Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot download anything, Think im infected with zeroaccess, Help


  • This topic is locked This topic is locked
31 replies to this topic

#1 sanj15

sanj15

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 04 August 2013 - 07:53 AM

It started with alerts from norton saying successfully blocked threat from zeroaccess, this continued every 15 mins all day thursday. but thought nothing of it as it said it blocked an attack and that i was required to do nothing but when i tried to download a file it downloads completely then the box disappears then i look for the file and its not there, so i look in recent files cannot locate file, search file same thing no luck. i then tried another browser same issue, looked at internet options, created a new account still no luck.

 

I then ran rkill, and malwarebytes and norton, malware found and deleted the rootkit apparently but still no luck as i still cant download anything, so i tried macfees zero access removal tool couldnt find anything so tried nortons dedicated tool which requires me to restart which posed another problem as the pc booted up i was met with a blue screen error stating irql_not_less_or_equal so booted into safe mode ran scans still no luck then i restarted it and met again with another blue screen irql_not_less_or_equal, it restarted again another blue screen error but this time memory_management. shut down the computer started it up again logged in fine seems an issue only when restarting in normal mode just after the log in screen.

 

Present day, Ran rkill again still finds zero access issues and still cannot download anything.

 

Can someone help would be greatly appreciated, thanks in advance.



BC AdBot (Login to Remove)

 


#2 sanj15

sanj15
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 04 August 2013 - 07:55 AM

Rkill Report, thanks 

 

Rkill 2.5.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/04/2013 01:23:14 PM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * SMTMP folder detected. Please see this link for more information: http://www.bleepingcomputer.com/forums/topic405109.html

 * ALERT: ZEROACCESS rootkit symptoms found!

     * C:\Program Files\Google\Desktop\Install\{46bdc989-289d-ea48-ab74-525a3982e5a1}\ [ZA Dir]
     * C:\Program Files\Google\Desktop\Install\{46bdc989-289d-ea48-ab74-525a3982e5a1}\   \ [ZA Dir]
     * C:\Program Files\Google\Desktop\Install\{46bdc989-289d-ea48-ab74-525a3982e5a1}\   \...\ [ZA Dir]
     * C:\Program Files\Google\Desktop\Install\{46bdc989-289d-ea48-ab74-525a3982e5a1}\   \...\ﯹ๛\ [ZA Dir]
     * C:\Program Files\Google\Desktop\Install\{46bdc989-289d-ea48-ab74-525a3982e5a1}\   \...\ﯹ๛\{46bdc989-289d-ea48-ab74-525a3982e5a1}\ [ZA Dir]

 * ALERT: ZEROACCESS Reparse Point/Junction found!

     * C:\Program Files\Windows Defender\en-US => c:\windows\system32\config\ [Dir]
     * C:\Program Files\Windows Defender\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpClient.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpEvMsg.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpOAV.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpRtMon.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpRtPlug.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpSigDwn.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpSoftEx.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpSvc.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MSASCui.exe => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MsMpCom.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MsMpRes.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.0.6000.16386_none_b3613e39beae266f\MpEvMsg.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpClient.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpOAV.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpRtMon.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpRtPlug.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpSigDwn.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpSoftEx.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpSvc.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MSASCui.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpCom.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpRes.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpClient.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpOAV.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpRtMon.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpRtPlug.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpSigDwn.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpSvc.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MSASCui.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpCom.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpRes.dll => c:\windows\system32\config [File]

Checking Windows Service Integrity:

 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Automatic

 * WinDefend [Missing Service]

 * SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost
  ::1             localhost

Program finished at: 08/04/2013 01:23:46 PM
Execution time: 0 hours(s), 0 minute(s), and 31 seconds(s)



#3 sanj15

sanj15
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 04 August 2013 - 10:14 AM

i solved it myself

:D

just ran rkill

then tdss

then hitmanpro

which found and repaired the issues with windows defender which was blocking the files from downloading

and presto we are good



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:57 AM

Posted 07 August 2013 - 03:16 AM

Hi,

 

Do you still need a help?

Regarding your RKILL log some of the services are missing or damaged and should be repaired...

 

 

Regards,

Georgi


cXfZ4wS.png


#5 sanj15

sanj15
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 07 August 2013 - 05:04 AM

hey georgi, i fixed the main issue but if you still think somethings need repairing then go ahead im happy for any help

 

most recent rkill report:

Rkill 2.5.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/07/2013 11:00:55 AM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * SMTMP folder detected. Please see this link for more information: http://www.bleepingcomputer.com/forums/topic405109.html

 * ALERT: ZEROACCESS rootkit symptoms found!

     * C:\Program Files\Google\Desktop\Install\{46bdc989-289d-ea48-ab74-525a3982e5a1}\ [ZA Dir]
     * C:\Program Files\Google\Desktop\Install\{46bdc989-289d-ea48-ab74-525a3982e5a1}\   \ [ZA Dir]
     * C:\Program Files\Google\Desktop\Install\{46bdc989-289d-ea48-ab74-525a3982e5a1}\   \...\ [ZA Dir]
     * C:\Program Files\Google\Desktop\Install\{46bdc989-289d-ea48-ab74-525a3982e5a1}\   \...\ﯹ๛\ [ZA Dir]
     * C:\Program Files\Google\Desktop\Install\{46bdc989-289d-ea48-ab74-525a3982e5a1}\   \...\ﯹ๛\{46bdc989-289d-ea48-ab74-525a3982e5a1}\ [ZA Dir]

Checking Windows Service Integrity:

 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Automatic

 * WinDefend [Missing Service]

 * SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost
  ::1             localhost

Program finished at: 08/07/2013 11:02:32 AM
Execution time: 0 hours(s), 1 minute(s), and 36 seconds(s)



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:57 AM

Posted 07 August 2013 - 05:19 AM

Hi,

 

 

I have bad news for you. You are still infected...

