Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with ZeroAccess Rootkit


  • This topic is locked This topic is locked
48 replies to this topic

#1 cthulhusquid

cthulhusquid

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 11 August 2013 - 05:03 PM

Last night I got infected with the ZeroAccess Rootkit and it immediately started to spam Trojans, all of which were blocked by Avira (with the exception of Trojan.0Access). I haven't noticed any performance problems (except for the windows explorer crashing when trying to open the rootkit's directory). As for now, I am running my computer in Safe mode with networking to prevent further damage or attacks. I was referred here by Broni.

 

DDS.txt results

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.17.2
Run by owner at 14:38:10 on 2013-08-11
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6055.4832 [GMT -7:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://samsung.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {41564952-412D-5637-00A7-7A786E7484D7} -
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: W2PBrowser Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Avira SearchFree Toolbar plus Web Protection: {41564952-412D-5637-00A7-7A786E7484D7} -
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Google Update] "C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN331BWG0D05KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [Google Update] "C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.203.0.cab
DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab
TCP: NameServer = 24.113.32.29 24.113.32.30 24.113.0.30
TCP: Interfaces\{1E91BBC7-D0DD-4476-9E9A-0E7E43AC41E0} : DHCPNameServer = 24.113.32.29 24.113.32.30 24.113.0.30
TCP: Interfaces\{1E91BBC7-D0DD-4476-9E9A-0E7E43AC41E0}\05279636566416D696C697 : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{1E91BBC7-D0DD-4476-9E9A-0E7E43AC41E0}\2456C6B696E6F5052756D2E4F5933303535363 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{1E91BBC7-D0DD-4476-9E9A-0E7E43AC41E0}\D49676864797F416B6D27657563747 : DHCPNameServer = 24.113.32.29 24.113.32.30 24.113.0.30
TCP: Interfaces\{1E91BBC7-D0DD-4476-9E9A-0E7E43AC41E0}\E45445745414251303 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1E91BBC7-D0DD-4476-9E9A-0E7E43AC41E0}\E4544574541425D22343D274 : DHCPNameServer = 10.0.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"  -f "C:\ProgramData\NVIDIA\Updatus\NvTmru\nvtmru.dat"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\1258ssil.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-07-26 13:31; toolbar_AVIRA-V7@apn.ask.com; C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\1258ssil.default\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
FF - ExtSQL: 2013-08-10 01:22; donottrackplus@abine.com; C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\1258ssil.default\extensions\donottrackplus@abine.com
FF - ExtSQL: 2013-08-10 01:22; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\1258ssil.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-08-10 01:22; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\1258ssil.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-12-19 30056]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-4-25 258896]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-10-11 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-10-11 180736]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-2-20 409192]
S1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-8-5 28600]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\drivers\SABI.sys [2011-2-20 13824]
S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-8-5 84024]
S2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-8-5 108088]
S2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2013-8-5 589368]
S2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-7-26 168400]
S2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-8-5 100712]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/02/21 14:29:43;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-8-24 246256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-8-31 408576]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-10-8 19192]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-20 2655768]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-8-31 911872]
S3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2010-5-16 71168]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-5-16 175104]
S3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2010-5-16 81920]
S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-11-10 31088]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-2-21 317440]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-4 340240]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 Samsung UPD Service;Samsung UPD Service;C:\Windows\System32\SUPDSvc.exe [2011-2-20 166704]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-8-11 59392]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-8 1255736]
S3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-11-30 42392]
S3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [2012-1-30 29288]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-08-11 19:30:32 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-06 17:18:50 83672 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2013-08-06 06:04:45 -------- d-----w- C:\ProgramData\AskPartnerNetwork
2013-08-06 06:04:45 -------- d-----w- C:\Program Files (x86)\AskPartnerNetwork
2013-08-06 06:04:15 -------- d-----w- C:\ProgramData\APN
2013-08-06 06:03:33 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-08-06 06:03:33 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-08-02 17:56:10 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{89868E56-B4A8-493E-956E-4A4AAE49672C}\mpengine.dll
2013-07-22 01:04:32 741480 ------w- C:\Windows\System32\HPDiscoPM5912.dll
2013-07-22 01:04:13 -------- d-----w- C:\Program Files (x86)\HP
2013-07-22 01:04:11 -------- d-----w- C:\Program Files\HP
2013-07-22 01:03:03 -------- d-----w- C:\Users\owner\AppData\Local\HP
2013-07-21 04:25:31 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2013-07-20 22:10:45 -------- d-----w- C:\Users\owner\AppData\Roaming\Magic Set Editor
2013-07-20 22:10:32 -------- d-----w- C:\Program Files (x86)\Magic Set Editor 2
2013-07-13 00:11:34 -------- d-----w- C:\Users\owner\AppData\Roaming\Spore
.
==================== Find3M  ====================
.
2013-08-01 05:12:07 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-01 05:12:07 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-01 20:55:59 282296 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-07-01 20:55:59 282296 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-07-01 20:46:31 282296 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-23 04:48:22 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
2013-05-23 04:48:22 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2013-05-23 04:48:22 133632 ----a-w- C:\Windows\System32\OpenAL32.dll
2013-05-23 04:48:22 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
.
============= FINISH: 14:42:11.91 ===============
 

Attached Files


Edited by cthulhusquid, 11 August 2013 - 05:06 PM.


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:32 PM

Posted 11 August 2013 - 06:43 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,
Georgi


cXfZ4wS.png


#3 cthulhusquid

cthulhusquid
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 11 August 2013 - 07:01 PM

Okey, I followed your instructions, here is the two logs.

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-08-2013 02
Ran by owner (administrator) on 11-08-2013 16:55:57
Running from C:\Users\owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2817872 2012-04-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1127272 2012-11-26] (NVIDIA Corporation)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1807272 2013-07-26] (Valve Corporation)
HKCU\...\Run: [Google Update] - C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2013-01-16] (Google Inc.)
HKCU\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Run: [Google Update] - C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2013-01-16] (Google Inc.)
MountPoints2: {d5bb4ee2-718e-11e0-824c-806e6f6e6963} - E:\SETUP.EXE
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-06-07] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll   [245432 2012-12-03] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201136 2012-12-03] (NVIDIA Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: W2PBrowser Class - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {784797A8-342D-4072-9486-03C8D0F2F0A1} http://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.203.0.cab
DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 12 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 13 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 14 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 15 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 16 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 17 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 18 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 07 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 11 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 12 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 13 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 14 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 15 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 16 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 17 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 18 mswsock.dll File Not found (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 24.113.32.29 24.113.32.30 24.113.0.30

FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\1258ssil.default
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.104.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.96.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: DoNotTrackMe - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\1258ssil.default\Extensions\donottrackplus@abine.com
FF Extension: WOT - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\1258ssil.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: toolbar_AVIRA-V7 - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\1258ssil.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
FF Extension: No Name - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\1258ssil.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\owner\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\owner\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\owner\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Unity Player) - C:\Users\owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\owner\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\20.53263_0
CHR Extension: (Google Translate) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0
CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-05] (Avira Operations GmbH & Co. KG)
S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [246256 2010-08-24] (CyberLink)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-04] ()
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3804120 2011-08-07] (INCA Internet Co., Ltd.)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-02-23] ()
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] ()
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{0d84306b-8fd1-ddfb-19bd-9d0ba3d1f655}\   \...\???\{0d84306b-8fd1-ddfb-19bd-9d0ba3d1f655}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-05] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-08-05] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-05] (Avira Operations GmbH & Co. KG)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-04-28] (Windows ® 2003 DDK 3790 provider)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-04-28] (Windows ® 2003 DDK 3790 provider)
S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2011-11-17] (Wondershare)
S3 ALSysIO; \??\C:\Users\owner\AppData\Local\Temp\ALSysIO64.sys [x]
S3 dump_wmimmc; \??\C:\Program Files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S0 vmci; system32\DRIVERS\vmci.sys [x]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-11 16:55 - 2013-08-11 16:55 - 00000000 ____D C:\FRST
2013-08-11 14:42 - 2013-08-11 14:42 - 00018757 _____ C:\Users\owner\Desktop\attach.txt
2013-08-11 14:42 - 2013-08-11 14:42 - 00017409 _____ C:\Users\owner\Desktop\dds.txt
2013-08-11 14:37 - 2013-08-11 14:37 - 00688992 ____R (Swearware) C:\Users\owner\Desktop\dds.com
2013-08-11 13:33 - 2013-08-11 13:37 - 00004430 _____ C:\Users\owner\Desktop\Rkill.txt
2013-08-11 13:33 - 2013-08-11 13:33 - 01036416 _____ (Bleeping Computer, LLC) C:\Users\owner\Desktop\rkill64.exe
2013-08-11 13:33 - 2013-08-11 13:33 - 00000000 ____D C:\Users\owner\Desktop\rkill
2013-08-11 12:30 - 2013-08-11 13:20 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-11 12:12 - 2013-08-11 12:13 - 00037439 _____ C:\Users\owner\Desktop\Result.txt
2013-08-11 12:11 - 2013-08-11 12:11 - 00760937 _____ (Farbar) C:\Users\owner\Desktop\MiniToolBox.exe
2013-08-11 12:09 - 2013-08-11 12:09 - 00357143 _____ (Farbar) C:\Users\owner\Desktop\FSS.exe
2013-08-11 12:09 - 2013-08-11 12:09 - 00006017 _____ C:\Users\owner\Desktop\FSS.txt
2013-08-11 12:05 - 2013-08-11 12:05 - 00891115 _____ C:\Users\owner\Desktop\SecurityCheck.exe
2013-08-09 01:41 - 2013-08-09 01:46 - 117920098 _____ C:\Users\owner\Downloads\Die Krupps 1981 - Stahlwerksinfonie (2 CD Remastered 2010).rar
2013-08-09 01:40 - 2013-08-09 01:50 - 236002801 _____ C:\Users\owner\Downloads\Die Krupps 1982 - Volle Kraft Voraus! (2008 2CD Reissue & Remastered).rar
2013-08-09 01:39 - 2013-08-09 01:44 - 106870323 _____ C:\Users\owner\Downloads\Die Krupps 1985 - Entering The Arena.rar
2013-08-09 01:36 - 2013-08-09 01:44 - 196411970 _____ C:\Users\owner\Downloads\Die Krupps 1992 - I (2008 2CD Reissue & Remastered).rar
2013-08-09 01:23 - 2013-08-09 01:35 - 90781018 _____ C:\Users\owner\Downloads\Counter-World Experience - Metronomicon [2009].rar
2013-08-09 01:20 - 2013-08-09 01:26 - 103516925 _____ C:\Users\owner\Downloads\Counter-World Experience ''Fraktal'' (2005).rar
2013-08-09 01:12 - 2013-08-09 01:26 - 101812127 _____ C:\Users\owner\Downloads\Mumakil 13.rar
2013-08-09 01:12 - 2013-08-09 01:24 - 98343260 _____ C:\Users\owner\Downloads\Mumakil 2009 - Behold The Failure.rar
2013-08-08 15:09 - 2013-08-08 15:12 - 99981092 _____ C:\Users\owner\Downloads\Skrew - Burning In Water, Drowning In Flame - 1991.rar
2013-08-06 10:18 - 2013-08-06 10:18 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-05 23:04 - 2013-08-05 23:04 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-08-05 23:04 - 2013-08-05 23:04 - 00000000 ____D C:\ProgramData\APN
2013-08-05 23:04 - 2013-08-05 23:04 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-08-05 23:03 - 2013-08-05 23:03 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-05 23:03 - 2013-08-05 23:03 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-05 23:03 - 2013-08-05 23:03 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-02 16:27 - 2013-08-02 16:43 - 104003873 _____ C:\Users\owner\Downloads\JQ_Warhammer_40K.rar
2013-07-21 18:04 - 2013-07-21 18:04 - 00000057 _____ C:\ProgramData\Ament.ini
2013-07-21 18:04 - 2013-07-21 18:04 - 00000000 ____D C:\ProgramData\HP
2013-07-21 18:04 - 2013-07-21 18:04 - 00000000 ____D C:\Program Files\HP
2013-07-21 18:04 - 2013-07-21 18:04 - 00000000 ____D C:\Program Files (x86)\HP
2013-07-21 18:04 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5912.dll
2013-07-21 18:03 - 2013-07-21 18:06 - 00000000 ____D C:\Users\owner\AppData\Local\HP
2013-07-20 21:28 - 2013-07-29 19:24 - 00000132 _____ C:\Users\owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-07-20 21:25 - 2013-07-20 21:25 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-07-20 15:10 - 2013-07-20 15:13 - 00000000 ____D C:\Users\owner\AppData\Roaming\Magic Set Editor
2013-07-20 15:10 - 2013-07-20 15:10 - 00000000 ____D C:\Program Files (x86)\Magic Set Editor 2
2013-07-12 17:30 - 2013-07-12 17:30 - 00000000 ____D C:\Users\owner\Documents\My Spore Creations
2013-07-12 17:11 - 2013-07-12 17:30 - 00000000 ____D C:\Users\owner\AppData\Roaming\Spore

