Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Links being redirected, cookies not working, pop-ups - ZeroAccess rootkit


  • This topic is locked This topic is locked
44 replies to this topic

#1 TiredOcean

TiredOcean

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 21 July 2013 - 11:16 AM

My computer seems to be infected with a virus that makes links occasionally redirect to other websites; this tends to happen most with Google search links. Cookies have also been disabled on my browser (Firefox), which means that I cannot log on to anything that I haven't already been logged on to (which irritatingly includes BleepingComputer). Text on web pages turn into advertising links (the kind where the text goes green and has a double underscore). I also occasionally get pop-ups while browsing.

The virus has disabled Windows Firewall, as when I log in I get a notification saying that it has been disabled.

 

I initially posted my problems here, with the person who helped me, Broni, concluding that "You're infected with ZeroAccess rootkit. It'll require elevated help.".

 

 

These are my dds.txt and and attach.txt logs:

 

DDS (Ver_2012-11-20.01) - NTFS_x86  
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by Deniz at 16:52:14 on 2013-07-21
Microsoft Windows XP Home Edition  5.1.2600.3.1252.44.1033.18.2045.1290 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\LGScsiCommandService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vVX1000.exe
C:\Program Files\MSI Afterburner\MSIAfterburner.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uWindow Title = Windows Internet Explorer provided by MSN & Bing
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [MSIAfterburner] "c:\program files\msi afterburner\MSIAfterburner.exe" /s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1300580380468
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350769413687
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
TCP: Interfaces\{1C766DBF-0560-4182-83F2-D3BEB36F4D74} : NameServer = 62.6.40.178,62.6.40.162
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\deniz.family-vwh3mk1r\application data\mozilla\firefox\profiles\2b51kfyi.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://duckduckgo.com/
FF - component: c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: !HIDDEN! 2011-03-20 21:58; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-6-10 242240]
R2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe  -run --> c:\windows\system32\hasplms.exe  -run [?]
R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [2013-5-10 47616]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-3-29 99856]
R3 RTCore32;RTCore32;c:\program files\msi afterburner\RTCore32.sys [2011-9-6 5632]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys --> c:\windows\system32\drivers\vmci.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;h:\hi-rez studios\hipatchservice.exe --> h:\hi-rez studios\HiPatchService.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-3 162408]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-3-20 1691480]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2012-6-1 16512]
S3 cpuz130;cpuz130;\??\c:\docume~1\gunes~1.fam\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\gunes~1.fam\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\games\dragon age\bin_ship\daupdatersvc.service.exe --> e:\games\dragon age\bin_ship\DAUpdaterSvc.Service.exe [?]
S3 fsfilter;Fighting Stick Filter Driver;c:\windows\system32\drivers\fsfilter.sys [2012-8-30 4992]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2012-7-7 33792]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2012-4-3 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-06-30 20:07:24    --------    d-s---w-    C:\ComboFix
2013-06-30 16:48:23    --------    d-----w-    c:\program files\ESET
2013-06-30 16:13:42    --------    d-----w-    c:\documents and settings\all users.windows\application data\Malwarebytes' Anti-Malware (portable)
2013-06-30 12:55:15    --------    d-----w-    c:\documents and settings\deniz.family-vwh3mk1r\application data\Malwarebytes
2013-06-30 12:55:06    --------    d-----w-    c:\documents and settings\all users.windows\application data\Malwarebytes
2013-06-28 19:26:20    --------    d-----w-    c:\program files\ARC SYSTEM WORKS
2013-06-27 19:45:41    7068072    ----a-w-    c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{c7f40138-f567-4382-84bd-c2321a71198f}\mpengine.dll
2013-06-25 14:02:51    7068072    ----a-w-    c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-06-25 14:02:31    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-06-25 13:59:35    --------    d-----w-    c:\program files\Microsoft Security Client
2013-06-24 18:03:54    144896    ----a-w-    c:\windows\system32\javacpl.cpl
2013-06-24 18:03:48    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M  ====================
.
2013-06-24 18:03:24    867240    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-06-24 18:03:23    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-06-13 13:32:12    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-13 13:32:12    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-10 22:43:48    242240    ----a-w-    c:\windows\system32\drivers\dtsoftbus01.sys
.
============= FINISH: 16:54:15.82 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 19/03/2011 23:24:17
System Uptime: 21/07/2013 16:49:08 (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | GA-MA74GMT-S2
Processor: AMD Athlon™ II X2 250 Processor | Socket M2 | 3013/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 11.484 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP345: 28/06/2013 20:49:21 - Installed DirectX
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
AMD APP SDK Runtime
AMD AVIVO Codecs
AMD Catalyst Install Manager
ATI Catalyst Registration
ATI Parental Control & Encoder
Audacity 2.0.3
Autodesk Softimage Mod Tool 7.5
BIT.TRIP RUNNER
BLAZBLUE -CALAMITY TRIGGER-
BT Broadband Desktop Help
BTHomeHub
CamStudio
CamStudio Lossless Codec v1.4
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CDisplay 1.8
Combined Community Codec Pack 2011-11-11
Compatibility Pack for the 2007 Office system
DAEMON Tools Lite
Defraggler
Dragon Age: Origins
Enable S3 for USB Device
ESET Online Scanner v3
Facebook Video Calling 1.2.0.287
Fraps (remove only)
GCFScape 1.7.5
GIMP 2.8.0
GoToAssist Corporate
GTA San Andreas
Hi-Rez Studios Authenticate and Update Service
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
HP Deskjet 2050 J510 series Basic Device Software
HP Deskjet 2050 J510 series Help
ImgBurn
IrfanView (remove only)
IsoBuster 3.2
Japanese Fonts Support For Adobe Reader X
Java 7 Update 25
Java Auto Updater
Katawa Shoujo
LAME v3.98.3 for Audacity
LAME v3.99.3 (for Windows)
League of Legends
LG USB Modem Drivers
LOLReplay
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft AppLocale
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Windows Application Compatibility Database
Microsoft XNA Framework Redistributable 3.1
Miners4k
Mozilla Firefox 22.0 (x86 en-GB)
Mozilla Maintenance Service
Mp3tag v2.52
MSI Afterburner 2.3.1
Notepad++
OpenAL
PCSX2 - Playstation 2 Emulator
Prism Video File Converter
QT Lite 4.1.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB923789)
Skype™ 6.5
Source SDK Base 2006
Speccy
Steam
SUPER STREET FIGHTER IV: ARCADE EDITION
Supercade
Tribes Ascend Closed Beta
Trust WB-1400T Webcam
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
USB Vibration Joystick
VLC media player 2.0.1
VTFEdit 1.2.5
Vuze
WebFldrs XP
WinDirStat 1.1.2
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
World of Tanks
X-Chat 2.8.6-2
Zune Desktop Theme
.
==== Event Viewer Messages From Past Week ========
.
21/07/2013 16:50:07, error: Service Control Manager [7023]  - The Network Location Awareness (NLA) service terminated with the following error:  The specified procedure could not be found.
21/07/2013 16:50:02, error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
21/07/2013 16:50:02, error: Service Control Manager [7000]  - The Microsoft Antimalware Service service failed to start due to the following error:  The file can not be accessed by the system.
.
==== End Of File ===========================
 

 

 



BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:04 AM

Posted 21 July 2013 - 03:41 PM

Hello TiredOcean, and welcome to Bleeping Computer! :)

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:
  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • Please copy and paste all logs here unless otherwise instructed!
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
==========

Yes, Broni was correct. You are infected with the rootkit ZeroAccess! Due to this, I must issue a warning:

:step1: Warning

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. If you wish to continue with the cleaning process, then continue reading.

==========

:step2:

In light of ZA, we will begin with Combofix:

Run Combofix

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out here or here

Combofix may need to reboot your computer more than once to do its job...this is normal.

You can download Combofix from one of these links.
  • Close any open browsers or any other programs that are open.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you C:\Combofix.txt. Please include that in your next reply.
Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

==========

After copying and pasting the Combofix log, please let me know how the machine is running now?

bloopie

Edited by bloopie, 23 July 2013 - 07:45 AM.


#3 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:04 AM

Posted 24 July 2013 - 08:27 AM

Hello again,

Are you still with me? :)

This is a 3-Day Bump! If you still wish to receive help please follow the instructions in my last post.

If you do not respond in another 48 hours, I will be forced to close this topic!

bloopie

#4 TiredOcean

TiredOcean
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 24 July 2013 - 02:20 PM

Sorry about that. I want to thank you for your quick response, and apologize for my tardiness.

I do have my original Windows CD (XP SP1). Please note that I also followed your advice with my computer's Ethernet cable unplugged, so it did not have a connection to the internet, as you advised.

 

The problem is that I cannot close Microsoft Security Essentials before running Combofix. This is a symptom of my problem; when I try to follow the instructions that you provided (Open MSE and go to Settings > Real Time Protection), I cannot open Microsoft Security Essentials as it gives me this error:

"C:\Program Files\Microsoft Security Client\msseces.exe

 

The file can not be accessed by the system."

 

What should I do? Thank you for your support.



#5 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:04 AM

Posted 24 July 2013 - 07:30 PM

Hello again,
 

I want to thank you for your quick response, and apologize for my tardiness.

The help is my pleasure, and no need to apologize. We all have lives outside of our computers, so no worries. :)
 
Please abandon Combofix for the time being. The version of ZeroAccess on your machine is quite tricky, so we must be careful and take the correct steps. Microsoft Security Essentials is deeply involved with this infection, so we will need a couple of more logs to gather some more information before we begin cleaning.
 
==========

Step :step1:

Download this to your desktop:
Junction.zip

Unzip it, and then save junction.exe to the C:\Windows directory: <--IMPORTANT!

  • Hold the "Windows0d8a4985-b5e2-41a6-a1b6-e4bafb517937_92." key and press "R" to open the runbox.
  • Type cmd in the empty box, then press ENTER. A command prompt black dos window will open. Copy and paste the command below into that window and press enter.
cmd /c junction -s c:\ >log.txt&log.txt

Be patient and wait until a log file opens. Copy and paste the log in your next reply.

