013-06-03 11:57 - 00000000 ____D C:\Users\Dan\AppData\Local\{6E40D1C3-FB5A-4379-98D8-758CEAE3440D}
2013-06-02 23:57 - 2013-06-02 23:57 - 00000000 ____D C:\Users\Dan\AppData\Local\{9264DEEB-C4F6-4202-AC0A-00E175689A37}
2013-06-02 11:57 - 2013-06-02 11:56 - 00000000 ____D C:\Users\Dan\AppData\Local\{61422B03-C8A4-4B99-8CB2-9663699E493F}
2013-06-01 23:56 - 2013-06-01 23:56 - 00000000 ____D C:\Users\Dan\AppData\Local\{3E3FD70D-2EFC-4F72-91D9-5EECF97B373F}
2013-06-01 11:56 - 2013-06-01 11:56 - 00000000 ____D C:\Users\Dan\AppData\Local\{31A46251-9EEC-4066-9941-4832C723A3F4}
2013-05-31 11:27 - 2013-05-31 11:27 - 00000000 ____D C:\Users\Dan\AppData\Local\{D3909B83-3CC3-45F3-B432-53A66452E679}
2013-05-30 23:27 - 2013-05-30 23:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{0B1E73EC-1D17-4830-85B0-F65CBBA1CB7B}
2013-05-30 11:26 - 2013-05-30 11:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{5A31FC14-3003-4FA5-9997-4D1CAD2E8CF1}
2013-05-29 23:26 - 2013-05-29 23:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{85E16AB3-AC19-44EF-9A71-8033ECDBEBB0}
2013-05-29 11:26 - 2013-05-29 11:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{9EC7A281-A56F-453D-9A99-2DB4966A0E56}
2013-05-28 23:26 - 2013-05-28 23:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{FBAFEA0E-22D6-4101-A731-B0C4C39219AA}
2013-05-28 11:26 - 2013-05-28 11:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{B3DB85E2-0D47-4F86-B9F3-3D3FACDDCDB5}
2013-05-27 23:26 - 2013-05-27 23:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{C708E47B-C739-4680-91EC-B221F38D19E0}
2013-05-27 11:25 - 2013-05-27 11:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{79DCC3F8-D69F-4167-ABE1-A9279EDE72CB}
2013-05-26 23:25 - 2013-05-26 23:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{40AB6EBF-489A-48BE-8768-CD5E565B22DB}
2013-05-26 11:25 - 2013-05-26 11:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{E45E59E6-C28B-4B5F-916B-15318A5E57AE}
2013-05-25 23:25 - 2013-05-25 23:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{A184E591-B057-4B0F-8EF0-AB6100C8ECF5}
2013-05-25 11:25 - 2013-05-25 11:24 - 00000000 ____D C:\Users\Dan\AppData\Local\{B7EF22E0-636C-4B97-AAF5-5555798F07C5}
2013-05-24 23:24 - 2013-05-24 23:24 - 00000000 ____D C:\Users\Dan\AppData\Local\{31CFC717-31E8-461E-B123-63EC56D0BD00}
2013-05-24 11:24 - 2013-05-24 11:24 - 00000000 ____D C:\Users\Dan\AppData\Local\{C2C76538-3675-4B99-930D-DF1B9BECF31B}
2013-05-23 23:24 - 2013-05-23 23:24 - 00000000 ____D C:\Users\Dan\AppData\Local\{AD32FA95-C6D9-417F-9320-7AE9C48DF173}
2013-05-23 11:24 - 2013-05-23 11:24 - 00000000 ____D C:\Users\Dan\AppData\Local\{A143CD11-9FDE-4BE4-A31B-4EC819BAABFF}
2013-05-22 23:24 - 2013-05-22 23:23 - 00000000 ____D C:\Users\Dan\AppData\Local\{14547564-C480-4C62-AC8B-9A6DC1B43B1E}
2013-05-22 11:23 - 2013-05-22 11:23 - 00000000 ____D C:\Users\Dan\AppData\Local\{625DE806-1BB0-41EA-8174-BD37F7501140}
2013-05-21 23:23 - 2013-05-21 23:23 - 00000000 ____D C:\Users\Dan\AppData\Local\{A4B02E2E-ABC3-4E45-AE19-71DE61DE8EB0}
2013-05-21 11:23 - 2013-05-21 11:23 - 00000000 ____D C:\Users\Dan\AppData\Local\{8E3E6828-E913-424B-9299-62B257F583D7}
2013-05-20 23:23 - 2013-05-20 23:23 - 00000000 ____D C:\Users\Dan\AppData\Local\{FAC5CC91-D729-4CD4-B861-9442A86EF311}