 

Please download a new version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#7 sanj15

sanj15
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 07 August 2013 - 07:30 AM

hey, downloaded and scan run find results below

cheers,

sanj

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-08-2013
Ran by sanjeev (administrator) on 07-08-2013 13:19:13
Running from C:\Users\sanjeev\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
() C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(CyberLink) C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\sanjeev\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files\RocketDock\RocketDock.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(BitTorrent Inc.) C:\Program Files\uTorrent\uTorrent.exe
(Akamai Technologies, Inc.) C:\Users\sanjeev\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [5369856 2008-03-26] (Realtek Semiconductor)
HKLM\...\Run: [Acer Empowering Technology Monitor] - C:\Program Files\Acer\Empowering Technology\SysMonitor.exe [319488 2008-04-25] ()
HKLM\...\Run: [EmpoweringTechnology] - C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe [319488 2008-04-25] ()
HKLM\...\Run: [eDataSecurity Loader] - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-05] (Egis Incorporated)
HKLM\...\Run: [PCMMediaSharing] - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [204908 2008-01-26] ()
HKLM\...\Run: [PlayMovie] - C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe [172032 2007-12-20] (CyberLink Corp.)
HKLM\...\Run: [WarReg_PopUp] - C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.)
HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-02-07] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [54832 2007-02-07] ()
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [NBAgent] - C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-03-26] (Nero AG)
HKLM\...\Run: [NeroCheck] - C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-30] ()
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
HKCU\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKCU\...\Run: [SRS Audio Sandbox] - "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme [x]
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\sanjeev\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [RocketDock] - C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKCU\...\Run: [DU8AgVZXOqdQ2s] - C:\ProgramData\DU8AgVZXOqdQ2s.exe [x]
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [3905408 2012-07-11] (SUPERAntiSpyware.com)
HKCU\...\Run: [uTorrent] - C:\Program Files\uTorrent\uTorrent.exe [802136 2013-05-02] (BitTorrent Inc.)
HKCU\...\Run: [Google Update*] -  [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
MountPoints2: M - M:\LaunchU3.exe -a
MountPoints2: {1297b408-8d8e-11df-85b7-001fe2066a35} - M:\LaunchU3.exe -a
MountPoints2: {e10bd3c0-8c35-11df-94bf-001fe2066a35} - M:\APPInst.exe
MountPoints2: {e6d6ff9b-32d8-11e1-b2c0-001fe2066a35} - M:\USBAutoRun.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-21] (Microsoft Corporation)
HKU\Default\...\RunOnce: [RUN] - C:\Windows\Acer_Normal\run_DT.exe [ 2007-04-19] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-21] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [RUN] - C:\Windows\Acer_Normal\run_DT.exe [ 2007-04-19] ()
HKU\Guest\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-21] (Microsoft Corporation)
HKU\Guest\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe [ 2013-06-12] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0F0EtBtDyCyC0AtAyD0EyEyB0CtN0D0Tzu0CyDzztBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=703079874&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
URLSearchHook: (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} -  No File
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0F0EtBtDyCyC0AtAyD0EyEyB0CtN0D0Tzu0CyDzztBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=703079874&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0F0EtBtDyCyC0AtAyD0EyEyB0CtN0D0Tzu0CyDzztBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=703079874&ir=
SearchScopes: HKLM - {68C490A9-7F84-762A-844D-250864906B10} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
Toolbar: HKLM - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU -uTorrentBar Toolbar - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
Toolbar: HKCU -Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKCU -No Name - {32EA9CD0-5187-4FE3-B989-B4D1408D2802} -  No File
Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU -No Name - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} -  No File
Toolbar: HKCU -No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\sanjeev\AppData\Roaming\Mozilla\Firefox\Profiles\182xx2uv.default
FF user.js: detected! => C:\Users\sanjeev\AppData\Roaming\Mozilla\Firefox\Profiles\182xx2uv.default\user.js
FF Homepage: hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0F0EtBtDyCyC0AtAyD0EyEyB0CtN0D0Tzu0CyDzztBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=703079874&ir=
FF SelectedSearchEngine: Mysearchdial
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_39 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\sanjeev\AppData\Roaming\Mozilla\Firefox\Profiles\182xx2uv.default\searchplugins\Mysearchdial.xml
FF Extension: No Name - C:\Users\sanjeev\AppData\Roaming\Mozilla\Firefox\Profiles\182xx2uv.default\Extensions\staged
FF Extension: No Name - C:\Users\sanjeev\AppData\Roaming\Mozilla\Firefox\Profiles\182xx2uv.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
FF Extension: Vuze Remote  - C:\Users\sanjeev\AppData\Roaming\Mozilla\Firefox\Profiles\182xx2uv.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF Extension: No Name - C:\Users\sanjeev\AppData\Roaming\Mozilla\Firefox\Profiles\182xx2uv.default\Extensions\{35379F86-8CCB-4724-AE33-4278DE266C70}
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{4bcdbfd0-fa26-11de-8a39-0800200c9a66}] C:\Users\sanjeev\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFFPlgn\