==========

Step :step2:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You'll need the 32-bit version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

==========

In your next reply, please include the following:

  • The Junction log
  • The FRST.txt log
  • Attach the Addition.txt log

bloopie


Edited by bloopie, 24 July 2013 - 07:34 PM.
Fixed typo


#6 TiredOcean

TiredOcean
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 25 July 2013 - 12:03 PM

Junction log:

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com
 
 Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.
 Failed to open \\?\c:\\System Volume Information: Access is denied.
 Failed to open \\?\c:\\87639fa9aa798dd9d4ad2ee5ddad282f\update: Access is denied.
...       ...       .. Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\004d13f2562005316bdab6ccf5bcb24d_753f667a-49c2-4482-8658-983bd238cc0b: Access is denied.
 Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\f9fba557b6822a374fd114b120da1c23_753f667a-49c2-4482-8658-983bd238cc0b: Access is denied.
 Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\df28c1aec6ce68e0cf4e3572031f9085_753f667a-49c2-4482-8658-983bd238cc0b: Access is denied.
 Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea563f5ed0b8ea72081a19b9b561dd25_753f667a-49c2-4482-8658-983bd238cc0b: Access is denied.
.       ...       .. Failed to open \\?\c:\\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-0.bin: Access is denied.
.       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       .. Failed to open \\?\c:\\e07e528aee7d29efde\amd64: Access is denied.
 Failed to open \\?\c:\\e07e528aee7d29efde\i386: Access is denied.
.       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ..\\?\c:\\Program Files\Microsoft Security Client\Backup: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\DbgHelp.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\Drivers: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\en-us: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\EppManifest.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\LegitLib.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\MpAsDesc.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\MpClient.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\MpCmdRun.exe: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\MpCommu.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\mpevmsg.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\MpOAv.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\MpRTP.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\MpSvc.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\MsMpCom.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\MsMpEng.exe: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\MsMpLics.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\MsMpRes.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\msseces.exe: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\MsseWat.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\Setup.exe: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\SetupRes.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\shellext.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\SqmApi.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\SymSrv.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\SymSrv.yes: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
.       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ... Failed to open \\?\c:\\WINDOWS\$NtUninstallKB7590$: Access is denied.
       ...       ...       ...       ..\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
   Print Name     : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
   Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
 
\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
   Print Name     : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
   Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
 
.       ...       ...       ...       \\?\c:\\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a: JUNCTION
   Print Name     : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492
   Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492
 
Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com
 
 Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.
 Failed to open \\?\c:\\System Volume Information: Access is denied.
 Failed to open \\?\c:\\87639fa9aa798dd9d4ad2ee5ddad282f\update: Access is denied.
...       ...       .. Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\004d13f2562005316bdab6ccf5bcb24d_753f667a-49c2-4482-8658-983bd238cc0b: Access is denied.
 Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\f9fba557b6822a374fd114b120da1c23_753f667a-49c2-4482-8658-983bd238cc0b: Access is denied.
 Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\df28c1aec6ce68e0cf4e3572031f9085_753f667a-49c2-4482-8658-983bd238cc0b: Access is denied.
 Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea563f5ed0b8ea72081a19b9b561dd25_753f667a-49c2-4482-8658-983bd238cc0b: Access is denied.
.       ...       .. Failed to open \\?\c:\\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-0.bin: Access is denied.
.       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       .. Failed to open \\?\c:\\e07e528aee7d29efde\amd64: Access is denied.
 Failed to open \\?\c:\\e07e528aee7d29efde\i386: Access is denied.
.       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ..\\?\c:\\Program Files\Microsoft Security Client\Backup: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\DbgHelp.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\Drivers: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\en-us: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\EppManifest.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\LegitLib.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\MpAsDesc.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\MpClient.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\MpCmdRun.exe: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\MpCommu.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\mpevmsg.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\MpOAv.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\MpRTP.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\MpSvc.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\MsMpCom.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\MsMpEng.exe: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\MsMpLics.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\MsMpRes.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\msseces.exe: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\MsseWat.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\Setup.exe: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\SetupRes.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\shellext.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\SqmApi.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\SymSrv.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
\\?\c:\\Program Files\Microsoft Security Client\SymSrv.yes: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config
 
.       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ...       ... Failed to open \\?\c:\\WINDOWS\$NtUninstallKB7590$: Access is denied.
       ...       ...       ...       ..\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
   Print Name     : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
   Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
 
\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
   Print Name     : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
   Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
 
.       ...       ...       ...       \\?\c:\\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a: JUNCTION
   Print Name     : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492
   Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492
 
\\?\c:\\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35: JUNCTION
   Print Name     : C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5
   Substitute Name: C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5
 
...       ...       ...       ...       ...       ...       ...       ..

 

\\?\c:\\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35: JUNCTION
   Print Name     : C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5
   Substitute Name: C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5
 
...       ...       ...       ...       ...       ...       ...       ..

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-07-2013
Ran by Deniz (administrator) on 25-07-2013 17:47:52
Running from C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(SafeNet Inc.) C:\WINDOWS\system32\hasplms.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Mobile Leader Co.,Ltd.) C:\WINDOWS\system32\LGScsiCommandService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
() C:\WINDOWS\system32\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\WINDOWS\vVX1000.exe
() C:\Program Files\MSI Afterburner\MSIAfterburner.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDCPL] - RTHDCPL.EXE [x]
HKLM\...\Run: [MSPY2002] - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2003-07-16] ()
HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2003-07-16] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2003-07-16] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [VX1000] - C:\WINDOWS\vVX1000.exe [757248 2009-06-26] (Microsoft Corporation)
HKLM\...\Run: [MSIAfterburner] - C:\Program Files\MSI Afterburner\MSIAfterburner.exe [425016 2013-01-23] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] ()
HKLM\...\Run: [MRT] - C:\WINDOWS\system32\MRT.exe [73381792 2013-07-25] (Microsoft Corporation)
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll [X]
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\Administrator\...\Run: [Google Update] - "C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [x]
HKU\Default User.WINDOWS\...\Run: [Google Update] - "C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [x]
HKU\Gunes\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ 2008-10-29] (Google Inc.)
HKU\Gunes.FAMILY-VWH3MK1R\...\Run: [Facebook Update] - "C:\Documents and Settings\Gunes.FAMILY-VWH3MK1R\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [ 2012-08-23] (Facebook Inc.)
HKU\Nalan\...\Run: [Google Update] - "C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [x]
HKU\Nalan\...\Run: [MSMSGS] - "C:\Program Files\Messenger\msmsgs.exe" /background [ 2008-04-14] (Microsoft Corporation)
HKU\Nalan\...\Run: [Facebook Update] - "C:\Documents and Settings\Nalan\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [ 2013-03-25] (Facebook Inc.)
HKU\Owner\...\Run: [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [ 2013-06-03] (Skype Technologies S.A.)
HKU\Owner\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ 2008-10-29] (Google Inc.)
HKU\Owner\...\Run: [msnmsgr] - "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [x]
HKU\Owner\...\Run: [kdx] - C:\Program Files\Kontiki\KHost.exe -all [x]
SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {07BEAF52-4360-409B-9C15-4C99103798AB} URL = http://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
SearchScopes: HKCU - {E4013E4C-9669-45F0-916D-66C1D321603F} URL = http://www.bing.com/search?q={searchTerms}&form=IE0006
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1300580380468
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
Handler: ipp - No CLSID Value -  
Handler: msdaipp - No CLSID Value -  
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Tcpip\..\Interfaces\{1C766DBF-0560-4182-83F2-D3BEB36F4D74}: [NameServer]62.6.40.178,62.6.40.162
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Mozilla\Firefox\Profiles\2b51kfyi.default
FF SelectedSearchEngine: Wikipedia (en)
FF Homepage: hxxp://duckduckgo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Mozilla\Firefox\Profiles\2b51kfyi.default\searchplugins\duckduckgo.xml
FF Extension: No Name - C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: artur.dubovoy - C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Mozilla\Firefox\Profiles\2b51kfyi.default\Extensions\artur.dubovoy@gmail.com.xpi
FF Extension: No Name - C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Mozilla\Firefox\Profiles\2b51kfyi.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: No Name - C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Mozilla\Firefox\Profiles\2b51kfyi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Mozilla\Firefox\Profiles\2b51kfyi.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 
Chrome:  
=======
CHR HomePage: hxxp://www.google.co.uk/
CHR DefaultSearchURL: (Wikipedia (en)) - http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
CHR DefaultSuggestURL: (Wikipedia (en)) - http://en.wikipedia.org/w/api.php?action=opensearch&search={searchTerms}&namespace=0
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL No File
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\pdf.dll No File
CHR Plugin: (EModel scriptable Plugin) - C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll (Dassault Systèmes SolidWorks Corp.)
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (AdBlock) - C:\DOCUME~1\DENIZ~1.FAM\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.37_0
 
========================== Services (Whitelisted) =================
 
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2008-12-01] ()
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4412872 2012-08-23] (SafeNet Inc.)
R2 LGScsiCommandService; C:\WINDOWS\system32\LGScsiCommandService.exe [47616 2010-04-12] (Mobile Leader Co.,Ltd.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] ()
S3 Nla; C:\Windows\System32\mswsock.dll [245248 2008-06-20] ()
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76888 2012-10-31] ()
S4 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
S3 DAUpdaterSvc; E:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
S2 HiPatchService; H:\Hi-Rez Studios\HiPatchService.exe [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
 