2013-05-20 11:23 - 2013-05-20 11:22 - 00000000 ____D C:\Users\Dan\AppData\Local\{B29F933F-FF34-46E4-8DE5-097B74487D0C}
2013-05-19 23:22 - 2013-05-19 23:22 - 00000000 ____D C:\Users\Dan\AppData\Local\{340BFF66-04A9-4AEC-B084-03218DA57B8F}
2013-05-19 11:22 - 2013-05-19 11:22 - 00000000 ____D C:\Users\Dan\AppData\Local\{87587E1C-FCBD-49F3-8F4C-65F6944C9083}
2013-05-18 23:22 - 2013-05-18 23:22 - 00000000 ____D C:\Users\Dan\AppData\Local\{507A3A05-F4F3-4EA1-9FF1-50C14E646B96}
2013-05-18 11:22 - 2013-05-18 11:21 - 00000000 ____D C:\Users\Dan\AppData\Local\{FAB9F551-9470-488E-89A6-4E397E9D38E1}
2013-05-17 23:21 - 2013-05-17 23:21 - 00000000 ____D C:\Users\Dan\AppData\Local\{657DFE03-4696-4529-9590-ECA1AE3DB755}
2013-05-17 11:21 - 2013-05-17 11:21 - 00000000 ____D C:\Users\Dan\AppData\Local\{770F62A2-0853-4145-9CFF-A3DD194BD50F}
2013-05-16 23:21 - 2013-05-16 23:21 - 00000000 ____D C:\Users\Dan\AppData\Local\{1C48D65D-003C-474F-B644-B4405E3EE7EF}
2013-05-16 11:21 - 2013-05-16 11:21 - 00000000 ____D C:\Users\Dan\AppData\Local\{5BBEC8EB-0405-4D5B-BEEA-F2CBC9D65AE3}
2013-05-15 23:21 - 2013-05-15 23:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{8D709147-61B1-47AB-86CB-FA9761FEC14F}
2013-05-15 10:34 - 2013-05-15 10:34 - 00000000 ____D C:\Users\Dan\AppData\Local\{EA7CBA1B-F922-4681-B1F4-E712A15F7C69}
2013-05-15 04:00 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-05-15 03:23 - 2009-07-14 00:45 - 00416688 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-15 03:07 - 2009-07-13 22:34 - 00000499 ____A C:\Windows\win.ini
2013-05-15 03:04 - 2012-03-01 08:34 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-14 22:33 - 2013-05-14 22:33 - 00000000 ____D C:\Users\Dan\AppData\Local\{DDDAE294-1385-4AE0-8919-5191DF9ABFAB}
2013-05-14 10:33 - 2013-05-14 10:33 - 00000000 ____D C:\Users\Dan\AppData\Local\{1FA155EC-EA4A-41A6-BCAF-8DA5C580024E}
2013-05-13 22:33 - 2013-05-13 22:33 - 00000000 ____D C:\Users\Dan\AppData\Local\{B2871E7C-507E-4F81-84E5-545A44BFBDCC}
2013-05-13 10:33 - 2013-05-13 10:33 - 00000000 ____D C:\Users\Dan\AppData\Local\{6E38AEC9-1E22-4CA1-BF1F-7CBD04E9CA60}

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3865744635-3339371233-2930824626-1000\$70d69c06749f9b4f58918c1f97028f88

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$70d69c06749f9b4f58918c1f97028f88

Files to move or delete:
====================
C:\Users\Dan\wsftpproLE12.3_English_SN13IXRJU9S7YKU76IN04EDEY.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

LastRegBack: 2013-06-03 00:33

==================== End Of Log ============================

 

 

 

Attached Files



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 AM

Posted 14 June 2013 - 11:23 PM

Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3865744635-3339371233-2930824626-1000\$70d69c06749f9b4f58918c1f97028f88\n. ATTENTION! ====> ZeroAccess
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\$Recycle.Bin\S-1-5-21-3865744635-3339371233-2930824626-1000\$70d69c06749f9b4f58918c1f97028f88
C:\$Recycle.Bin\S-1-5-18\$70d69c06749f9b4f58918c1f97028f88
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 AM

Posted 26 June 2013 - 10:04 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users