Chrome:
=======
CHR HomePage: hxxp://google.com/
CHR RestoreOnStartup: "hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0F0EtBtDyCyC0AtAyD0EyEyB0CtN0D0Tzu0CyDzztBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=703079874&ir="
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\sanjeev\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\sanjeev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Norton Identity Protection) - C:\Users\sanjeev\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\sanjeev\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Newtab) - C:\Users\sanjeev\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.0.2_0
CHR Extension: (Gmail) - C:\Users\sanjeev\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\sanjeev\AppData\Local\mysearchdial_speedial_v9.0.2.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-12] (SUPERAntiSpyware.com)
R2 Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [269448 2008-01-26] (CyberLink)
S3 Autodesk Network Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe [1322648 2008-06-05] (Autodesk, Inc.)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-04-25] ()
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [490280 2010-03-25] (Nero AG)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [262247 2006-07-19] ()
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{46bdc989-289d-ea48-ab74-525a3982e5a1}\   \...\???\{46bdc989-289d-ea48-ab74-525a3982e5a1}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S4 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [170000 2007-12-19] (AMD Technologies Inc.)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
S3 cpuz134; C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys [20328 2010-07-09] (Windows ® Win 7 DDK provider)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-09] (Symantec Corporation)
S3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2010-06-23] (Windows ® Win 7 DDK provider)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130806.001\IDSvix86.sys [386720 2013-04-30] (Symantec Corporation)
R2 int15; C:\Windows\system32\drivers\int15.sys [15392 2008-04-25] (Acer, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130806.019\NAVENG.SYS [93272 2013-06-18] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130806.019\NAVEX15.SYS [1611992 2013-06-18] (Symantec Corporation)
S3 PSSDK42; C:\Windows\system32\Drivers\pssdk42.sys [38976 2012-04-30] (microOLAP Technologies LTD)
S3 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [53312 2012-04-30] (microOLAP Technologies LTD)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SRS_SSCFilter; C:\Windows\System32\drivers\srs_sscfilter_i386.sys [268912 2009-12-15] ()
R1 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.)
R2 zntport; C:\Windows\system32\drivers\zntport.sys [6080 2008-02-26] (Zeal SoftStudio)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl [41456 2007-12-20] (Cyberlink Corp.)
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; C:\Program Files\CyberLink\PowerDVD\000.fcl [13560 2006-11-02] (Cyberlink Corp.)
U2 ccEvtMgr;
U2 ccSetMgr;
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 MFE_RR; \??\C:\Users\sanjeev\AppData\Local\Temp\mfe_rr.sys [x]
U3 navapsvc;
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
U3 SAVRT;
U1 SAVRTPEL;
U3 TlntSvr;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-07 13:19 - 2013-08-07 13:19 - 00000000 ____D C:\FRST
2013-08-07 13:18 - 2013-08-07 13:18 - 01229076 _____ (Farbar) C:\Users\sanjeev\Desktop\FRST.exe
2013-08-07 11:00 - 2013-08-07 11:02 - 00004136 _____ C:\Users\sanjeev\Desktop\Rkill.txt
2013-08-07 10:55 - 2013-08-07 10:55 - 00000000 ____D C:\Users\sanjeev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2013-08-04 16:54 - 2013-08-04 16:54 - 00000000 ____D C:\Program Files\Lame For Audacity
2013-08-04 16:12 - 2013-08-04 16:12 - 00000000 ____D C:\Program Files\Audacity
2013-08-04 15:53 - 2013-08-04 15:53 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-08-04 15:39 - 2013-08-04 15:53 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-04 15:38 - 2013-08-04 15:56 - 09158600 _____ (SurfRight B.V.) C:\Users\sanjeev\Downloads\HitmanPro.exe
2013-08-04 15:38 - 2013-08-04 15:55 - 00423709 _____ C:\Users\sanjeev\AppData\Local\mysearchdial_speedial_v9.0.2.crx
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\Users\sanjeev\AppData\Roaming\mysearchdial
2013-08-04 12:03 - 2013-08-04 12:14 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Orbit
2013-08-04 12:03 - 2013-08-04 12:03 - 00000000 ____D C:\Users\Guest\AppData\Roaming\ProgSense
2013-08-03 13:52 - 2013-08-03 13:52 - 00002200 _____ C:\{B2C0EFD8-BF7C-41BF-BF96-BD0533C35F14}
2013-08-03 13:50 - 2013-08-03 13:50 - 00002216 _____ C:\{D46F90B2-BF0E-4C09-BEF1-9963FDEE8C53}
2013-08-03 13:47 - 2013-08-03 13:47 - 00002240 _____ C:\{16B80FCD-0C01-42A4-8AA5-178FD7B787B0}
2013-08-03 13:44 - 2013-08-03 13:44 - 00002528 _____ C:\{F6C4D38F-4EA1-4C48-AD59-D0538AAB6428}
2013-08-03 13:42 - 2013-08-03 13:42 - 00002544 _____ C:\{115DE706-9ADB-4E32-82C2-774F62FE3CF4}
2013-08-03 13:35 - 2013-08-03 13:35 - 00002560 _____ C:\{AE09740E-817B-4BBB-9C5C-938396C09723}
2013-08-03 13:04 - 2013-08-03 13:04 - 00002656 _____ C:\{207AD41F-B25C-4F13-AB65-A55CAA607792}
2013-08-03 11:30 - 2013-08-03 11:30 - 00003464 _____ C:\{4A65C007-BBB3-411A-92AD-A64E7813359A}
2013-08-03 10:59 - 2013-08-03 10:59 - 00146488 _____ C:\Windows\Minidump\Mini080313-02.dmp
2013-08-03 10:58 - 2013-08-03 10:58 - 00146488 _____ C:\Windows\Minidump\Mini080313-01.dmp
2013-08-02 13:21 - 2013-08-02 13:21 - 00146488 _____ C:\Windows\Minidump\Mini080213-02.dmp
2013-08-02 13:20 - 2013-08-02 13:20 - 00146488 _____ C:\Windows\Minidump\Mini080213-01.dmp
2013-08-02 12:06 - 2013-08-02 13:26 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-02 12:05 - 2013-08-04 15:11 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-08-02 11:30 - 2013-08-02 11:30 - 00004352 _____ C:\{64D10FD6-14EC-46B4-8A89-6CE822921E75}
2013-07-17 14:37 - 2013-07-25 17:38 - 00000000 ____D C:\Users\sanjeev\Desktop\Revit Prints

