Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Not sure if Zeroaccess Trojan viruses fully removed


  • This topic is locked This topic is locked
25 replies to this topic

#1 Jordie

Jordie

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 14 November 2013 - 09:32 AM

Hi

 

My Toshiba Laptop has been playing up over last few days with random browsers opening and processes taking forever etc. Anyway, the Mcafee scan revealed the Zeroaccess trojan in the desktop.ini file in windows\assembly/GAC_32 as well as GAC_64. As I was unable to delete them I did some research on this invaluable forum and elsewhere and downloaded and ran the Mcafee Rootkit Remover which found and deleted them.

 

Mcafee Rootkit remover logs:

Attached File  RootkitRemover_20131114_011211.log   928bytes   4 downloads

Attached File  RootkitRemover_20131114_012150.log   310bytes   2 downloads

 

 

I then ran the Microsoft Security Scanner which found nothing.

 

I then ran the Malwarebytes Antimalware program which detected 5 objects which I deleted:

 

Malwarebytes log

Attached File  mbam-log-2013-11-14 (09-07-13).txt   3.2KB   1 downloads

 

Having done some further research on this forum it seems that may not have totally cleared the problem as I am still getting errors on reboot ie Toshiba Tempro not loading and "GUIFIX" not working.

 

 

Please help to confirm if system is fully clean and remove the startup errors.

 

Thanks in advance!

 

J



BC AdBot (Login to Remove)

 


#2 Jordie

Jordie
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 14 November 2013 - 09:47 AM

Sorry missed the DDS files

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by Asif Hussain at 14:39:10 on 2013-11-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.1916.526 [GMT 0:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\lxeacoms.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
C:\Program Files (x86)\SAMSUNG\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\SAMSUNG\Kies\Kies.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files (x86)\Common Files\Sage SBD\SBDDesktop.exe
C:\Program Files (x86)\Sage\Accounts\SG50Launcher.exe
C:\Windows\splwow64.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://toshiba.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uProxyServer = webcache.virginmedia.com:8080
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe,
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120625101213.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup
uRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://192.168.1.66/RemoteWeb.cab
DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://192.168.1.66/VideoViewer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 172.16.0.1
TCP: Interfaces\{7BC6162B-8FA6-4F02-9D16-FCC1846E815F} : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{7BC6162B-8FA6-4F02-9D16-FCC1846E815F}\14C69602E496A71627 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{7BC6162B-8FA6-4F02-9D16-FCC1846E815F}\1555149535021405142545D454E44502430333 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{7BC6162B-8FA6-4F02-9D16-FCC1846E815F}\244524573796E6563737845726D2636353 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{7BC6162B-8FA6-4F02-9D16-FCC1846E815F}\3514B414250255B4 : DHCPNameServer = 172.16.0.1
TCP: Interfaces\{7BC6162B-8FA6-4F02-9D16-FCC1846E815F}\45E4341405244314132344 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{7BC6162B-8FA6-4F02-9D16-FCC1846E815F}\C616D626F6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A22D127C-938C-4DC7-8264-DF55CA381631} : DHCPNameServer = 172.16.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120625101213.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 10.15.38.1 shopmate
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-10-13 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-4-11 340216]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2010-9-4 11576]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-4-11 70112]
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2010-4-8 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-3-4 75816]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-4-11 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-4-11 515968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2013-6-27 38080]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-11-1 103448]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-6-27 37344]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-10-26 196440]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-4-11 106552]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-8 232992]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2013-6-27 169288]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2013-6-27 21320]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2013-6-27 188232]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2013-6-27 158024]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-11-1 203672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-26 59392]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2013-11-14 02:02:13 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-14 02:02:12 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-11-14 02:01:28 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-11-14 02:01:19 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-11-14 02:01:18 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-11-14 02:01:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-11-14 02:01:17 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-14 02:01:16 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-14 02:01:15 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-11-14 01:24:56 -------- d-----w- C:\Users\Asif Hussain\AppData\Roaming\Malwarebytes
2013-11-14 01:24:30 -------- d-----w- C:\ProgramData\Malwarebytes
2013-11-14 01:24:21 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-11-14 01:24:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-14 01:24:02 -------- d-----w- C:\Users\Asif Hussain\AppData\Local\Programs
2013-11-10 10:48:07 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2013-11-08 13:45:28 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-08 13:45:28 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-08 13:45:28 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-08 13:45:28 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-08 13:45:28 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-08 13:45:28 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-08 13:45:28 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-02 13:46:15 -------- d-----w- C:\ProgramData\WEBREG
2013-11-02 13:29:24 -------- d-----w- C:\Windows\SysWow64\spool
2013-11-02 13:27:20 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2013-11-01 18:42:03 203672 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2013-11-01 18:42:03 103448 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2013-10-27 15:11:12 1002728 ----a-w- C:\Windows\System32\WinUSBCoInstaller2.dll
2013-10-25 10:35:54 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
.
==================== Find3M  ====================
.
2013-10-24 09:37:05 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-24 09:37:04 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-12 02:31:48 1188864 ----a-w- C:\Windows\System32\wininet.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:18 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:32:57 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-12 01:15:03 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
.
============= FINISH: 14:40:38.26 ===============