==================== Drivers (Whitelisted) ====================
 
R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [365056 2012-08-07] (SafeNet Inc.)
S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [9096 2007-10-12] (Advanced Micro Devices)
S3 ASPI; C:\WINDOWS\System32\DRIVERS\ASPI32.sys [16512 2002-07-17] (Adaptec)
R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [7874560 2012-07-04] (ATI Technologies Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [99856 2012-02-23] (Advanced Micro Devices)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-06-10] (DT Soft Ltd)
S3 fsfilter; C:\Windows\System32\DRIVERS\fsfilter.sys [4992 2007-03-10] (Windows ® 2000 DDK provider)
R1 FsVga; C:\Windows\System32\DRIVERS\fsvga.sys [12160 2003-07-16] (Microsoft Corporation)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [605128 2012-09-27] (SafeNet Inc.)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [138752 2005-01-07] (Windows ® Server 2003 DDK provider)
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [33792 2005-03-09] ()
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 MREMP50; C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [21248 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [20096 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R3 RTCore32; C:\Program Files\MSI Afterburner\RTCore32.sys [5632 2011-09-06] ()
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtKHDMI.sys [4258528 2009-12-02] (Realtek Semiconductor Corp.)
R3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [143360 2009-07-28] (Realtek Semiconductor Corporation                           )
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2010-01-21] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [20864 2010-01-21] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24960 2010-01-21] (LG Electronics Inc.)
R3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1956096 2009-06-26] (Microsoft Corporation)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
S3 cpuz130; \??\C:\DOCUME~1\GUNES~1.FAM\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [x]
S3 gdrv; \??\C:\WINDOWS\gdrv.sys [x]
S4 IntelIde; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
U3 TlntSvr;  
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]
S0 vmci; system32\DRIVERS\vmci.sys [x]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-07-25 17:47 - 2013-07-25 17:47 - 00000000 ____D C:\FRST
2013-07-25 17:32 - 2013-07-25 17:32 - 00000173 _____ C:\WINDOWS\system32\MRT.INI
2013-07-25 17:32 - 2013-07-25 17:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2839229$
2013-07-25 17:32 - 2010-09-07 15:39 - 00150392 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\junction.exe
2013-07-25 17:29 - 2013-07-25 17:33 - 00006493 _____ C:\WINDOWS\FaxSetup.log
2013-07-25 17:29 - 2013-07-25 17:32 - 00000256 _____ C:\WINDOWS\ocgen.log
2013-07-25 17:29 - 2013-07-25 17:29 - 00002719 _____ C:\WINDOWS\updspapi.log
2013-07-25 17:28 - 2013-07-25 17:29 - 00020572 _____ C:\WINDOWS\KB2838727-IE8.log
2013-07-25 17:28 - 2013-07-25 17:28 - 00000000 ____D C:\WINDOWS\LastGood
2013-07-25 03:08 - 2013-07-25 03:08 - 01220306 _____ (Farbar) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\FRST.exe
2013-07-25 03:08 - 2013-07-25 03:08 - 00001526 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\instructions.txt
2013-07-25 03:07 - 2013-07-25 03:07 - 00079623 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\Junction.zip
2013-07-24 20:09 - 2013-07-24 20:09 - 00000000 ___SD C:\ComboFix
2013-07-24 20:07 - 2013-07-24 20:09 - 00000000 ____D C:\Qoobox
2013-07-24 20:07 - 2013-07-24 20:07 - 00000000 ____D C:\WINDOWS\erdnt
2013-07-24 20:03 - 2013-07-24 19:57 - 05094311 ____R (Swearware) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\ComboFix.exe
2013-07-08 20:28 - 2013-07-08 20:28 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\SETTEC
2013-07-03 23:37 - 2013-07-03 23:37 - 00000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Sun
2013-07-03 18:41 - 2013-07-21 16:54 - 00010092 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\dds.txt
2013-07-03 18:41 - 2013-07-21 16:54 - 00008716 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\attach.txt
2013-07-03 18:38 - 2013-07-03 18:38 - 00688992 ____R (Swearware) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\dds.com
2013-07-03 18:20 - 2013-07-08 20:27 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-02 20:59 - 2013-07-02 20:59 - 01814144 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\iExplore.exe
2013-07-02 19:33 - 2013-07-02 19:33 - 13399154 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\mbar-1.06.0.1004.zip
2013-07-02 19:28 - 2013-07-02 19:28 - 00065536 _____ C:\WINDOWS\Minidump\Mini070213-01.dmp
2013-07-01 23:19 - 2013-07-25 17:47 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\Virus cleaning
2013-07-01 23:17 - 2013-07-01 23:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\mbam-setup-1.75.0.1300.exe
2013-07-01 23:12 - 2013-07-01 23:12 - 00760775 _____ (Farbar) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\MiniToolBox.exe
2013-07-01 23:12 - 2013-07-01 23:12 - 00356397 _____ (Farbar) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\FSS.exe
2013-07-01 23:11 - 2013-07-25 17:32 - 00032935 _____ C:\WINDOWS\KB2839229.log
2013-07-01 23:10 - 2013-05-17 23:07 - 06014976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SETA.tmp
2013-07-01 23:10 - 2013-05-07 23:30 - 11112960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SET12.tmp
2013-07-01 23:10 - 2013-05-07 23:30 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SET10.tmp
2013-07-01 23:10 - 2013-05-07 23:30 - 01215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\SET5.tmp
2013-07-01 23:10 - 2013-05-07 23:30 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SET4.tmp
2013-07-01 23:10 - 2013-05-07 23:30 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SETC.tmp
2013-07-01 23:10 - 2013-05-07 23:30 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SET6.tmp
2013-07-01 23:10 - 2013-05-07 23:30 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SETB.tmp
2013-07-01 23:08 - 2013-07-01 23:08 - 00890988 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\SecurityCheck.exe
2013-06-30 20:39 - 2013-06-30 20:40 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Mozilla
2013-06-30 20:39 - 2013-06-30 20:39 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2013-06-30 20:37 - 2013-06-30 20:37 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-06-30 20:37 - 2013-06-30 20:37 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-06-30 20:36 - 2013-06-30 20:41 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-06-30 20:36 - 2013-06-30 20:37 - 00000000 ____D C:\Documents and Settings\Administrator
2013-06-30 20:36 - 2011-12-11 00:48 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2013-06-30 20:36 - 2011-03-20 00:01 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop
2013-06-30 18:23 - 2013-06-30 20:47 - 05084517 ____R (Swearware) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\ComboFix.exe
2013-06-30 17:48 - 2013-06-30 17:48 - 00000000 ____D C:\Program Files\ESET
2013-06-30 17:29 - 2013-06-30 17:30 - 00001060 _____ C:\AdwCleaner[S1].txt
2013-06-30 17:29 - 2013-06-30 17:29 - 00000989 _____ C:\AdwCleaner[R1].txt
2013-06-30 17:28 - 2013-06-30 17:28 - 00056544 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-06-30 17:23 - 2013-06-30 17:23 - 00227208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-06-30 17:15 - 2013-06-30 17:15 - 00002298 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\huff.txt
2013-06-30 17:13 - 2013-07-02 20:57 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes' Anti-Malware (portable)
2013-06-30 17:11 - 2013-06-30 17:12 - 13399154 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\mbar-1.06.0.1004.zip
2013-06-30 15:24 - 2013-07-25 17:47 - 00087030 _____ C:\WINDOWS\WindowsUpdate.log
2013-06-30 13:55 - 2013-06-30 13:55 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Malwarebytes
2013-06-30 13:55 - 2013-06-30 13:55 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2013-06-28 21:08 - 2013-07-03 23:57 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-06-28 21:08 - 2013-06-28 21:08 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\rld-bbct
2013-06-28 21:07 - 2013-06-28 21:07 - 00000000 __SHD C:\Documents and Settings\LocalService.NT AUTHORITY\IETldCache
2013-06-28 21:07 - 2013-06-28 21:07 - 00000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Macromedia
2013-06-28 21:07 - 2013-06-28 21:07 - 00000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Adobe
2013-06-28 21:07 - 2013-06-28 21:07 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\ARC SYSTEM WORKS
2013-06-28 21:06 - 2013-06-28 21:06 - 03073131 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\rld-bbct.rar
2013-06-28 20:48 - 2013-06-28 20:48 - 00001926 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\BLAZBLUE -CALAMITY TRIGGER-.lnk
2013-06-28 20:26 - 2013-06-28 20:26 - 00000000 ____D C:\Program Files\ARC SYSTEM WORKS
2013-06-25 15:41 - 2013-06-25 15:41 - 10526720 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\FontPack1000_ja_JP.msi
2013-06-25 15:10 - 2013-07-02 20:26 - 00000366 ____H C:\WINDOWS\Tasks\MpIdleTask.job
2013-06-25 15:10 - 2013-06-28 18:28 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-06-25 15:02 - 2013-05-02 16:28 - 00238872 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2013-06-25 15:00 - 2013-06-25 15:00 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2013-06-25 14:59 - 2013-06-25 15:00 - 00000000 ____D C:\Program Files\Microsoft Security Client
 
==================== One Month Modified Files and Folders =======
 
2013-07-25 17:47 - 2013-07-25 17:47 - 00000000 ____D C:\FRST
2013-07-25 17:47 - 2013-07-01 23:19 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\Virus cleaning
2013-07-25 17:47 - 2013-06-30 15:24 - 00087030 _____ C:\WINDOWS\WindowsUpdate.log
2013-07-25 17:44 - 2012-09-05 16:28 - 00000422 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{20F9BC57-BF64-4F23-B566-03CB86791917}.job
2013-07-25 17:33 - 2013-07-25 17:29 - 00006493 _____ C:\WINDOWS\FaxSetup.log
2013-07-25 17:32 - 2013-07-25 17:32 - 00000173 _____ C:\WINDOWS\system32\MRT.INI
2013-07-25 17:32 - 2013-07-25 17:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2839229$
2013-07-25 17:32 - 2013-07-25 17:29 - 00000256 _____ C:\WINDOWS\ocgen.log
2013-07-25 17:32 - 2013-07-01 23:11 - 00032935 _____ C:\WINDOWS\KB2839229.log
2013-07-25 17:32 - 2012-07-04 18:51 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-07-25 17:32 - 2011-03-20 00:26 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R
2013-07-25 17:29 - 2013-07-25 17:29 - 00002719 _____ C:\WINDOWS\updspapi.log
2013-07-25 17:29 - 2013-07-25 17:28 - 00020572 _____ C:\WINDOWS\KB2838727-IE8.log
2013-07-25 17:29 - 2011-03-20 02:30 - 73381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-07-25 17:29 - 2008-12-19 00:16 - 00000000 ____D C:\WINDOWS\ie8updates
2013-07-25 17:28 - 2013-07-25 17:28 - 00000000 ____D C:\WINDOWS\LastGood
2013-07-25 17:26 - 2011-03-27 21:34 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-07-25 17:26 - 2011-03-27 21:34 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-07-25 17:26 - 2011-03-20 00:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-07-25 03:08 - 2013-07-25 03:08 - 01220306 _____ (Farbar) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\FRST.exe
2013-07-25 03:08 - 2013-07-25 03:08 - 00001526 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\instructions.txt
2013-07-25 03:08 - 2011-03-20 00:26 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop
2013-07-25 03:07 - 2013-07-25 03:07 - 00079623 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\Junction.zip
2013-07-25 00:31 - 2011-03-20 00:25 - 00032314 _____ C:\WINDOWS\SchedLgU.Txt
2013-07-24 20:22 - 2011-03-20 00:26 - 00000178 ___SH C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\ntuser.ini
2013-07-24 20:09 - 2013-07-24 20:09 - 00000000 ___SD C:\ComboFix
2013-07-24 20:09 - 2013-07-24 20:07 - 00000000 ____D C:\Qoobox
2013-07-24 20:07 - 2013-07-24 20:07 - 00000000 ____D C:\WINDOWS\erdnt
2013-07-24 19:57 - 2013-07-24 20:03 - 05094311 ____R (Swearware) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\ComboFix.exe
2013-07-24 19:57 - 2003-07-16 21:53 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2013-07-21 23:17 - 2011-10-28 12:05 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\details[2]
2013-07-21 16:54 - 2013-07-03 18:41 - 00010092 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\dds.txt
2013-07-21 16:54 - 2013-07-03 18:41 - 00008716 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\attach.txt
2013-07-08 20:28 - 2013-07-08 20:28 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\SETTEC
2013-07-08 20:27 - 2013-07-03 18:20 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-08 20:27 - 2012-05-11 15:39 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-08 20:27 - 2011-03-20 21:37 - 00000178 ___SH C:\Documents and Settings\Gunes.FAMILY-VWH3MK1R\ntuser.ini
2013-07-03 23:57 - 2013-06-28 21:08 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-07-03 23:49 - 2013-03-25 21:44 - 00000998 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1006UA.job
2013-07-03 23:37 - 2013-07-03 23:37 - 00000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Sun
2013-07-03 21:32 - 2012-08-23 18:27 - 00001028 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1005UA.job
2013-07-03 20:49 - 2013-03-25 21:44 - 00000976 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1006Core.job
2013-07-03 18:38 - 2013-07-03 18:38 - 00688992 ____R (Swearware) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\dds.com
2013-07-03 18:32 - 2012-08-23 18:27 - 00001006 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1005Core.job
2013-07-03 18:30 - 2013-06-13 13:17 - 00000606 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\Shortcut to Nalan's Documents.lnk
2013-07-02 20:59 - 2013-07-02 20:59 - 01814144 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\iExplore.exe
2013-07-02 20:57 - 2013-06-30 17:13 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes' Anti-Malware (portable)
2013-07-02 20:57 - 2013-06-01 14:31 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\mbar
2013-07-02 20:26 - 2013-06-25 15:10 - 00000366 ____H C:\WINDOWS\Tasks\MpIdleTask.job
2013-07-02 20:01 - 2011-03-20 00:01 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Desktop
2013-07-02 19:57 - 2011-03-20 23:04 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Media Player Classic
2013-07-02 19:33 - 2013-07-02 19:33 - 13399154 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\mbar-1.06.0.1004.zip
2013-07-02 19:28 - 2013-07-02 19:28 - 00065536 _____ C:\WINDOWS\Minidump\Mini070213-01.dmp
2013-07-02 19:28 - 2011-03-19 23:50 - 217546752 _____ C:\WINDOWS\MEMORY.DMP
2013-07-02 19:28 - 2006-01-07 22:05 - 00000000 ____D C:\WINDOWS\Minidump
2013-07-01 23:17 - 2013-07-01 23:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\mbam-setup-1.75.0.1300.exe
2013-07-01 23:12 - 2013-07-01 23:12 - 00760775 _____ (Farbar) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\MiniToolBox.exe
2013-07-01 23:12 - 2013-07-01 23:12 - 00356397 _____ (Farbar) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\FSS.exe
2013-07-01 23:08 - 2013-07-01 23:08 - 00890988 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\SecurityCheck.exe
2013-06-30 20:56 - 2009-02-19 19:45 - 00000000 ____D C:\Program Files\osu!
2013-06-30 20:47 - 2013-06-30 18:23 - 05084517 ____R (Swearware) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\ComboFix.exe
2013-06-30 20:41 - 2013-06-30 20:36 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-06-30 20:40 - 2013-06-30 20:39 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Mozilla
2013-06-30 20:39 - 2013-06-30 20:39 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2013-06-30 20:37 - 2013-06-30 20:37 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-06-30 20:37 - 2013-06-30 20:37 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-06-30 20:37 - 2013-06-30 20:36 - 00000000 ____D C:\Documents and Settings\Administrator
2013-06-30 17:48 - 2013-06-30 17:48 - 00000000 ____D C:\Program Files\ESET
2013-06-30 17:30 - 2013-06-30 17:29 - 00001060 _____ C:\AdwCleaner[S1].txt
2013-06-30 17:30 - 2011-03-20 01:35 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2013-06-30 17:29 - 2013-06-30 17:29 - 00000989 _____ C:\AdwCleaner[R1].txt
2013-06-30 17:28 - 2013-06-30 17:28 - 00056544 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-06-30 17:24 - 2012-04-29 16:24 - 00000000 ____D C:\Program Files\MSI Afterburner
2013-06-30 17:24 - 2008-10-02 21:11 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2013-06-30 17:23 - 2013-06-30 17:23 - 00227208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-06-30 17:15 - 2013-06-30 17:15 - 00002298 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\huff.txt
2013-06-30 17:14 - 2013-06-01 14:31 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\mbar
2013-06-30 17:12 - 2013-06-30 17:11 - 13399154 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\mbar-1.06.0.1004.zip
2013-06-30 14:59 - 2013-06-10 23:43 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\DAEMON Tools Lite
2013-06-30 14:59 - 2008-12-04 18:14 - 00000000 ____D C:\Program Files\Steam
2013-06-30 13:55 - 2013-06-30 13:55 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Malwarebytes
2013-06-30 13:55 - 2013-06-30 13:55 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2013-06-28 21:08 - 2013-06-28 21:08 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\rld-bbct
2013-06-28 21:07 - 2013-06-28 21:07 - 00000000 __SHD C:\Documents and Settings\LocalService.NT AUTHORITY\IETldCache
2013-06-28 21:07 - 2013-06-28 21:07 - 00000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Macromedia
2013-06-28 21:07 - 2013-06-28 21:07 - 00000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Adobe
2013-06-28 21:07 - 2013-06-28 21:07 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\ARC SYSTEM WORKS
2013-06-28 21:07 - 2011-03-20 00:25 - 00000000 __SHD C:\Documents and Settings\LocalService.NT AUTHORITY
2013-06-28 21:06 - 2013-06-28 21:06 - 03073131 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\rld-bbct.rar
2013-06-28 21:01 - 2011-10-06 21:22 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Azureus
2013-06-28 20:52 - 2011-01-14 23:26 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\Torrents
2013-06-28 20:50 - 2005-10-06 18:34 - 00000000 ____D C:\WINDOWS\system32\DirectX
2013-06-28 20:48 - 2013-06-28 20:48 - 00001926 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\BLAZBLUE -CALAMITY TRIGGER-.lnk
2013-06-28 20:36 - 2011-03-21 18:25 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Start Menu\Programs\Steam
2013-06-28 20:26 - 2013-06-28 20:26 - 00000000 ____D C:\Program Files\ARC SYSTEM WORKS
2013-06-28 18:45 - 2009-10-15 20:01 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-06-28 18:28 - 2013-06-25 15:10 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-06-28 18:27 - 2013-06-11 00:05 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Gearbox Software
2013-06-28 18:27 - 2011-05-02 16:16 - 00000000 ____D C:\Program Files\Ubisoft
2013-06-28 18:22 - 2012-03-18 15:16 - 00000682 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk
2013-06-28 18:22 - 2011-03-20 04:01 - 00000000 ____D C:\Program Files\CCleaner
2013-06-25 15:41 - 2013-06-25 15:41 - 10526720 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\FontPack1000_ja_JP.msi
2013-06-25 15:00 - 2013-06-25 15:00 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2013-06-25 15:00 - 2013-06-25 14:59 - 00000000 ____D C:\Program Files\Microsoft Security Client
 