==================== One Month Modified Files and Folders =======

2013-08-07 13:19 - 2013-08-07 13:19 - 00000000 ____D C:\FRST
2013-08-07 13:19 - 2010-07-08 16:43 - 00000000 ____D C:\Users\sanjeev\AppData\Roaming\uTorrent
2013-08-07 13:18 - 2013-08-07 13:18 - 01229076 _____ (Farbar) C:\Users\sanjeev\Desktop\FRST.exe
2013-08-07 13:15 - 2013-03-06 18:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-07 13:15 - 2006-11-02 13:47 - 00003216 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-07 13:15 - 2006-11-02 13:47 - 00003216 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-07 11:02 - 2013-08-07 11:00 - 00004136 _____ C:\Users\sanjeev\Desktop\Rkill.txt
2013-08-07 11:01 - 2010-08-10 15:43 - 00000000 ____D C:\Users\sanjeev\AppData\Local\CrashDumps
2013-08-07 11:00 - 2010-07-07 02:47 - 01893416 _____ C:\Windows\WindowsUpdate.log
2013-08-07 10:55 - 2013-08-07 10:55 - 00000000 ____D C:\Users\sanjeev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2013-08-07 10:55 - 2010-07-12 12:51 - 00000000 ____D C:\Users\sanjeev\Tracing
2013-08-07 10:53 - 2011-04-01 20:30 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-07 10:53 - 2008-01-21 03:47 - 08953902 _____ C:\Windows\PFRO.log
2013-08-07 10:53 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-07 00:08 - 2006-11-02 14:01 - 00032646 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-06 21:25 - 2011-04-01 20:30 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-06 17:19 - 2010-07-08 14:40 - 00001356 _____ C:\Users\sanjeev\AppData\Local\d3d9caps.dat
2013-08-05 21:59 - 2010-07-08 17:32 - 00181248 _____ C:\Users\sanjeev\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-05 11:04 - 2008-03-16 00:05 - 00000000 ____D C:\Program Files\NewTech Infosystems
2013-08-05 11:04 - 2008-03-15 23:33 - 00000000 ____D C:\Program Files\InstallShield Installation Information
2013-08-05 10:58 - 2012-02-06 19:25 - 00000000 ____D C:\Program Files\HTC
2013-08-05 10:58 - 2011-04-12 16:01 - 00000000 ____D C:\Users\sanjeev\AppData\Local\Downloaded Installations
2013-08-05 10:57 - 2008-03-16 00:06 - 00000259 _____ C:\Windows\system32\agent.log
2013-08-04 17:03 - 2012-01-10 11:29 - 00000000 ____D C:\Users\sanjeev\AppData\Roaming\Audacity
2013-08-04 16:54 - 2013-08-04 16:54 - 00000000 ____D C:\Program Files\Lame For Audacity
2013-08-04 16:12 - 2013-08-04 16:12 - 00000000 ____D C:\Program Files\Audacity
2013-08-04 16:00 - 2012-01-20 13:29 - 00000000 ____D C:\Users\sanjeev\Desktop\Stuff
2013-08-04 15:56 - 2013-08-04 15:38 - 09158600 _____ (SurfRight B.V.) C:\Users\sanjeev\Downloads\HitmanPro.exe
2013-08-04 15:55 - 2013-08-04 15:38 - 00423709 _____ C:\Users\sanjeev\AppData\Local\mysearchdial_speedial_v9.0.2.crx
2013-08-04 15:53 - 2013-08-04 15:53 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-08-04 15:53 - 2013-08-04 15:39 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\Users\sanjeev\AppData\Roaming\mysearchdial
2013-08-04 15:11 - 2013-08-02 12:05 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-08-04 12:14 - 2013-08-04 12:03 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Orbit
2013-08-04 12:03 - 2013-08-04 12:03 - 00000000 ____D C:\Users\Guest\AppData\Roaming\ProgSense
2013-08-04 12:03 - 2012-02-12 13:40 - 00000000 ____D C:\Users\Guest\AppData\Local\Htc
2013-08-04 12:03 - 2012-02-05 15:01 - 00138872 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-04 12:02 - 2012-02-12 13:39 - 00000000 ____D C:\Users\Guest\AppData\Roaming\HTC
2013-08-04 12:02 - 2012-02-05 15:01 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Apple Computer
2013-08-04 09:39 - 2010-08-20 10:46 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-08-04 09:38 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Cursors
2013-08-03 13:52 - 2013-08-03 13:52 - 00002200 _____ C:\{B2C0EFD8-BF7C-41BF-BF96-BD0533C35F14}
2013-08-03 13:50 - 2013-08-03 13:50 - 00002216 _____ C:\{D46F90B2-BF0E-4C09-BEF1-9963FDEE8C53}
2013-08-03 13:47 - 2013-08-03 13:47 - 00002240 _____ C:\{16B80FCD-0C01-42A4-8AA5-178FD7B787B0}
2013-08-03 13:44 - 2013-08-03 13:44 - 00002528 _____ C:\{F6C4D38F-4EA1-4C48-AD59-D0538AAB6428}
2013-08-03 13:42 - 2013-08-03 13:42 - 00002544 _____ C:\{115DE706-9ADB-4E32-82C2-774F62FE3CF4}
2013-08-03 13:35 - 2013-08-03 13:35 - 00002560 _____ C:\{AE09740E-817B-4BBB-9C5C-938396C09723}
2013-08-03 13:04 - 2013-08-03 13:04 - 00002656 _____ C:\{207AD41F-B25C-4F13-AB65-A55CAA607792}
2013-08-03 11:30 - 2013-08-03 11:30 - 00003464 _____ C:\{4A65C007-BBB3-411A-92AD-A64E7813359A}
2013-08-03 10:59 - 2013-08-03 10:59 - 00146488 _____ C:\Windows\Minidump\Mini080313-02.dmp
2013-08-03 10:59 - 2010-11-06 18:24 - 272157395 _____ C:\Windows\MEMORY.DMP
2013-08-03 10:59 - 2010-11-06 18:24 - 00000000 ____D C:\Windows\Minidump
2013-08-03 10:58 - 2013-08-03 10:58 - 00146488 _____ C:\Windows\Minidump\Mini080313-01.dmp
2013-08-02 22:32 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\tapi
2013-08-02 13:36 - 2012-02-23 13:28 - 00000000 ____D C:\Users\sanjeev\AppData\Local\NPE
2013-08-02 13:26 - 2013-08-02 12:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-02 13:21 - 2013-08-02 13:21 - 00146488 _____ C:\Windows\Minidump\Mini080213-02.dmp
2013-08-02 13:20 - 2013-08-02 13:20 - 00146488 _____ C:\Windows\Minidump\Mini080213-01.dmp
2013-08-02 11:40 - 2010-08-09 12:22 - 00000000 ____D C:\ProgramData\Norton
2013-08-02 11:30 - 2013-08-02 11:30 - 00004352 _____ C:\{64D10FD6-14EC-46B4-8A89-6CE822921E75}
2013-08-02 10:11 - 2010-07-09 14:51 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-01 18:29 - 2010-10-20 17:51 - 00000000 ____D C:\Program Files\Google
2013-08-01 18:28 - 2011-04-01 20:30 - 00000000 ____D C:\Users\sanjeev\AppData\Local\Google
2013-07-26 19:25 - 2006-11-02 11:33 - 00755222 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-25 17:38 - 2013-07-17 14:37 - 00000000 ____D C:\Users\sanjeev\Desktop\Revit Prints
2013-07-25 17:38 - 2011-04-27 21:54 - 00000000 ____D C:\Users\sanjeev\AppData\Local\CutePDF Writer
2013-07-24 19:53 - 2013-05-09 14:05 - 00000000 ____D C:\Users\sanjeev\Desktop\Ecotect Files

Files to move or delete:
====================
ZeroAccess:
C:\Program Files\Google\Desktop\Install\{46bdc989-289d-ea48-ab74-525a3982e5a1}
C:\ProgramData\sysqcl1129139270.dat

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-08-07 11:02

==================== End Of Log ============================



#8 sanj15

sanj15
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 07 August 2013 - 07:31 AM