==================== One Month Modified Files and Folders =======

2013-08-11 16:55 - 2013-08-11 16:55 - 01575246 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe
2013-08-11 16:55 - 2013-08-11 16:55 - 00000000 ____D C:\FRST
2013-08-11 14:42 - 2013-08-11 14:42 - 00018757 _____ C:\Users\owner\Desktop\attach.txt
2013-08-11 14:42 - 2013-08-11 14:42 - 00017409 _____ C:\Users\owner\Desktop\dds.txt
2013-08-11 14:37 - 2013-08-11 14:37 - 00688992 ____R (Swearware) C:\Users\owner\Desktop\dds.com
2013-08-11 13:37 - 2013-08-11 13:33 - 00004430 _____ C:\Users\owner\Desktop\Rkill.txt
2013-08-11 13:33 - 2013-08-11 13:33 - 01036416 _____ (Bleeping Computer, LLC) C:\Users\owner\Desktop\rkill64.exe
2013-08-11 13:33 - 2013-08-11 13:33 - 00000000 ____D C:\Users\owner\Desktop\rkill
2013-08-11 13:20 - 2013-08-11 12:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-11 12:13 - 2013-08-11 12:12 - 00037439 _____ C:\Users\owner\Desktop\Result.txt
2013-08-11 12:11 - 2013-08-11 12:11 - 00760937 _____ (Farbar) C:\Users\owner\Desktop\MiniToolBox.exe
2013-08-11 12:09 - 2013-08-11 12:09 - 00357143 _____ (Farbar) C:\Users\owner\Desktop\FSS.exe
2013-08-11 12:09 - 2013-08-11 12:09 - 00006017 _____ C:\Users\owner\Desktop\FSS.txt
2013-08-11 12:05 - 2013-08-11 12:05 - 00891115 _____ C:\Users\owner\Desktop\SecurityCheck.exe
2013-08-11 00:37 - 2009-07-13 21:45 - 00014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-11 00:37 - 2009-07-13 21:45 - 00014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-11 00:36 - 2011-08-25 13:40 - 00000000 ____D C:\Users\owner\AppData\Local\CrashDumps
2013-08-11 00:30 - 2011-08-07 16:26 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-11 00:29 - 2013-05-15 15:25 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-11 00:29 - 2011-02-20 22:15 - 00000050 _____ C:\Windows\system32\SupplicantTest.log
2013-08-11 00:29 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-11 00:29 - 2009-07-13 21:51 - 00075587 _____ C:\Windows\setupact.log
2013-08-11 00:28 - 2011-02-20 23:32 - 00673184 _____ C:\Windows\PFRO.log
2013-08-11 00:28 - 2011-02-20 22:12 - 02040976 _____ C:\Windows\WindowsUpdate.log
2013-08-11 00:26 - 2013-05-15 15:26 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-11 00:26 - 2013-01-16 13:44 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4159443991-512847242-1124234837-1001UA.job
2013-08-11 00:26 - 2012-04-16 21:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-10 17:56 - 2013-01-16 13:44 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4159443991-512847242-1124234837-1001Core.job
2013-08-10 01:01 - 2012-09-26 15:07 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-10 01:00 - 2011-08-07 16:18 - 00000000 ____D C:\Users\owner\AppData\Local\Google
2013-08-09 16:50 - 2012-08-16 03:56 - 00000024 _____ C:\Users\owner\random.dat
2013-08-09 16:49 - 2012-08-16 03:56 - 00000044 _____ C:\Users\owner\jagex_cl_runescape_LIVE.dat
2013-08-09 01:50 - 2013-08-09 01:40 - 236002801 _____ C:\Users\owner\Downloads\Die Krupps 1982 - Volle Kraft Voraus! (2008 2CD Reissue & Remastered).rar
2013-08-09 01:46 - 2013-08-09 01:41 - 117920098 _____ C:\Users\owner\Downloads\Die Krupps 1981 - Stahlwerksinfonie (2 CD Remastered 2010).rar
2013-08-09 01:44 - 2013-08-09 01:39 - 106870323 _____ C:\Users\owner\Downloads\Die Krupps 1985 - Entering The Arena.rar
2013-08-09 01:44 - 2013-08-09 01:36 - 196411970 _____ C:\Users\owner\Downloads\Die Krupps 1992 - I (2008 2CD Reissue & Remastered).rar
2013-08-09 01:35 - 2013-08-09 01:23 - 90781018 _____ C:\Users\owner\Downloads\Counter-World Experience - Metronomicon [2009].rar
2013-08-09 01:26 - 2013-08-09 01:20 - 103516925 _____ C:\Users\owner\Downloads\Counter-World Experience ''Fraktal'' (2005).rar
2013-08-09 01:26 - 2013-08-09 01:12 - 101812127 _____ C:\Users\owner\Downloads\Mumakil 13.rar
2013-08-09 01:24 - 2013-08-09 01:12 - 98343260 _____ C:\Users\owner\Downloads\Mumakil 2009 - Behold The Failure.rar
2013-08-08 15:12 - 2013-08-08 15:09 - 99981092 _____ C:\Users\owner\Downloads\Skrew - Burning In Water, Drowning In Flame - 1991.rar
2013-08-06 10:18 - 2013-08-06 10:18 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-05 23:04 - 2013-08-05 23:04 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-08-05 23:04 - 2013-08-05 23:04 - 00000000 ____D C:\ProgramData\APN
2013-08-05 23:04 - 2013-08-05 23:04 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-08-05 23:03 - 2013-08-05 23:03 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-05 23:03 - 2013-08-05 23:03 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-05 23:03 - 2013-08-05 23:03 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-05 23:03 - 2012-03-22 23:31 - 00002026 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-05 23:03 - 2012-03-22 23:31 - 00000000 ____D C:\ProgramData\Avira
2013-08-05 23:03 - 2012-03-22 23:31 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-02 23:32 - 2009-07-13 22:13 - 00794556 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-02 16:43 - 2013-08-02 16:27 - 104003873 _____ C:\Users\owner\Downloads\JQ_Warhammer_40K.rar
2013-08-01 12:14 - 2013-03-10 13:59 - 00000000 ____D C:\Users\owner\AppData\Local\Skyrim
2013-07-31 22:12 - 2012-04-16 21:56 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-31 22:12 - 2012-04-16 21:56 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-31 22:12 - 2011-08-19 17:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-31 22:12 - 2011-08-08 13:28 - 00000000 ____D C:\Users\owner\AppData\Local\Adobe
2013-07-31 11:16 - 2013-01-16 13:56 - 00002364 _____ C:\Users\owner\Desktop\Google Chrome.lnk
2013-07-29 21:17 - 2013-04-27 12:58 - 00000000 ____D C:\Users\owner\AppData\Local\Warframe
2013-07-29 19:24 - 2013-07-20 21:28 - 00000132 _____ C:\Users\owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-07-28 16:42 - 2013-05-19 14:53 - 00003226 _____ C:\Users\owner\Documents\UserPreferences.ini
2013-07-26 11:40 - 2013-02-20 22:44 - 00000890 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2013-07-26 11:40 - 2013-02-20 22:44 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2013-07-25 14:05 - 2009-07-13 21:45 - 00350640 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-25 12:12 - 2011-08-08 16:55 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-21 18:13 - 2012-05-22 20:58 - 00000000 ____D C:\Users\owner\Desktop\Game Shortcuts
2013-07-21 18:06 - 2013-07-21 18:03 - 00000000 ____D C:\Users\owner\AppData\Local\HP
2013-07-21 18:04 - 2013-07-21 18:04 - 00000057 _____ C:\ProgramData\Ament.ini
2013-07-21 18:04 - 2013-07-21 18:04 - 00000000 ____D C:\ProgramData\HP
2013-07-21 18:04 - 2013-07-21 18:04 - 00000000 ____D C:\Program Files\HP
2013-07-21 18:04 - 2013-07-21 18:04 - 00000000 ____D C:\Program Files (x86)\HP
2013-07-20 23:17 - 2011-08-07 16:16 - 00000000 ____D C:\Users\owner\AppData\Roaming\Adobe
2013-07-20 21:25 - 2013-07-20 21:25 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-07-20 21:25 - 2011-02-20 22:42 - 00000000 ____D C:\ProgramData\Adobe
2013-07-20 21:16 - 2011-06-05 08:25 - 00083128 _____ C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-20 21:07 - 2012-11-28 18:25 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-20 21:07 - 2012-11-28 18:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-20 15:13 - 2013-07-20 15:10 - 00000000 ____D C:\Users\owner\AppData\Roaming\Magic Set Editor
2013-07-20 15:10 - 2013-07-20 15:10 - 00000000 ____D C:\Program Files (x86)\Magic Set Editor 2
2013-07-18 21:16 - 2013-04-08 22:06 - 00000000 ____D C:\Users\owner\Desktop\Zdoom
2013-07-12 17:30 - 2013-07-12 17:30 - 00000000 ____D C:\Users\owner\Documents\My Spore Creations
2013-07-12 17:30 - 2013-07-12 17:11 - 00000000 ____D C:\Users\owner\AppData\Roaming\Spore
2013-07-12 17:23 - 2011-10-07 15:18 - 00000000 ____D C:\Users\owner\AppData\Local\Origin
2013-07-12 17:23 - 2011-10-07 15:17 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-12 17:11 - 2011-02-20 23:44 - 00552363 _____ C:\Windows\DirectX.log
2013-07-12 13:03 - 2013-01-16 13:44 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4159443991-512847242-1124234837-1001UA
2013-07-12 13:03 - 2013-01-16 13:44 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4159443991-512847242-1124234837-1001Core

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Files to move or delete:
====================
ZeroAccess:
C:\Users\owner\AppData\Local\Google\Desktop\Install\{0d84306b-8fd1-ddfb-19bd-9d0ba3d1f655}
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install\{0d84306b-8fd1-ddfb-19bd-9d0ba3d1f655}
C:\ProgramData\hash.dat
C:\Users\owner\jagex_cl_runescape_LIVE.dat
C:\Users\owner\random.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

LastRegBack: 2013-08-02 00:10

==================== End Of Log ============================

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-08-2013 02
Ran by owner at 2013-08-11 16:56:34
Running from C:\Users\owner\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Installed Programs =======================

