Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Probably zero acces rootkit problem


  • This topic is locked This topic is locked
25 replies to this topic

#1 Shattered5

Shattered5

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 15 October 2013 - 01:40 PM

So i recently uncovered that my firewall was disabled. After a long search on the internet and many attempts at solving the problem my firewall is still disabled. I came across a forum which said that i might have a zero acces rootkit on my pc. I have attached my log files below and i'm hoping this problem can be solved. I'm running on windows 8 and the Firewall error was a 0x6d9

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:44 AM

Posted 15 October 2013 - 11:05 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,
Georgi


cXfZ4wS.png


#3 Shattered5

Shattered5
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 16 October 2013 - 02:21 AM

Hi Georgi, thank you for replying. I've ran Farbar recovery scan tool and here are the files.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013

Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Intel Corporation) C:\Windows\system32\igfxpers.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1813928 2013-10-09] (Valve Corporation)
HKCU\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKCU\...\Run: [miner] - "C:\Users\**\AppData\Roaming\miner\nircmd.exe" exec hide "C:\Users\**\AppData\Roaming\miner\begin.bat"
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6589208 2013-10-11] (SUPERAntiSpyware)
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
MountPoints2: {59e33b09-2e7f-11e3-bece-20689dbfc230} - "G:\laucher.exe"
MountPoints2: {5f58d2af-79bc-11e2-be80-20689dbfc230} - "G:\WD Drive Unlock.exe" autoplay=true
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [38112 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2404376 2013-10-06] ()
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-08-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [250504 2013-03-15] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [205184 2013-03-15] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.avg.com/?cid={CF27BA43-D7B4-4643-874E-C0FD08DD7A45}&mid=010f23d4861f47d39d31f121db5b2bc3-7354d63df30ecf1961479723639187f36f61817c&lang=nl&ds=AVG&pr=fr&d=2013-03-18 20:52:34&v=15.2.0.5&pid=safeguard&sg=2&sap=hp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {3914F081-1779-4F4E-87E2-EDD7A915861C} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYNL&apn_uid=6A6647DA-08BE-48CE-9230-337EF2098BCD&apn_sauid=0D51E8C5-49A2-4227-A782-076F69FA656D
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={CF27BA43-D7B4-4643-874E-C0FD08DD7A45}&mid=010f23d4861f47d39d31f121db5b2bc3-7354d63df30ecf1961479723639187f36f61817c&lang=nl&ds=AVG&pr=fr&d=2013-03-18 20:52:34&v=15.2.0.5&pid=safeguard&sg=2&sap=dsp&q={searchTerms}
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 -  No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.87.106.106 192.87.36.36

FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\xyb7jbyk.default
FF DefaultSearchEngine: AVG Secure Search
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxp://mysearch.avg.com/?cid={CF27BA43-D7B4-4643-874E-C0FD08DD7A45}&mid=010f23d4861f47d39d31f121db5b2bc3-7354d63df30ecf1961479723639187f36f61817c&lang=nl&ds=AVG&pr=fr&d=2013-03-18 20:52:34&v=15.3.0.11&pid=safeguard&sg=0&sap=hp
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\***AppData\Roaming\Mozilla\Firefox\Profiles\xyb7jbyk.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bolcom-nl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\marktplaats-nl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: artur.dubovoy - C:\Users\migueldeleeuw\AppData\Roaming\Mozilla\Firefox\Profiles\xyb7jbyk.default\Extensions\artur.dubovoy@gmail.com.xpi
FF Extension: No Name - C:\Users\migueldeleeuw\AppData\Roaming\Mozilla\Firefox\Profiles\xyb7jbyk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-06] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros)