Addition Report

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-08-2013
Ran by sanjeev at 2013-08-07 13:23:59
Running from C:\Users\sanjeev\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
µTorrent (Version: 3.2.2.28595)
1400 (Version: 82.0.242.000)
1400_Help (Version: 82.0.242.000)
1400Trb (Version: 82.0.242.000)
32 Bit HP CIO Components Installer (Version: 7.1.8)
AC3Filter 1.62b (Version: 1.62b)
Acer Arcade Live Main Page (Version: 1.1.1331)
Acer DV Magician (Version: 1.5.0920)
Acer DVDivine (Version: 3.2.1109)
Acer eDataSecurity Management (Version: 3.0.3060)
Acer Empowering Technology (Version: 3.0.3008)
Acer eSettings Management (Version: 3.0.3006)
Acer GameZone Console DTV 2.0.1.1
Acer HomeMedia (Version: 1.4.1331)
Acer HomeMedia Connect (Version: 1.4.4931)
Acer HomeMedia Trial Creator (Version: 1.4.1331)
Acer PlayMovie (Version: BD 1.5.3620)
Acer ScreenSaver (Version: 4.01.0422)
Acer SlideShow DVD (Version: 1.5.1109)
Acer VideoMagician (Version: 1.4.1017)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe AIR (Version: 3.1.0.4880)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Illustrator CS5 (Version: 15.0)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader 8.3.1 (Version: 8.3.1)
Adobe® Photoshop® Elements 3.0 (Version: 003.000.0000)
Advertising Center (Version: 0.0.0.2)
Agatha Christie Death on the Nile
Ahead Nero Burning ROM
AIO_CDB_ProductContext (Version: 82.0.242.000)
AIO_CDB_Software (Version: 82.0.242.000)
AIO_Scan (Version: 82.0.173.000)
Akamai NetSession Interface Service
Alice Greenfingers
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Ares 2.1.5 (Version: 2.1.5-Build#3039)
Ares 3.1.7.3042 (Version: 3.1.7.3042)
ATI Catalyst Install Manager (Version: 3.0.664.0)
Audacity 2.0.3 (Version: 2.0.3)
AutoCAD 2011 - English (Version: 18.1.49.0)
AutoCAD 2011 Language Pack - English (Version: 18.1.49.0)
Autodesk Design Review 2011 (Version: 11.0.0.86)
Autodesk Ecotect Analysis 2011 (Version: 2011)
Autodesk Ecotect Shared Components (Version: 20.11.0)
Autodesk Material Library 2011 (Version: 2.0.0.100)
Autodesk Material Library 2011 Base Image library (Version: 2.0.0.49)
Autodesk Material Library 2011 Medium Image library (Version: 2.0.0.49)
Autodesk Revit Architecture 2011 (Version: 10.03.26170)
AviSynth 2.5
AVS Cover Editor 2.0.1.3
AVS Disc Creator 5
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.4
Azada
Backspin Billiards
Big Kahuna Reef
Bing Bar (Version: 7.0.822.0)
Bonjour (Version: 3.0.0.10)
Bookworm Deluxe
Bricks of Egypt
Bubsy
BufferChm (Version: 82.0.173.000)
Cake Mania
Chicken Invaders 3
Chuzzle
Conduit Engine (Version: )
Copy (Version: 82.0.188.000)
CustomerResearchQFolder (Version: 1.00.0000)
CutePDF Writer 2.8
Daysim (Version: 4.0.0.0)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DesignBuilder (HKCU Version: 2.6.0.012)
Destinations (Version: 82.0.173.000)
DeviceManagementQFolder (Version: 1.00.0000)
Diner Dash Flo on the Go
DivX Converter Mobile (Version: 1.0.0)
DivX Converter Mobile (Version: 7.1.0)
DivX Plus DirectShow Filters
DivX Setup (Version: 2.6.1.22)
DocProc (Version: 8.1.0.0)
DocProcQFolder (Version: 1.00.0000)
Drumaxx
EDSL Tas (Version: 9.2.0)
EMCO Malware Destroyer 6
eSobi v2 (Version: 2.0.3.000189)
eSupportQFolder (Version: 1.00.0000)
FARO LS 1.1.406.58 (Version: 4.6.58.2)
Fax (Version: 82.0.188.000)
FIFA Soccer 2000 Gold Edition
FileOpen Client (Version: 3.0.35.879)
FL Studio 9
Flip Words 2
Free M4a to MP3 Converter 6.2
Google Chrome (Version: 28.0.1500.95)
Google SketchUp 8 (Version: 3.0.3117)
Google Update Helper (Version: 1.3.21.153)
Hardcore
High-Definition Video Playback 10 (Version: 7.0.11400.29.0)
HP Customer Participation Program 8.0 (Version: 8.0)
HP Deskjet 3050 J610 series Basic Device Software (Version: 22.0.334.0)
HP Deskjet 3050 J610 series Help (Version: 140.0.63.63)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP OCR Software 8.0 (Version: 8.0)
HP Photo Creations (Version: 1.0.0.3341)
HP Photosmart Essential (Version: 1.12.0.46)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (Version: 8.0)
HP Product Assistant (Version: 100.000.001.000)
HP Solution Center 8.0 (Version: 8.0)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 82.0.173.000)
HPSSupply (Version: 2.1.3.0000)
HTC BMP USB Driver (Version: 1.0.5375)
HTC Driver Installer (Version: 3.0.0.018)
IES VE-Ware/Toolkits (Version: 3.8.1)
IESVE Standard Data & Weather Files (Version: 2.4.0)
IL Download Manager
ImagXpress (Version: 7.0.74.0)
iTunes (Version: 10.6.3.25)
Java™ 6 Update 39 (Version: 6.0.390)
Jewel Quest Solitaire
Junk Mail filter update (Version: 14.0.8117.416)
Jurassic Park - Rampage Edition
Kick N Rush
K-Lite Codec Pack 8.1.0 (Basic) (Version: 8.1.0)
LAME v3.99.3 (for Windows)
LG PC Suite III (Version: 1.0.0.0)
LG USB Modem Drivers (Version: 4.9.4)
LightScribe  1.4.142.1 (Version: 1.4.142.1)
Mahjong Escape Ancient China
Mahjongg Artifacts
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 82.0.174.000)
MediaInfo 0.7.58 (Version: 0.7.58)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (Version: 12.0.6423.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Project MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Project Professional 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42)
Microsoft Project 2010 Service Pack 1 (SP1)
