Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TR/ATRAPS.gen2 removal / Windows 8


  • This topic is locked This topic is locked
22 replies to this topic

#1 Marekssk

Marekssk

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 22 September 2013 - 03:24 AM

Hi,

I am using Windows 8 and Avira Free Antivirus.

Today I started getting security alerts that the computer is infected with TR/ATRAPS.gen2. The message appears every couple of minutes.

Tried to find a solution online, but they all say that the solution is complicated and none of the solutions have worked so far.

 

Tried RKill and TDSSKiller to close all the virus processes at least till a permanent solution can be found (as the computer is not usually turned off) - but it did not help, and constantly get the alerts.
 

Regards,

 

Marekssk
 


Edited by hamluis, 22 September 2013 - 05:43 AM.
Moved from AII to MRL - Hamluis.


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:24 AM

Posted 22 September 2013 - 05:30 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,
Georgi


cXfZ4wS.png


#3 Marekssk

Marekssk
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 22 September 2013 - 01:00 PM

Hi,

 

Please find the FRST.txt file information:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2013
Ran by user (administrator) on ASUS on 22-09-2013 18:50:15
Running from C:\Users\user\Desktop
Windows 8 (X64) OS Language: English(UK)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Windows\system32\igfxpers.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
() C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [WsmUpdater] - C:\Program Files (x86)\Web Solution Mart\Windows 8 Codecs Pack\Updater.exe [292208 2012-05-18] (Web Solution Mart)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [x]

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=bd69480f-0f5f-447c-a799-d85317e95739&searchtype=ds&q={searchTerms}&installDate=02/07/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.draugiem.lv/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=bd69480f-0f5f-447c-a799-d85317e95739&searchtype=ds&q={searchTerms}&installDate=02/07/2013
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=bd69480f-0f5f-447c-a799-d85317e95739&searchtype=ds&q={searchTerms}&installDate=02/07/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=bd69480f-0f5f-447c-a799-d85317e95739&searchtype=ds&q={searchTerms}&installDate=02/07/2013
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=bd69480f-0f5f-447c-a799-d85317e95739&searchtype=ds&q={searchTerms}&installDate=02/07/2013
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=bd69480f-0f5f-447c-a799-d85317e95739&searchtype=ds&q={searchTerms}&installDate=02/07/2013
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=203
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {EF3CB363-38C4-4DA3-B398-DE6184A7819B} -  No File
Toolbar: HKLM -  No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 -  No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Winsock: Catalog5 04 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog5-x64 04 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Winsock: Catalog9-x64 11 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f08cuk13.default
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f08cuk13.default\user.js
FF NewTab: about:blank
FF DefaultSearchEngine: Web Search
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=bd69480f-0f5f-447c-a799-d85317e95739&searchtype=hp&installDate=02/07/2013
FF Keyword.URL: hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=bd69480f-0f5f-447c-a799-d85317e95739&searchtype=ds&installDate=02/07/2013&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f08cuk13.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: BitComet 视频下载器 - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f08cuk13.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-29] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1901752 2013-07-22] (Microsoft Corporation)
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{9888b0a9-0e17-c4c4-1ea9-98ab7c40a7d9}\   \...\???\{9888b0a9-0e17-c4c4-1ea9-98ab7c40a7d9}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132088 2013-08-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-04-30] (Avira Operations GmbH & Co. KG)
R3 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-02-23] (DT Soft Ltd)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
U0 msahci;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-22 18:50 - 2013-09-22 18:50 - 00000000 ____D C:\FRST
2013-09-22 18:49 - 2013-09-22 18:49 - 01956670 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2013-09-22 10:45 - 2013-09-22 10:45 - 98586517 _____ C:\Windows\SysWOW64\뫶Lƍ
2013-09-22 01:22 - 2013-09-22 01:22 - 00006674 _____ C:\Users\user\Desktop\Rkill.txt
2013-09-22 01:03 - 2013-09-22 01:04 - 00000000 ____D C:\Users\user\Desktop\New folder
2013-09-22 00:55 - 2013-09-22 00:55 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-09-21 23:57 - 2013-09-21 23:57 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\user\Desktop\iExplore.exe
2013-09-21 23:26 - 2013-09-21 23:26 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-20 10:45 - 2013-09-21 16:45 - 98547399 _____ C:\Windows\SysWOW64\䆟쿡Lŋ
2013-09-17 21:08 - 2013-09-17 21:08 - 00159826 _____ C:\Users\user\Desktop\solicitor 3.oxps
2013-09-17 20:52 - 2013-09-17 20:52 - 00375662 _____ C:\Users\user\Desktop\solicitor v1.oxps
2013-09-17 20:52 - 2013-09-17 20:52 - 00375228 _____ C:\Users\user\Desktop\solicitor v2.oxps
2013-09-03 23:21 - 2013-09-03 23:21 - 00000000 ____D C:\Users\user\AppData\Local\FLT
2013-09-03 23:20 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-09-03 23:20 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-09-03 23:20 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-09-03 23:20 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2013-09-03 23:20 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-09-03 23:20 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-09-03 23:20 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-09-03 23:20 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-09-03 23:20 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-09-03 23:20 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-09-03 23:20 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2013-09-03 23:20 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-09-03 23:20 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2013-09-03 23:20 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-09-03 23:20 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-09-03 23:20 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-09-03 23:09 - 2013-09-03 23:20 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-09-03 23:09 - 2013-09-03 23:09 - 00002233 _____ C:\Users\Public\Desktop\XCOM.Enemy Unknown.v 1.0.0.20072 + 2 DLC.lnk
2013-09-01 09:31 - 2013-09-01 23:41 - 00000000 ____D C:\Users\user\Desktop\naudas lietas