 

 

Attached Files



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:48 AM

Posted 18 November 2013 - 10:05 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Nothing suspicious was found on your DDS log. Lets check further.

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
==============

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please restart the computer before running this security check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#4 Jordie

Jordie
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 19 November 2013 - 06:38 AM

Hi Nasdaq

 

Thanks for taking the time to have a look at this problem.

 

I ran Roguekiller twice as it found zeroaccess virus.

 

Logs:

 

RogueKiller V8.7.8 _x64_ [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Asif Hussain [Admin rights]
Mode : Remove -- Date : 11/18/2013 22:35:32
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[ZeroAccess][SERVICE] ???etadpug -- C:\Windows\system32\drivers\???etadpug.sys [x] -> STOPPED

¤¤¤ Registry Entries : 2 ¤¤¤
[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\Asif Hussain\AppData\Local\Google\Desktop\Install\{daceff12-dd8e-7064-dd29-607970ff9a97}\?��?��?��\?��?��?��\???ﯹ๛\{daceff12-dd8e-7064-dd29-607970ff9a97}\GoogleUpdate.exe" >) -> [0xc0000034] Unknown error
[RUN][ZeroAccess] HKUS\S-1-5-21-2755607273-3844235050-4258724913-1001\[...]\Run : Google Update ("C:\Users\Asif Hussain\AppData\Local\Google\Desktop\Install\{daceff12-dd8e-7064-dd29-607970ff9a97}\?��?��?��\?��?��?��\???ﯹ๛\{daceff12-dd8e-7064-dd29-607970ff9a97}\GoogleUpdate.exe" >) -> [0xc0000034] Unknown error

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

RogueKiller V8.7.8 _x64_ [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Asif Hussain [Admin rights]
Mode : Scan -- Date : 11/18/2013 22:32:06
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[ZeroAccess][SERVICE] ???etadpug -- C:\Windows\system32\drivers\???etadpug.sys [x] -> STOPPED

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\Asif Hussain\AppData\Local\Google\Desktop\Install\{daceff12-dd8e-7064-dd29-607970ff9a97}\?��?��?��\?��?��?��\???ﯹ๛\{daceff12-dd8e-7064-dd29-607970ff9a97}\GoogleUpdate.exe" >) -> FOUND
[RUN][ZeroAccess] HKUS\S-1-5-21-2755607273-3844235050-4258724913-1001\[...]\Run : Google Update ("C:\Users\Asif Hussain\AppData\Local\Google\Desktop\Install\{daceff12-dd8e-7064-dd29-607970ff9a97}\?��?��?��\?��?��?��\???ﯹ๛\{daceff12-dd8e-7064-dd29-607970ff9a97}\GoogleUpdate.exe" >) -> FOUND
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (webcache.virginmedia.com:8080 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