Microsoft Project Professional 2010 (Version: 14.0.6029.1000)
Microsoft Report Viewer Redistributable 2008 (KB971118)
Microsoft Report Viewer Redistributable 2008 (KB971118) (Version: 9.0.21024)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729 (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (Version: 9.0.30729)
Microsoft Works (Version: 08.05.0818)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
Nero 10 Menu TemplatePack Basic (Version: 10.0.10600.6.0)
Nero 10 Movie ThemePack Basic (Version: 10.0.10600.6.0)
Nero 9 Essentials
Nero BackItUp 10 (Version: 5.4.11600.19.100)
Nero BackItUp 10 Help (CHM) (Version: 1.0.10700)
Nero Burning ROM 10 (Version: 10.0.11100.10.100)
Nero BurningROM 10 Help (CHM) (Version: 1.0.10700)
Nero BurnRights (Version: 3.4.4.100)
Nero BurnRights 10 (Version: 4.0.11000.12.100)
Nero BurnRights 10 Help (CHM) (Version: 1.0.10600)
Nero BurnRights Help (Version: 3.4.4.100)
Nero Control Center 10 (Version: 10.0.12000.1.4)
Nero ControlCenter (Version: 9.0.0.1)
Nero ControlCenter 10 Help (CHM) (Version: 1.0.10700)
Nero Core Components 10 (Version: 2.0.13700.0.1)
Nero CoverDesigner (Version: 4.4.6.100)
Nero CoverDesigner 10 (Version: 5.0.10900.11.100)
Nero CoverDesigner 10 Help (CHM) (Version: 1.0.10600)
Nero CoverDesigner Help (Version: 4.4.6.100)
Nero Disc Copy Gadget (Version: 2.4.34.0)
Nero Disc Copy Gadget Help (Version: 2.4.34.0)
Nero DiscCopy Gadget 10 (Version: 3.0.10700.9.100)
Nero DiscCopyGadget 10 Help (CHM) (Version: 1.0.10600)
Nero DiscSpeed (Version: 4.99.5.105)
Nero DiscSpeed 10 (Version: 6.0.10800.7.100)
Nero DiscSpeed 10 Help (CHM) (Version: 1.0.10600)
Nero Dolby Files 10 (Version: 2.0.11000.0.10)
Nero DriveSpeed (Version: 4.4.4.100)
Nero DriveSpeed Help (Version: 4.4.4.100)
Nero Express 10 (Version: 10.0.11000.10.100)
Nero Express 10 Help (CHM) (Version: 1.0.10700)
Nero Express Help (Version: 9.4.7.100)
Nero InfoTool (Version: 5.99.5.105)
Nero InfoTool 10 (Version: 7.0.10800.8.100)
Nero InfoTool 10 Help (CHM) (Version: 1.0.10600)
Nero Installer (Version: 4.4.9.0)
Nero MediaHub 10 (Version: 1.0.13400.11.100)
Nero MediaHub 10 Help (CHM) (Version: 1.0.10700)
Nero Multimedia Suite 10 (Version: 10.0.13100)
Nero Online Upgrade (Version: 1.3.0.0)
Nero Recode 10 (Version: 4.6.10900.4.100)
Nero Recode 10 Help (CHM) (Version: 1.0.10600)
Nero RescueAgent 10 (Version: 3.0.10900.9.100)
Nero RescueAgent 10 Help (CHM) (Version: 1.0.10700)
Nero SoundTrax 10 (Version: 4.6.10600.2.100)
Nero SoundTrax 10 Help (CHM) (Version: 1.0.10600)
Nero StartSmart (Version: 9.4.6.100)
Nero StartSmart 10 (Version: 10.0.11200.12.100)
Nero StartSmart 10 Help (CHM) (Version: 1.0.10700)
Nero StartSmart Help (Version: 9.4.6.100)
Nero Update (Version: 1.0.0017)
Nero Vision 10 (Version: 7.0.11100.8.100)
Nero Vision 10 Help (CHM) (Version: 1.0.10600)
Nero WaveEditor 10 (Version: 5.6.10600.2.100)
Nero WaveEditor 10 Help (CHM) (Version: 1.0.10600)
NeroExpress (Version: 9.4.7.100)
neroxml (Version: 1.0.0)
Norton Internet Security (Version: 20.4.0.40)
NTI Media Maker 8 (Version: 8.0.2.6315)
NVIDIA 3D Vision Controller Driver 320.18 (Version: 320.18)
NVIDIA Control Panel 320.18 (Version: 320.18)
NVIDIA Graphics Driver 320.18 (Version: 320.18)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Opera 12.15 (Version: 12.15.1748)
Orbit Downloader
PandoraRecovery (Remove Only)
PC Inspector File Recovery (Version: 4.0)
PC Wizard 2010.1.96
PDF Form Filler 2 (Version: 2.0.473)
PDF Settings CS5 (Version: 10.0)
PG583_32_inf (Version: 6.01.0042)
Pit Fighter
PoiZone
PowerDVD (Version: 7.30.0000)
PS3 Video 9 6 (Version: 6)
PSP Video 9 6 (Version: 6)
QuickTime (Version: 7.72.80.56)
Realtek High Definition Audio Driver (Version: 6.0.1.5591)
Recover Files 3.28
Road Rash 2
Road Rash 3
RocketDock 1.3.5
Safari (Version: 5.34.57.2)
Sakura
Sawer
Scan (Version: 8.1.0.0)
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) (Version: 1.0.0)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (Version: 1.0.0)
Shinobi 3 - Return of the Ninja Master
SolutionCenter (Version: 82.0.188.000)
Sonic and Knuckles
Sonic Compilation
Sonic the Hedgehog
Spotify (HKCU Version: 0.8.3.222.g317ab79d)
Status (Version: 82.0.173.000)
Street Fighter 2 Plus Champion Edition
Streets of Rage 2
SUPERAntiSpyware (Version: 5.0.1144)
Teenage Mutant Ninja Turtles - The Hyperstone Heist
Toolbox (Version: 82.0.173.000)
Toxic Biohazard
TrayApp (Version: 82.0.188.000)
Turbo Pizza
Ultimate Mortal Kombat 3
UnloadSupport (Version: 1.00.0000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
uTorrentBar Toolbar (Version: 6.2.7.3)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VC80MFCRedist - 8.0.50727.4053 (Version: 1.0.0)
VirtualLab Client 5.7.5
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (Version: 9.0.30729.177)
Visual C++ 8.0 CRT (x86) WinSXS MSM (Version: 8.0.50727.762)
WebReg (Version: 82.0.173.000)
Windows Driver Package - YUAN High-Tech Development Co. Ltd. (OmniTV) Media  (12/14/2007 6.1.32.42) (Version: 12/14/2007 6.1.32.42)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Family Safety (Version: 14.0.8118.427)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
WinRAR archiver
WWF RAW
WWF Royal Rumble
WWF Super Wrestlemania
WWF Wrestlemania Arcade
XMedia Recode version 3.1.2.5 (Version: 3.1.2.5)
Zuma Deluxe
 