Files to move or delete:
====================
C:\Documents and Settings\Gunes\osu!.exe
C:\Documents and Settings\Gunes\osume.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
 
==================== End Of Log ============================

 

The Addition.txt log is attached.

Attached Files



#7 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:04 AM

Posted 25 July 2013 - 06:07 PM

Hello again,
 
Thanks for the logs, and sorry for the delay!

 

Okay, first we'll remove the malicious junctions created by the infection, then we'll get some more logs to verify:

Step :step1:

Download Attached File  fixlist.txt   176bytes   13 downloads file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warned you about the outdated version please download and run the updated version.

==========

Step :step2:

  • Download a fresh copy of Farbar Service Scanner
  • Make sure all boxes are checked, then press Scan
  • Post the resultant FSS.txt in your next reply

==========

Step :step3:

Now please run a fresh scan with FRST and post the log for my review.

==========

In your next reply, please include the following:

  • The Fixlog.txt
  • The FSS.txt
  • The fresh FRST.txt

Also, please let me know if you had any problems with the steps above!

bloopie



#8 TiredOcean

TiredOcean
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 26 July 2013 - 05:42 AM

Note: When I turned on the PC, a minute after logging in, an icon in the notification area appeared with a bubble, which roughly said that a virus had been removed. I clicked on it and a window with the name "Microsoft Windows Malicious Software Removal Tool June 2013" opened. After looking at it I closed it in case it was a trojan, though I was not connected to the internet at the time.

I also did all of the scans with no connection to the internet; it may have been the case that, on step 1 with FRST, I did not see a message asking me to update even if it was outdated. Please keep this in mind.

 

fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-07-2013
Ran by Deniz at 2013-07-26 11:13:01 Run:1
Running from C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop
Boot Mode: Normal

==============================================

"C:\Program Files\Windows Defender" => Not Found
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.
"C:\Program Files\Microsoft Security Client\Backup" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\DbgHelp.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Drivers" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\en-us" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\EppManifest.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\LegitLib.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\mpevmsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpOAv.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpEng.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\msseces.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsseWat.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Setup.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SetupRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\shellext.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SqmApi.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SymSrv.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SymSrv.yes" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.

========================= Folder: C:\Program Files\Windows Defender ========================

Directory Not Found

====== End of Folder: ======


The system needs a manual reboot.

==== End of Fixlog ====

 

FSS.txt:

Farbar Service Scanner Version: 26-07-2013
Ran by Deniz (administrator) on 26-07-2013 at 11:27:26
Running from "C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
The ServiceDll of sharedaccess service is OK.
Checking LEGACY_sharedaccess: ATTENTION!=====> Unable to open LEGACY_sharedaccess\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: ATTENTION!=====> Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) VBoxNetFlt(8)
0x09000000050000000100000002000000030000000400000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-07-2013
Ran by Deniz (administrator) on 26-07-2013 11:27:57
Running from C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(SafeNet Inc.) C:\WINDOWS\system32\hasplms.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Mobile Leader Co.,Ltd.) C:\WINDOWS\system32\LGScsiCommandService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
() C:\WINDOWS\system32\PnkBstrA.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\WINDOWS\vVX1000.exe
() C:\Program Files\MSI Afterburner\MSIAfterburner.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - RTHDCPL.EXE [x]
HKLM\...\Run: [MSPY2002] - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2003-07-16] ()
HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2003-07-16] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2003-07-16] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [VX1000] - C:\WINDOWS\vVX1000.exe [757248 2009-06-26] (Microsoft Corporation)
HKLM\...\Run: [MSIAfterburner] - C:\Program Files\MSI Afterburner\MSIAfterburner.exe [425016 2013-01-23] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll [X]
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\Administrator\...\Run: [Google Update] - "C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [x]
HKU\Default User.WINDOWS\...\Run: [Google Update] - "C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [x]
HKU\Gunes\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ 2008-10-29] (Google Inc.)
HKU\Gunes.FAMILY-VWH3MK1R\...\Run: [Facebook Update] - "C:\Documents and Settings\Gunes.FAMILY-VWH3MK1R\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [ 2012-08-23] (Facebook Inc.)
HKU\Nalan\...\Run: [Google Update] - "C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [x]
HKU\Nalan\...\Run: [MSMSGS] - "C:\Program Files\Messenger\msmsgs.exe" /background [ 2008-04-14] (Microsoft Corporation)
HKU\Nalan\...\Run: [Facebook Update] - "C:\Documents and Settings\Nalan\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [ 2013-03-25] (Facebook Inc.)
HKU\Owner\...\Run: [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [ 2013-06-03] (Skype Technologies S.A.)
HKU\Owner\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ 2008-10-29] (Google Inc.)
HKU\Owner\...\Run: [msnmsgr] - "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [x]
HKU\Owner\...\Run: [kdx] - C:\Program Files\Kontiki\KHost.exe -all [x]
SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {07BEAF52-4360-409B-9C15-4C99103798AB} URL = http://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
SearchScopes: HKCU - {E4013E4C-9669-45F0-916D-66C1D321603F} URL = http://www.bing.com/search?q={searchTerms}&form=IE0006
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1300580380468
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Tcpip\..\Interfaces\{1C766DBF-0560-4182-83F2-D3BEB36F4D74}: [NameServer]62.6.40.178,62.6.40.162

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Mozilla\Firefox\Profiles\2b51kfyi.default
FF SelectedSearchEngine: Wikipedia (en)
FF Homepage: hxxp://duckduckgo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Mozilla\Firefox\Profiles\2b51kfyi.default\searchplugins\duckduckgo.xml
FF Extension: No Name - C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: artur.dubovoy - C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Mozilla\Firefox\Profiles\2b51kfyi.default\Extensions\artur.dubovoy@gmail.com.xpi
FF Extension: No Name - C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Mozilla\Firefox\Profiles\2b51kfyi.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: No Name - C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Mozilla\Firefox\Profiles\2b51kfyi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Mozilla\Firefox\Profiles\2b51kfyi.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR HomePage: hxxp://www.google.co.uk/
CHR DefaultSearchURL: (Wikipedia (en)) - http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
CHR DefaultSuggestURL: (Wikipedia (en)) - http://en.wikipedia.org/w/api.php?action=opensearch&search={searchTerms}&namespace=0
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL No File
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\pdf.dll No File
CHR Plugin: (EModel scriptable Plugin) - C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll (Dassault Systèmes SolidWorks Corp.)
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (AdBlock) - C:\DOCUME~1\DENIZ~1.FAM\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.37_0