==================== One Month Modified Files and Folders =======

2013-09-22 18:50 - 2013-09-22 18:50 - 00000000 ____D C:\FRST
2013-09-22 18:49 - 2013-09-22 18:49 - 01956670 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2013-09-22 18:45 - 2013-03-28 14:53 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-22 18:18 - 2012-07-26 08:28 - 00847866 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-22 18:03 - 2013-02-23 19:15 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2013-09-22 18:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2013-09-22 15:05 - 2013-02-15 15:05 - 00000870 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-09-22 10:45 - 2013-09-22 10:45 - 98586517 _____ C:\Windows\SysWOW64\뫶Lƍ
2013-09-22 09:57 - 2013-02-15 17:13 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1907844574-1128046594-91618787-1001
2013-09-22 09:47 - 2013-02-15 16:59 - 00000401 _____ C:\Users\user\AppData\Roaming\sp_data.sys
2013-09-22 09:47 - 2013-02-15 15:05 - 00000868 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-09-22 09:46 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-22 01:22 - 2013-09-22 01:22 - 00006674 _____ C:\Users\user\Desktop\Rkill.txt
2013-09-22 01:04 - 2013-09-22 01:03 - 00000000 ____D C:\Users\user\Desktop\New folder
2013-09-22 00:55 - 2013-09-22 00:55 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-09-22 00:50 - 2013-02-23 15:21 - 00000000 ____D C:\Users\user\AppData\Roaming\BitComet
2013-09-22 00:26 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-09-21 23:57 - 2013-09-21 23:57 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\user\Desktop\iExplore.exe
2013-09-21 23:26 - 2013-09-21 23:26 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-21 23:25 - 2013-02-23 19:13 - 00000000 ____D C:\Users\user\AppData\Local\Google
2013-09-21 16:45 - 2013-09-20 10:45 - 98547399 _____ C:\Windows\SysWOW64\䆟쿡Lŋ
2013-09-17 21:08 - 2013-09-17 21:08 - 00159826 _____ C:\Users\user\Desktop\solicitor 3.oxps
2013-09-17 20:52 - 2013-09-17 20:52 - 00375662 _____ C:\Users\user\Desktop\solicitor v1.oxps
2013-09-17 20:52 - 2013-09-17 20:52 - 00375228 _____ C:\Users\user\Desktop\solicitor v2.oxps
2013-09-16 17:27 - 2013-04-26 16:19 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2013-09-14 12:07 - 2012-08-02 14:24 - 00035306 _____ C:\Windows\PFRO.log
2013-09-13 04:46 - 2013-05-07 20:33 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-09-10 17:45 - 2013-03-28 14:53 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-05 19:11 - 2012-07-26 08:21 - 00036289 _____ C:\Windows\setupact.log
2013-09-04 12:23 - 2013-04-30 00:36 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-03 23:21 - 2013-09-03 23:21 - 00000000 ____D C:\Users\user\AppData\Local\FLT
2013-09-03 23:20 - 2013-09-03 23:09 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-09-03 23:20 - 2013-02-23 20:59 - 00000000 ____D C:\Users\user\Documents\My Games
2013-09-03 23:09 - 2013-09-03 23:09 - 00002233 _____ C:\Users\Public\Desktop\XCOM.Enemy Unknown.v 1.0.0.20072 + 2 DLC.lnk
2013-09-03 19:48 - 2013-02-23 14:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-03 19:44 - 2013-02-15 15:17 - 01572530 _____ C:\Windows\WindowsUpdate.log
2013-09-03 19:32 - 2013-02-24 16:06 - 00000000 ___RD C:\Users\user\Downloads\Microsoft.SkypeApp_kzf8qxf38zg5c!App
2013-09-03 18:44 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-09-01 23:41 - 2013-09-01 09:31 - 00000000 ____D C:\Users\user\Desktop\naudas lietas
2013-09-01 09:32 - 2013-06-03 21:06 - 00000000 ____D C:\Users\user\Desktop\tiesu faili
2013-08-29 12:17 - 2013-05-07 14:58 - 00082136 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-29 12:17 - 2013-04-30 00:36 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Files to move or delete:
====================
ZeroAccess:
C:\Users\user\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
C:\ProgramData\aiwof0.pad
C:\ProgramData\mjiwbr.pad
C:\ProgramData\SetStretch.exe