==================== Restore Points  =========================

==================== Hosts content: ==========================

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {068DCFEE-C6C2-444B-86E3-F116F041F67C} - System32\Tasks\AdobeAAMUpdater-1.0-SANJEEV-PC-sanjeev => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {097C16EA-BE54-4CFB-9515-FFBCEDAFC476} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {10D49950-6256-4C95-9D60-FEA371020FBC} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1DC95A7E-804D-49E4-BA2A-6272DF4AFE26} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {2BD39A8D-1537-41B0-8CD1-158843C5880C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3EB97147-B2CB-433F-884D-49541FF84982} - System32\Tasks\0 => c:\program files\internet explorer\iexplore.exe [2011-05-28] (Microsoft Corporation)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {58608DAA-9984-4C29-9A90-87942742AF0D} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-21] (Microsoft Corp.)
Task: {5B3DB06F-98AC-4E5F-A17A-E56AA13E31A3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-01] (Google Inc.)
Task: {60ED6102-B654-4DAF-9179-7A477814AF3E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-01] (Google Inc.)
Task: {9108A834-AF16-45C1-B208-D18A85F5E4FA} - System32\Tasks\4929 => C:\Windows\System32\wscript.exe [2008-05-08] (Microsoft Corporation)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {ABEAF13F-16FE-4133-B8B9-90533231F05E} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation)
Task: {BF545BC5-13C4-4FCA-9F38-1240D4957C21} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe No File
Task: {CA9EDB9F-32C7-47C9-88F6-C36B4ED72EDE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/07/2013 11:16:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15616

Error: (08/07/2013 11:16:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15616

Error: (08/07/2013 11:16:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/07/2013 10:57:17 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.6001.18164, time stamp 0x4907e242, faulting module quartz.dll, version 6.6.6001.18461, time stamp 0x4bc88be7, exception code 0xc0000005, fault offset 0x000093ad,
process id 0x12e8, application start time 0xexplorer.exe0.

Error: (08/07/2013 10:55:02 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2013 09:43:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15147

Error: (08/06/2013 09:43:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15147

Error: (08/06/2013 09:43:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/06/2013 09:43:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14133

Error: (08/06/2013 09:43:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14133

System errors:
=============
Error: (08/07/2013 10:55:02 AM) (Source: Service Control Manager) (User: )
Description: Windows Firewall5 (0x5)

Error: (08/07/2013 10:53:42 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (08/07/2013 10:53:42 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.6 for the Network Card with network address 001FE2066A35 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (08/06/2013 04:40:45 PM) (Source: Service Control Manager) (User: )
Description: Windows Firewall5 (0x5)

Error: (08/06/2013 04:39:21 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (08/06/2013 04:39:20 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.6 for the Network Card with network address 001FE2066A35 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (08/05/2013 09:56:07 PM) (Source: Service Control Manager) (User: )
Description: Windows Firewall5 (0x5)

Error: (08/05/2013 09:54:52 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (08/05/2013 09:17:57 PM) (Source: DCOM) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}

Error: (08/05/2013 09:05:47 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.6 for the Network Card with network address 001FE2066A35 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Microsoft Office Sessions:
=========================
Error: (07/08/2013 01:03:00 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2537 seconds with 1980 seconds of active time.  This session ended with a crash.

Error: (09/13/2012 04:19:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1929 seconds with 900 seconds of active time.  This session ended with a crash.

Error: (02/25/2012 07:35:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4444 seconds with 1020 seconds of active time.  This session ended with a crash.

Error: (11/13/2011 06:05:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6546.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7402 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (05/22/2011 06:00:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/18/2011 01:34:15 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2013-08-07 13:20:21.086
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-07 13:20:20.834
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-07 13:20:20.587
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-07 13:20:20.372
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-07 13:20:20.197
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-07 13:20:19.963
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-07 13:20:19.726
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-07 13:20:19.474
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-07 13:20:19.048
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-07 13:20:18.826
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 3326.26 MB
Available physical RAM: 1842.31 MB
Total Pagefile: 6871.07 MB
Available Pagefile: 4812.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 1881.51 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:292.08 GB) (Free:53.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA 2) (Fixed) (Total:292.09 GB) (Free:255.14 GB) NTFS
Drive k: (PQSERVICE) (Fixed) (Total:12 GB) (Free:4.63 GB) NTFS
Drive l: (DATA 1) (Fixed) (Total:584.17 GB) (Free:140.3 GB) NTFS
Drive n: (Samsung Story Station) (Fixed) (Total:1397.26 GB) (Free:776.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 18F8971A)
Partition 1: (Active) - (Size=12 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=584 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 596 GB) (Disk ID: BCA3E424)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=292 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=292 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 1397 GB) (Disk ID: 9CD8131B)
Partition 1: (Active) - (Size=-698723991040) - (Type=07 NTFS)

==================== End Of Log ============================



#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:57 AM

Posted 07 August 2013 - 08:24 AM

Hi,

 

Download  file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi
 

 


cXfZ4wS.png


#10 sanj15

sanj15
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 07 August 2013 - 09:10 AM

hey, ran the fix it restarted then completed the fix after if booted back up, i did notice that my windows drive has an extra 15gb free after the reboot?

cheers

sanj

 

results

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-08-2013
Ran by sanjeev at 2013-08-07 15:02:28 Run:1
Running from C:\Users\sanjeev\Desktop
Boot Mode: Normal

==============================================

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\DU8AgVZXOqdQ2s => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Value deleted successfully.
HKCR\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} => Value deleted successfully.
HKCR\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key deleted successfully.
HKCR\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Key deleted successfully.
HKCR\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} => Value deleted successfully.
HKCR\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Value deleted successfully.
HKCR\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} => Value deleted successfully.
HKCR\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => Value deleted successfully.
HKCR\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} => Value deleted successfully.
HKCR\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32EA9CD0-5187-4FE3-B989-B4D1408D2802} => Value deleted successfully.
HKCR\CLSID\{32EA9CD0-5187-4FE3-B989-B4D1408D2802} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} => Value deleted successfully.
HKCR\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} => Value deleted successfully.
HKCR\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC} => Key not found.
Firefox homepage deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Users\sanjeev\AppData\Roaming\Mozilla\Firefox\Profiles\182xx2uv.default\searchplugins\Mysearchdial.xml => Moved successfully.
C:\Users\sanjeev\AppData\Roaming\Mozilla\Firefox\Profiles\182xx2uv.default\Extensions\staged => Moved successfully.
C:\Users\sanjeev\AppData\Roaming\Mozilla\Firefox\Profiles\182xx2uv.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} => Moved successfully.
C:\Users\sanjeev\AppData\Roaming\Mozilla\Firefox\Profiles\182xx2uv.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{4bcdbfd0-fa26-11de-8a39-0800200c9a66} => Value deleted successfully.
CHR RestoreOnStartup: "hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0F0EtBtDyCyC0AtAyD0EyEyB0CtN0D0Tzu0CyDzztBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=703079874&ir=" ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\sanjeev\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff => Key deleted successfully.
C:\Users\sanjeev\AppData\Local\mysearchdial_speedial_v9.0.2.crx => Moved successfully.
*etadpug => Service deleted successfully.
"C:\Users\sanjeev\AppData\Local\mysearchdial_speedial_v9.0.2.crx" => File/Directory not found.
C:\Users\sanjeev\AppData\Roaming\mysearchdial => Moved successfully.