========================== Services (Whitelisted) =================

S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2008-12-01] ()
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4412872 2012-08-23] (SafeNet Inc.)
R2 LGScsiCommandService; C:\WINDOWS\system32\LGScsiCommandService.exe [47616 2010-04-12] (Mobile Leader Co.,Ltd.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S3 Nla; C:\Windows\System32\mswsock.dll [245248 2008-06-20] ()
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76888 2012-10-31] ()
S4 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
S3 DAUpdaterSvc; E:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
S2 HiPatchService; H:\Hi-Rez Studios\HiPatchService.exe [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [365056 2012-08-07] (SafeNet Inc.)
S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [9096 2007-10-12] (Advanced Micro Devices)
S3 ASPI; C:\WINDOWS\System32\DRIVERS\ASPI32.sys [16512 2002-07-17] (Adaptec)
R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [7874560 2012-07-04] (ATI Technologies Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [99856 2012-02-23] (Advanced Micro Devices)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-06-10] (DT Soft Ltd)
S3 fsfilter; C:\Windows\System32\DRIVERS\fsfilter.sys [4992 2007-03-10] (Windows ® 2000 DDK provider)
R1 FsVga; C:\Windows\System32\DRIVERS\fsvga.sys [12160 2003-07-16] (Microsoft Corporation)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [605128 2012-09-27] (SafeNet Inc.)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [138752 2005-01-07] (Windows ® Server 2003 DDK provider)
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [33792 2005-03-09] ()
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 MREMP50; C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [21248 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [20096 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R3 RTCore32; C:\Program Files\MSI Afterburner\RTCore32.sys [5632 2011-09-06] ()
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtKHDMI.sys [4258528 2009-12-02] (Realtek Semiconductor Corp.)
R3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [143360 2009-07-28] (Realtek Semiconductor Corporation                           )
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2010-01-21] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [20864 2010-01-21] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24960 2010-01-21] (LG Electronics Inc.)
R3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1956096 2009-06-26] (Microsoft Corporation)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
S3 cpuz130; \??\C:\DOCUME~1\GUNES~1.FAM\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [x]
S3 gdrv; \??\C:\WINDOWS\gdrv.sys [x]
S4 IntelIde; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
U3 TlntSvr;
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]
S0 vmci; system32\DRIVERS\vmci.sys [x]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-26 11:27 - 2013-07-26 11:27 - 00003680 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\FSS.txt
2013-07-26 11:22 - 2013-07-26 11:22 - 00357145 _____ (Farbar) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\FSS.exe
2013-07-26 10:59 - 2013-07-26 10:59 - 00065536 _____ C:\WINDOWS\Minidump\Mini072613-01.dmp
2013-07-26 10:55 - 2013-07-26 10:55 - 00000895 _____ C:\WINDOWS\setupapi.log
2013-07-25 17:47 - 2013-07-26 11:13 - 00000000 ____D C:\FRST
2013-07-25 17:32 - 2013-07-25 17:32 - 00000173 _____ C:\WINDOWS\system32\MRT.INI
2013-07-25 17:32 - 2013-07-25 17:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2839229$
2013-07-25 17:32 - 2010-09-07 15:39 - 00150392 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\junction.exe
2013-07-25 17:29 - 2013-07-25 17:33 - 00006493 _____ C:\WINDOWS\FaxSetup.log
2013-07-25 17:29 - 2013-07-25 17:32 - 00000256 _____ C:\WINDOWS\ocgen.log
2013-07-25 17:29 - 2013-07-25 17:29 - 00002719 _____ C:\WINDOWS\updspapi.log
2013-07-25 17:28 - 2013-07-25 17:29 - 00020572 _____ C:\WINDOWS\KB2838727-IE8.log
2013-07-25 03:08 - 2013-07-25 03:08 - 01220306 _____ (Farbar) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\FRST.exe
2013-07-25 03:08 - 2013-07-25 03:08 - 00001526 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\instructions.txt
2013-07-25 03:07 - 2013-07-25 03:07 - 00079623 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\Junction.zip
2013-07-24 20:09 - 2013-07-24 20:09 - 00000000 ___SD C:\ComboFix
2013-07-24 20:07 - 2013-07-24 20:09 - 00000000 ____D C:\Qoobox
2013-07-24 20:07 - 2013-07-24 20:07 - 00000000 ____D C:\WINDOWS\erdnt
2013-07-24 20:03 - 2013-07-24 19:57 - 05094311 ____R (Swearware) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\ComboFix.exe
2013-07-08 20:28 - 2013-07-08 20:28 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\SETTEC
2013-07-03 23:37 - 2013-07-03 23:37 - 00000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Sun
2013-07-03 18:41 - 2013-07-21 16:54 - 00010092 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\dds.txt
2013-07-03 18:41 - 2013-07-21 16:54 - 00008716 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\attach.txt
2013-07-03 18:38 - 2013-07-03 18:38 - 00688992 ____R (Swearware) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\dds.com
2013-07-03 18:20 - 2013-07-08 20:27 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-02 20:59 - 2013-07-02 20:59 - 01814144 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\iExplore.exe
2013-07-02 19:33 - 2013-07-02 19:33 - 13399154 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\mbar-1.06.0.1004.zip
2013-07-02 19:28 - 2013-07-02 19:28 - 00065536 _____ C:\WINDOWS\Minidump\Mini070213-01.dmp
2013-07-01 23:19 - 2013-07-26 11:05 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\Virus cleaning
2013-07-01 23:17 - 2013-07-01 23:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\mbam-setup-1.75.0.1300.exe
2013-07-01 23:12 - 2013-07-01 23:12 - 00760775 _____ (Farbar) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\MiniToolBox.exe
2013-07-01 23:12 - 2013-07-01 23:12 - 00356397 _____ (Farbar) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\FSS.exe
2013-07-01 23:11 - 2013-07-25 17:32 - 00032935 _____ C:\WINDOWS\KB2839229.log
2013-07-01 23:08 - 2013-07-01 23:08 - 00890988 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\SecurityCheck.exe
2013-06-30 20:39 - 2013-06-30 20:40 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Mozilla
2013-06-30 20:39 - 2013-06-30 20:39 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2013-06-30 20:37 - 2013-06-30 20:37 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-06-30 20:37 - 2013-06-30 20:37 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-06-30 20:36 - 2013-06-30 20:41 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-06-30 20:36 - 2013-06-30 20:37 - 00000000 ____D C:\Documents and Settings\Administrator
2013-06-30 20:36 - 2011-12-11 00:48 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2013-06-30 20:36 - 2011-03-20 00:01 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop
2013-06-30 18:23 - 2013-06-30 20:47 - 05084517 ____R (Swearware) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\ComboFix.exe
2013-06-30 17:48 - 2013-06-30 17:48 - 00000000 ____D C:\Program Files\ESET
2013-06-30 17:29 - 2013-06-30 17:30 - 00001060 _____ C:\AdwCleaner[S1].txt
2013-06-30 17:29 - 2013-06-30 17:29 - 00000989 _____ C:\AdwCleaner[R1].txt
2013-06-30 17:28 - 2013-06-30 17:28 - 00056544 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-06-30 17:23 - 2013-06-30 17:23 - 00227208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-06-30 17:15 - 2013-06-30 17:15 - 00002298 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\huff.txt
2013-06-30 17:13 - 2013-07-02 20:57 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes' Anti-Malware (portable)
2013-06-30 17:11 - 2013-06-30 17:12 - 13399154 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\mbar-1.06.0.1004.zip
2013-06-30 15:24 - 2013-07-26 11:26 - 00092220 _____ C:\WINDOWS\WindowsUpdate.log
2013-06-30 13:55 - 2013-06-30 13:55 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Malwarebytes
2013-06-30 13:55 - 2013-06-30 13:55 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2013-06-28 21:08 - 2013-07-03 23:57 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-06-28 21:08 - 2013-06-28 21:08 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\rld-bbct
2013-06-28 21:07 - 2013-06-28 21:07 - 00000000 __SHD C:\Documents and Settings\LocalService.NT AUTHORITY\IETldCache
2013-06-28 21:07 - 2013-06-28 21:07 - 00000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Macromedia
2013-06-28 21:07 - 2013-06-28 21:07 - 00000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Adobe
2013-06-28 21:07 - 2013-06-28 21:07 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\ARC SYSTEM WORKS
2013-06-28 21:06 - 2013-06-28 21:06 - 03073131 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\rld-bbct.rar
2013-06-28 20:48 - 2013-06-28 20:48 - 00001926 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\BLAZBLUE -CALAMITY TRIGGER-.lnk
2013-06-28 20:26 - 2013-06-28 20:26 - 00000000 ____D C:\Program Files\ARC SYSTEM WORKS