==================== Drivers (Whitelisted) ====================

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [311968 2013-08-13] ()
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248632 2013-07-18] (AVG Technologies CZ, s.r.o.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-01-16] (DT Soft Ltd)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2013-04-15] ()
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [13696 2012-09-17] (ASUSTek Computer Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U0 msahci;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-16 09:06 - 2013-10-16 09:06 - 00000000 ____D C:\FRST
2013-10-15 19:58 - 2013-10-15 19:58 - 00000000 ____D C:\Users\migueldeleeuw\AppData\Roaming\SUPERAntiSpyware.com
2013-10-15 19:58 - 2013-10-15 19:58 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-10-15 19:58 - 2013-10-15 19:58 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-15 18:55 - 2013-10-15 19:18 - 00000375 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-10-14 21:22 - 2013-10-14 21:22 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-14 21:22 - 2013-10-14 21:22 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-14 21:22 - 2013-10-14 21:22 - 00000000 ____D C:\Program Files\iTunes
2013-10-14 21:22 - 2013-10-14 21:22 - 00000000 ____D C:\Program Files\iPod
2013-10-14 21:22 - 2013-10-14 21:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-14 20:43 - 2013-10-14 20:43 - 04991664 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-12 20:26 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-12 20:26 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-12 20:26 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-12 20:26 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-12 20:26 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-12 20:26 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-12 20:26 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-12 20:26 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-12 20:26 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-12 20:26 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-12 20:26 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-12 20:26 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-12 20:26 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-12 20:26 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-12 20:26 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-12 20:26 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-12 20:26 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-12 20:26 - 2013-08-23 07:11 - 04040192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-12 20:26 - 2013-07-20 00:13 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-12 20:26 - 2013-07-20 00:13 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-12 20:26 - 2013-07-06 02:15 - 00652288 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-12 20:26 - 2013-07-06 00:02 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-12 20:26 - 2013-07-06 00:01 - 00210560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-12 20:26 - 2013-07-04 04:13 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-12 20:26 - 2013-07-02 03:41 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2013-10-12 20:26 - 2013-07-02 03:41 - 00337752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2013-10-12 20:26 - 2013-07-02 03:41 - 00213336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2013-10-12 20:26 - 2013-07-02 00:14 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys
2013-10-12 20:26 - 2013-07-01 03:42 - 00623448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-12 20:26 - 2013-07-01 03:42 - 00498008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-12 20:26 - 2013-07-01 03:42 - 00079192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-12 20:26 - 2013-07-01 03:42 - 00021848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-12 20:26 - 2013-06-29 05:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-12 20:26 - 2013-06-29 05:07 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-12 20:26 - 2013-06-29 05:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-12 20:26 - 2013-06-29 05:06 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-12 20:26 - 2013-06-22 07:45 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-12 20:26 - 2013-06-22 07:45 - 00054488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-10-12 20:26 - 2013-05-27 01:17 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-12 20:26 - 2013-05-27 00:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-12 20:26 - 2013-05-25 05:15 - 00362496 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-12 20:26 - 2013-05-25 04:32 - 00300032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-12 20:26 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-10-12 20:26 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-10-12 20:26 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-12 20:26 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-12 20:26 - 2013-04-29 00:28 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-10-12 20:26 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-12 20:26 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-12 20:26 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-12 20:26 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-12 20:26 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-12 20:26 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-12 20:26 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-10-12 20:26 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-12 20:26 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-07 14:57 - 2013-10-07 14:57 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2013-10-07 08:28 - 2013-10-14 19:12 - 00001566 _____ C:\Windows\setupact.log
2013-10-06 15:02 - 2013-10-06 15:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-06 14:08 - 2013-08-07 07:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll

==================== One Month Modified Files and Folders =======

2013-10-16 09:06 - 2013-10-16 09:06 - 00000000 ____D C:\FRST
2013-10-16 09:06 - 2013-03-14 17:47 - 00000000 ____D C:\Users\***\Desktop\Bestanden
2013-10-16 09:01 - 2013-01-13 00:50 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3616788050-148704826-4199523587-1002
2013-10-16 09:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-10-16 08:59 - 2013-04-15 10:16 - 01726423 _____ C:\Windows\WindowsUpdate.log
2013-10-16 08:59 - 2012-08-03 01:15 - 08046632 _____ C:\Windows\system32\perfh013.dat
2013-10-16 08:59 - 2012-08-03 01:15 - 02383180 _____ C:\Windows\system32\perfc013.dat
2013-10-16 08:59 - 2012-07-26 09:28 - 00005430 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-16 08:19 - 2013-01-14 21:41 - 00000000 ____D C:\Users\***\AppData\Local\CrashDumps
2013-10-16 08:18 - 2013-02-12 13:06 - 00001080 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-16 08:18 - 2013-01-13 03:16 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-16 08:18 - 2013-01-13 00:44 - 00000408 _____ C:\Users\***\AppData\Roaming\sp_data.sys
2013-10-15 22:33 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-15 21:13 - 2013-01-13 03:24 - 00000940 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-15 20:33 - 2013-02-12 13:06 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-15 19:58 - 2013-10-15 19:58 - 00000000 ____D C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com
2013-10-15 19:58 - 2013-10-15 19:58 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-10-15 19:58 - 2013-10-15 19:58 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-15 19:45 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-10-15 19:18 - 2013-10-15 18:55 - 00000375 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-10-15 18:48 - 2013-03-18 21:48 - 00000000 ____D C:\ProgramData\MFAData
2013-10-15 13:12 - 2013-04-09 10:08 - 00000000 ____D C:\Users\***\AppData\Local\Paint.NET
2013-10-15 08:26 - 2013-01-15 09:27 - 00000000 ____D C:\Users\***\AppData\Local\Adobe
2013-10-15 00:17 - 2013-08-13 15:09 - 00000000 ____D C:\Users\***\Downloads\Stepmother Teaches Anal (Julia Ann and Mandy Sky) (2012) XXX HD 720p
2013-10-14 23:46 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-10-14 21:28 - 2013-02-12 13:06 - 00004056 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-14 21:28 - 2013-02-12 13:06 - 00003820 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-14 21:22 - 2013-10-14 21:22 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-14 21:22 - 2013-10-14 21:22 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-14 21:22 - 2013-10-14 21:22 - 00000000 ____D C:\Program Files\iTunes
2013-10-14 21:22 - 2013-10-14 21:22 - 00000000 ____D C:\Program Files\iPod
2013-10-14 21:22 - 2013-10-14 21:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-14 20:43 - 2013-10-14 20:43 - 04991664 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-14 19:12 - 2013-10-07 08:28 - 00001566 _____ C:\Windows\setupact.log
2013-10-13 15:09 - 2013-08-14 12:19 - 00000000 ____D C:\Windows\system32\MRT
2013-10-13 15:08 - 2013-01-13 19:30 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-13 14:44 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-10-13 14:37 - 2013-08-22 15:58 - 00002750 _____ C:\Windows\PFRO.log
2013-10-10 19:50 - 2013-09-04 21:43 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2013-10-10 19:50 - 2013-09-04 21:43 - 00000000 ____D C:\Program Files\Image-Line
2013-10-10 19:50 - 2013-09-04 21:43 - 00000000 ____D C:\Program Files (x86)\DSPRobotics
2013-10-10 19:50 - 2013-09-04 21:41 - 00000000 ____D C:\Program Files (x86)\Image-Line
2013-10-10 19:48 - 2012-10-20 09:07 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-10 19:45 - 2013-01-13 00:43 - 00000000 ____D C:\Users\***\AppData\Roaming\Adobe
2013-10-10 19:45 - 2012-08-17 02:52 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-10-10 19:44 - 2013-06-10 20:34 - 00000000 ____D C:\Program Files (x86)\NCH Software
2013-10-10 12:13 - 2013-01-13 03:24 - 00003828 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-10 11:41 - 2013-02-12 21:09 - 00113016 _____ C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-10 10:48 - 2013-01-14 21:30 - 00000000 ____D C:\Users\***\AppData\Roaming\vlc
2013-10-08 23:59 - 2013-01-13 17:56 - 00758784 ___SH C:\Users\***\Desktop\Thumbs.db
2013-10-07 16:21 - 2012-08-17 02:52 - 00000000 ____D C:\ProgramData\Adobe
2013-10-07 15:19 - 2013-07-09 20:09 - 00000000 ____D C:\ProgramData\FLEXnet
2013-10-07 15:01 - 2013-07-09 20:07 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-07 15:00 - 2013-07-09 20:38 - 00000000 ____D C:\Program Files\Adobe
2013-10-07 14:57 - 2013-10-07 14:57 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2013-10-07 13:29 - 2013-01-13 03:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-07 09:48 - 2013-01-13 12:39 - 00000000 ____D C:\Users\***\AppData\Roaming\uTorrent
2013-10-07 08:31 - 2013-01-13 03:10 - 00000000 ____D C:\Users\***\AppData\Local\Mozilla
2013-10-06 15:02 - 2013-10-06 15:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-06 14:05 - 2013-06-27 12:54 - 00003734 _____ C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-10-06 14:05 - 2013-03-18 21:52 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-10-06 14:05 - 2013-03-18 21:52 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-10-02 03:38 - 2012-07-26 10:14 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-02 03:38 - 2012-07-26 10:14 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-26 22:37 - 2013-01-29 19:24 - 00000000 ____D C:\Users\***\AppData\Local\Apple Computer
2013-09-26 13:11 - 2013-06-05 18:45 - 00020480 ___SH C:\Users\***\Documents\Thumbs.db
2013-09-26 13:11 - 2013-02-12 20:37 - 00000000 ____D C:\Users\***\Documents\
2013-09-23 01:28 - 2013-10-12 20:26 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 01:28 - 2013-10-12 20:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 01:27 - 2013-10-12 20:26 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 01:27 - 2013-10-12 20:26 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 01:27 - 2013-10-12 20:26 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-23 01:27 - 2013-10-12 20:26 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 01:27 - 2013-10-12 20:26 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-23 01:27 - 2013-10-12 20:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 00:55 - 2013-10-12 20:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 00:55 - 2013-10-12 20:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 00:55 - 2013-10-12 20:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 00:54 - 2013-10-12 20:26 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 00:54 - 2013-10-12 20:26 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 00:54 - 2013-10-12 20:26 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 00:54 - 2013-10-12 20:26 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 00:54 - 2013-10-12 20:26 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 00:54 - 2013-10-12 20:26 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-17 12:09 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$2c877159d42ae5d50f6d9b2130242f4c

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$2c877159d42ae5d50f6d9b2130242f4c

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3616788050-148704826-4199523587-1002\$2c877159d42ae5d50f6d9b2130242f4c

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$2c877159d42ae5d50f6d9b2130242f4c

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


Some content of TEMP:
====================
C:\Users\***\AppData\Local\Temp\AAMHelper.exe
C:\Users\***\AppData\Local\Temp\AdobeApplicationManager.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-10 11:03

==================== End Of Log ============================

 

 

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:44 AM

Posted 16 October 2013 - 04:05 AM

Hi,

 

Please don't remove your username from the logs or the scripts will not work because of the wrong file path!!