========================= Folder: C:\{B2C0EFD8-BF7C-41BF-BF96-BD0533C35F14} ========================

2013-08-03 13:52 - 2013-08-03 13:52 - 0002200 ____A () C:\{B2C0EFD8-BF7C-41BF-BF96-BD0533C35F14}

====== End of Folder: ======

========================= Folder: C:\{D46F90B2-BF0E-4C09-BEF1-9963FDEE8C53} ========================

2013-08-03 13:50 - 2013-08-03 13:50 - 0002216 ____A () C:\{D46F90B2-BF0E-4C09-BEF1-9963FDEE8C53}

====== End of Folder: ======

========================= Folder: C:\{16B80FCD-0C01-42A4-8AA5-178FD7B787B0} ========================

2013-08-03 13:47 - 2013-08-03 13:47 - 0002240 ____A () C:\{16B80FCD-0C01-42A4-8AA5-178FD7B787B0}

====== End of Folder: ======

========================= Folder: C:\{F6C4D38F-4EA1-4C48-AD59-D0538AAB6428} ========================

2013-08-03 13:44 - 2013-08-03 13:44 - 0002528 ____A () C:\{F6C4D38F-4EA1-4C48-AD59-D0538AAB6428}

====== End of Folder: ======

========================= Folder: C:\{115DE706-9ADB-4E32-82C2-774F62FE3CF4} ========================

2013-08-03 13:42 - 2013-08-03 13:42 - 0002544 ____A () C:\{115DE706-9ADB-4E32-82C2-774F62FE3CF4}

====== End of Folder: ======

========================= Folder: C:\{AE09740E-817B-4BBB-9C5C-938396C09723} ========================

2013-08-03 13:35 - 2013-08-03 13:35 - 0002560 ____A () C:\{AE09740E-817B-4BBB-9C5C-938396C09723}

====== End of Folder: ======

========================= Folder: C:\{207AD41F-B25C-4F13-AB65-A55CAA607792} ========================

2013-08-03 13:04 - 2013-08-03 13:04 - 0002656 ____A () C:\{207AD41F-B25C-4F13-AB65-A55CAA607792}

====== End of Folder: ======

========================= Folder: C:\{4A65C007-BBB3-411A-92AD-A64E7813359A} ========================

2013-08-03 11:30 - 2013-08-03 11:30 - 0003464 ____A () C:\{4A65C007-BBB3-411A-92AD-A64E7813359A}

====== End of Folder: ======

========================= Folder: C:\{64D10FD6-14EC-46B4-8A89-6CE822921E75} ========================

2013-08-02 11:30 - 2013-08-02 11:30 - 0004352 ____A () C:\{64D10FD6-14EC-46B4-8A89-6CE822921E75}

====== End of Folder: ======

"C:\Program Files\Google\Desktop\Install\{46bdc989-289d-ea48-ab74-525a3982e5a1}" directory move:

Could not move "C:\Program Files\Google\Desktop\Install\{46bdc989-289d-ea48-ab74-525a3982e5a1}" directory. => Scheduled to move on reboot.

========================= Folder: C:\Program Files\Google\Desktop\Install ========================

====== End of Folder: ======
C:\ProgramData\sysqcl1129139270.dat => Moved successfully.

=========== Result of Scheduled Files to move ===========

"C:\Program Files\Google\Desktop\Install\{46bdc989-289d-ea48-ab74-525a3982e5a1}" => Directory could not move.

==== End of Fixlog ====



#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:57 AM

Posted 07 August 2013 - 09:24 AM

hey, ran the fix it restarted then completed the fix after if booted back up, i did notice that my windows drive has an extra 15gb free after the reboot?

 

Hi,

 

I am not sure why...I didn't include any temp files for removal. Maybe you used CCleaner or some of the tools you ran on your own purged the old restore points?

 

Anyway - the ZeroAccess folder is still there and we should use a different strategy

 

"C:\Program Files\Google\Desktop\Install\{46bdc989-289d-ea48-ab74-525a3982e5a1}" => Directory could not move.

 

 

  • Create a Restore Point
  • Please download a fresh copy of Combofix from here.
  • Save it to your Desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  Please refer to this link for instructions.
  • Double click it & follow the prompts.
  • If you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
  • Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
 

 

Regards,

Georgi

 

 


cXfZ4wS.png


#12 sanj15

sanj15
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 07 August 2013 - 10:48 AM

hey is there no mthod which does not warrant the need for system restore as i used it once and it restored the computer back to the day i brought it therefore i am a bit wary of using software such as combofix as it has been known to ruin pc's

 

therefore is there no other method of removal?

 

cheers

 

sanj



#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:57 AM

Posted 07 August 2013 - 11:01 AM

Standby, I am checking a few things with the developer of FRST.

 

 

Regards,

Georgi


cXfZ4wS.png


#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:57 AM

Posted 07 August 2013 - 12:39 PM

HI,

 

 

Please delete your copy of FRST.exe and download a fresh one from the link below:

 

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

 

Download file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi

 

 

 


cXfZ4wS.png


#15 sanj15

sanj15
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 07 August 2013 - 12:55 PM

Hey, done, says its removed it checked the folder and its gone,

 

Report:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-08-2013 03
Ran by sanjeev at 2013-08-07 18:48:18 Run:2
Running from C:\Users\sanjeev\Desktop
Boot Mode: Normal

==============================================

"C:\Program Files\Google\Desktop\Install\{46bdc989-289d-ea48-ab74-525a3982e5a1}" directory move:

Could not move "C:\Program Files\Google\Desktop\Install\{46bdc989-289d-ea48-ab74-525a3982e5a1}" directory. => Scheduled to move on reboot.

=========== Result of Scheduled Files to move ===========

C:\Program Files\Google\Desktop\Install\{46bdc989-289d-ea48-ab74-525a3982e5a1} => Deleted successfully.

==== End of Fixlog ====

 

cheers

 

Sanj






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users