==================== One Month Modified Files and Folders =======

2013-07-26 11:27 - 2013-07-26 11:27 - 00003680 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\FSS.txt
2013-07-26 11:27 - 2011-03-20 00:26 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop
2013-07-26 11:26 - 2013-06-30 15:24 - 00092220 _____ C:\WINDOWS\WindowsUpdate.log
2013-07-26 11:26 - 2011-03-27 21:34 - 00000157 _____ C:\WINDOWS\wiadebug.log
2013-07-26 11:26 - 2011-03-27 21:34 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-07-26 11:26 - 2011-03-20 00:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-07-26 11:22 - 2013-07-26 11:22 - 00357145 _____ (Farbar) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\FSS.exe
2013-07-26 11:17 - 2011-03-20 00:26 - 00000178 ___SH C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\ntuser.ini
2013-07-26 11:17 - 2011-03-20 00:25 - 00032314 _____ C:\WINDOWS\SchedLgU.Txt
2013-07-26 11:13 - 2013-07-25 17:47 - 00000000 ____D C:\FRST
2013-07-26 11:09 - 2012-09-05 16:28 - 00000422 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{20F9BC57-BF64-4F23-B566-03CB86791917}.job
2013-07-26 11:05 - 2013-07-01 23:19 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\Virus cleaning
2013-07-26 10:59 - 2013-07-26 10:59 - 00065536 _____ C:\WINDOWS\Minidump\Mini072613-01.dmp
2013-07-26 10:59 - 2011-03-19 23:50 - 148373504 _____ C:\WINDOWS\MEMORY.DMP
2013-07-26 10:59 - 2006-01-07 22:05 - 00000000 ____D C:\WINDOWS\Minidump
2013-07-26 10:59 - 2003-07-16 21:53 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2013-07-26 10:55 - 2013-07-26 10:55 - 00000895 _____ C:\WINDOWS\setupapi.log
2013-07-25 17:49 - 2013-03-25 21:44 - 00000998 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1006UA.job
2013-07-25 17:48 - 2013-06-01 14:31 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\mbar
2013-07-25 17:33 - 2013-07-25 17:29 - 00006493 _____ C:\WINDOWS\FaxSetup.log
2013-07-25 17:32 - 2013-07-25 17:32 - 00000173 _____ C:\WINDOWS\system32\MRT.INI
2013-07-25 17:32 - 2013-07-25 17:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2839229$
2013-07-25 17:32 - 2013-07-25 17:29 - 00000256 _____ C:\WINDOWS\ocgen.log
2013-07-25 17:32 - 2013-07-01 23:11 - 00032935 _____ C:\WINDOWS\KB2839229.log
2013-07-25 17:32 - 2012-07-04 18:51 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-07-25 17:32 - 2011-03-20 00:26 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R
2013-07-25 17:29 - 2013-07-25 17:29 - 00002719 _____ C:\WINDOWS\updspapi.log
2013-07-25 17:29 - 2013-07-25 17:28 - 00020572 _____ C:\WINDOWS\KB2838727-IE8.log
2013-07-25 17:29 - 2011-03-20 02:30 - 73381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-07-25 17:29 - 2008-12-19 00:16 - 00000000 ____D C:\WINDOWS\ie8updates
2013-07-25 03:08 - 2013-07-25 03:08 - 01220306 _____ (Farbar) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\FRST.exe
2013-07-25 03:08 - 2013-07-25 03:08 - 00001526 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\instructions.txt
2013-07-25 03:07 - 2013-07-25 03:07 - 00079623 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\Junction.zip
2013-07-24 20:09 - 2013-07-24 20:09 - 00000000 ___SD C:\ComboFix
2013-07-24 20:09 - 2013-07-24 20:07 - 00000000 ____D C:\Qoobox
2013-07-24 20:07 - 2013-07-24 20:07 - 00000000 ____D C:\WINDOWS\erdnt
2013-07-24 19:57 - 2013-07-24 20:03 - 05094311 ____R (Swearware) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\ComboFix.exe
2013-07-21 23:17 - 2011-10-28 12:05 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\details[2]
2013-07-21 16:54 - 2013-07-03 18:41 - 00010092 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\dds.txt
2013-07-21 16:54 - 2013-07-03 18:41 - 00008716 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\attach.txt
2013-07-08 20:28 - 2013-07-08 20:28 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\SETTEC
2013-07-08 20:27 - 2013-07-03 18:20 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-08 20:27 - 2012-05-11 15:39 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-08 20:27 - 2011-03-20 21:37 - 00000178 ___SH C:\Documents and Settings\Gunes.FAMILY-VWH3MK1R\ntuser.ini
2013-07-03 23:57 - 2013-06-28 21:08 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-07-03 23:37 - 2013-07-03 23:37 - 00000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Sun
2013-07-03 21:32 - 2012-08-23 18:27 - 00001028 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1005UA.job
2013-07-03 20:49 - 2013-03-25 21:44 - 00000976 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1006Core.job
2013-07-03 18:38 - 2013-07-03 18:38 - 00688992 ____R (Swearware) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\dds.com
2013-07-03 18:32 - 2012-08-23 18:27 - 00001006 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1005Core.job
2013-07-03 18:30 - 2013-06-13 13:17 - 00000606 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\Shortcut to Nalan's Documents.lnk
2013-07-02 20:59 - 2013-07-02 20:59 - 01814144 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\iExplore.exe
2013-07-02 20:57 - 2013-06-30 17:13 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes' Anti-Malware (portable)
2013-07-02 20:26 - 2013-06-25 15:10 - 00000366 ____H C:\WINDOWS\Tasks\MpIdleTask.job
2013-07-02 20:01 - 2011-03-20 00:01 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Desktop
2013-07-02 19:57 - 2011-03-20 23:04 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Media Player Classic
2013-07-02 19:33 - 2013-07-02 19:33 - 13399154 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\mbar-1.06.0.1004.zip
2013-07-02 19:28 - 2013-07-02 19:28 - 00065536 _____ C:\WINDOWS\Minidump\Mini070213-01.dmp
2013-07-01 23:17 - 2013-07-01 23:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\mbam-setup-1.75.0.1300.exe
2013-07-01 23:12 - 2013-07-01 23:12 - 00760775 _____ (Farbar) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\MiniToolBox.exe
2013-07-01 23:12 - 2013-07-01 23:12 - 00356397 _____ (Farbar) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\FSS.exe
2013-07-01 23:08 - 2013-07-01 23:08 - 00890988 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\SecurityCheck.exe
2013-06-30 20:56 - 2009-02-19 19:45 - 00000000 ____D C:\Program Files\osu!
2013-06-30 20:47 - 2013-06-30 18:23 - 05084517 ____R (Swearware) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\ComboFix.exe
2013-06-30 20:41 - 2013-06-30 20:36 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-06-30 20:40 - 2013-06-30 20:39 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Mozilla
2013-06-30 20:39 - 2013-06-30 20:39 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2013-06-30 20:37 - 2013-06-30 20:37 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-06-30 20:37 - 2013-06-30 20:37 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-06-30 20:37 - 2013-06-30 20:36 - 00000000 ____D C:\Documents and Settings\Administrator
2013-06-30 17:48 - 2013-06-30 17:48 - 00000000 ____D C:\Program Files\ESET
2013-06-30 17:30 - 2013-06-30 17:29 - 00001060 _____ C:\AdwCleaner[S1].txt
2013-06-30 17:30 - 2011-03-20 01:35 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2013-06-30 17:29 - 2013-06-30 17:29 - 00000989 _____ C:\AdwCleaner[R1].txt
2013-06-30 17:28 - 2013-06-30 17:28 - 00056544 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-06-30 17:24 - 2012-04-29 16:24 - 00000000 ____D C:\Program Files\MSI Afterburner
2013-06-30 17:24 - 2008-10-02 21:11 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2013-06-30 17:23 - 2013-06-30 17:23 - 00227208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-06-30 17:15 - 2013-06-30 17:15 - 00002298 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\huff.txt
2013-06-30 17:14 - 2013-06-01 14:31 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\mbar
2013-06-30 17:12 - 2013-06-30 17:11 - 13399154 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\mbar-1.06.0.1004.zip
2013-06-30 14:59 - 2013-06-10 23:43 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\DAEMON Tools Lite
2013-06-30 14:59 - 2008-12-04 18:14 - 00000000 ____D C:\Program Files\Steam
2013-06-30 13:55 - 2013-06-30 13:55 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Malwarebytes
2013-06-30 13:55 - 2013-06-30 13:55 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2013-06-28 21:08 - 2013-06-28 21:08 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\rld-bbct
2013-06-28 21:07 - 2013-06-28 21:07 - 00000000 __SHD C:\Documents and Settings\LocalService.NT AUTHORITY\IETldCache
2013-06-28 21:07 - 2013-06-28 21:07 - 00000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Macromedia
2013-06-28 21:07 - 2013-06-28 21:07 - 00000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Adobe
2013-06-28 21:07 - 2013-06-28 21:07 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\ARC SYSTEM WORKS
2013-06-28 21:07 - 2011-03-20 00:25 - 00000000 __SHD C:\Documents and Settings\LocalService.NT AUTHORITY
2013-06-28 21:06 - 2013-06-28 21:06 - 03073131 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\rld-bbct.rar
2013-06-28 21:01 - 2011-10-06 21:22 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Azureus
2013-06-28 20:52 - 2011-01-14 23:26 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\Torrents
2013-06-28 20:50 - 2005-10-06 18:34 - 00000000 ____D C:\WINDOWS\system32\DirectX
2013-06-28 20:48 - 2013-06-28 20:48 - 00001926 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\BLAZBLUE -CALAMITY TRIGGER-.lnk
2013-06-28 20:36 - 2011-03-21 18:25 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Start Menu\Programs\Steam
2013-06-28 20:26 - 2013-06-28 20:26 - 00000000 ____D C:\Program Files\ARC SYSTEM WORKS
2013-06-28 18:45 - 2009-10-15 20:01 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-06-28 18:28 - 2013-06-25 15:10 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-06-28 18:27 - 2013-06-11 00:05 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Gearbox Software
2013-06-28 18:27 - 2011-05-02 16:16 - 00000000 ____D C:\Program Files\Ubisoft
2013-06-28 18:22 - 2012-03-18 15:16 - 00000682 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk
2013-06-28 18:22 - 2011-03-20 04:01 - 00000000 ____D C:\Program Files\CCleaner

Files to move or delete:
====================
C:\Documents and Settings\Gunes\osu!.exe
C:\Documents and Settings\Gunes\osume.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 



#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:04 AM

Posted 26 July 2013 - 06:06 PM

Hello again,

Now let's run this fix:

Step :step1:

Download Attached File  fixlist.txt   805bytes   10 downloads and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warned you about the outdated version please download and run the updated version.

==========

Step :step2:

After posting the new Fixlog.txt in your next reply, run a fresh scan with FSS and post the new FSS.txt log.

 

Please let me have both logs I asked for, and also let me know how the machine is behaving now! I expect the services won't be working very well, but let me know of any changes. Then we can fix the services.

 

bloopie


Edited by bloopie, 27 July 2013 - 03:16 PM.


#10 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:04 AM

Posted 27 July 2013 - 03:16 PM

I made a minor change to the instructions in my previous post, just don't want you to miss it. :)

 

bloopie



#11 TiredOcean

TiredOcean
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 29 July 2013 - 05:45 PM

Here is fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-07-2013 01
Ran by Deniz at 2013-07-29 23:15:19 Run:2
Running from C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop
Boot Mode: Normal

==============================================

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{07BEAF52-4360-409B-9C15-4C99103798AB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{07BEAF52-4360-409B-9C15-4C99103798AB} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E4013E4C-9669-45F0-916D-66C1D321603F} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E4013E4C-9669-45F0-916D-66C1D321603F} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5 entry 000000000003\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Nla => Service deleted successfully.
C:\Documents and Settings\Gunes\osu!.exe => Moved successfully.
C:\Documents and Settings\Gunes\osume.exe => Moved successfully.

==== End of Fixlog ====

 

Here is FSS.txt:

Farbar Service Scanner Version: 26-07-2013
Ran by Deniz (administrator) on 29-07-2013 at 23:15:42
Running from "C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
The ServiceDll of sharedaccess service is OK.
Checking LEGACY_sharedaccess: ATTENTION!=====> Unable to open LEGACY_sharedaccess\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: ATTENTION!=====> Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) VBoxNetFlt(8)
0x09000000050000000100000002000000030000000400000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****

 

As on how my computer is working right now:

After I did the scan before this last step, Microsoft Security Essentials was back in my notification area and running again. After rebooting, it was not running in my notification area even though I set it to "always show", although the program itself and associated processes are running anyway.

However, Firefox still has embedded ad links (I have attached a picture to show you my problem). I also browsed for a while and eventually, after a Google search, I was redirected and two pop-ups appeared. I will be disconnecting the Desktop PC from the internet again as I worry this may be exacerbating the problem.

 

(Edit: forgot to finish my post)

Attached Files


Edited by TiredOcean, 29 July 2013 - 05:45 PM.


#12 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:04 AM

Posted 29 July 2013 - 06:27 PM

Hello again,
 
Please download and run ESET services repair (ServicesRepair.exe)!

 

Then run a fresh scan with FRST and post the new log.

 

Let me know how that goes!