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\BackupSetup.exe
C:\Users\user\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\user\AppData\Local\Temp\OfficeSetup.exe
C:\Users\user\AppData\Local\Temp\uninst1.exe
C:\Users\user\AppData\Local\Temp\vcredist_x64.exe
C:\Users\user\AppData\Local\Temp\wget.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\en-GB => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

LastRegBack: 2013-09-20 15:55

==================== End Of Log ============================

 

Please find the information from Addition.txt attached:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2013
Ran by user at 2013-09-22 18:51:23
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs ======================

Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader X MUI (x32 Version: 10.0.0)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122)
ASUS Instant Connect (x32 Version: 1.2.8)
ASUS InstantOn (x32 Version: 3.0.2)
ASUS LifeFrame3 (x32 Version: 3.1.5)
ASUS Live Update (x32 Version: 3.1.8)
ASUS Power4Gear Hybrid (Version: 2.0.4)
ASUS Smart Gesture (x32 Version: 1.0.35)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.03.0004)
ASUS Tutor (x32 Version: 1.0.7)
ASUS WebStorage Sync Agent (x32 Version: 1.1.9.120)
AsusVibe2.0 (x32 Version: 2.0.10.168)
ATK Package (x32 Version: 1.0.0022)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
BitComet 1.35 64-bit (x32 Version: 1.35)
DAEMON Tools Lite (x32 Version: 4.46.1.0328)
Diablo III (x32 Version: 1.0.8.16603)
Heroes of Might and Magic 3 Complete (x32)
Intel® Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36354)
Intel® Management Engine Components (x32 Version: 8.1.0.1252)
Intel® Processor Graphics (x32 Version: 9.17.10.2828)
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
Lagarith lossless video codec (Remove Only)
Memory-Map (x32 Version: 5.4.4)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Office 365 Home Premium - en-us (Version: 15.0.4535.1004)
Microsoft SkyDrive (HKCU Version: 17.0.2003.1112)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 23.0.1 (x86 en-GB) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4535.1004)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4535.1004)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4535.1004)
Qualcomm Atheros Client Installation Program (x32 Version: 10.0)
Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6710)
Realtek PCIE Card Reader (x32 Version: 6.1.8400.27023)
Remove Windows 8 Codecs (x32 Version: 2.0)
RevConnect (x32)
Shared C Run-time for x64 (Version: 10.0.0)
Snagit 11 (x32 Version: 11.2.0)
swMSM (x32 Version: 12.0.0.1)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.5 (x32 Version: 2.0.5)
VLC Media Player Packages (HKCU)
Windows 7 Codec Pack 4.0.7 (x32 Version: 4.0.7)
Windows 8 Codecs Pack 1.0.0 (Version: 1.0.0)
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (Version: 10/29/2012 1.0.0.148)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows Mobile Device Center (Version: 6.1.6965.0)
WinFlash (x32 Version: 2.41.1)
WinRAR 4.20 (32-bit) (x32 Version: 4.20.0)
XCOM.Enemy Unknown.v 1.0.0.20072 + 2 DLC (x32 Version: XCOM.Enemy Unknown.v 1.0.0.20072 + 2 DLC)

==================== Restore Points  =========================

19-09-2013 02:31:34 Scheduled Checkpoint

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0DFEE2D8-6FF1-4963-B4F9-1FD2E253EEF8} - System32\Tasks\Hoolapp For Android => C:\Users\user\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {15513635-5453-4A75-B403-73FB79C0A4F3} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {17D67F34-6059-4083-840E-AFE84EA1000E} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\System32\sysmain.dll [2013-05-04] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\WSClient.dll [2012-09-20] (Microsoft Corporation)
Task: {29C787AA-E149-4364-B56C-01CA8547CE7F} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {2E5A4364-C4DE-48DE-A60F-908C0D944876} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation)
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3AC44A48-DB8E-42DB-B659-8A29C97DF165} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1907844574-1128046594-91618787-1001
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {3F8765CA-12FC-4686-8A34-FCD81AED6511} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1907844574-1128046594-91618787-500
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)
Task: {4B4B95C1-4D9A-4F57-803E-F319E0C87521} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {659A7A52-E2C1-49C0-8956-9B5C11155C8D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {67276940-BE12-4917-91DA-BE1B629F65C5} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-06] (ASUS)
Task: {67DB575D-B693-40AD-AD75-FF9F2819929F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2013-09-13] (Microsoft Corporation)
Task: {6BB597F6-3469-42D2-9265-58EF3211DBEA} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {739B65BD-784A-410D-8DE4-652E02209BDA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-07-22] (Microsoft Corporation)
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7B2ECE0A-968B-4F03-957B-7D51991D1951} - System32\Tasks\Hoolapp Init => C:\Users\user\AppData\Roaming\HOOLAP~1\Hoolapp.exe
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {84212935-0314-41ED-B24B-C46A5105B8C0} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {990BDCA9-DC7C-4A7D-8D6F-C2982427A873} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {A3C1B04A-AAB7-46BE-9D81-8C6D11BB26B0} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\WSClient.dll [2012-09-20] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {B0316833-5365-4105-92E0-9D6C5FDF34EF} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\System32\Windows.Storage.ApplicationData.dll [2012-07-26] (Microsoft Corporation)
Task: {C9AC99FF-AD21-47F6-850B-3A24B08952C9} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe [2012-08-15] (Microsoft Corporation)
Task: {CA5B14D1-0916-4A08-A4EA-B7BC41BDEB66} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => Sc.exe start wuauserv
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E6D4CB21-AD6E-43B3-8B85-D0298E08B4A9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-10] (Adobe Systems Incorporated)
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EAD237E7-D276-4257-9F16-51DF41548733} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\System32\Startupscan.dll [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {F4C72944-5792-4F76-B52F-19529D699BE3} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) =============