  
 Update for Microsoft Office 2007 (KB2508958) (x32)
„Messenger“ pagalbinė priemonė (x32 Version: 15.4.3502.0922)
„Windows Live Essentials“ (x32 Version: 15.4.3502.0922)
„Windows Live Mail“ (x32 Version: 15.4.3502.0922)
„Windows Live Messenger“ (x32 Version: 15.4.3502.0922)
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922)
Ace of Spades (x32 Version: 0.75.015)
Adobe AIR (x32 Version: 1.5.2.8870)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.4) (x32 Version: 10.1.4)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.6.636)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82)
Age of Mythology Gold (x32 Version: 1.0)
Apple Application Support (x32 Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Arctic Combat (x32)
AREA-51 (remove only) (x32 Version: 1.7.0.11.2.4.3)
Audacity 2.0.2 (x32 Version: 2.0.2)
Avira Free Antivirus (x32 Version: 13.0.0.3885)
Avira SearchFree Toolbar plus Web Protection (x32 Version: 12.2.2.663)
BatteryLifeExtender (x32 Version: 1.0.11)
Battle.net (x32)
Battlefield 3™ (x32 Version: 1.0.0.0)
Battlefield Heroes (x32)
Battlelog Web Plugins (x32 Version: 2.1.4)
BattlEye for OA Uninstall (x32)
BattlEye Uninstall (x32)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Best Buy pc app (Version: 3.0.0.0)
BioWare Premium Module: Neverwinter Nights™ Kingmaker (x32)
Bonjour (Version: 3.0.0.10)
BOSS (x32 Version: 2.1.1)
Breath of Death VII  (x32)
Build-a-lot (x32 Version: 2.2.0.82)
Champions Online: Free For All (x32)
ChargeableUSB (x32 Version: 1.0.0.0)
Chaser (x32)
Chrome (x32)
Chrome: Specforce (x32)
Chuzzle Deluxe (x32 Version: 2.2.0.82)
Command & Conquer Renegade (x32)
Complément Messenger (x32 Version: 15.4.3502.0922)
Complemento Messenger (x32 Version: 15.4.3502.0922)
Counter-Strike: Source (x32)
CyberLink Media Suite (x32 Version: 8.0.2227)
CyberLink MediaShow (x32 Version: 5.0.1130a)
CyberLink Power2Go (x32 Version: 6.1.3802)
CyberLink PowerDirector (x32 Version: 8.0.3306)
CyberLink PowerDVD 10 (x32 Version: 10.0.2310.52)
CyberLink YouCam (x32 Version: 3.1.3509)
D3DX10 (x32 Version: 15.4.2368.0902)
DarkCrusade (x32 Version: 1.20)
Depths of Peril (x32 Version: 1.0.12)
Diablo (x32)
Diablo II (HKCU)
Diablo II (x32)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82)
Din's Curse (x32)
Doplnok programu Messenger (x32 Version: 15.4.3502.0922)
Easy Content Share (x32 Version: 1.0)
Easy Display Manager (x32 Version: 3.2)
Easy Migration (x32 Version: 1.0)
Easy Network Manager (x32 Version: 4.4.7)
Easy SpeedUp Manager (x32 Version: 2.1.1.1)
EasyBatteryManager (x32 Version: 4.0.0.4)
EasyFileShare (x32 Version: 1.0.11)
ESN Sonar (x32 Version: 0.70.0)
ESN Sonar (x32 Version: 0.70.4)
ETDWare PS/2-X64 10.7.14.12_WHQL (Version: 10.7.14.12)
EverQuest Free-to-Play (x32)
Fallout (x32)
Fallout 2 (x32)
Fallout 3 - Unofficial Fallout 3 Patch (x32 Version: v1.2.0)
Fallout 3 (x32)
Fallout Mod Manager 0.13.21 (x32)
Fallout: New Vegas (x32)
Farm Frenzy (x32 Version: 2.2.0.82)
Fast Start (x32 Version: 2.2.0.0)
FATE - The Traitor Soul (x32 Version: 2.2.0.82)
FATE (x32 Version: WT050971)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922)
Fraps (x32)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Galerie foto Windows Live (x32 Version: 15.4.3502.0922)
Google Chrome (HKCU Version: 28.0.1500.95)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.153)
Guild Wars (HKCU)
Guild Wars (x32)
Guncraft (x32 Version: 0.46.0.0)
HP Officejet Pro 8600 Basic Device Software (Version: 28.0.1315.0)
Insaniquarium Deluxe (x32 Version: 2.2.0.82)
Intel PROSet Wireless
Intel WiMAX Tutorial (Version: 1.5.3.1)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 7.0.0.1118)
Intel® Processor Graphics (x32 Version: 8.15.10.2253)
Intel® PROSet/Wireless WiFi Software (Version: 14.0.2000)
Intel® Rapid Storage Technology (x32 Version: 10.0.0.1046)
Intel® Turbo Boost Technology Monitor 2.0 (Version: 2.0.82.0)
Intel® Wireless Display
Intel® Wireless Display (x32 Version: 2.0.27.0)
Intel® PROSet/Wireless WiMAX Software (Version: 2.03.2000)
iTunes (Version: 11.0.2.26)
Java 7 Update 17 (x32 Version: 7.0.170)
Java Auto Updater (x32 Version: 2.1.9.0)
John Deere Drive Green (x32 Version: 2.2.0.82)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LAME v3.99.3 (for Windows) (x32)
Left 4 Dead 2 (x32)
Magic Set Editor 2.0.0 (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MapleStory (x32)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Assistent (x32 Version: 15.4.3502.0922)
Messenger Companion (x32 Version: 15.4.3502.0922)
Messenger kísérő (x32 Version: 15.4.3502.0922)
Messenger Pratilac (x32 Version: 15.4.3502.0922)
Messenger Suradnik (x32 Version: 15.4.3502.0922)
Messenger 사이트 공유 (x32 Version: 15.4.3502.0922)
Messenger 分享元件 (x32 Version: 15.4.3502.0922)
Messenger 浏览器插件 (x32 Version: 15.4.3502.0922)
Messenger-kumppani (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 1.1 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Standard 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
Mortal Kombat Kollection (x32)
Movie Color Enhancer (x32 Version: 1.0)
Mozilla Firefox 14.0.1 (x86 en-US) (x32 Version: 14.0.1)
Mozilla Maintenance Service (x32 Version: 14.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML4 Parser (x32 Version: 1.0.0)
Multimedia POP (x32 Version: 1.1)
Neverwinter (x32)
Neverwinter Nights (x32)
Nexon Game Manager (x32)
NVIDIA Control Panel 310.70 (Version: 310.70)
NVIDIA GeForce Experience 1.0 (BETA) (Version: 1.0 (BETA))
NVIDIA Graphics Driver 310.70 (Version: 310.70)
NVIDIA Install Application (Version: 2.1002.95.599)
NVIDIA Optimus 2.47.55 (Version: 2.47.55)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Update 2.47.55 (Version: 2.47.55)
NVIDIA Update Components (Version: 2.47.55)
OpenAL (x32)
Origin (x32 Version: 8.5.0.4554)
Pando Media Booster (x32 Version: 2.6.0.8)
Peggle (x32 Version: 2.2.0.82)
Penguins! (x32 Version: 2.2.0.82)
Plants vs. Zombies (x32 Version: 2.2.0.82)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922)
Polar Golfer (x32 Version: 2.2.0.82)
Pomocnik Messenger (x32 Version: 15.4.3502.0922)
Pošta Windows Live (x32 Version: 15.4.3502.0922)
PunkBuster Services (x32 Version: 0.991)
QuickTime (x32 Version: 7.73.80.64)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek Ethernet Controller Driver (x32 Version: 7.33.1125.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6257)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0)
RPG Maker VX RTP (x32 Version: 1.02)
Samsung AnyWeb Print (x32 Version: 1.0)
Samsung AnyWeb Print (x32 Version: 1.1.21.0)
Samsung Recovery Solution 5 (x32 Version: 5.0.0.8)
Samsung Support Center (x32 Version: 1.1.21)
Samsung Universal Print Driver (x32 Version: 2.01.06.00:16)
Samsung Universal Scan Driver (x32 Version: 1.2.1.0)
Samsung Update Plus (x32 Version: 3.0.0.17)
Skype™ 5.10 (x32 Version: 5.10.116)
SlimDX Runtime .NET 2.0 (January 2012) (x32 Version: 2.0.13.43)
Source SDK Base 2007 (x32)
Spore (x32)
Spremljevalec Messenger (x32 Version: 15.4.3502.0922)
SRS Premium Sound Control Panel (Version: 1.10.1000)
Star Trek Online (x32)
Star Wars Knights of the Old Republic (x32 Version: 1.0)
Star Wars: Dark Forces (x32)
Steam (x32 Version: 1.0.0.0)
swMSM (x32 Version: 12.0.0.1)
The Elder Scrolls IV: Oblivion  (x32)
The Elder Scrolls V: Skyrim (x32)
The Lord of the Rings Online™ v03.07.00.8037 (x32 Version: 03.07.00.8037)
Unity Web Player (HKCU Version: )
Unreal Gold (x32)
Unreal II: The Awakening (x32)
Unreal Tournament 2004 (x32)
Unreal Tournament 3: Black Edition (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
us Mod Manager (Version: 0.45.5)
War of the Roses (x32)
Warframe (x32)
Warhammer 40,000: Dawn Of War - Platinum Edition (x32 Version: 1.51)
WildTangent Games (x32 Version: 1.0.1.5)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live Foto-galerija (x32 Version: 15.4.3502.0922)
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922)
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922)
Windows Live Fotótár (x32 Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922)
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Pošta (x32 Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live 메일 (x32 Version: 15.4.3502.0922)
Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922)
Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922)
Windows Live 影像中心 (x32 Version: 15.4.3502.0922)
Windows Live 照片库 (x32 Version: 15.4.3502.0922)
Windows Live 程式集 (x32 Version: 15.4.3502.0922)
Windows Live 程式集 (x32 Version: 15.4.3508.1109)
Windows Live 软件包 (x32 Version: 15.4.3502.0922)
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922)
Windows Liven sähköposti (x32 Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922)
WinRAR 4.01 (64-bit) (Version: 4.01.0)
Zuma Deluxe (x32 Version: 2.2.0.95)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)
Компаньон Messenger (x32 Version: 15.4.3502.0922)
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922)
Помощник на Messenger (x32 Version: 15.4.3502.0922)
Почта Windows Live (x32 Version: 15.4.3502.0922)
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922)
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922)
מסייע Messenger (x32 Version: 15.4.3502.0922)
بريد Windows Live (x32 Version: 15.4.3502.0922)
معرض صور Windows Live (x32 Version: 15.4.3502.0922)

==================== Restore Points  =========================

11-08-2013 04:36:43 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {01CEAD51-8A4C-45C5-9BCA-C6FC1A78BA23} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-26] (Samsung Electronics)
Task: {098055ED-3DF0-4F2E-A4AD-A1505B7B0B51} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-05053A95\EPM.exe No File
Task: {0CB2D2E0-6E8F-4A48-9E17-D722C9C2F19B} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-19] (SAMSUNG Electronics co., LTD.)
Task: {0E7F70D2-850D-42EA-A016-901042956CDC} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-11-28] (Samsung Electronics Co., Ltd.)
Task: {1018572F-7C7F-4C8B-91FA-F5D284028514} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-17] (Samsung Electronics. Co. Ltd.)
Task: {1335A78B-C37B-4355-9BB3-4B9FA9CFF6BE} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2010-02-10] (Samsung Electronics Co., Ltd.)
Task: {2ABDC266-9B94-4660-A071-2096AE03C29E} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe [2010-12-06] (Samsung Electronics Co., Ltd.)
Task: {3B201C04-6A81-496C-B65F-1C2EB9F9B937} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-11-17] (SEC)
Task: {4BC25150-FE17-441D-AF41-70668A544E13} - System32\Tasks\{1AA4E064-384D-4542-BC3F-AF97AD65B6E8} => C:\dosgames\TFS\SETUP.EXE No File
Task: {562B7872-F45D-43C7-AD91-E0188AE32822} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-31] (Adobe Systems Incorporated)
Task: {59C9128F-4B27-48AD-A9B6-D85DF2D7C0B1} - System32\Tasks\{1E3FBFFD-480C-477C-B9C1-5759623AB456} => C:\dosgames\TFS\SETUP.EXE No File
Task: {5CF34E84-5E82-47BC-ACA4-1E7D9FD73DA8} - System32\Tasks\SRS Premium Sound => C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe [2010-11-29] (SRS Labs, Inc.)
Task: {5E133571-55B5-4A8F-A526-2CAFFEED536F} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-04] (Samsung Electronics Co., Ltd.)
Task: {604C09EB-9408-4113-BE19-6C791AF4AFCC} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe No File
Task: {731D5BD4-581D-4BF5-83CD-A27021E7EBB3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-15] (Google Inc.)
Task: {79FE41BB-7F7B-497E-BD49-26D4D3425C0C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4159443991-512847242-1124234837-1001Core => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-16] (Google Inc.)
Task: {7CA33F5B-BEAE-40AF-A6F9-B5B1D62F1350} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B898CD14-C268-4820-BDED-863338B83BC7} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-11-10] (CyberLink)
Task: {BDC480E9-5923-4F6D-9692-2BCD74970F1E} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-11-23] (SAMSUNG Electronics)
Task: {BEE11182-0952-4EEA-B0A7-1BE31C0C812D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-15] (Google Inc.)
Task: {D56C6EA9-25B2-42FD-8757-969C6A8DD78A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4159443991-512847242-1124234837-1001UA => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-16] (Google Inc.)
Task: {F46A7671-6A34-4ED1-B376-DD870FF1B6B0} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-12-17] (Samsung Electronics Co., Ltd.)
Task: {FE162724-7BE6-458D-BC15-79328AFA73A1} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4159443991-512847242-1124234837-1001Core.job => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4159443991-512847242-1124234837-1001UA.job => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/11/2013 00:36:31 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc00000fd
Fault offset: 0x0000000000054f3c
Faulting process id: 0xe7c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (08/10/2013 09:36:53 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Windows Defender since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (08/09/2013 01:57:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9984

Error: (08/09/2013 01:57:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9984

Error: (08/09/2013 01:57:32 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/08/2013 01:21:47 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9968

Error: (08/08/2013 01:21:47 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9968

Error: (08/08/2013 01:21:46 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/06/2013 08:56:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: Fallout3.exe, version: 1.7.0.3, time stamp: 0x4a40f18b
Faulting module name: Fallout3.exe, version: 1.7.0.3, time stamp: 0x4a40f18b
Exception code: 0xc0000005
Fault offset: 0x007dbfd3
Faulting process id: 0x3a90
Faulting application start time: 0xFallout3.exe0
Faulting application path: Fallout3.exe1
Faulting module path: Fallout3.exe2
Report Id: Fallout3.exe3

Error: (08/06/2013 07:09:56 PM) (Source: Application Error) (User: )
Description: Faulting application name: Fallout3.exe, version: 1.7.0.3, time stamp: 0x4a40f18b
Faulting module name: Fallout3.exe, version: 1.7.0.3, time stamp: 0x4a40f18b
Exception code: 0xc0000005
Fault offset: 0x001878f8
Faulting process id: 0x1b8c
Faulting application start time: 0xFallout3.exe0
Faulting application path: Fallout3.exe1
Faulting module path: Fallout3.exe2
Report Id: Fallout3.exe3

System errors:
=============
Error: (08/11/2013 00:05:52 PM) (Source: DCOM) (User: )
Description: 1084defragsvc{D20A3293-3341-4AE8-9AAF-8E397CB63C34}

Error: (08/11/2013 00:05:24 PM) (Source: Service Control Manager) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (08/11/2013 00:03:49 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (08/11/2013 00:03:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\System32\IWMSSvc.dll
Error Code: 21

Error: (08/11/2013 00:03:38 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/11/2013 00:03:37 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (08/11/2013 00:03:33 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/11/2013 00:03:24 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/11/2013 00:03:24 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avipbb
avkmgr
discache
SABI
spldr
Wanarpv6

Error: (08/11/2013 00:03:18 PM) (Source: Service Control Manager) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 6055.12 MB
Available physical RAM: 4847.83 MB
Total Pagefile: 12108.42 MB
Available Pagefile: 11086.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:271 GB) (Free:38.28 GB) NTFS (Disk=0 Partition=2)
Drive d: () (Fixed) (Total:406.16 GB) (Free:175.49 GB) NTFS (Disk=0 Partition=4)
Drive e: (PLAYDISC) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: BC7A5D4B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=271 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=406 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=21 GB) - (Type=27)

==================== End Of Log ============================



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:32 PM

Posted 12 August 2013 - 12:00 AM

Hello,

 

 

Please restart in Normal Mode and post fresh logs from Farbar Recovery Scan Tool.

 

 

Regards,

Georgi


cXfZ4wS.png


#5 cthulhusquid

cthulhusquid
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 12 August 2013 - 01:39 AM

Will do, I will try this tomorrow.



#6 cthulhusquid

cthulhusquid
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 12 August 2013 - 01:38 PM

 Here are the fresh logs.