I can see some traces from ZeroAccess indeed but before I go to clean it out please let me know if you use this miner for purpose or I should remove it?

 

C:\Users\migueldeleeuw\AppData\Roaming\miner\begin.bat

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 16 October 2013 - 04:20 AM.
typo.

cXfZ4wS.png


#5 Shattered5

Shattered5
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 16 October 2013 - 04:16 AM

Hi Georgi,

 

Sorry for removing my name, i didn't know that would cause any harm.

As far as i'm concerned i don't use that miner.



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:44 AM

Posted 16 October 2013 - 04:20 AM

Hi,

 

Ok, there are no problems but please re-run FRST again and attach the logs (but please don't edit them this time).

Thanks! :)

 

 

Regards,

Georgi


cXfZ4wS.png


#7 Shattered5

Shattered5
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 16 October 2013 - 04:27 AM

Hi,

 

Here are the logs again and this time unedited :)

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by migueldeleeuw (administrator) on MIGUEL on 16-10-2013 11:26:04
Running from C:\Users\migueldeleeuw\Desktop\Bestanden
Windows 8 (X64) OS Language: Dutch Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Intel Corporation) C:\Windows\system32\igfxpers.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1813928 2013-10-09] (Valve Corporation)
HKCU\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKCU\...\Run: [miner] - "C:\Users\migueldeleeuw\AppData\Roaming\miner\nircmd.exe" exec hide "C:\Users\migueldeleeuw\AppData\Roaming\miner\begin.bat"
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6589208 2013-10-11] (SUPERAntiSpyware)
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
MountPoints2: {59e33b09-2e7f-11e3-bece-20689dbfc230} - "G:\laucher.exe"
MountPoints2: {5f58d2af-79bc-11e2-be80-20689dbfc230} - "G:\WD Drive Unlock.exe" autoplay=true
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [38112 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2404376 2013-10-06] ()
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-08-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [250504 2013-03-15] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [205184 2013-03-15] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.avg.com/?cid={CF27BA43-D7B4-4643-874E-C0FD08DD7A45}&mid=010f23d4861f47d39d31f121db5b2bc3-7354d63df30ecf1961479723639187f36f61817c&lang=nl&ds=AVG&pr=fr&d=2013-03-18 20:52:34&v=15.2.0.5&pid=safeguard&sg=2&sap=hp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {3914F081-1779-4F4E-87E2-EDD7A915861C} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYNL&apn_uid=6A6647DA-08BE-48CE-9230-337EF2098BCD&apn_sauid=0D51E8C5-49A2-4227-A782-076F69FA656D
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={CF27BA43-D7B4-4643-874E-C0FD08DD7A45}&mid=010f23d4861f47d39d31f121db5b2bc3-7354d63df30ecf1961479723639187f36f61817c&lang=nl&ds=AVG&pr=fr&d=2013-03-18 20:52:34&v=15.2.0.5&pid=safeguard&sg=2&sap=dsp&q={searchTerms}
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 -  No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.87.106.106 192.87.36.36

FireFox:
========
FF ProfilePath: C:\Users\migueldeleeuw\AppData\Roaming\Mozilla\Firefox\Profiles\xyb7jbyk.default
FF DefaultSearchEngine: AVG Secure Search
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxp://mysearch.avg.com/?cid={CF27BA43-D7B4-4643-874E-C0FD08DD7A45}&mid=010f23d4861f47d39d31f121db5b2bc3-7354d63df30ecf1961479723639187f36f61817c&lang=nl&ds=AVG&pr=fr&d=2013-03-18 20:52:34&v=15.3.0.11&pid=safeguard&sg=0&sap=hp
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\migueldeleeuw\AppData\Roaming\Mozilla\Firefox\Profiles\xyb7jbyk.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bolcom-nl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\marktplaats-nl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: artur.dubovoy - C:\Users\migueldeleeuw\AppData\Roaming\Mozilla\Firefox\Profiles\xyb7jbyk.default\Extensions\artur.dubovoy@gmail.com.xpi
FF Extension: No Name - C:\Users\migueldeleeuw\AppData\Roaming\Mozilla\Firefox\Profiles\xyb7jbyk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-06] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros)