2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-02-23 15:42 - 2012-10-11 06:44 - 00355328 _____ () C:\Windows\system32\MSWSOCK.dll
2013-02-23 15:42 - 2012-10-11 06:44 - 00355328 _____ (Microsoft Corporation) \\?\globalroot\systemroot\system32\mswsock.DLL
2013-05-07 20:41 - 2013-05-07 20:41 - 00261624 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
2013-05-07 20:41 - 2013-05-07 20:41 - 00661448 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\MSVCP110.dll
2013-05-07 20:41 - 2013-05-07 20:41 - 00828872 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\MSVCR110.dll
2013-09-13 04:45 - 2013-09-13 04:45 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2009-03-02 03:07 - 2009-03-02 03:07 - 00200704 _____ ( ) C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\LogicNP.EZShellExtensions.dll
2013-03-09 23:01 - 2012-06-09 20:20 - 00196096 _____ (Alexander Roshal) C:\Program Files (x86)\WinRAR\rarext64.dll
2012-08-29 04:15 - 2012-08-15 18:53 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrENU.lrc
2012-08-29 04:15 - 2012-08-15 18:52 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2013-02-23 15:42 - 2012-10-11 06:44 - 00355328 _____ () C:\Windows\system32\mswsock.dll
2013-02-23 15:42 - 2012-10-11 06:44 - 00355328 _____ (Microsoft Corporation) \\.\globalroot\systemroot\system32\mswsock.dll
2013-04-13 09:56 - 2013-06-27 23:05 - 00537464 _____ (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.dll
2011-08-15 21:12 - 2011-08-15 21:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dll
2012-04-16 12:42 - 2012-04-16 12:42 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\featureController.dll
2011-08-15 21:12 - 2011-08-15 21:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dll
2011-08-15 21:15 - 2011-08-15 21:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtXml4.dll
2011-08-17 17:41 - 2011-08-17 17:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\sqlite3.dll
2011-08-17 17:48 - 2011-08-17 17:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\log4cplus.dll
2011-08-17 17:48 - 2011-08-17 17:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\libgsoap.dll
2011-08-15 20:23 - 2011-08-15 20:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\zlib1.dll
2013-02-23 15:42 - 2012-10-11 06:44 - 00355328 _____ () C:\Windows\SYSTEM32\mswsock.dll
2013-02-23 15:42 - 2012-10-11 06:06 - 00289280 _____ (Microsoft Corporation) \\.\globalroot\systemroot\syswow64\mswsock.dll
2012-04-16 12:41 - 2012-04-16 12:41 - 00484864 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DeviceProfile.dll
2012-04-16 12:56 - 2012-04-16 12:56 - 00500032 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2012-04-16 12:38 - 2012-04-16 12:38 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\eventsSender.dll
2012-08-24 18:17 - 2012-08-24 18:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2012-08-24 18:17 - 2012-08-24 18:17 - 01595392 _____ (TODO: <Company name>) C:\Program Files (x86)\ASUS\Splendid\Alb_ASUSLib.dll
2011-07-19 17:05 - 2011-07-19 17:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtWebKit4.dll
2011-08-15 21:17 - 2011-08-15 21:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtGui4.dll
2011-07-19 17:04 - 2011-07-19 17:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\phonon4.dll
2012-12-13 01:12 - 2012-12-13 01:12 - 00111104 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 02286592 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00219648 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00049664 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libaout_directx_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00051200 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00070144 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectx_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00037376 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmxext\libmemcpymmxext_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00157696 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00093696 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00258560 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00047616 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00043520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2012-12-13 01:12 - 2012-12-13 01:12 - 00440320 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_httplive_plugin.dll
2012-12-13 01:12 - 2012-12-13 01:12 - 00724992 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_dash_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00038912 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00083968 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2012-12-13 01:12 - 2012-12-13 01:12 - 00035840 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_record_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00106496 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 01544192 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00310784 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 01238016 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00051200 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00037888 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 11998720 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00198656 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00092160 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00185856 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00038400 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 01318912 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00051200 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 01719296 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00043008 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00372224 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00154624 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00037376 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00386560 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00265216 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 01888256 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00310784 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00041472 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00043008 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00263168 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00040448 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00042496 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 09263616 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00703488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00052224 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00044032 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00379392 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00139264 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00050688 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00041984 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00077824 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00040960 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00042496 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00056320 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00036352 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00040960 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00044544 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00036864 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00035840 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00034816 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00035840 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00070656 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00182272 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00068608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00135168 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 01518080 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00036864 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libconverter_fixed_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00034816 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00038400 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00036864 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00036352 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00035328 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00045568 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00033792 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat32_mixer_plugin.dll
2012-12-13 01:13 - 2012-12-13 01:13 - 00040960 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2013-08-17 13:13 - 2013-08-17 13:13 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-04-13 09:56 - 2013-06-27 23:05 - 14375800 _____ (Adobe Systems, Inc.) C:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx
2011-04-11 08:57 - 2011-04-11 08:57 - 00767280 _____ (BitComet) C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll

==================== Alternate Data Streams (whitelisted) ======

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\38807555.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\38807555.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/22/2013 09:35:07 AM) (Source: Windows Search Service) (User: )
Description: Notifications for the volume C:\ are not active.

Context: Windows Application

Details:
 Insufficient quota to complete the requested service.  (HRESULT : 0x800705ad) (0x800705ad)

Error: (09/22/2013 09:34:31 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.2.9200.16420, time stamp: 0x505a96c3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xfffffa80
Faulting process ID: 0x47d8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report ID: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5

Error: (09/22/2013 09:33:31 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.2.9200.16420, time stamp: 0x505a96c3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xfffffa80
Faulting process ID: 0x14a8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report ID: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5

Error: (09/22/2013 09:32:30 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.2.9200.16420, time stamp: 0x505a96c3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xfffffa80
Faulting process ID: 0x16cc
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report ID: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5

Error: (09/22/2013 09:31:30 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.2.9200.16420, time stamp: 0x505a96c3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xfffffa80
Faulting process ID: 0xf10
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report ID: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5

Error: (09/22/2013 09:30:30 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.2.9200.16420, time stamp: 0x505a96c3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xfffffa80
Faulting process ID: 0x138c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report ID: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5

Error: (09/22/2013 09:29:30 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.2.9200.16420, time stamp: 0x505a96c3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xfffffa80
Faulting process ID: 0x17bc
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report ID: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5

Error: (09/22/2013 09:28:29 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.2.9200.16420, time stamp: 0x505a96c3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xfffffa80
Faulting process ID: 0x14d8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report ID: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5

Error: (09/22/2013 09:27:29 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.2.9200.16420, time stamp: 0x505a96c3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xfffffa80
Faulting process ID: 0x1218
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report ID: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5

Error: (09/22/2013 09:26:29 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.2.9200.16420, time stamp: 0x505a96c3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xfffffa80
Faulting process ID: 0x1070
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report ID: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5

System errors:
=============
Error: (09/22/2013 06:22:40 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%2147942405

Error: (09/22/2013 06:22:40 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%2147942405

Error: (09/22/2013 06:22:40 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%2147942405

Error: (09/22/2013 06:22:40 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%2147942405

Error: (09/22/2013 09:48:35 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%2147942405

Error: (09/22/2013 09:48:35 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%2147942405

Error: (09/22/2013 09:48:21 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%2147942405

Error: (09/22/2013 09:48:21 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%2147942405

Error: (09/22/2013 09:46:45 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/22/2013 09:46:43 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends on the following service: BFE. This service might not be installed.

Microsoft Office Sessions:
=========================
Error: (09/22/2013 09:35:07 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
 Insufficient quota to complete the requested service.  (HRESULT : 0x800705ad) (0x800705ad)
C:\

Error: (09/22/2013 09:34:31 AM) (Source: Application Error)(User: )
Description: svchost.exe6.2.9200.16420505a96c3unknown0.0.0.000000000c0000005fffffa8047d801ceb76e8ef056e7C:\Windows\SysWOW64\svchost.exeunknowncc9f452b-2361-11e3-be94-3085a92dc7d3

Error: (09/22/2013 09:33:31 AM) (Source: Application Error)(User: )
Description: svchost.exe6.2.9200.16420505a96c3unknown0.0.0.000000000c0000005fffffa8014a801ceb76e6b0b145aC:\Windows\SysWOW64\svchost.exeunknowna8ba026b-2361-11e3-be94-3085a92dc7d3

Error: (09/22/2013 09:32:30 AM) (Source: Application Error)(User: )
Description: svchost.exe6.2.9200.16420505a96c3unknown0.0.0.000000000c0000005fffffa8016cc01ceb76e4712dda0C:\Windows\SysWOW64\svchost.exeunknown84c1cbb1-2361-11e3-be94-3085a92dc7d3