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-08-2013 02
Ran by owner (administrator) on 12-08-2013 11:31:12
Running from C:\Users\owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Windows\system32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxtray.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\system32\igfxpers.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2817872 2012-04-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1127272 2012-11-26] (NVIDIA Corporation)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1807272 2013-07-26] (Valve Corporation)
HKCU\...\Run: [Google Update] - C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2013-01-16] (Google Inc.)
HKCU\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Run: [Google Update] - C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2013-01-16] (Google Inc.)
MountPoints2: {d5bb4ee2-718e-11e0-824c-806e6f6e6963} - E:\SETUP.EXE
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-06-07] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll   [245432 2012-12-03] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201136 2012-12-03] (NVIDIA Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: W2PBrowser Class - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {784797A8-342D-4072-9486-03C8D0F2F0A1} http://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.203.0.cab
DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Winsock: Catalog9 16 mswsock.dll File Not found ()
Winsock: Catalog9 17 mswsock.dll File Not found ()
Winsock: Catalog9 18 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Winsock: Catalog9-x64 11 mswsock.dll File Not found ()
Winsock: Catalog9-x64 12 mswsock.dll File Not found ()
Winsock: Catalog9-x64 13 mswsock.dll File Not found ()
Winsock: Catalog9-x64 14 mswsock.dll File Not found ()
Winsock: Catalog9-x64 15 mswsock.dll File Not found ()
Winsock: Catalog9-x64 16 mswsock.dll File Not found ()
Winsock: Catalog9-x64 17 mswsock.dll File Not found ()
Winsock: Catalog9-x64 18 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 24.113.32.29 24.113.32.30 24.113.0.30

FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\1258ssil.default
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.104.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.96.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: DoNotTrackMe - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\1258ssil.default\Extensions\donottrackplus@abine.com
FF Extension: WOT - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\1258ssil.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: toolbar_AVIRA-V7 - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\1258ssil.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
FF Extension: No Name - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\1258ssil.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\owner\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\owner\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\owner\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Unity Player) - C:\Users\owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\owner\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\20.53263_0
CHR Extension: (Google Translate) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0
CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-05] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [246256 2010-08-24] (CyberLink)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-04] ()
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3804120 2011-08-07] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-02-23] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] ()
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{0d84306b-8fd1-ddfb-19bd-9d0ba3d1f655}\   \...\???\{0d84306b-8fd1-ddfb-19bd-9d0ba3d1f655}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-08-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-05] (Avira Operations GmbH & Co. KG)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-04-28] (Windows ® 2003 DDK 3790 provider)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-04-28] (Windows ® 2003 DDK 3790 provider)
S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2011-11-17] (Wondershare)
S3 ALSysIO; \??\C:\Users\owner\AppData\Local\Temp\ALSysIO64.sys [x]
S3 dump_wmimmc; \??\C:\Program Files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S0 vmci; system32\DRIVERS\vmci.sys [x]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-11 16:55 - 2013-08-11 16:55 - 01575246 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe
2013-08-11 16:55 - 2013-08-11 16:55 - 00000000 ____D C:\FRST
2013-08-11 14:42 - 2013-08-11 14:42 - 00018757 _____ C:\Users\owner\Desktop\attach.txt
2013-08-11 14:42 - 2013-08-11 14:42 - 00017409 _____ C:\Users\owner\Desktop\dds.txt
2013-08-11 14:37 - 2013-08-11 14:37 - 00688992 ____R (Swearware) C:\Users\owner\Desktop\dds.com
2013-08-11 13:33 - 2013-08-11 13:37 - 00004430 _____ C:\Users\owner\Desktop\Rkill.txt
2013-08-11 13:33 - 2013-08-11 13:33 - 01036416 _____ (Bleeping Computer, LLC) C:\Users\owner\Desktop\rkill64.exe
2013-08-11 13:33 - 2013-08-11 13:33 - 00000000 ____D C:\Users\owner\Desktop\rkill
2013-08-11 12:30 - 2013-08-11 13:20 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-11 12:12 - 2013-08-11 12:13 - 00037439 _____ C:\Users\owner\Desktop\Result.txt
2013-08-11 12:11 - 2013-08-11 12:11 - 00760937 _____ (Farbar) C:\Users\owner\Desktop\MiniToolBox.exe
2013-08-11 12:09 - 2013-08-12 11:29 - 00001770 _____ C:\Users\owner\Desktop\FSS.txt
2013-08-11 12:09 - 2013-08-11 12:09 - 00357143 _____ (Farbar) C:\Users\owner\Desktop\FSS.exe
2013-08-11 12:05 - 2013-08-11 12:05 - 00891115 _____ C:\Users\owner\Desktop\SecurityCheck.exe
2013-08-06 10:18 - 2013-08-06 10:18 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-05 23:04 - 2013-08-05 23:04 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-08-05 23:04 - 2013-08-05 23:04 - 00000000 ____D C:\ProgramData\APN
2013-08-05 23:04 - 2013-08-05 23:04 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-08-05 23:03 - 2013-08-05 23:03 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-05 23:03 - 2013-08-05 23:03 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-05 23:03 - 2013-08-05 23:03 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-02 16:27 - 2013-08-02 16:43 - 104003873 _____ C:\Users\owner\Downloads\JQ_Warhammer_40K.rar
2013-07-21 18:04 - 2013-07-21 18:04 - 00000057 _____ C:\ProgramData\Ament.ini
2013-07-21 18:04 - 2013-07-21 18:04 - 00000000 ____D C:\ProgramData\HP
2013-07-21 18:04 - 2013-07-21 18:04 - 00000000 ____D C:\Program Files\HP
2013-07-21 18:04 - 2013-07-21 18:04 - 00000000 ____D C:\Program Files (x86)\HP
2013-07-21 18:04 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5912.dll
2013-07-21 18:03 - 2013-07-21 18:06 - 00000000 ____D C:\Users\owner\AppData\Local\HP
2013-07-20 21:28 - 2013-07-29 19:24 - 00000132 _____ C:\Users\owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-07-20 21:25 - 2013-07-20 21:25 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-07-20 15:10 - 2013-07-20 15:13 - 00000000 ____D C:\Users\owner\AppData\Roaming\Magic Set Editor
2013-07-20 15:10 - 2013-07-20 15:10 - 00000000 ____D C:\Program Files (x86)\Magic Set Editor 2

==================== One Month Modified Files and Folders =======

2013-08-12 11:31 - 2009-07-13 21:45 - 00014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-12 11:31 - 2009-07-13 21:45 - 00014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-12 11:29 - 2013-08-11 12:09 - 00001770 _____ C:\Users\owner\Desktop\FSS.txt
2013-08-12 11:24 - 2011-08-07 16:26 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-12 11:23 - 2013-05-15 15:25 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-12 11:22 - 2011-02-20 22:15 - 00000050 _____ C:\Windows\system32\SupplicantTest.log
2013-08-12 11:21 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-12 11:21 - 2009-07-13 21:51 - 00075643 _____ C:\Windows\setupact.log
2013-08-11 16:55 - 2013-08-11 16:55 - 01575246 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe
2013-08-11 16:55 - 2013-08-11 16:55 - 00000000 ____D C:\FRST
2013-08-11 14:42 - 2013-08-11 14:42 - 00018757 _____ C:\Users\owner\Desktop\attach.txt
2013-08-11 14:42 - 2013-08-11 14:42 - 00017409 _____ C:\Users\owner\Desktop\dds.txt
2013-08-11 14:37 - 2013-08-11 14:37 - 00688992 ____R (Swearware) C:\Users\owner\Desktop\dds.com
2013-08-11 13:37 - 2013-08-11 13:33 - 00004430 _____ C:\Users\owner\Desktop\Rkill.txt
2013-08-11 13:33 - 2013-08-11 13:33 - 01036416 _____ (Bleeping Computer, LLC) C:\Users\owner\Desktop\rkill64.exe
2013-08-11 13:33 - 2013-08-11 13:33 - 00000000 ____D C:\Users\owner\Desktop\rkill
2013-08-11 13:20 - 2013-08-11 12:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-11 12:13 - 2013-08-11 12:12 - 00037439 _____ C:\Users\owner\Desktop\Result.txt
2013-08-11 12:11 - 2013-08-11 12:11 - 00760937 _____ (Farbar) C:\Users\owner\Desktop\MiniToolBox.exe
2013-08-11 12:09 - 2013-08-11 12:09 - 00357143 _____ (Farbar) C:\Users\owner\Desktop\FSS.exe
2013-08-11 12:05 - 2013-08-11 12:05 - 00891115 _____ C:\Users\owner\Desktop\SecurityCheck.exe
2013-08-11 00:36 - 2011-08-25 13:40 - 00000000 ____D C:\Users\owner\AppData\Local\CrashDumps
2013-08-11 00:28 - 2011-02-20 23:32 - 00673184 _____ C:\Windows\PFRO.log
2013-08-11 00:28 - 2011-02-20 22:12 - 02040976 _____ C:\Windows\WindowsUpdate.log
2013-08-11 00:26 - 2013-05-15 15:26 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-11 00:26 - 2013-01-16 13:44 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4159443991-512847242-1124234837-1001UA.job
2013-08-11 00:26 - 2012-04-16 21:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-10 17:56 - 2013-01-16 13:44 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4159443991-512847242-1124234837-1001Core.job
2013-08-10 01:01 - 2012-09-26 15:07 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-10 01:00 - 2011-08-07 16:18 - 00000000 ____D C:\Users\owner\AppData\Local\Google
2013-08-09 16:50 - 2012-08-16 03:56 - 00000024 _____ C:\Users\owner\random.dat
2013-08-09 16:49 - 2012-08-16 03:56 - 00000044 _____ C:\Users\owner\jagex_cl_runescape_LIVE.dat
2013-08-06 10:18 - 2013-08-06 10:18 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-05 23:04 - 2013-08-05 23:04 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-08-05 23:04 - 2013-08-05 23:04 - 00000000 ____D C:\ProgramData\APN
2013-08-05 23:04 - 2013-08-05 23:04 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-08-05 23:03 - 2013-08-05 23:03 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-05 23:03 - 2013-08-05 23:03 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-05 23:03 - 2013-08-05 23:03 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-05 23:03 - 2012-03-22 23:31 - 00002026 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-05 23:03 - 2012-03-22 23:31 - 00000000 ____D C:\ProgramData\Avira
2013-08-05 23:03 - 2012-03-22 23:31 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-02 23:32 - 2009-07-13 22:13 - 00794556 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-02 16:43 - 2013-08-02 16:27 - 104003873 _____ C:\Users\owner\Downloads\JQ_Warhammer_40K.rar
2013-08-01 12:14 - 2013-03-10 13:59 - 00000000 ____D C:\Users\owner\AppData\Local\Skyrim
2013-07-31 22:12 - 2012-04-16 21:56 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-31 22:12 - 2012-04-16 21:56 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-31 22:12 - 2011-08-19 17:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-31 22:12 - 2011-08-08 13:28 - 00000000 ____D C:\Users\owner\AppData\Local\Adobe
2013-07-31 11:16 - 2013-01-16 13:56 - 00002364 _____ C:\Users\owner\Desktop\Google Chrome.lnk
2013-07-29 21:17 - 2013-04-27 12:58 - 00000000 ____D C:\Users\owner\AppData\Local\Warframe
2013-07-29 19:24 - 2013-07-20 21:28 - 00000132 _____ C:\Users\owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-07-28 16:42 - 2013-05-19 14:53 - 00003226 _____ C:\Users\owner\Documents\UserPreferences.ini
2013-07-26 11:40 - 2013-02-20 22:44 - 00000890 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2013-07-26 11:40 - 2013-02-20 22:44 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2013-07-25 14:05 - 2009-07-13 21:45 - 00350640 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-25 12:12 - 2011-08-08 16:55 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-21 18:13 - 2012-05-22 20:58 - 00000000 ____D C:\Users\owner\Desktop\Game Shortcuts
2013-07-21 18:06 - 2013-07-21 18:03 - 00000000 ____D C:\Users\owner\AppData\Local\HP
2013-07-21 18:04 - 2013-07-21 18:04 - 00000057 _____ C:\ProgramData\Ament.ini
2013-07-21 18:04 - 2013-07-21 18:04 - 00000000 ____D C:\ProgramData\HP
2013-07-21 18:04 - 2013-07-21 18:04 - 00000000 ____D C:\Program Files\HP
2013-07-21 18:04 - 2013-07-21 18:04 - 00000000 ____D C:\Program Files (x86)\HP
2013-07-20 23:17 - 2011-08-07 16:16 - 00000000 ____D C:\Users\owner\AppData\Roaming\Adobe
2013-07-20 21:25 - 2013-07-20 21:25 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-07-20 21:25 - 2011-02-20 22:42 - 00000000 ____D C:\ProgramData\Adobe
2013-07-20 21:16 - 2011-06-05 08:25 - 00083128 _____ C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-20 21:07 - 2012-11-28 18:25 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-20 21:07 - 2012-11-28 18:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-20 15:13 - 2013-07-20 15:10 - 00000000 ____D C:\Users\owner\AppData\Roaming\Magic Set Editor
2013-07-20 15:10 - 2013-07-20 15:10 - 00000000 ____D C:\Program Files (x86)\Magic Set Editor 2
2013-07-18 21:16 - 2013-04-08 22:06 - 00000000 ____D C:\Users\owner\Desktop\Zdoom

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Files to move or delete:
====================
ZeroAccess:
C:\Users\owner\AppData\Local\Google\Desktop\Install\{0d84306b-8fd1-ddfb-19bd-9d0ba3d1f655}
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install\{0d84306b-8fd1-ddfb-19bd-9d0ba3d1f655}
C:\ProgramData\hash.dat
C:\Users\owner\jagex_cl_runescape_LIVE.dat
C:\Users\owner\random.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