==================== Drivers (Whitelisted) ====================

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [311968 2013-08-13] ()
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248632 2013-07-18] (AVG Technologies CZ, s.r.o.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-01-16] (DT Soft Ltd)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2013-04-15] ()
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [13696 2012-09-17] (ASUSTek Computer Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U0 msahci;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-16 09:06 - 2013-10-16 09:06 - 00000000 ____D C:\FRST
2013-10-15 19:58 - 2013-10-15 19:58 - 00000000 ____D C:\Users\migueldeleeuw\AppData\Roaming\SUPERAntiSpyware.com
2013-10-15 19:58 - 2013-10-15 19:58 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-10-15 19:58 - 2013-10-15 19:58 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-15 18:55 - 2013-10-15 19:18 - 00000375 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-10-14 21:22 - 2013-10-14 21:22 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-14 21:22 - 2013-10-14 21:22 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-14 21:22 - 2013-10-14 21:22 - 00000000 ____D C:\Program Files\iTunes
2013-10-14 21:22 - 2013-10-14 21:22 - 00000000 ____D C:\Program Files\iPod
2013-10-14 21:22 - 2013-10-14 21:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-14 20:43 - 2013-10-14 20:43 - 04991664 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-12 20:26 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-12 20:26 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-12 20:26 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-12 20:26 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-12 20:26 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-12 20:26 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-12 20:26 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-12 20:26 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-12 20:26 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-12 20:26 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-12 20:26 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-12 20:26 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-12 20:26 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-12 20:26 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-12 20:26 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-12 20:26 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-12 20:26 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-12 20:26 - 2013-08-23 07:11 - 04040192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-12 20:26 - 2013-07-20 00:13 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-12 20:26 - 2013-07-20 00:13 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-12 20:26 - 2013-07-06 02:15 - 00652288 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-12 20:26 - 2013-07-06 00:02 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-12 20:26 - 2013-07-06 00:01 - 00210560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-12 20:26 - 2013-07-04 04:13 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-12 20:26 - 2013-07-02 03:41 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2013-10-12 20:26 - 2013-07-02 03:41 - 00337752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2013-10-12 20:26 - 2013-07-02 03:41 - 00213336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2013-10-12 20:26 - 2013-07-02 00:14 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys
2013-10-12 20:26 - 2013-07-01 03:42 - 00623448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-12 20:26 - 2013-07-01 03:42 - 00498008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-12 20:26 - 2013-07-01 03:42 - 00079192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-12 20:26 - 2013-07-01 03:42 - 00021848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-12 20:26 - 2013-06-29 05:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-12 20:26 - 2013-06-29 05:07 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-12 20:26 - 2013-06-29 05:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-12 20:26 - 2013-06-29 05:06 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-12 20:26 - 2013-06-22 07:45 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-12 20:26 - 2013-06-22 07:45 - 00054488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-10-12 20:26 - 2013-05-27 01:17 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-12 20:26 - 2013-05-27 00:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-12 20:26 - 2013-05-25 05:15 - 00362496 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-12 20:26 - 2013-05-25 04:32 - 00300032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-12 20:26 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-10-12 20:26 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-10-12 20:26 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-12 20:26 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-12 20:26 - 2013-04-29 00:28 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-10-12 20:26 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-12 20:26 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-12 20:26 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-12 20:26 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-12 20:26 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-12 20:26 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-12 20:26 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-10-12 20:26 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-12 20:26 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-07 14:57 - 2013-10-07 14:57 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2013-10-07 08:28 - 2013-10-14 19:12 - 00001566 _____ C:\Windows\setupact.log
2013-10-06 15:02 - 2013-10-06 15:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-06 14:08 - 2013-08-07 07:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll

==================== One Month Modified Files and Folders =======

2013-10-16 11:25 - 2013-03-14 17:47 - 00000000 ____D C:\Users\migueldeleeuw\Desktop\Bestanden
2013-10-16 11:24 - 2013-04-15 10:16 - 01786136 _____ C:\Windows\WindowsUpdate.log
2013-10-16 11:22 - 2013-01-13 00:50 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3616788050-148704826-4199523587-1002
2013-10-16 11:16 - 2012-08-03 01:15 - 08062464 _____ C:\Windows\system32\perfh013.dat
2013-10-16 11:16 - 2012-08-03 01:15 - 02388040 _____ C:\Windows\system32\perfc013.dat
2013-10-16 11:16 - 2012-07-26 09:28 - 00005430 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-16 11:13 - 2013-01-13 03:24 - 00000940 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-16 11:13 - 2013-01-13 03:16 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-16 11:12 - 2013-02-12 13:06 - 00001080 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-16 11:12 - 2013-01-15 09:27 - 00000000 ____D C:\Users\migueldeleeuw\AppData\Local\Adobe
2013-10-16 11:12 - 2013-01-14 21:41 - 00000000 ____D C:\Users\migueldeleeuw\AppData\Local\CrashDumps
2013-10-16 11:12 - 2013-01-13 00:44 - 00000408 _____ C:\Users\migueldeleeuw\AppData\Roaming\sp_data.sys
2013-10-16 11:11 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-10-16 09:19 - 2013-03-18 21:48 - 00000000 ____D C:\ProgramData\MFAData
2013-10-16 09:06 - 2013-10-16 09:06 - 00000000 ____D C:\FRST
2013-10-15 22:33 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-15 20:33 - 2013-02-12 13:06 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-15 19:58 - 2013-10-15 19:58 - 00000000 ____D C:\Users\migueldeleeuw\AppData\Roaming\SUPERAntiSpyware.com
2013-10-15 19:58 - 2013-10-15 19:58 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-10-15 19:58 - 2013-10-15 19:58 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-15 19:45 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-10-15 19:18 - 2013-10-15 18:55 - 00000375 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-10-15 13:12 - 2013-04-09 10:08 - 00000000 ____D C:\Users\migueldeleeuw\AppData\Local\Paint.NET
2013-10-15 00:17 - 2013-08-13 15:09 - 00000000 ____D C:\Users\migueldeleeuw\Downloads\Stepmother Teaches Anal (Julia Ann and Mandy Sky) (2012) XXX HD 720p
2013-10-14 23:46 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-10-14 21:28 - 2013-02-12 13:06 - 00004056 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-14 21:28 - 2013-02-12 13:06 - 00003820 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-14 21:22 - 2013-10-14 21:22 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-14 21:22 - 2013-10-14 21:22 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-14 21:22 - 2013-10-14 21:22 - 00000000 ____D C:\Program Files\iTunes
2013-10-14 21:22 - 2013-10-14 21:22 - 00000000 ____D C:\Program Files\iPod
2013-10-14 21:22 - 2013-10-14 21:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-14 20:43 - 2013-10-14 20:43 - 04991664 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-14 19:12 - 2013-10-07 08:28 - 00001566 _____ C:\Windows\setupact.log
2013-10-13 15:09 - 2013-08-14 12:19 - 00000000 ____D C:\Windows\system32\MRT
2013-10-13 15:08 - 2013-01-13 19:30 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-13 14:44 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-10-13 14:37 - 2013-08-22 15:58 - 00002750 _____ C:\Windows\PFRO.log
2013-10-10 19:50 - 2013-09-04 21:43 - 00000000 ____D C:\Users\migueldeleeuw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2013-10-10 19:50 - 2013-09-04 21:43 - 00000000 ____D C:\Program Files\Image-Line
2013-10-10 19:50 - 2013-09-04 21:43 - 00000000 ____D C:\Program Files (x86)\DSPRobotics
2013-10-10 19:50 - 2013-09-04 21:41 - 00000000 ____D C:\Program Files (x86)\Image-Line
2013-10-10 19:48 - 2012-10-20 09:07 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-10 19:45 - 2013-01-13 00:43 - 00000000 ____D C:\Users\migueldeleeuw\AppData\Roaming\Adobe
2013-10-10 19:45 - 2012-08-17 02:52 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-10-10 19:44 - 2013-06-10 20:34 - 00000000 ____D C:\Program Files (x86)\NCH Software
2013-10-10 12:13 - 2013-01-13 03:24 - 00003828 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-10 11:41 - 2013-02-12 21:09 - 00113016 _____ C:\Users\migueldeleeuw\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-10 10:48 - 2013-01-14 21:30 - 00000000 ____D C:\Users\migueldeleeuw\AppData\Roaming\vlc
2013-10-08 23:59 - 2013-01-13 17:56 - 00758784 ___SH C:\Users\migueldeleeuw\Desktop\Thumbs.db
2013-10-07 16:21 - 2012-08-17 02:52 - 00000000 ____D C:\ProgramData\Adobe
2013-10-07 15:19 - 2013-07-09 20:09 - 00000000 ____D C:\ProgramData\FLEXnet
2013-10-07 15:01 - 2013-07-09 20:07 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-07 15:00 - 2013-07-09 20:38 - 00000000 ____D C:\Program Files\Adobe
2013-10-07 14:57 - 2013-10-07 14:57 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2013-10-07 13:29 - 2013-01-13 03:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-07 09:48 - 2013-01-13 12:39 - 00000000 ____D C:\Users\migueldeleeuw\AppData\Roaming\uTorrent
2013-10-07 08:31 - 2013-01-13 03:10 - 00000000 ____D C:\Users\migueldeleeuw\AppData\Local\Mozilla
2013-10-06 15:02 - 2013-10-06 15:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-06 14:05 - 2013-06-27 12:54 - 00003734 _____ C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-10-06 14:05 - 2013-03-18 21:52 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-10-06 14:05 - 2013-03-18 21:52 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-10-02 03:38 - 2012-07-26 10:14 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-02 03:38 - 2012-07-26 10:14 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-26 22:37 - 2013-01-29 19:24 - 00000000 ____D C:\Users\migueldeleeuw\AppData\Local\Apple Computer
2013-09-26 13:11 - 2013-06-05 18:45 - 00020480 ___SH C:\Users\migueldeleeuw\Documents\Thumbs.db
2013-09-26 13:11 - 2013-02-12 20:37 - 00000000 ____D C:\Users\migueldeleeuw\Documents\KMA
2013-09-23 01:28 - 2013-10-12 20:26 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 01:28 - 2013-10-12 20:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 01:27 - 2013-10-12 20:26 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 01:27 - 2013-10-12 20:26 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 01:27 - 2013-10-12 20:26 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-23 01:27 - 2013-10-12 20:26 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 01:27 - 2013-10-12 20:26 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-23 01:27 - 2013-10-12 20:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 00:55 - 2013-10-12 20:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 00:55 - 2013-10-12 20:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 00:55 - 2013-10-12 20:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 00:54 - 2013-10-12 20:26 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 00:54 - 2013-10-12 20:26 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 00:54 - 2013-10-12 20:26 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 00:54 - 2013-10-12 20:26 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 00:54 - 2013-10-12 20:26 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 00:54 - 2013-10-12 20:26 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-17 12:09 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$2c877159d42ae5d50f6d9b2130242f4c