Error: (09/22/2013 09:31:30 AM) (Source: Application Error)(User: )
Description: svchost.exe6.2.9200.16420505a96c3unknown0.0.0.000000000c0000005fffffa80f1001ceb76e232db9f2C:\Windows\SysWOW64\svchost.exeunknown60dca809-2361-11e3-be94-3085a92dc7d3

Error: (09/22/2013 09:30:30 AM) (Source: Application Error)(User: )
Description: svchost.exe6.2.9200.16420505a96c3unknown0.0.0.000000000c0000005fffffa80138c01ceb76dff4c131dC:\Windows\SysWOW64\svchost.exeunknown3cfb0134-2361-11e3-be94-3085a92dc7d3

Error: (09/22/2013 09:29:30 AM) (Source: Application Error)(User: )
Description: svchost.exe6.2.9200.16420505a96c3unknown0.0.0.000000000c0000005fffffa8017bc01ceb76ddb699001C:\Windows\SysWOW64\svchost.exeunknown19187e12-2361-11e3-be94-3085a92dc7d3

Error: (09/22/2013 09:28:29 AM) (Source: Application Error)(User: )
Description: svchost.exe6.2.9200.16420505a96c3unknown0.0.0.000000000c0000005fffffa8014d801ceb76db788756cC:\Windows\SysWOW64\svchost.exeunknownf537637d-2360-11e3-be94-3085a92dc7d3

Error: (09/22/2013 09:27:29 AM) (Source: Application Error)(User: )
Description: svchost.exe6.2.9200.16420505a96c3unknown0.0.0.000000000c0000005fffffa80121801ceb76d93a77983C:\Windows\SysWOW64\svchost.exeunknownd1566799-2360-11e3-be94-3085a92dc7d3

Error: (09/22/2013 09:26:29 AM) (Source: Application Error)(User: )
Description: svchost.exe6.2.9200.16420505a96c3unknown0.0.0.000000000c0000005fffffa80107001ceb76d6fbb2eb9C:\Windows\SysWOW64\svchost.exeunknownad6a1cd0-2360-11e3-be94-3085a92dc7d3

==================== Memory info ===========================

Percentage of memory in use: 37%
Total physical RAM: 3979.82 MB
Available physical RAM: 2473.56 MB
Total Pagefile: 11403.82 MB
Available Pagefile: 9555.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:100.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:398.17 GB) (Free:353.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 56D41D26)

Partition: GPT Partition Type
==================== End Of Log ============================



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:24 AM

Posted 22 September 2013 - 02:55 PM

Hi,

 

 

Download [attachment=142129:fixlist.txt] file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Next please download this file => [attachment=142130:fixlist.txt] and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#5 Marekssk

Marekssk
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 22 September 2013 - 04:09 PM

After the first part the computer restarted, and this log was shown:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-09-2013
Ran by user at 2013-09-22 22:04:24 Run:1
Running from C:\Users\user\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=bd69480f-0f5f-447c-a799-d85317e95739&searchtype=ds&q={searchTerms}&installDate=02/07/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=bd69480f-0f5f-447c-a799-d85317e95739&searchtype=ds&q={searchTerms}&installDate=02/07/2013
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=bd69480f-0f5f-447c-a799-d85317e95739&searchtype=ds&q={searchTerms}&installDate=02/07/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=bd69480f-0f5f-447c-a799-d85317e95739&searchtype=ds&q={searchTerms}&installDate=02/07/2013
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=bd69480f-0f5f-447c-a799-d85317e95739&searchtype=ds&q={searchTerms}&installDate=02/07/2013
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=bd69480f-0f5f-447c-a799-d85317e95739&searchtype=ds&q={searchTerms}&installDate=02/07/2013
BHO-x32: No Name - {EF3CB363-38C4-4DA3-B398-DE6184A7819B} -  No File
Toolbar: HKLM -  No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 -  No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Winsock: Catalog5 04 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 04 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
FF DefaultSearchEngine: Web Search
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=bd69480f-0f5f-447c-a799-d85317e95739&searchtype=hp&installDate=02/07/2013
FF Keyword.URL: hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=bd69480f-0f5f-447c-a799-d85317e95739&searchtype=ds&installDate=02/07/2013&q=
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f08cuk13.default\searchplugins\Web Search.xml
FF Extension: BitComet 视频下载器 - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f08cuk13.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{9888b0a9-0e17-c4c4-1ea9-98ab7c40a7d9}\   \...\???\{9888b0a9-0e17-c4c4-1ea9-98ab7c40a7d9}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
2013-09-22 10:45 - 2013-09-22 10:45 - 98586517 _____ C:\Windows\SysWOW64\뫶Lƍ
2013-09-20 10:45 - 2013-09-21 16:45 - 98547399 _____ C:\Windows\SysWOW64\䆟쿡Lŋ
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Users\user\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
C:\ProgramData\aiwof0.pad
C:\ProgramData\mjiwbr.pad
C:\ProgramData\SetStretch.exe
C:\Users\user\AppData\Local\Temp\BackupSetup.exe
C:\Users\user\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\user\AppData\Local\Temp\OfficeSetup.exe
C:\Users\user\AppData\Local\Temp\uninst1.exe
C:\Users\user\AppData\Local\Temp\vcredist_x64.exe
C:\Users\user\AppData\Local\Temp\wget.exe
end