LastRegBack: 2013-08-02 00:10

==================== End Of Log ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-08-2013 02
Ran by owner at 2013-08-12 11:35:20
Running from C:\Users\owner\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

  
 Update for Microsoft Office 2007 (KB2508958) (x32)
„Messenger“ pagalbinė priemonė (x32 Version: 15.4.3502.0922)
„Windows Live Essentials“ (x32 Version: 15.4.3502.0922)
„Windows Live Mail“ (x32 Version: 15.4.3502.0922)
„Windows Live Messenger“ (x32 Version: 15.4.3502.0922)
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922)
Ace of Spades (x32 Version: 0.75.015)
Adobe AIR (x32 Version: 1.5.2.8870)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.4) (x32 Version: 10.1.4)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.6.636)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82)
Age of Mythology Gold (x32 Version: 1.0)
Apple Application Support (x32 Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Arctic Combat (x32)
AREA-51 (remove only) (x32 Version: 1.7.0.11.2.4.3)
Audacity 2.0.2 (x32 Version: 2.0.2)
Avira Free Antivirus (x32 Version: 13.0.0.3885)
Avira SearchFree Toolbar plus Web Protection (x32 Version: 12.2.2.663)
BatteryLifeExtender (x32 Version: 1.0.11)
Battle.net (x32)
Battlefield 3™ (x32 Version: 1.0.0.0)
Battlefield Heroes (x32)
Battlelog Web Plugins (x32 Version: 2.1.4)
BattlEye for OA Uninstall (x32)
BattlEye Uninstall (x32)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Best Buy pc app (Version: 3.0.0.0)
BioWare Premium Module: Neverwinter Nights™ Kingmaker (x32)
Bonjour (Version: 3.0.0.10)
BOSS (x32 Version: 2.1.1)
Breath of Death VII  (x32)
Build-a-lot (x32 Version: 2.2.0.82)
Champions Online: Free For All (x32)
ChargeableUSB (x32 Version: 1.0.0.0)
Chaser (x32)
Chrome (x32)
Chrome: Specforce (x32)
Chuzzle Deluxe (x32 Version: 2.2.0.82)
Command & Conquer Renegade (x32)
Complément Messenger (x32 Version: 15.4.3502.0922)
Complemento Messenger (x32 Version: 15.4.3502.0922)
Counter-Strike: Source (x32)
CyberLink Media Suite (x32 Version: 8.0.2227)
CyberLink MediaShow (x32 Version: 5.0.1130a)
CyberLink Power2Go (x32 Version: 6.1.3802)
CyberLink PowerDirector (x32 Version: 8.0.3306)
CyberLink PowerDVD 10 (x32 Version: 10.0.2310.52)
CyberLink YouCam (x32 Version: 3.1.3509)
D3DX10 (x32 Version: 15.4.2368.0902)
DarkCrusade (x32 Version: 1.20)
Depths of Peril (x32 Version: 1.0.12)
Diablo (x32)
Diablo II (HKCU)
Diablo II (x32)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82)
Din's Curse (x32)
Doplnok programu Messenger (x32 Version: 15.4.3502.0922)
Easy Content Share (x32 Version: 1.0)
Easy Display Manager (x32 Version: 3.2)
Easy Migration (x32 Version: 1.0)
Easy Network Manager (x32 Version: 4.4.7)
Easy SpeedUp Manager (x32 Version: 2.1.1.1)
EasyBatteryManager (x32 Version: 4.0.0.4)
EasyFileShare (x32 Version: 1.0.11)
ESN Sonar (x32 Version: 0.70.0)
ESN Sonar (x32 Version: 0.70.4)
ETDWare PS/2-X64 10.7.14.12_WHQL (Version: 10.7.14.12)
EverQuest Free-to-Play (x32)
Fallout (x32)
Fallout 2 (x32)
Fallout 3 - Unofficial Fallout 3 Patch (x32 Version: v1.2.0)
Fallout 3 (x32)
Fallout Mod Manager 0.13.21 (x32)
Fallout: New Vegas (x32)
Farm Frenzy (x32 Version: 2.2.0.82)
Fast Start (x32 Version: 2.2.0.0)
FATE - The Traitor Soul (x32 Version: 2.2.0.82)
FATE (x32 Version: WT050971)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922)
Fraps (x32)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Galerie foto Windows Live (x32 Version: 15.4.3502.0922)
Google Chrome (HKCU Version: 28.0.1500.95)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.153)
Guild Wars (HKCU)
Guild Wars (x32)
Guncraft (x32 Version: 0.46.0.0)
HP Officejet Pro 8600 Basic Device Software (Version: 28.0.1315.0)
Insaniquarium Deluxe (x32 Version: 2.2.0.82)
Intel PROSet Wireless
Intel WiMAX Tutorial (Version: 1.5.3.1)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 7.0.0.1118)
Intel® Processor Graphics (x32 Version: 8.15.10.2253)
Intel® PROSet/Wireless WiFi Software (Version: 14.0.2000)
Intel® Rapid Storage Technology (x32 Version: 10.0.0.1046)
Intel® Turbo Boost Technology Monitor 2.0 (Version: 2.0.82.0)
Intel® Wireless Display
Intel® Wireless Display (x32 Version: 2.0.27.0)
Intel® PROSet/Wireless WiMAX Software (Version: 2.03.2000)
iTunes (Version: 11.0.2.26)
Java 7 Update 17 (x32 Version: 7.0.170)
Java Auto Updater (x32 Version: 2.1.9.0)
John Deere Drive Green (x32 Version: 2.2.0.82)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LAME v3.99.3 (for Windows) (x32)
Left 4 Dead 2 (x32)
Magic Set Editor 2.0.0 (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MapleStory (x32)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Assistent (x32 Version: 15.4.3502.0922)
Messenger Companion (x32 Version: 15.4.3502.0922)
Messenger kísérő (x32 Version: 15.4.3502.0922)
Messenger Pratilac (x32 Version: 15.4.3502.0922)
Messenger Suradnik (x32 Version: 15.4.3502.0922)
Messenger 사이트 공유 (x32 Version: 15.4.3502.0922)
Messenger 分享元件 (x32 Version: 15.4.3502.0922)
Messenger 浏览器插件 (x32 Version: 15.4.3502.0922)
Messenger-kumppani (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 1.1 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Standard 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
Mortal Kombat Kollection (x32)
Movie Color Enhancer (x32 Version: 1.0)
Mozilla Firefox 14.0.1 (x86 en-US) (x32 Version: 14.0.1)
Mozilla Maintenance Service (x32 Version: 14.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML4 Parser (x32 Version: 1.0.0)
Multimedia POP (x32 Version: 1.1)
Neverwinter (x32)
Neverwinter Nights (x32)
Nexon Game Manager (x32)
NVIDIA Control Panel 310.70 (Version: 310.70)
NVIDIA GeForce Experience 1.0 (BETA) (Version: 1.0 (BETA))
NVIDIA Graphics Driver 310.70 (Version: 310.70)
NVIDIA Install Application (Version: 2.1002.95.599)
NVIDIA Optimus 2.47.55 (Version: 2.47.55)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Update 2.47.55 (Version: 2.47.55)
NVIDIA Update Components (Version: 2.47.55)
OpenAL (x32)
Origin (x32 Version: 8.5.0.4554)
Pando Media Booster (x32 Version: 2.6.0.8)
Peggle (x32 Version: 2.2.0.82)
Penguins! (x32 Version: 2.2.0.82)
Plants vs. Zombies (x32 Version: 2.2.0.82)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922)
Polar Golfer (x32 Version: 2.2.0.82)
Pomocnik Messenger (x32 Version: 15.4.3502.0922)
Pošta Windows Live (x32 Version: 15.4.3502.0922)
PunkBuster Services (x32 Version: 0.991)
QuickTime (x32 Version: 7.73.80.64)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek Ethernet Controller Driver (x32 Version: 7.33.1125.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6257)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0)
RPG Maker VX RTP (x32 Version: 1.02)
Samsung AnyWeb Print (x32 Version: 1.0)
Samsung AnyWeb Print (x32 Version: 1.1.21.0)
Samsung Recovery Solution 5 (x32 Version: 5.0.0.8)
Samsung Support Center (x32 Version: 1.1.21)
Samsung Universal Print Driver (x32 Version: 2.01.06.00:16)
Samsung Universal Scan Driver (x32 Version: 1.2.1.0)
Samsung Update Plus (x32 Version: 3.0.0.17)
Skype™ 5.10 (x32 Version: 5.10.116)
SlimDX Runtime .NET 2.0 (January 2012) (x32 Version: 2.0.13.43)
Source SDK Base 2007 (x32)
Spore (x32)
Spremljevalec Messenger (x32 Version: 15.4.3502.0922)
SRS Premium Sound Control Panel (Version: 1.10.1000)
Star Trek Online (x32)
Star Wars Knights of the Old Republic (x32 Version: 1.0)
Star Wars: Dark Forces (x32)
Steam (x32 Version: 1.0.0.0)
swMSM (x32 Version: 12.0.0.1)
The Elder Scrolls IV: Oblivion  (x32)
The Elder Scrolls V: Skyrim (x32)
The Lord of the Rings Online™ v03.07.00.8037 (x32 Version: 03.07.00.8037)
Unity Web Player (HKCU Version: )
Unreal Gold (x32)
Unreal II: The Awakening (x32)
Unreal Tournament 2004 (x32)
Unreal Tournament 3: Black Edition (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
us Mod Manager (Version: 0.45.5)
War of the Roses (x32)
Warframe (x32)
Warhammer 40,000: Dawn Of War - Platinum Edition (x32 Version: 1.51)
WildTangent Games (x32 Version: 1.0.1.5)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live Foto-galerija (x32 Version: 15.4.3502.0922)
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922)
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922)
Windows Live Fotótár (x32 Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922)
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Pošta (x32 Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live 메일 (x32 Version: 15.4.3502.0922)
Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922)
Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922)
Windows Live 影像中心 (x32 Version: 15.4.3502.0922)
Windows Live 照片库 (x32 Version: 15.4.3502.0922)
Windows Live 程式集 (x32 Version: 15.4.3502.0922)
Windows Live 程式集 (x32 Version: 15.4.3508.1109)
Windows Live 软件包 (x32 Version: 15.4.3502.0922)
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922)
Windows Liven sähköposti (x32 Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922)
WinRAR 4.01 (64-bit) (Version: 4.01.0)
Zuma Deluxe (x32 Version: 2.2.0.95)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)
Компаньон Messenger (x32 Version: 15.4.3502.0922)
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922)
Помощник на Messenger (x32 Version: 15.4.3502.0922)
Почта Windows Live (x32 Version: 15.4.3502.0922)
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922)
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922)
מסייע Messenger (x32 Version: 15.4.3502.0922)
بريد Windows Live (x32 Version: 15.4.3502.0922)
معرض صور Windows Live (x32 Version: 15.4.3502.0922)

==================== Restore Points  =========================

11-08-2013 04:36:43 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {01CEAD51-8A4C-45C5-9BCA-C6FC1A78BA23} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-26] (Samsung Electronics)
Task: {098055ED-3DF0-4F2E-A4AD-A1505B7B0B51} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-05053A95\EPM.exe No File
Task: {0CB2D2E0-6E8F-4A48-9E17-D722C9C2F19B} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-19] (SAMSUNG Electronics co., LTD.)
Task: {0E7F70D2-850D-42EA-A016-901042956CDC} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-11-28] (Samsung Electronics Co., Ltd.)
Task: {1018572F-7C7F-4C8B-91FA-F5D284028514} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-17] (Samsung Electronics. Co. Ltd.)
Task: {1335A78B-C37B-4355-9BB3-4B9FA9CFF6BE} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2010-02-10] (Samsung Electronics Co., Ltd.)
Task: {2ABDC266-9B94-4660-A071-2096AE03C29E} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe [2010-12-06] (Samsung Electronics Co., Ltd.)
Task: {3B201C04-6A81-496C-B65F-1C2EB9F9B937} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-11-17] (SEC)
Task: {4BC25150-FE17-441D-AF41-70668A544E13} - System32\Tasks\{1AA4E064-384D-4542-BC3F-AF97AD65B6E8} => C:\dosgames\TFS\SETUP.EXE No File
Task: {562B7872-F45D-43C7-AD91-E0188AE32822} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-31] (Adobe Systems Incorporated)
Task: {59C9128F-4B27-48AD-A9B6-D85DF2D7C0B1} - System32\Tasks\{1E3FBFFD-480C-477C-B9C1-5759623AB456} => C:\dosgames\TFS\SETUP.EXE No File
Task: {5CF34E84-5E82-47BC-ACA4-1E7D9FD73DA8} - System32\Tasks\SRS Premium Sound => C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe [2010-11-29] (SRS Labs, Inc.)
Task: {5E133571-55B5-4A8F-A526-2CAFFEED536F} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-04] (Samsung Electronics Co., Ltd.)
Task: {604C09EB-9408-4113-BE19-6C791AF4AFCC} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe No File
Task: {731D5BD4-581D-4BF5-83CD-A27021E7EBB3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-15] (Google Inc.)
Task: {79FE41BB-7F7B-497E-BD49-26D4D3425C0C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4159443991-512847242-1124234837-1001Core => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-16] (Google Inc.)
Task: {7CA33F5B-BEAE-40AF-A6F9-B5B1D62F1350} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B898CD14-C268-4820-BDED-863338B83BC7} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-11-10] (CyberLink)
Task: {BDC480E9-5923-4F6D-9692-2BCD74970F1E} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-11-23] (SAMSUNG Electronics)
Task: {BEE11182-0952-4EEA-B0A7-1BE31C0C812D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-15] (Google Inc.)
Task: {D56C6EA9-25B2-42FD-8757-969C6A8DD78A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4159443991-512847242-1124234837-1001UA => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-16] (Google Inc.)
Task: {F46A7671-6A34-4ED1-B376-DD870FF1B6B0} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-12-17] (Samsung Electronics Co., Ltd.)
Task: {FE162724-7BE6-458D-BC15-79328AFA73A1} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4159443991-512847242-1124234837-1001Core.job => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4159443991-512847242-1124234837-1001UA.job => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/11/2013 00:36:31 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc00000fd
Fault offset: 0x0000000000054f3c
Faulting process id: 0xe7c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (08/10/2013 09:36:53 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Windows Defender since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (08/09/2013 01:57:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9984