 

bloopie



#13 TiredOcean

TiredOcean
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 30 July 2013 - 04:04 PM

Here is FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 01
Ran by Deniz (administrator) on 30-07-2013 21:15:55
Running from C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(SafeNet Inc.) C:\WINDOWS\system32\hasplms.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Mobile Leader Co.,Ltd.) C:\WINDOWS\system32\LGScsiCommandService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
() C:\WINDOWS\system32\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\WINDOWS\vVX1000.exe
() C:\Program Files\MSI Afterburner\MSIAfterburner.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [18789920 2009-12-08] (Realtek Semiconductor Corp.)
HKLM\...\Run: [MSPY2002] - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2003-07-16] ()
HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2003-07-16] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2003-07-16] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [VX1000] - C:\WINDOWS\vVX1000.exe [757248 2009-06-26] (Microsoft Corporation)
HKLM\...\Run: [MSIAfterburner] - C:\Program Files\MSI Afterburner\MSIAfterburner.exe [425016 2013-01-23] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll [X]
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\Administrator\...\Run: [Google Update] - "C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [x]
HKU\Default User.WINDOWS\...\Run: [Google Update] - "C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [x]
HKU\Gunes\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2008-10-29] (Google Inc.)
HKU\Gunes.FAMILY-VWH3MK1R\...\Run: [Facebook Update] - C:\Documents and Settings\Gunes.FAMILY-VWH3MK1R\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [ 2012-08-23] (Facebook Inc.)
HKU\Nalan\...\Run: [Google Update] - "C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [x]
HKU\Nalan\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)
HKU\Nalan\...\Run: [Facebook Update] - C:\Documents and Settings\Nalan\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [ 2013-03-25] (Facebook Inc.)
HKU\Owner\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-06-03] (Skype Technologies S.A.)
HKU\Owner\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2008-10-29] (Google Inc.)
HKU\Owner\...\Run: [msnmsgr] - "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [x]
HKU\Owner\...\Run: [kdx] - C:\Program Files\Kontiki\KHost.exe -all [x]
SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =  
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1300580380468
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
Handler: ipp - No CLSID Value -  
Handler: msdaipp - No CLSID Value -  
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Tcpip\..\Interfaces\{1C766DBF-0560-4182-83F2-D3BEB36F4D74}: [NameServer]62.6.40.178,62.6.40.162
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Mozilla\Firefox\Profiles\2b51kfyi.default
FF SelectedSearchEngine: Wikipedia (en)
FF Homepage: hxxp://duckduckgo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Mozilla\Firefox\Profiles\2b51kfyi.default\searchplugins\duckduckgo.xml
FF Extension: No Name - C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: artur.dubovoy - C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Mozilla\Firefox\Profiles\2b51kfyi.default\Extensions\artur.dubovoy@gmail.com.xpi
FF Extension: No Name - C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Mozilla\Firefox\Profiles\2b51kfyi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Mozilla\Firefox\Profiles\2b51kfyi.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 
Chrome:  
=======
CHR HomePage: hxxp://www.google.co.uk/
CHR DefaultSearchURL: (Wikipedia (en)) - http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
CHR DefaultSuggestURL: (Wikipedia (en)) - http://en.wikipedia.org/w/api.php?action=opensearch&search={searchTerms}&namespace=0
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL No File
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\pdf.dll No File
CHR Plugin: (EModel scriptable Plugin) - C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll (Dassault Systèmes SolidWorks Corp.)
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (AdBlock) - C:\DOCUME~1\DENIZ~1.FAM\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.37_0
 
========================== Services (Whitelisted) =================
 
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2008-12-01] ()
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4412872 2012-08-23] (SafeNet Inc.)
R2 LGScsiCommandService; C:\WINDOWS\system32\LGScsiCommandService.exe [47616 2010-04-12] (Mobile Leader Co.,Ltd.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76888 2012-10-31] ()
S4 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
S3 DAUpdaterSvc; E:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
S2 HiPatchService; H:\Hi-Rez Studios\HiPatchService.exe [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
 
==================== Drivers (Whitelisted) ====================
 
R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [365056 2012-08-07] (SafeNet Inc.)
S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [9096 2007-10-12] (Advanced Micro Devices)
S3 ASPI; C:\WINDOWS\System32\DRIVERS\ASPI32.sys [16512 2002-07-17] (Adaptec)
R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [7874560 2012-07-04] (ATI Technologies Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [99856 2012-02-23] (Advanced Micro Devices)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-06-10] (DT Soft Ltd)
S3 fsfilter; C:\Windows\System32\DRIVERS\fsfilter.sys [4992 2007-03-10] (Windows ® 2000 DDK provider)
R1 FsVga; C:\Windows\System32\DRIVERS\fsvga.sys [12160 2003-07-16] (Microsoft Corporation)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [605128 2012-09-27] (SafeNet Inc.)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [138752 2005-01-07] (Windows ® Server 2003 DDK provider)
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [33792 2005-03-09] ()
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
R1 MpKsl6b9965d9; c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7F40138-F567-4382-84BD-C2321A71198F}\MpKsl6b9965d9.sys [29904 2013-07-30] (Microsoft Corporation)
S3 MREMP50; C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [21248 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [20096 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R3 RTCore32; C:\Program Files\MSI Afterburner\RTCore32.sys [5632 2011-09-06] ()
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtKHDMI.sys [4258528 2009-12-02] (Realtek Semiconductor Corp.)
R3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [143360 2009-07-28] (Realtek Semiconductor Corporation                           )
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2010-01-21] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [20864 2010-01-21] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24960 2010-01-21] (LG Electronics Inc.)
R3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1956096 2009-06-26] (Microsoft Corporation)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
S3 cpuz130; \??\C:\DOCUME~1\GUNES~1.FAM\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [x]
S3 gdrv; \??\C:\WINDOWS\gdrv.sys [x]
S4 IntelIde; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
U3 TlntSvr;  
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]
S0 vmci; system32\DRIVERS\vmci.sys [x]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-07-30 21:11 - 2013-07-30 21:11 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Desktop\CC Support
2013-07-29 23:36 - 2013-07-29 23:36 - 00000880 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Local Settings\Application Data\recently-used.xbel
2013-07-26 11:27 - 2013-07-29 23:15 - 00003552 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\FSS.txt
2013-07-26 11:22 - 2013-07-26 11:22 - 00357145 _____ (Farbar) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\FSS.exe
2013-07-26 10:59 - 2013-07-26 10:59 - 00065536 _____ C:\WINDOWS\Minidump\Mini072613-01.dmp
2013-07-26 10:55 - 2013-07-26 10:55 - 00000895 _____ C:\WINDOWS\setupapi.log
2013-07-25 17:47 - 2013-07-26 11:13 - 00000000 ____D C:\FRST
2013-07-25 17:32 - 2013-07-25 17:32 - 00000173 _____ C:\WINDOWS\system32\MRT.INI
2013-07-25 17:32 - 2013-07-25 17:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2839229$
2013-07-25 17:32 - 2010-09-07 15:39 - 00150392 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\junction.exe
2013-07-25 17:29 - 2013-07-25 17:33 - 00006493 _____ C:\WINDOWS\FaxSetup.log
2013-07-25 17:29 - 2013-07-25 17:32 - 00000256 _____ C:\WINDOWS\ocgen.log
2013-07-25 17:29 - 2013-07-25 17:29 - 00002719 _____ C:\WINDOWS\updspapi.log
2013-07-25 17:28 - 2013-07-25 17:29 - 00020572 _____ C:\WINDOWS\KB2838727-IE8.log
2013-07-25 03:08 - 2013-07-29 23:15 - 01221282 _____ (Farbar) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\FRST.exe
2013-07-25 03:08 - 2013-07-25 03:08 - 00001526 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\instructions.txt
2013-07-25 03:07 - 2013-07-25 03:07 - 00079623 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\Junction.zip
2013-07-24 20:09 - 2013-07-24 20:09 - 00000000 ___SD C:\ComboFix
2013-07-24 20:07 - 2013-07-24 20:09 - 00000000 ____D C:\Qoobox
2013-07-24 20:07 - 2013-07-24 20:07 - 00000000 ____D C:\WINDOWS\erdnt
2013-07-24 20:03 - 2013-07-24 19:57 - 05094311 ____R (Swearware) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\ComboFix.exe
2013-07-08 20:28 - 2013-07-08 20:28 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\SETTEC
2013-07-03 23:37 - 2013-07-03 23:37 - 00000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Sun
2013-07-03 18:41 - 2013-07-21 16:54 - 00010092 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\dds.txt
2013-07-03 18:41 - 2013-07-21 16:54 - 00008716 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\attach.txt
2013-07-03 18:38 - 2013-07-03 18:38 - 00688992 ____R (Swearware) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\dds.com
2013-07-03 18:20 - 2013-07-08 20:27 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-02 20:59 - 2013-07-02 20:59 - 01814144 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\iExplore.exe
2013-07-02 19:33 - 2013-07-02 19:33 - 13399154 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\mbar-1.06.0.1004.zip
2013-07-02 19:28 - 2013-07-02 19:28 - 00065536 _____ C:\WINDOWS\Minidump\Mini070213-01.dmp
2013-07-01 23:19 - 2013-07-30 21:09 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\Virus cleaning
2013-07-01 23:17 - 2013-07-01 23:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\mbam-setup-1.75.0.1300.exe
2013-07-01 23:12 - 2013-07-01 23:12 - 00760775 _____ (Farbar) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\MiniToolBox.exe
2013-07-01 23:12 - 2013-07-01 23:12 - 00356397 _____ (Farbar) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\FSS.exe
2013-07-01 23:11 - 2013-07-25 17:32 - 00032935 _____ C:\WINDOWS\KB2839229.log
2013-07-01 23:08 - 2013-07-01 23:08 - 00890988 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\SecurityCheck.exe
2013-06-30 20:39 - 2013-06-30 20:40 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Mozilla
2013-06-30 20:39 - 2013-06-30 20:39 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2013-06-30 20:37 - 2013-06-30 20:37 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-06-30 20:37 - 2013-06-30 20:37 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-06-30 20:36 - 2013-06-30 20:41 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-06-30 20:36 - 2013-06-30 20:37 - 00000000 ____D C:\Documents and Settings\Administrator
2013-06-30 20:36 - 2011-12-11 00:48 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2013-06-30 18:23 - 2013-06-30 20:47 - 05084517 ____R (Swearware) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\ComboFix.exe
2013-06-30 17:48 - 2013-06-30 17:48 - 00000000 ____D C:\Program Files\ESET
2013-06-30 17:29 - 2013-06-30 17:30 - 00001060 _____ C:\AdwCleaner[S1].txt
2013-06-30 17:29 - 2013-06-30 17:29 - 00000989 _____ C:\AdwCleaner[R1].txt
2013-06-30 17:28 - 2013-06-30 17:28 - 00056544 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-06-30 17:23 - 2013-06-30 17:23 - 00227208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-06-30 17:15 - 2013-06-30 17:15 - 00002298 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\huff.txt
2013-06-30 17:13 - 2013-07-02 20:57 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes' Anti-Malware (portable)
2013-06-30 17:11 - 2013-06-30 17:12 - 13399154 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\mbar-1.06.0.1004.zip
2013-06-30 15:24 - 2013-07-30 21:14 - 00117422 _____ C:\WINDOWS\WindowsUpdate.log
2013-06-30 13:55 - 2013-06-30 13:55 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Malwarebytes
2013-06-30 13:55 - 2013-06-30 13:55 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
 