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$2c877159d42ae5d50f6d9b2130242f4c

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3616788050-148704826-4199523587-1002\$2c877159d42ae5d50f6d9b2130242f4c

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$2c877159d42ae5d50f6d9b2130242f4c

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


Some content of TEMP:
====================
C:\Users\migueldeleeuw\AppData\Local\Temp\AAMHelper.exe
C:\Users\migueldeleeuw\AppData\Local\Temp\AdobeApplicationManager.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-10 11:03

==================== End Of Log ============================

Attached Files



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:44 AM

Posted 16 October 2013 - 04:49 AM

Hi,

 

Download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 16 October 2013 - 04:50 AM.

cXfZ4wS.png


#9 Shattered5

Shattered5
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 16 October 2013 - 04:56 AM

Hi,

 

I've ran the fix here's the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by migueldeleeuw at 2013-10-16 11:55:07 Run:1
Running from C:\Users\migueldeleeuw\Desktop\Bestanden
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKCU\...\Run: [miner] - "C:\Users\migueldeleeuw\AppData\Roaming\miner\nircmd.exe" exec hide "C:\Users\migueldeleeuw\AppData\Roaming\miner\begin.bat"
C:\Users\migueldeleeuw\AppData\Roaming\miner
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
SearchScopes: HKCU - {3914F081-1779-4F4E-87E2-EDD7A915861C} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYNL&apn_uid=6A6647DA-08BE-48CE-9230-337EF2098BCD&apn_sauid=0D51E8C5-49A2-4227-A782-076F69FA656D
BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM-x32 -  No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
FF SearchPlugin: C:\Users\migueldeleeuw\AppData\Roaming\Mozilla\Firefox\Profiles\xyb7jbyk.default\searchplugins\askcom.xml
C:\$Recycle.Bin\S-1-5-18\$2c877159d42ae5d50f6d9b2130242f4c
C:\$Recycle.Bin\S-1-5-21-3616788050-148704826-4199523587-1002\$2c877159d42ae5d50f6d9b2130242f4c
C:\Users\migueldeleeuw\AppData\Local\Temp
Task: {7E4674DA-AAA1-43C0-87B7-7ECDA2B86308} - System32\Tasks\BtTray => C:\Program
Task: {DE4651DB-1DFD-40EB-85D1-50FD6FC2531E} - System32\Tasks\BtvStack => C:\Program
AlternateDataStreams: C:\Users\migueldeleeuw\Cookies:VGmTxN8ND1kNq7qElfFWUw
AlternateDataStreams: C:\Users\migueldeleeuw\Local Settings:ECyANAe8GBWI8jS4jAFB25Nl
AlternateDataStreams: C:\Users\migueldeleeuw\AppData\Local:ECyANAe8GBWI8jS4jAFB25Nl
AlternateDataStreams: C:\Users\migueldeleeuw\AppData\Local\Application Data:ECyANAe8GBWI8jS4jAFB25Nl
end

*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\miner => Value deleted successfully.
C:\Users\migueldeleeuw\AppData\Roaming\miner => Moved successfully.
HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully. If the key returned, move the associated file, reboot and list the key for deletion.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3914F081-1779-4F4E-87E2-EDD7A915861C} => Key deleted successfully.
HKCR\CLSID\{3914F081-1779-4F4E-87E2-EDD7A915861C} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
C:\Users\migueldeleeuw\AppData\Roaming\Mozilla\Firefox\Profiles\xyb7jbyk.default\searchplugins\askcom.xml => Moved successfully.
C:\$Recycle.Bin\S-1-5-18\$2c877159d42ae5d50f6d9b2130242f4c => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-3616788050-148704826-4199523587-1002\$2c877159d42ae5d50f6d9b2130242f4c => Moved successfully.
C:\Users\migueldeleeuw\AppData\Local\Temp => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7E4674DA-AAA1-43C0-87B7-7ECDA2B86308} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E4674DA-AAA1-43C0-87B7-7ECDA2B86308} => Key deleted successfully.
C:\Windows\System32\Tasks\BtTray => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BtTray => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DE4651DB-1DFD-40EB-85D1-50FD6FC2531E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE4651DB-1DFD-40EB-85D1-50FD6FC2531E} => Key deleted successfully.
C:\Windows\System32\Tasks\BtvStack => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BtvStack => Key deleted successfully.
"C:\Users\migueldeleeuw\Cookies" => ":VGmTxN8ND1kNq7qElfFWUw" ADS not found.
"C:\Users\migueldeleeuw\Local Settings" => ":ECyANAe8GBWI8jS4jAFB25Nl" ADS not found.
C:\Users\migueldeleeuw\AppData\Local => ":ECyANAe8GBWI8jS4jAFB25Nl" ADS removed successfully.
"C:\Users\migueldeleeuw\AppData\Local\Application Data" => ":ECyANAe8GBWI8jS4jAFB25Nl" ADS not found.