Error: (08/09/2013 01:57:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9984

Error: (08/09/2013 01:57:32 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/08/2013 01:21:47 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9968

Error: (08/08/2013 01:21:47 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9968

Error: (08/08/2013 01:21:46 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/06/2013 08:56:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: Fallout3.exe, version: 1.7.0.3, time stamp: 0x4a40f18b
Faulting module name: Fallout3.exe, version: 1.7.0.3, time stamp: 0x4a40f18b
Exception code: 0xc0000005
Fault offset: 0x007dbfd3
Faulting process id: 0x3a90
Faulting application start time: 0xFallout3.exe0
Faulting application path: Fallout3.exe1
Faulting module path: Fallout3.exe2
Report Id: Fallout3.exe3

Error: (08/06/2013 07:09:56 PM) (Source: Application Error) (User: )
Description: Faulting application name: Fallout3.exe, version: 1.7.0.3, time stamp: 0x4a40f18b
Faulting module name: Fallout3.exe, version: 1.7.0.3, time stamp: 0x4a40f18b
Exception code: 0xc0000005
Fault offset: 0x001878f8
Faulting process id: 0x1b8c
Faulting application start time: 0xFallout3.exe0
Faulting application path: Fallout3.exe1
Faulting module path: Fallout3.exe2
Report Id: Fallout3.exe3

System errors:
=============
Error: (08/12/2013 11:24:30 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (08/12/2013 11:24:30 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/12/2013 11:23:58 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (08/12/2013 11:22:06 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (08/12/2013 11:22:06 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (08/12/2013 11:22:06 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (08/12/2013 11:22:06 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (08/12/2013 11:22:03 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/11/2013 00:05:52 PM) (Source: DCOM) (User: )
Description: 1084defragsvc{D20A3293-3341-4AE8-9AAF-8E397CB63C34}

Error: (08/11/2013 00:05:24 PM) (Source: Service Control Manager) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 34%
Total physical RAM: 6055.12 MB
Available physical RAM: 3943.95 MB
Total Pagefile: 12108.42 MB
Available Pagefile: 9904.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:271 GB) (Free:37.93 GB) NTFS (Disk=0 Partition=2)
Drive d: () (Fixed) (Total:406.16 GB) (Free:175.49 GB) NTFS (Disk=0 Partition=4)
Drive e: (PLAYDISC) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: BC7A5D4B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=271 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=406 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=21 GB) - (Type=27)

==================== End Of Log ============================



#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:32 PM

Posted 12 August 2013 - 03:38 PM

Hi,

 

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi

 


cXfZ4wS.png


#8 cthulhusquid

cthulhusquid
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 12 August 2013 - 03:56 PM

Fixlog.txt results

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-08-2013 02
Ran by owner at 2013-08-12 13:51:19 Run:1
Running from C:\Users\owner\Desktop
Boot Mode: Normal
==============================================

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => Moved successfully.
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk not found.
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => Moved successfully.
C:\ProgramData\Best Buy pc app => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000007\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000007\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll

=========  netsh winsock reset =========

The following helper DLL cannot be loaded: WSHELPER.DLL.
The following command was not found: winsock reset.

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

*etadpug => Service deleted successfully.
C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.
Could not move "C:\Windows\assembly\GAC_64\Desktop.ini" => Scheduled to move on reboot.
C:\Users\owner\AppData\Local\Google\Desktop\Install\{0d84306b-8fd1-ddfb-19bd-9d0ba3d1f655} => Moved successfully.

"C:\Program Files (x86)\Google\Desktop\Install\{0d84306b-8fd1-ddfb-19bd-9d0ba3d1f655}" directory move:

Could not move "C:\Program Files (x86)\Google\Desktop\Install\{0d84306b-8fd1-ddfb-19bd-9d0ba3d1f655}" directory. => Scheduled to move on reboot.

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

=========== Result of Scheduled Files to move ===========

C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.
C:\Program Files (x86)\Google\Desktop\Install\{0d84306b-8fd1-ddfb-19bd-9d0ba3d1f655} => Moved successfully.

==== End of Fixlog ====



#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:32 PM

Posted 12 August 2013 - 04:18 PM

Hi,

 

Next let's check for broken services:

 

 

 

STEP 1

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
     
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

STEP 2

 

 

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure that all options are checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

 

 

STEP 3

 

 

  • Please download MiniToolBox.exe by Farbar save it to your desktop and run it.
  • Checkmark all boxes.
  • Click Go and attach the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed!

 

 

 

Regards,

Georgi


cXfZ4wS.png


#10 cthulhusquid

cthulhusquid
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 12 August 2013 - 04:40 PM

Rkill Log

 

Rkill 2.6.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/12/2013 02:29:34 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * Reparse Point/Junctions Found (These may be legitimate)!

     * C:\Windows\winsxs\amd64_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_118cf1dcd54a3dea\MpEvMsg.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpAsDesc.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpCmdRun.exe => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpOAV.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpRTP.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MSASCui.exe => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MsMpLics.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MsMpRes.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_b3fe3b6771a68ecd\MpAsDesc.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_b3fe3b6771a68ecd\MpCmdRun.exe => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_b3fe3b6771a68ecd\MpOAV.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_b3fe3b6771a68ecd\MpRTP.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_b3fe3b6771a68ecd\MSASCui.exe => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_b3fe3b6771a68ecd\MsMpLics.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_b3fe3b6771a68ecd\MsMpRes.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_b46d38ce8ad8e4ed\MpAsDesc.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_b46d38ce8ad8e4ed\MpCmdRun.exe => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_b46d38ce8ad8e4ed\MpOAV.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_b46d38ce8ad8e4ed\MpRTP.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_b46d38ce8ad8e4ed\MSASCui.exe => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_b46d38ce8ad8e4ed\MsMpLics.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_b46d38ce8ad8e4ed\MsMpRes.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpAsDesc.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpCmdRun.exe => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpOAV.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpRTP.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MSASCui.exe => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MsMpCom.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MsMpLics.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MsMpRes.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpAsDesc.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpClient.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpCmdRun.exe => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpCommu.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpOAV.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpRTP.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpSvc.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MSASCui.exe => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MsMpCom.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MsMpLics.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MsMpRes.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MpAsDesc.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MpCmdRun.exe => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MpOAV.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MpRTP.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MSASCui.exe => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MsMpCom.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MsMpLics.dll => <Unknown Target> [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MsMpRes.dll => <Unknown Target> [File]

Checking Windows Service Integrity:

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

 * BFE [Missing Service]
 * BITS [Missing Service]
 * iphlpsvc [Missing Service]
 * MpsSvc [Missing Service]
 * PcaSvc [Missing Service]
 * WinDefend [Missing Service]
 * wscsvc [Missing Service]
 * wuauserv [Missing Service]

 * SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/

Program finished at: 08/12/2013 02:32:22 PM
Execution time: 0 hours(s), 2 minute(s), and 47 seconds(s)

 

FSS Log

 

Farbar Service Scanner Version: 04-08-2013
Ran by owner (administrator) on 12-08-2013 at 14:37:20
Running from "C:\Users\owner\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

 

Result.txt

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by owner (administrator) on 12-08-2013 at 14:38:41
Running from "C:\Users\owner\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "*.local"
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Intel® Centrino® Advanced-N 6250 AGN = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Intel® Centrino® WiMAX 6250 = Local Area Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="ethernet_12" address=192.168.150.1 mask=255.255.255.0
add address name="Wireless Network Connection 3" address=192.168.16.2 mask=255.255.255.0

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : owner-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : wavecable.com

Wireless LAN adapter Wireless Network Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   Physical Address. . . . . . . . . : 00-23-15-BD-04-11
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 00-23-15-BD-04-11
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : wavecable.com
   Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6250 AGN
   Physical Address. . . . . . . . . : 00-23-15-BD-04-10
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2002:1871:3c15:0:6da1:39b8:6963:373f(Preferred)
   Temporary IPv6 Address. . . . . . : 2002:1871:3c15:0:5cef:abe7:2c6b:d24e(Preferred)
   Link-local IPv6 Address . . . . . : fe80::6da1:39b8:6963:373f%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.113(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, August 12, 2013 1:54:14 PM
   Lease Expires . . . . . . . . . . : Tuesday, August 13, 2013 1:54:17 PM
   Default Gateway . . . . . . . . . : fe80::c2c1:c0ff:fe11:2af4%12
                                       192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 369107733
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-3A-20-7A-E8-11-32-56-F3-A7
   DNS Servers . . . . . . . . . . . : 24.113.32.29
                                       24.113.32.30
                                       24.113.0.30
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® Centrino® WiMAX 6250
   Physical Address. . . . . . . . . : 64-D4-DA-20-D7-D0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : E8-11-32-56-F3-A7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{2287089B-49F8-4E14-BB90-FADA8A77A34C}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.wavecable.com:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{293FA72F-9C8F-4D54-8400-26309CA67D93}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C5712052-D690-4765-B144-AA98C307F205}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{FFA5F65F-9595-4652-A4DA-A3E2B1C1F257}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {4AD454A3-4CAB-43C5-8907-9215AE1D4ED8}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  ns1.wavecable.com
Address:  24.113.32.29

Name:    google.com
Addresses:  2607:f8b0:400a:800::100e
   173.194.33.5
   173.194.33.14
   173.194.33.2
   173.194.33.4
   173.194.33.1
   173.194.33.6
   173.194.33.8
   173.194.33.0
   173.194.33.9
   173.194.33.7
   173.194.33.3

Pinging google.com [173.194.33.14] with 32 bytes of data:
Reply from 173.194.33.14: bytes=32 time=13ms TTL=57
Reply from 173.194.33.14: bytes=32 time=15ms TTL=57

Ping statistics for 173.194.33.14:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 13ms, Maximum = 15ms, Average = 14ms
Server:  ns1.wavecable.com
Address:  24.113.32.29

Name:    yahoo.com
Addresses:  98.138.253.109
   206.190.36.45
   98.139.183.24

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=20ms TTL=54
Reply from 206.190.36.45: bytes=32 time=22ms TTL=54

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 20ms, Maximum = 22ms, Average = 21ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...00 23 15 bd 04 11 ......Microsoft Virtual WiFi Miniport Adapter #2
 13...00 23 15 bd 04 11 ......Microsoft Virtual WiFi Miniport Adapter
 12...00 23 15 bd 04 10 ......Intel® Centrino® Advanced-N 6250 AGN
 11...64 d4 da 20 d7 d0 ......Intel® Centrino® WiMAX 6250
 10...e8 11 32 56 f3 a7 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.113     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.113    281
    192.168.1.113  255.255.255.255         On-link     192.168.1.113    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.113    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.113    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.113    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12   4121 ::/0                     fe80::c2c1:c0ff:fe11:2af4
  1    306 ::1/128                  On-link
 12     33 2002:1871:3c15::/64      On-link
 12    281 2002:1871:3c15:0:5cef:abe7:2c6b:d24e/128
                                    On-link
 12    281 2002:1871:3c15:0:6da1:39b8:6963:373f/128
                                    On-link
 12    281 fe80::/64                On-link
 12    281 fe80::6da1:39b8:6963:373f/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Catalog9 09 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 10 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 11 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 12 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 13 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 14 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 15 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 16 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 17 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 18 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
x64-Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
x64-Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
x64-Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
x64-Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
x64-Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
x64-Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
x64-Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
x64-Catalog9 09 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 10 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 11 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 12 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 13 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 14 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 15 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 16 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 17 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 18 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/11/2013 00:36:31 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc00000fd
Fault offset: 0x0000000000054f3c
Faulting process id: 0xe7c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (08/10/2013 09:36:53 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Windows Defender since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (08/09/2013 01:57:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9984

Error: (08/09/2013 01:57:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9984

Error: (08/09/2013 01:57:32 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/08/2013 01:21:47 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9968

Error: (08/08/2013 01:21:47 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9968

Error: (08/08/2013 01:21:46 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/06/2013 08:56:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: Fallout3.exe, version: 1.7.0.3, time stamp: 0x4a40f18b
Faulting module name: Fallout3.exe, version: 1.7.0.3, time stamp: 0x4a40f18b
Exception code: 0xc0000005
Fault offset: 0x007dbfd3
Faulting process id: 0x3a90
Faulting application start time: 0xFallout3.exe0
Faulting application path: Fallout3.exe1
Faulting module path: Fallout3.exe2
Report Id: Fallout3.exe3