*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key deleted successfully.
HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF3CB363-38C4-4DA3-B398-DE6184A7819B} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{EF3CB363-38C4-4DA3-B398-DE6184A7819B} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value deleted successfully.
HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key deleted successfully.
Winsock: Catalog5 entry 000000000004\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000004\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f08cuk13.default\searchplugins\Web Search.xml => Moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f08cuk13.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
HKCU\SOFTWARE\Policies\Google => Key deleted successfully.
*etadpug => Service deleted successfully.
Could not move "C:\Windows\SysWOW64\뫶Lƍ" => Scheduled to move on reboot.
C:\Windows\SysWOW64\䆟쿡Lŋ => Moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.
Could not move "C:\Windows\assembly\GAC_64\Desktop.ini" => Scheduled to move on reboot.
C:\Users\user\AppData\Local\Google\Desktop\Install => Moved successfully.

"C:\Program Files (x86)\Google\Desktop\Install" directory move:

Could not move "C:\Program Files (x86)\Google\Desktop\Install" directory. => Scheduled to move on reboot.

C:\ProgramData\aiwof0.pad => Moved successfully.
C:\ProgramData\mjiwbr.pad => Moved successfully.
C:\ProgramData\SetStretch.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\InstallFlashPlayer.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\OfficeSetup.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\uninst1.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\wget.exe => Moved successfully.

=========== Result of Scheduled Files to move ===========

C:\Windows\SysWOW64\뫶Lƍ => Is moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.
C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.

==== End of Fixlog ====



#6 Marekssk

Marekssk
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 22 September 2013 - 04:14 PM

The second part log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-09-2013
Ran by user at 2013-09-22 22:10:46 Run:2
Running from C:\Users\user\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
cmd: netsh winsock reset
cmd: ipconfig /flushdns
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
cmd: dir c:\ /aL /s
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\38807555.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\38807555.sys => ""="Driver"
end

*****************

=========  netsh winsock reset =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-GB" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\SymSrv.yes" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

=========  dir c:\ /aL /s =========

 Volume in drive C is OS
 Volume Serial Number is 1C52-16A8

 Directory of c:\

26/07/2012  08:22    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes

 Directory of c:\ProgramData

26/07/2012  08:22    <JUNCTION>     Application Data [C:\ProgramData]
26/07/2012  08:22    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
26/07/2012  08:22    <JUNCTION>     Documents [C:\Users\Public\Documents]
26/07/2012  08:22    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
26/07/2012  08:22    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes

 Directory of c:\Users

26/07/2012  08:22    <SYMLINKD>     All Users [C:\ProgramData]
26/07/2012  08:22    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes

 Directory of c:\Users\All Users

26/07/2012  08:22    <JUNCTION>     Application Data [C:\ProgramData]
26/07/2012  08:22    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
26/07/2012  08:22    <JUNCTION>     Documents [C:\Users\Public\Documents]
26/07/2012  08:22    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
26/07/2012  08:22    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes

 Directory of c:\Users\Default

26/07/2012  08:22    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
26/07/2012  08:22    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
26/07/2012  08:22    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
26/07/2012  08:22    <JUNCTION>     My Documents [C:\Users\Default\Documents]
26/07/2012  08:22    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
26/07/2012  08:22    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
26/07/2012  08:22    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
26/07/2012  08:22    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
26/07/2012  08:22    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
26/07/2012  08:22    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes

 Directory of c:\Users\Default\AppData\Local

26/07/2012  08:22    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
26/07/2012  08:22    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
26/07/2012  08:22    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes

 Directory of c:\Users\Default\Documents

26/07/2012  08:22    <JUNCTION>     My Music [C:\Users\Default\Music]
26/07/2012  08:22    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
26/07/2012  08:22    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes

 Directory of c:\Users\Public\Documents

26/07/2012  08:22    <JUNCTION>     My Music [C:\Users\Public\Music]
26/07/2012  08:22    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
26/07/2012  08:22    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes

     Total Files Listed:
               0 File(s)              0 bytes
              32 Dir(s)  108,357,873,664 bytes free

========= End of CMD: =========

==== End of Fixlog ====



#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:24 AM

Posted 22 September 2013 - 04:58 PM

Hi,

 

 

 

Nice work! :)
Let's check for leftovers.

The most of them should take no more than 5 minutes each.

 

 

 

STEP 1

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
     
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.



STEP 2




  • Please download RogueKiller.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

STEP 3



Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    JtwHB.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.



STEP 4




  • Please download the newest version of Malwarebytes' Anti-Malware and install it.
  • Please start the application by double-click on it's icon.
  • Once the program has loaded go to the UPDATE tab and check for updates.
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Please save it to a convenient location and copy and past the results at pastebin.com and post the link to the log in your next reply.