==== End of Fixlog ====



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:44 AM

Posted 16 October 2013 - 05:57 AM

Hi,

 

 

Nice work! :)
Let's check for leftovers.

The most of them should take no more than 5 minutes each.

 

 

 

STEP 1

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
     
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.



STEP 2




  • Please download RogueKiller.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3



Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    JtwHB.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.



STEP 4




  • Please download the newest version of Malwarebytes' Anti-Malware and install it.
  • Please start the application by double-click on it's icon.
  • Once the program has loaded go to the UPDATE tab and check for updates.
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Please save it to a convenient location and copy and past the results at pastebin.com and post the link to the log in your next reply.




STEP 5



Please download Farbar Service Scanner and run it on the computer with the issue.


  • Make sure that all options are checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.



STEP 6



Please download AdwCleaner by Xplode and save to your Desktop.


  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#11 Shattered5

Shattered5
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 16 October 2013 - 07:04 AM

Hi,

 

I've done all the steps you've said and here are the results.

 

In generic order:

 

http://pastebin.com/xEebYxRd

 

http://pastebin.com/HBGcUdWZ

 

http://pastebin.com/S2g0YJRD

 

http://pastebin.com/nyXXrgYt

 

http://pastebin.com/TRQfhknA

 

http://pastebin.com/sujZZLMm

 

thanks,



#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:44 AM

Posted 16 October 2013 - 07:33 AM

Hi,

 

You posted the RogueKiller's log twice instead of the TDSSKiller's log. :)

 

Next let's try to fix the broken services.


Backup Your Registry

 


 

Now download the following files and save them to your desktop:

 

MpsSvc.reg

 

WinDefend.reg

Now double click on each of them one by one. An information box will pop up asking if you want to merge the information in the file into the registry, click YES.

 

  • Next please download the ESET ServicesRepair utility and save it to your Desktop.
  • Double-click ServicesRepair.exe to run the ESET ServicesRepair utility.
  • If you are using User Access Control, click Run when prompted and then click Yes when asked to allow changes.

 

We Need to Run a Registry Script
 

  • Press the Windows Logo in the lower left corner of your screen.
  • In the 10-16-2011%204-33-46%20PM.png box, enter notepad and press Enter.
  • Highlight the contents of the following codebox, and copy and paste that text into notepad.
    Windows Registry Editor Version 5.00
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]
    "AutoStart"=""

     

  • Select File -> Save.
  • Press the Desktop button on the left side of the save dialog.
  • In the 10-16-2011%204-37-58%20PM.png box, type in Fix.reg.
  • Press 10-16-2011%204-36-39%20PM.png.
  • Close Notepad.
  • Double click 10-16-2011%204-34-48%20PM.png on your desktop.
  • Press Yes if prompted by User Account Control.
  • Press Yes, and then Ok, when prompted.
  • Right click on 10-16-2011%204-34-48%20PM.png and choose Delete.
  • Press Yes.

 

  • Reboot the computer and then please attach fresh logs from Farbar Service Scanner.

 

Regards,

Georgi


cXfZ4wS.png


#13 Shattered5

Shattered5
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 16 October 2013 - 08:05 AM

hi,

 

I see i messed up with the TDSS reports..

Anyway, i've done all the steps and here is the report:

Attached Files

  • Attached File  FSS.txt   2.92KB   1 downloads


#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:44 AM

Posted 16 October 2013 - 08:52 AM

Hi,

 

Can you please post the TDSSKiller log. I still need to see the report from TDSSKiller. :)

 

Also please do this:

 

Please download Windows Repair (all in one) from here

Install the program then go to step 4 and create a new system restore point and new registry backup

step-4-tab.jpg

On the the Start Repairs tab => Click the Start

start-repairs-tab.jpg

Click on the Select All button and then click on Start

7fthj.png

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure and then please post fresh log from Farbar Service Scanner.

 



Regards,
Georgi


cXfZ4wS.png


#15 Shattered5

Shattered5
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 16 October 2013 - 11:59 AM

Hi Georgi,

 

I've ran all the programs and here are the logs.

Also i've added the TDSSKiller log :)

 

http://pastebin.com/kEe5xV1r

Attached Files

  • Attached File  FSS.txt   2.74KB   1 downloads





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users