Error: (08/06/2013 07:09:56 PM) (Source: Application Error) (User: )
Description: Faulting application name: Fallout3.exe, version: 1.7.0.3, time stamp: 0x4a40f18b
Faulting module name: Fallout3.exe, version: 1.7.0.3, time stamp: 0x4a40f18b
Exception code: 0xc0000005
Fault offset: 0x001878f8
Faulting process id: 0x1b8c
Faulting application start time: 0xFallout3.exe0
Faulting application path: Fallout3.exe1
Faulting module path: Fallout3.exe2
Report Id: Fallout3.exe3

System errors:
=============
Error: (08/12/2013 01:54:20 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (08/12/2013 01:54:20 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/12/2013 01:53:52 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (08/12/2013 01:52:28 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (08/12/2013 01:52:28 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (08/12/2013 01:52:28 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (08/12/2013 01:52:28 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (08/12/2013 01:52:27 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/12/2013 11:24:30 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (08/12/2013 11:24:30 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

 Update for Microsoft Office 2007 (KB2508958)
???? ??? Windows Live (Version: 15.4.3502.0922)
???? Windows Live (Version: 15.4.3502.0922)
?????? ??????? ?? Windows Live (Version: 15.4.3502.0922)
???????? ?? Messenger (Version: 15.4.3502.0922)
???????? ?????????? Windows Live (Version: 15.4.3502.0922)
????????? Messenger (Version: 15.4.3502.0922)
?????????? Windows Live (Version: 15.4.3502.0922)
??????????? ?? Windows Live (Version: 15.4.3502.0922)
„Messenger“ pagalbine priemone (Version: 15.4.3502.0922)
„Windows Live Essentials“ (Version: 15.4.3502.0922)
„Windows Live Mail“ (Version: 15.4.3502.0922)
„Windows Live Messenger“ (Version: 15.4.3502.0922)
„Windows Live“ fotogalerija (Version: 15.4.3502.0922)
Ace of Spades (Version: 0.75.015)
Adobe AIR (Version: 1.5.2.8870)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player 11.6 (Version: 11.6.6.636)
Agatha Christie - Death on the Nile (Version: 2.2.0.82)
Age of Mythology Gold (Version: 1.0)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Arctic Combat
AREA-51 (remove only) (Version: 1.7.0.11.2.4.3)
Audacity 2.0.2 (Version: 2.0.2)
Avira Free Antivirus (Version: 13.0.0.3885)
Avira SearchFree Toolbar plus Web Protection (Version: 12.2.2.663)
BatteryLifeExtender (Version: 1.0.11)
Battle.net
Battlefield 3™ (Version: 1.0.0.0)
Battlefield Heroes
Battlelog Web Plugins (Version: 2.1.4)
BattlEye for OA Uninstall
BattlEye Uninstall
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Best Buy pc app (Version: 3.0.0.0)
BioWare Premium Module: Neverwinter Nights™ Kingmaker
Bonjour (Version: 3.0.0.10)
BOSS (Version: 2.1.1)
Breath of Death VII
Build-a-lot (Version: 2.2.0.82)
Champions Online: Free For All
ChargeableUSB (Version: 1.0.0.0)
Chaser
Chrome: Specforce
Chuzzle Deluxe (Version: 2.2.0.82)
Command & Conquer Renegade
Complément Messenger (Version: 15.4.3502.0922)
Complemento Messenger (Version: 15.4.3502.0922)
Counter-Strike: Source
CyberLink Media Suite (Version: 8.0.2227)
CyberLink MediaShow (Version: 5.0.1130a)
CyberLink Power2Go (Version: 6.1.3802)
CyberLink PowerDirector (Version: 8.0.3306)
CyberLink PowerDVD 10 (Version: 10.0.2310.52)
CyberLink YouCam (Version: 3.1.3509)
D3DX10 (Version: 15.4.2368.0902)
DarkCrusade (Version: 1.20)
Depths of Peril (Version: 1.0.12)
Diablo II
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.82)
Din's Curse
Doplnok programu Messenger (Version: 15.4.3502.0922)
Easy Content Share (Version: 1.0)
Easy Display Manager (Version: 3.2)
Easy Migration (Version: 1.0)
Easy Network Manager (Version: 4.4.7)
Easy SpeedUp Manager (Version: 2.1.1.1)
EasyBatteryManager (Version: 4.0.0.4)
EasyFileShare (Version: 1.0.11)
ESN Sonar (Version: 0.70.0)
ESN Sonar (Version: 0.70.4)
ETDWare PS/2-X64 10.7.14.12_WHQL (Version: 10.7.14.12)
EverQuest Free-to-Play
Fallout 2
Fallout 3
Fallout 3 - Unofficial Fallout 3 Patch (Version: v1.2.0)
Fallout Mod Manager 0.13.21
Fallout: New Vegas
Farm Frenzy (Version: 2.2.0.82)
Fast Start (Version: 2.2.0.0)
FATE - The Traitor Soul (Version: 2.2.0.82)
FATE (Version: WT050971)
Fotogalerija Windows Live (Version: 15.4.3502.0922)
Fraps
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (Version: 15.4.3502.0922)
Galeria fotografii uslugi Windows Live (Version: 15.4.3502.0922)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Galerie foto Windows Live (Version: 15.4.3502.0922)
Google Chrome (Version: 28.0.1500.95)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.153)
Guild Wars
Guncraft (Version: 0.46.0.0)
HP Officejet Pro 8600 Basic Device Software (Version: 28.0.1315.0)
Insaniquarium Deluxe (Version: 2.2.0.82)
Intel PROSet Wireless
Intel WiMAX Tutorial (Version: 1.5.3.1)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1118)
Intel® Processor Graphics (Version: 8.15.10.2253)
Intel® PROSet/Wireless WiFi Software (Version: 14.0.2000)
Intel® Rapid Storage Technology (Version: 10.0.0.1046)
Intel® Turbo Boost Technology Monitor 2.0 (Version: 2.0.82.0)
Intel® Wireless Display
Intel® Wireless Display (Version: 2.0.27.0)
Intel® PROSet/Wireless WiMAX Software (Version: 2.03.2000)
iTunes (Version: 11.0.2.26)
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
John Deere Drive Green (Version: 2.2.0.82)
Junk Mail filter update (Version: 15.4.3502.0922)
LAME v3.99.3 (for Windows)
Left 4 Dead 2
Magic Set Editor 2.0.0
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MapleStory
Mesh Runtime (Version: 15.4.5722.2)
Messenger ??? ?? (Version: 15.4.3502.0922)
Messenger ???? (Version: 15.4.3502.0922)
Messenger ????? (Version: 15.4.3502.0922)
Messenger Assistent (Version: 15.4.3502.0922)
Messenger Companion (Version: 15.4.3502.0922)
Messenger kíséro (Version: 15.4.3502.0922)
Messenger Pratilac (Version: 15.4.3502.0922)
Messenger Suradnik (Version: 15.4.3502.0922)
Messenger-kumppani (Version: 15.4.3502.0922)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Standard 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Mortal Kombat Kollection
Movie Color Enhancer (Version: 1.0)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML4 Parser (Version: 1.0.0)
Multimedia POP (Version: 1.1)
Neverwinter
Nexon Game Manager
Nexus Mod Manager (Version: 0.45.5)
NVIDIA Control Panel 310.70 (Version: 310.70)
NVIDIA GeForce Experience 1.0 (BETA) (Version: 1.0 (BETA))
NVIDIA Graphics Driver 310.70 (Version: 310.70)
NVIDIA Install Application (Version: 2.1002.95.599)
NVIDIA Optimus 2.47.55 (Version: 2.47.55)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Update 2.47.55 (Version: 2.47.55)
NVIDIA Update Components (Version: 2.47.55)
OpenAL
Origin (Version: 8.5.0.4554)
Pando Media Booster (Version: 2.6.0.8)
Peggle (Version: 2.2.0.82)
Penguins! (Version: 2.2.0.82)
Plants vs. Zombies (Version: 2.2.0.82)
Poczta uslugi Windows Live (Version: 15.4.3502.0922)
Podstawowe programy Windows Live (Version: 15.4.3502.0922)
Polar Golfer (Version: 2.2.0.82)
Pomocnik Messenger (Version: 15.4.3502.0922)
Pošta Windows Live (Version: 15.4.3502.0922)
PunkBuster Services (Version: 0.991)
QuickTime (Version: 7.73.80.64)
Raccolta foto di Windows Live (Version: 15.4.3502.0922)
Realtek Ethernet Controller Driver (Version: 7.33.1125.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6257)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.26.0)
RPG Maker VX RTP (Version: 1.02)
S?????? f?t???af??? t?? Windows Live (Version: 15.4.3502.0922)
Samsung AnyWeb Print (Version: 1.0)
Samsung AnyWeb Print (Version: 1.1.21.0)
Samsung Recovery Solution 5 (Version: 5.0.0.8)
Samsung Support Center (Version: 1.1.21)
Samsung Universal Print Driver (Version: 2.01.06.00:16)
Samsung Universal Scan Driver (Version: 1.2.1.0)
Samsung Update Plus (Version: 3.0.0.17)
Skype™ 5.10 (Version: 5.10.116)
SlimDX Runtime .NET 2.0 (January 2012) (Version: 2.0.13.43)
Source SDK Base 2007
Spore
Spremljevalec Messenger (Version: 15.4.3502.0922)
SRS Premium Sound Control Panel (Version: 1.10.1000)
Star Trek Online
Star Wars Knights of the Old Republic (Version: 1.0)
Star Wars: Dark Forces
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
The Elder Scrolls IV: Oblivion
The Elder Scrolls V: Skyrim
The Lord of the Rings Online™ v03.07.00.8037 (Version: 03.07.00.8037)
Unity Web Player (Version: )
Unreal Gold
Unreal II: The Awakening
Unreal Tournament 2004
Unreal Tournament 3: Black Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
War of the Roses
Warframe
Warhammer 40,000: Dawn Of War - Platinum Edition (Version: 1.51)
WildTangent Games (Version: 1.0.1.5)
Windows Live ?? (Version: 15.4.3502.0922)
Windows Live ?? ??? (Version: 15.4.3502.0922)
Windows Live ??? (Version: 15.4.3502.0922)
Windows Live ??? (Version: 15.4.3508.1109)
Windows Live ???? (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live fotoattelu galerija (Version: 15.4.3502.0922)
Windows Live Fotogaléria (Version: 15.4.3502.0922)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live Foto-galerija (Version: 15.4.3502.0922)
Windows Live Fotogalleri (Version: 15.4.3502.0922)
Windows Live Fotograf Galerisi (Version: 15.4.3502.0922)
Windows Live Fotótár (Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (Version: 15.4.3502.0922)
Windows Live Galerija fotografija (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Pošta (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Temel Parçalar (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Liven asennustyökalu (Version: 15.4.3502.0922)
Windows Liven sähköposti (Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (Version: 15.4.3502.0922)
WinRAR 4.01 (64-bit) (Version: 4.01.0)
Zuma Deluxe (Version: 2.2.0.95)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 35%
Total physical RAM: 6056.29 MB
Available physical RAM: 3887.49 MB
Total Pagefile: 12110.76 MB
Available Pagefile: 9782.7 MB
Total Virtual: 4095.88 MB
Available Virtual: 3957.16 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:271 GB) (Free:37.92 GB) NTFS
2 Drive d: () (Fixed) (Total:406.16 GB) (Free:175.49 GB) NTFS
3 Drive e: (PLAYDISC) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\OWNER-PC

Administrator            ASPNET                   Guest                   
owner                    UpdatusUser             

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

11-08-2013 04:36:43 Scheduled Checkpoint

**** End of log ****



#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:32 PM

Posted 13 August 2013 - 03:54 AM

Hi,

 

 

STEP 1

 

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

STEP 2

 

 

  • Download the ESET ServicesRepair utility and save it to your Desktop.
  • Double-click ServicesRepair.exe to run the ESET ServicesRepair utility. If you are using User Access Control, click Run when prompted and then click Yes when asked to allow changes.
  • Reboot the computer and then please post fresh log from Farbar Service Scanner and Rkill :)

 

 

Regards,

Georgi

 


cXfZ4wS.png


#12 cthulhusquid

cthulhusquid
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 13 August 2013 - 12:39 PM

Rkill Log

 

Rkill 2.6.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/13/2013 10:31:16 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\Samsung\PanelMgr\SSMMgr.exe (PID: 1296) [WD-HEUR]
 * C:\Windows\Samsung\PanelMgr\caller64.exe (PID: 1080) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 

 

 

FSS Log

 

Farbar Service Scanner Version: 04-08-2013
Ran by owner (administrator) on 13-08-2013 at 10:34:45
Running from "C:\Users\owner\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****



#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:32 PM

Posted 13 August 2013 - 01:04 PM

Hi,

 

You forgot to post the Fixlog.txt from FRST.