==================== One Month Modified Files and Folders =======
 
2013-07-30 21:14 - 2013-06-30 15:24 - 00117422 _____ C:\WINDOWS\WindowsUpdate.log
2013-07-30 21:14 - 2012-09-05 16:28 - 00000422 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{20F9BC57-BF64-4F23-B566-03CB86791917}.job
2013-07-30 21:13 - 2011-03-27 21:34 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-07-30 21:13 - 2011-03-27 21:34 - 00000000 _____ C:\WINDOWS\wiaservc.log
2013-07-30 21:13 - 2011-03-20 00:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-07-30 21:12 - 2011-03-20 00:26 - 00000178 ___SH C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\ntuser.ini
2013-07-30 21:12 - 2011-03-20 00:25 - 00032314 _____ C:\WINDOWS\SchedLgU.Txt
2013-07-30 21:11 - 2013-07-30 21:11 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Desktop\CC Support
2013-07-30 21:09 - 2013-07-01 23:19 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\Virus cleaning
2013-07-29 23:45 - 2013-06-28 21:08 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-07-29 23:37 - 2012-06-29 18:55 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\.gimp-2.8
2013-07-29 23:36 - 2013-07-29 23:36 - 00000880 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Local Settings\Application Data\recently-used.xbel
2013-07-29 23:32 - 2012-07-04 18:51 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-07-29 23:23 - 2013-06-25 15:10 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-07-29 23:23 - 2013-06-25 15:10 - 00000366 ____H C:\WINDOWS\Tasks\MpIdleTask.job
2013-07-29 23:17 - 2012-04-29 16:24 - 00000000 ____D C:\Program Files\MSI Afterburner
2013-07-29 23:15 - 2013-07-26 11:27 - 00003552 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\FSS.txt
2013-07-29 23:15 - 2013-07-25 03:08 - 01221282 _____ (Farbar) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\FRST.exe
2013-07-29 23:15 - 2005-10-09 16:58 - 00000000 ____D C:\Documents and Settings\Gunes
2013-07-29 23:13 - 2003-07-16 21:53 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2013-07-26 11:22 - 2013-07-26 11:22 - 00357145 _____ (Farbar) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\FSS.exe
2013-07-26 11:13 - 2013-07-25 17:47 - 00000000 ____D C:\FRST
2013-07-26 10:59 - 2013-07-26 10:59 - 00065536 _____ C:\WINDOWS\Minidump\Mini072613-01.dmp
2013-07-26 10:59 - 2011-03-19 23:50 - 148373504 _____ C:\WINDOWS\MEMORY.DMP
2013-07-26 10:59 - 2006-01-07 22:05 - 00000000 ____D C:\WINDOWS\Minidump
2013-07-26 10:55 - 2013-07-26 10:55 - 00000895 _____ C:\WINDOWS\setupapi.log
2013-07-25 17:49 - 2013-03-25 21:44 - 00000998 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1006UA.job
2013-07-25 17:48 - 2013-06-01 14:31 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\mbar
2013-07-25 17:33 - 2013-07-25 17:29 - 00006493 _____ C:\WINDOWS\FaxSetup.log
2013-07-25 17:32 - 2013-07-25 17:32 - 00000173 _____ C:\WINDOWS\system32\MRT.INI
2013-07-25 17:32 - 2013-07-25 17:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2839229$
2013-07-25 17:32 - 2013-07-25 17:29 - 00000256 _____ C:\WINDOWS\ocgen.log
2013-07-25 17:32 - 2013-07-01 23:11 - 00032935 _____ C:\WINDOWS\KB2839229.log
2013-07-25 17:32 - 2011-03-20 00:26 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R
2013-07-25 17:29 - 2013-07-25 17:29 - 00002719 _____ C:\WINDOWS\updspapi.log
2013-07-25 17:29 - 2013-07-25 17:28 - 00020572 _____ C:\WINDOWS\KB2838727-IE8.log
2013-07-25 17:29 - 2011-03-20 02:30 - 73381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-07-25 17:29 - 2008-12-19 00:16 - 00000000 ____D C:\WINDOWS\ie8updates
2013-07-25 03:08 - 2013-07-25 03:08 - 00001526 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\instructions.txt
2013-07-25 03:07 - 2013-07-25 03:07 - 00079623 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\Junction.zip
2013-07-24 20:09 - 2013-07-24 20:09 - 00000000 ___SD C:\ComboFix
2013-07-24 20:09 - 2013-07-24 20:07 - 00000000 ____D C:\Qoobox
2013-07-24 20:07 - 2013-07-24 20:07 - 00000000 ____D C:\WINDOWS\erdnt
2013-07-24 19:57 - 2013-07-24 20:03 - 05094311 ____R (Swearware) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\ComboFix.exe
2013-07-21 23:17 - 2011-10-28 12:05 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\details[2]
2013-07-21 16:54 - 2013-07-03 18:41 - 00010092 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\dds.txt
2013-07-21 16:54 - 2013-07-03 18:41 - 00008716 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\attach.txt
2013-07-08 20:28 - 2013-07-08 20:28 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\SETTEC
2013-07-08 20:27 - 2013-07-03 18:20 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-08 20:27 - 2012-05-11 15:39 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-08 20:27 - 2011-03-20 21:37 - 00000178 ___SH C:\Documents and Settings\Gunes.FAMILY-VWH3MK1R\ntuser.ini
2013-07-03 23:37 - 2013-07-03 23:37 - 00000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Sun
2013-07-03 21:32 - 2012-08-23 18:27 - 00001028 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1005UA.job
2013-07-03 20:49 - 2013-03-25 21:44 - 00000976 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1006Core.job
2013-07-03 18:38 - 2013-07-03 18:38 - 00688992 ____R (Swearware) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\dds.com
2013-07-03 18:32 - 2012-08-23 18:27 - 00001006 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1005Core.job
2013-07-03 18:30 - 2013-06-13 13:17 - 00000606 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\Shortcut to Nalan's Documents.lnk
2013-07-02 20:59 - 2013-07-02 20:59 - 01814144 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\iExplore.exe
2013-07-02 20:57 - 2013-06-30 17:13 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes' Anti-Malware (portable)
2013-07-02 19:57 - 2011-03-20 23:04 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Media Player Classic
2013-07-02 19:33 - 2013-07-02 19:33 - 13399154 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\mbar-1.06.0.1004.zip
2013-07-02 19:28 - 2013-07-02 19:28 - 00065536 _____ C:\WINDOWS\Minidump\Mini070213-01.dmp
2013-07-01 23:17 - 2013-07-01 23:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\mbam-setup-1.75.0.1300.exe
2013-07-01 23:12 - 2013-07-01 23:12 - 00760775 _____ (Farbar) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\MiniToolBox.exe
2013-07-01 23:12 - 2013-07-01 23:12 - 00356397 _____ (Farbar) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\FSS.exe
2013-07-01 23:08 - 2013-07-01 23:08 - 00890988 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\SecurityCheck.exe
2013-06-30 20:56 - 2009-02-19 19:45 - 00000000 ____D C:\Program Files\osu!
2013-06-30 20:47 - 2013-06-30 18:23 - 05084517 ____R (Swearware) C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\ComboFix.exe
2013-06-30 20:41 - 2013-06-30 20:36 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-06-30 20:40 - 2013-06-30 20:39 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Mozilla
2013-06-30 20:39 - 2013-06-30 20:39 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2013-06-30 20:37 - 2013-06-30 20:37 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-06-30 20:37 - 2013-06-30 20:37 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-06-30 20:37 - 2013-06-30 20:36 - 00000000 ____D C:\Documents and Settings\Administrator
2013-06-30 17:48 - 2013-06-30 17:48 - 00000000 ____D C:\Program Files\ESET
2013-06-30 17:30 - 2013-06-30 17:29 - 00001060 _____ C:\AdwCleaner[S1].txt
2013-06-30 17:30 - 2011-03-20 01:35 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2013-06-30 17:29 - 2013-06-30 17:29 - 00000989 _____ C:\AdwCleaner[R1].txt
2013-06-30 17:28 - 2013-06-30 17:28 - 00056544 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-06-30 17:24 - 2008-10-02 21:11 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2013-06-30 17:23 - 2013-06-30 17:23 - 00227208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-06-30 17:15 - 2013-06-30 17:15 - 00002298 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop\huff.txt
2013-06-30 17:14 - 2013-06-01 14:31 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\mbar
2013-06-30 17:12 - 2013-06-30 17:11 - 13399154 _____ C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\My Documents\mbar-1.06.0.1004.zip
2013-06-30 14:59 - 2013-06-10 23:43 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\DAEMON Tools Lite
2013-06-30 14:59 - 2008-12-04 18:14 - 00000000 ____D C:\Program Files\Steam
2013-06-30 13:55 - 2013-06-30 13:55 - 00000000 ____D C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Application Data\Malwarebytes
2013-06-30 13:55 - 2013-06-30 13:55 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
 
Files to move or delete:
====================
C:\Documents and Settings\All Users\hash.dat
C:\Documents and Settings\Gunes\jagex_runescape_preferences.dat
C:\Documents and Settings\Gunes\jagex_runescape_preferences2.dat
C:\Documents and Settings\Gunes\zguicfgw.dat
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================

 

The notification area problem is now fixed, thank you. However, the problem with Firefox's pop-ups and google redirects remains; when I connected this computer to the router, the instant I opened Firefox a pop-up appeared, which I think is a record. Other than that the computer seems to be behaving properly, but with this symptom remaining I still can't use it.



#14 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:04 AM

Posted 30 July 2013 - 04:47 PM

Hello again,
 
Did you run the ESET Services Repair as posted in my last post?
 
If so, please run this next fix with FRST and then post the Fixlog.txt and also run a fresh scan with FSS. Here are the instructions:
 
Step :step1:

Download attached Attached File  fixlist.txt   471bytes   8 downloads and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warned you about the outdated version please download and run the updated version.

==========

Step :step2:

Now if you haven't run the ESET Services Repair Tool as instructed in my last post, please do so now, then run a fresh scan with Farbar Service Scanner and post the new log in your next reply.

If you've already run the ESET tool, then just post the new, fresh FSS.txt.

bloopie



#15 TiredOcean

TiredOcean
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 01 August 2013 - 06:52 PM

Thank you for your reply. First of all, I ran the ESET repair tool last time, so I didn't run it this time as you requested.

Secondly, I accidentally ran FRST twice, which to my knowledge changed the way fixlog appeared. If I remember correctly, the last three entries were moved to a different location. Sorry for the inconvenience.

Finally, I ran all of these tests with no connection to the internet. I would have connected temporarily, but just today I found out my debit card had been used without my permission (and they spent a lot of money), so I didn't want to take any chances...

fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-07-2013 01
Ran by Deniz at 2013-08-02 00:20:09 Run:5
Running from C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop
Boot Mode: Normal
 
==============================================
 
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5 entry 000000000003\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
"C:\Documents and Settings\All Users\hash.dat" => File/Directory not found.
"C:\Documents and Settings\Gunes\jagex_runescape_preferences.dat" => File/Directory not found.
"C:\Documents and Settings\Gunes\jagex_runescape_preferences2.dat" => File/Directory not found.
"C:\Documents and Settings\Gunes\zguicfgw.dat" => File/Directory not found.
 
==== End of Fixlog ====

 

FSS,txt:

Farbar Service Scanner Version: 26-07-2013
Ran by Deniz (administrator) on 02-08-2013 at 00:20:35
Running from "C:\Documents and Settings\Deniz.FAMILY-VWH3MK1R\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy:  
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Disabled Policy:  
========================
 
 
Security Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: ATTENTION!=====> Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.
 
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.
 
 
Windows Autoupdate Disabled Policy:  
============================
 
 
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
 
Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) VBoxNetFlt(8)  
0x09000000050000000100000002000000030000000400000006000000070000000800000009000000
IpSec Tag value is correct.
 
**** End of log ****






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users