STEP 5



Please download Farbar Service Scanner and run it on the computer with the issue.


  • Make sure that all options are checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.



STEP 6



Please download AdwCleaner by Xplode and save to your Desktop.


  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#8 Marekssk

Marekssk
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 22 September 2013 - 06:40 PM

Hi Georgi,

 

Please find the logs attached:

 

Rkill log http://pastebin.com/wdi0upDH

Roguekiller log http://pastebin.com/GpahDLkS

TDSSKiller log http://pastebin.com/zmygMZpU

Malwarebytes log http://pastebin.com/Ej5eRzWT

Farbar http://pastebin.com/m0PtViXN

Adwcleaner http://pastebin.com/dU0igSFK



#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:24 AM

Posted 23 September 2013 - 02:29 AM

Next let's try to fix the broken services.


Backup Your Registry

 


 

Now download the following files and save them to your desktop:

mpsdrv.reg

 

BFE.reg

 

BITS.reg

 

iphlpsvc.reg

 

MpsSvc.reg

 

PcaSvc.reg

 

PolicyAgent.reg

 

RemoteAccess.reg

 

WinDefend.reg

 

wscsvc.reg

 

wuauserv.reg

 

SharedAccess.reg

Now double click on each of them one by one. An information box will pop up asking if you want to merge the information in the file into the registry, click YES.

 

  • Next please download the ESET ServicesRepair utility and save it to your Desktop.
  • Double-click ServicesRepair.exe to run the ESET ServicesRepair utility.
  • If you are using User Access Control, click Run when prompted and then click Yes when asked to allow changes.
  • Reboot the computer and then please attach fresh logs from the following 2 tools - RKILL and Farbar Service Scanner.

 

 

 

thisisujrt.gif  Also please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

Regards,

Georgi


cXfZ4wS.png


#10 Marekssk

Marekssk
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 23 September 2013 - 04:23 PM

New Rkill http://pastebin.com/vyNj4YD4

New Farbar http://pastebin.com/Q2k6fCbM



#11 Marekssk

Marekssk
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 23 September 2013 - 04:30 PM

Junkware removal tool:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.2 (09.22.2013:1)
OS: Windows 8 x64
Ran by user on 23/09/2013 at 22:23:57.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\searchURL\\Default

 

~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1907844574-1128046594-91618787-1001\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1907844574-1128046594-91618787-1001\Software\Wajam
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181110}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181110}

 

~~~ Files

 

~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\apn"
Failed to delete: [Folder] "C:\Program Files (x86)\Common Files\wondershare"

 

~~~ FireFox

Successfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\f08cuk13.default\invalidprefs.js
Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\f08cuk13.default\minidumps [29 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/09/2013 at 22:29:51.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:24 AM

Posted 23 September 2013 - 05:41 PM

Hi,

 

 

Good work!

 

 

STEP 1

 

 

Now please download [attachment=142184:fixlist.txt] file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Also please post a new log from FSS.

 

 

 

STEP 2

 

 

 

I'd like us to scan your machine with ESET OnlineScan


  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Run ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is  checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

 

 

STEP 3

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#13 Marekssk

Marekssk
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 24 September 2013 - 12:34 PM

FRST new: http://pastebin.com/0vM1WaWU

FSS new: http://pastebin.com/a1anAu7i

 

ESETscan: http://pastebin.com/0zY4hfX7

 

Security scan:

 

 Results of screen317's Security Check version 0.99.73 
   x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
Windows Defender  
Avira Desktop     
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 7 Update 21 
 Java version out of Date!
 Adobe Flash Player  11.8.800.168 
 Mozilla Firefox (23.0.1)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 



#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:24 AM

Posted 24 September 2013 - 05:28 PM

Hi,

 

 

Download [attachment=142215:fixlist.txt] file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Next please download Windows Repair (all in one) from here

Install the program then go to step 4 and create a new system restore point and new registry backup.

step-4-tab.jpg

On the the Start Repairs tab => Click the Start

start-repairs-tab.jpg

Click on the Select All button and then click on Start

7fthj.png

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure and then post a new log from Farbar Service Scanner.

 

 

Regards,

Georgi


cXfZ4wS.png


#15 Marekssk

Marekssk
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 24 September 2013 - 06:16 PM

FRST new2 http://pastebin.com/ftJWiie6

 

 

Farbar Service Scanner Version: 13-09-2013
Ran by user (administrator) on 25-09-2013 at 00:13:34
Running from "C:\Users\user\Desktop"
Microsoft Windows 8  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Attempt to access Google.com returned error: Google.com is offline
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll
[2013-09-23 22:23] - [2013-06-10 20:15] - 0723968 ____A (Microsoft Corporation) 73133A0C0CA63817BFF2CB9DE65B64E7

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2013-09-23 22:26] - [2013-08-16 06:21] - 3275776 ____A (Microsoft Corporation) 9DEC60D4783377097014DFCCA31E69F8

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users