 

 

Regards,

Georgi


cXfZ4wS.png


#14 cthulhusquid

cthulhusquid
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 13 August 2013 - 01:09 PM

Fixlog.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2013 01
Ran by owner (administrator) on 13-08-2013 11:07:48
Running from C:\Users\owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\system32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxtray.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\system32\igfxpers.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Companion\companionuser.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2817872 2012-04-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1127272 2012-11-26] (NVIDIA Corporation)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1807272 2013-07-26] (Valve Corporation)
HKCU\...\Run: [Google Update] - C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2013-01-16] (Google Inc.)
HKCU\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Run: [Google Update*] -  [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
MountPoints2: {d5bb4ee2-718e-11e0-824c-806e6f6e6963} - E:\SETUP.EXE
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-06-07] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll   [245432 2012-12-03] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201136 2012-12-03] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: W2PBrowser Class - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {784797A8-342D-4072-9486-03C8D0F2F0A1} http://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.203.0.cab
DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 24.113.32.29 24.113.32.30 24.113.0.30

FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\1258ssil.default
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.104.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.96.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: DoNotTrackMe - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\1258ssil.default\Extensions\donottrackplus@abine.com
FF Extension: WOT - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\1258ssil.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: toolbar_AVIRA-V7 - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\1258ssil.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
FF Extension: No Name - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\1258ssil.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\owner\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\owner\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\owner\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Unity Player) - C:\Users\owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\owner\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\20.53263_0
CHR Extension: (Google Translate) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0
CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-05] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [246256 2010-08-24] (CyberLink)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-04] ()
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3804120 2011-08-07] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-02-23] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-08-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-05] (Avira Operations GmbH & Co. KG)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-04-28] (Windows ® 2003 DDK 3790 provider)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-04-28] (Windows ® 2003 DDK 3790 provider)
S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2011-11-17] (Wondershare)
S3 ALSysIO; \??\C:\Users\owner\AppData\Local\Temp\ALSysIO64.sys [x]
S3 dump_wmimmc; \??\C:\Program Files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S0 vmci; system32\DRIVERS\vmci.sys [x]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-13 10:37 - 2013-08-13 10:37 - 01036416 _____ (Bleeping Computer, LLC) C:\Users\owner\Desktop\rkill64-7263.exe
2013-08-13 10:31 - 2013-08-13 10:31 - 01036416 _____ (Bleeping Computer, LLC) C:\Users\owner\Desktop\rkill64.exe
2013-08-13 10:25 - 2013-08-13 10:25 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-08-13 10:24 - 2013-08-13 10:25 - 04009167 _____ C:\Users\owner\Desktop\ServicesRepair.exe
2013-08-13 10:24 - 2013-08-13 10:24 - 00000184 _____ C:\Users\owner\Desktop\fixlist.txt
2013-08-12 14:37 - 2013-08-13 10:35 - 00002677 _____ C:\Users\owner\Desktop\FSS.txt
2013-08-12 14:36 - 2013-08-12 14:36 - 00028628 _____ C:\Users\owner\Desktop\Addition.txt
2013-08-12 14:29 - 2013-08-13 10:38 - 00001666 _____ C:\Users\owner\Desktop\Rkill.txt
2013-08-12 14:29 - 2013-08-12 14:29 - 01893504 _____ (Bleeping Computer, LLC) C:\Users\owner\Desktop\rkill.exe
2013-08-11 16:55 - 2013-08-12 13:54 - 00000000 ____D C:\FRST
2013-08-11 14:42 - 2013-08-11 14:42 - 00018757 _____ C:\Users\owner\Desktop\attach.txt
2013-08-11 14:42 - 2013-08-11 14:42 - 00017409 _____ C:\Users\owner\Desktop\dds.txt
2013-08-11 14:37 - 2013-08-11 14:37 - 00688992 ____R (Swearware) C:\Users\owner\Desktop\dds.com
2013-08-11 13:33 - 2013-08-11 13:33 - 00000000 ____D C:\Users\owner\Desktop\rkill
2013-08-11 12:30 - 2013-08-11 13:20 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-11 12:12 - 2013-08-12 14:39 - 00038613 _____ C:\Users\owner\Desktop\Result.txt
2013-08-11 12:11 - 2013-08-11 12:11 - 00760937 _____ (Farbar) C:\Users\owner\Desktop\MiniToolBox.exe
2013-08-11 12:09 - 2013-08-11 12:09 - 00357143 _____ (Farbar) C:\Users\owner\Desktop\FSS.exe
2013-08-11 12:05 - 2013-08-11 12:05 - 00891115 _____ C:\Users\owner\Desktop\SecurityCheck.exe
2013-08-06 10:18 - 2013-08-06 10:18 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-05 23:04 - 2013-08-05 23:04 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-08-05 23:04 - 2013-08-05 23:04 - 00000000 ____D C:\ProgramData\APN
2013-08-05 23:04 - 2013-08-05 23:04 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-08-05 23:03 - 2013-08-05 23:03 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-05 23:03 - 2013-08-05 23:03 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-05 23:03 - 2013-08-05 23:03 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-02 16:27 - 2013-08-02 16:43 - 104003873 _____ C:\Users\owner\Downloads\JQ_Warhammer_40K.rar
2013-07-21 18:04 - 2013-07-21 18:04 - 00000057 _____ C:\ProgramData\Ament.ini
2013-07-21 18:04 - 2013-07-21 18:04 - 00000000 ____D C:\ProgramData\HP
2013-07-21 18:04 - 2013-07-21 18:04 - 00000000 ____D C:\Program Files\HP
2013-07-21 18:04 - 2013-07-21 18:04 - 00000000 ____D C:\Program Files (x86)\HP
2013-07-21 18:04 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5912.dll
2013-07-21 18:03 - 2013-07-21 18:06 - 00000000 ____D C:\Users\owner\AppData\Local\HP
2013-07-20 21:28 - 2013-07-29 19:24 - 00000132 _____ C:\Users\owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-07-20 21:25 - 2013-07-20 21:25 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-07-20 15:10 - 2013-07-20 15:13 - 00000000 ____D C:\Users\owner\AppData\Roaming\Magic Set Editor
2013-07-20 15:10 - 2013-07-20 15:10 - 00000000 ____D C:\Program Files (x86)\Magic Set Editor 2

==================== One Month Modified Files and Folders =======

2013-08-13 11:08 - 2013-01-16 13:44 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4159443991-512847242-1124234837-1001UA.job
2013-08-13 11:07 - 2013-08-13 11:07 - 01575274 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe
2013-08-13 10:50 - 2012-04-16 21:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-13 10:38 - 2013-08-12 14:29 - 00001666 _____ C:\Users\owner\Desktop\Rkill.txt
2013-08-13 10:38 - 2011-02-20 22:12 - 01133494 _____ C:\Windows\WindowsUpdate.log
2013-08-13 10:38 - 2009-07-13 21:45 - 00014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-13 10:38 - 2009-07-13 21:45 - 00014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-13 10:37 - 2013-08-13 10:37 - 01036416 _____ (Bleeping Computer, LLC) C:\Users\owner\Desktop\rkill64-7263.exe
2013-08-13 10:35 - 2013-08-12 14:37 - 00002677 _____ C:\Users\owner\Desktop\FSS.txt
2013-08-13 10:31 - 2013-08-13 10:31 - 01036416 _____ (Bleeping Computer, LLC) C:\Users\owner\Desktop\rkill64.exe
2013-08-13 10:28 - 2011-02-20 22:15 - 00000050 _____ C:\Windows\system32\SupplicantTest.log
2013-08-13 10:27 - 2013-05-15 15:25 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-13 10:27 - 2011-08-07 16:26 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-13 10:27 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-13 10:27 - 2009-07-13 21:51 - 00075755 _____ C:\Windows\setupact.log
2013-08-13 10:25 - 2013-08-13 10:25 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-08-13 10:25 - 2013-08-13 10:24 - 04009167 _____ C:\Users\owner\Desktop\ServicesRepair.exe
2013-08-13 10:24 - 2013-08-13 10:24 - 00000184 _____ C:\Users\owner\Desktop\fixlist.txt
2013-08-12 14:39 - 2013-08-11 12:12 - 00038613 _____ C:\Users\owner\Desktop\Result.txt
2013-08-12 14:36 - 2013-08-12 14:36 - 00028628 _____ C:\Users\owner\Desktop\Addition.txt
2013-08-12 14:29 - 2013-08-12 14:29 - 01893504 _____ (Bleeping Computer, LLC) C:\Users\owner\Desktop\rkill.exe
2013-08-12 13:54 - 2013-08-11 16:55 - 00000000 ____D C:\FRST
2013-08-12 13:52 - 2011-02-20 23:32 - 00673832 _____ C:\Windows\PFRO.log
2013-08-12 13:08 - 2013-01-16 13:44 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4159443991-512847242-1124234837-1001Core.job
2013-08-11 14:42 - 2013-08-11 14:42 - 00018757 _____ C:\Users\owner\Desktop\attach.txt
2013-08-11 14:42 - 2013-08-11 14:42 - 00017409 _____ C:\Users\owner\Desktop\dds.txt
2013-08-11 14:37 - 2013-08-11 14:37 - 00688992 ____R (Swearware) C:\Users\owner\Desktop\dds.com
2013-08-11 13:33 - 2013-08-11 13:33 - 00000000 ____D C:\Users\owner\Desktop\rkill
2013-08-11 13:20 - 2013-08-11 12:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-11 12:11 - 2013-08-11 12:11 - 00760937 _____ (Farbar) C:\Users\owner\Desktop\MiniToolBox.exe
2013-08-11 12:09 - 2013-08-11 12:09 - 00357143 _____ (Farbar) C:\Users\owner\Desktop\FSS.exe
2013-08-11 12:05 - 2013-08-11 12:05 - 00891115 _____ C:\Users\owner\Desktop\SecurityCheck.exe
2013-08-11 00:36 - 2011-08-25 13:40 - 00000000 ____D C:\Users\owner\AppData\Local\CrashDumps
2013-08-10 01:01 - 2012-09-26 15:07 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-10 01:00 - 2011-08-07 16:18 - 00000000 ____D C:\Users\owner\AppData\Local\Google
2013-08-09 16:50 - 2012-08-16 03:56 - 00000024 _____ C:\Users\owner\random.dat
2013-08-09 16:49 - 2012-08-16 03:56 - 00000044 _____ C:\Users\owner\jagex_cl_runescape_LIVE.dat
2013-08-06 10:18 - 2013-08-06 10:18 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-05 23:04 - 2013-08-05 23:04 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-08-05 23:04 - 2013-08-05 23:04 - 00000000 ____D C:\ProgramData\APN
2013-08-05 23:04 - 2013-08-05 23:04 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-08-05 23:03 - 2013-08-05 23:03 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-05 23:03 - 2013-08-05 23:03 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-05 23:03 - 2013-08-05 23:03 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-05 23:03 - 2012-03-22 23:31 - 00002026 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-05 23:03 - 2012-03-22 23:31 - 00000000 ____D C:\ProgramData\Avira
2013-08-05 23:03 - 2012-03-22 23:31 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-02 23:32 - 2009-07-13 22:13 - 00794556 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-02 16:43 - 2013-08-02 16:27 - 104003873 _____ C:\Users\owner\Downloads\JQ_Warhammer_40K.rar
2013-08-01 12:14 - 2013-03-10 13:59 - 00000000 ____D C:\Users\owner\AppData\Local\Skyrim
2013-07-31 22:12 - 2012-04-16 21:56 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-31 22:12 - 2012-04-16 21:56 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-31 22:12 - 2011-08-19 17:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-31 22:12 - 2011-08-08 13:28 - 00000000 ____D C:\Users\owner\AppData\Local\Adobe
2013-07-31 11:16 - 2013-01-16 13:56 - 00002364 _____ C:\Users\owner\Desktop\Google Chrome.lnk
2013-07-29 21:17 - 2013-04-27 12:58 - 00000000 ____D C:\Users\owner\AppData\Local\Warframe
2013-07-29 19:24 - 2013-07-20 21:28 - 00000132 _____ C:\Users\owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-07-28 16:42 - 2013-05-19 14:53 - 00003226 _____ C:\Users\owner\Documents\UserPreferences.ini
2013-07-26 11:40 - 2013-02-20 22:44 - 00000890 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2013-07-26 11:40 - 2013-02-20 22:44 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2013-07-25 14:05 - 2009-07-13 21:45 - 00350640 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-25 12:12 - 2011-08-08 16:55 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-21 18:13 - 2012-05-22 20:58 - 00000000 ____D C:\Users\owner\Desktop\Game Shortcuts
2013-07-21 18:06 - 2013-07-21 18:03 - 00000000 ____D C:\Users\owner\AppData\Local\HP
2013-07-21 18:04 - 2013-07-21 18:04 - 00000057 _____ C:\ProgramData\Ament.ini
2013-07-21 18:04 - 2013-07-21 18:04 - 00000000 ____D C:\ProgramData\HP
2013-07-21 18:04 - 2013-07-21 18:04 - 00000000 ____D C:\Program Files\HP
2013-07-21 18:04 - 2013-07-21 18:04 - 00000000 ____D C:\Program Files (x86)\HP
2013-07-20 23:17 - 2011-08-07 16:16 - 00000000 ____D C:\Users\owner\AppData\Roaming\Adobe
2013-07-20 21:25 - 2013-07-20 21:25 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-07-20 21:25 - 2011-02-20 22:42 - 00000000 ____D C:\ProgramData\Adobe
2013-07-20 21:16 - 2011-06-05 08:25 - 00083128 _____ C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-20 21:07 - 2012-11-28 18:25 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-20 21:07 - 2012-11-28 18:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-20 15:13 - 2013-07-20 15:10 - 00000000 ____D C:\Users\owner\AppData\Roaming\Magic Set Editor
2013-07-20 15:10 - 2013-07-20 15:10 - 00000000 ____D C:\Program Files (x86)\Magic Set Editor 2
2013-07-18 21:16 - 2013-04-08 22:06 - 00000000 ____D C:\Users\owner\Desktop\Zdoom

Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\owner\jagex_cl_runescape_LIVE.dat
C:\Users\owner\random.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-08-12 18:20

==================== End Of Log ============================



#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:32 PM

Posted 13 August 2013 - 03:11 PM

Hi,

 

It seems you misunderstood me. I meant that you forgot to post the fixlog.txt after the fix in step 1 from this post. :)

Regarding your last post it seems that you didn't run the fix at all?

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 13 August 2013 - 03:13 PM.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users