RogueKiller V8.7.8 _x64_ [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Asif Hussain [Admin rights]
Mode : Scan -- Date : 11/18/2013 22:22:13
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[ZeroAccess][SERVICE] ???etadpug -- C:\Windows\system32\drivers\???etadpug.sys [x] -> STOPPED

¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\Asif Hussain\AppData\Local\Google\Desktop\Install\{daceff12-dd8e-7064-dd29-607970ff9a97}\?��?��?��\?��?��?��\???ﯹ๛\{daceff12-dd8e-7064-dd29-607970ff9a97}\GoogleUpdate.exe" >) -> FOUND
[RUN][ZeroAccess] HKUS\S-1-5-21-2755607273-3844235050-4258724913-1001\[...]\Run : Google Update ("C:\Users\Asif Hussain\AppData\Local\Google\Desktop\Install\{daceff12-dd8e-7064-dd29-607970ff9a97}\?��?��?��\?��?��?��\???ﯹ๛\{daceff12-dd8e-7064-dd29-607970ff9a97}\GoogleUpdate.exe" >) -> FOUND
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (webcache.virginmedia.com:8080 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] {38CEA8F5-BEB7-4525-8A06-002DED3E12AC} : C:\Users\Asif Hussain\AppData\Local\Temp\TC00221800P.temp\BoardSetting.exe [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Folder] Install : C:\Users\Asif Hussain\AppData\Local\Google\Desktop\Install [-] --> FOUND

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

10.15.38.1      shopmate

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK2565GSXV +++++
--- User ---
[MBR] ae56c492167425e47a7401a7ad2568aa
[BSP] c88331fe376a06082e03c1143f3bb134 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 821248 | Size: 119001 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 244535296 | Size: 119072 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_11182013_222213.txt >>

 

 

RogueKiller V8.7.8 _x64_ [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Asif Hussain [Admin rights]
Mode : Remove -- Date : 11/18/2013 22:25:19
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[ZeroAccess][SERVICE] ???etadpug -- C:\Windows\system32\drivers\???etadpug.sys [x] -> STOPPED

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\Asif Hussain\AppData\Local\Google\Desktop\Install\{daceff12-dd8e-7064-dd29-607970ff9a97}\?��?��?��\?��?��?��\???ﯹ๛\{daceff12-dd8e-7064-dd29-607970ff9a97}\GoogleUpdate.exe" >) -> [0xc0000034] Unknown error
[RUN][ZeroAccess] HKUS\S-1-5-21-2755607273-3844235050-4258724913-1001\[...]\Run : Google Update ("C:\Users\Asif Hussain\AppData\Local\Google\Desktop\Install\{daceff12-dd8e-7064-dd29-607970ff9a97}\?��?��?��\?��?��?��\???ﯹ๛\{daceff12-dd8e-7064-dd29-607970ff9a97}\GoogleUpdate.exe" >) -> [0xc0000034] Unknown error
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> [0x2] The system cannot find the file specified.
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] {38CEA8F5-BEB7-4525-8A06-002DED3E12AC} : C:\Users\Asif Hussain\AppData\Local\Temp\TC00221800P.temp\BoardSetting.exe [x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Folder] Install : C:\Users\Asif Hussain\AppData\Local\Google\Desktop\Install [-] --> DELETED
[ZeroAccess][Folder] L : C:\Users\Asif Hussain\AppData\Local\Google\Desktop\Install\{daceff12-dd8e-7064-dd29-607970ff9a97}\?��?��?��\?��?��?��\???ﯹ๛\{daceff12-dd8e-7064-dd29-607970ff9a97}\L [-] --> DELETED
[ZeroAccess][Folder] U : C:\Users\Asif Hussain\AppData\Local\Google\Desktop\Install\{daceff12-dd8e-7064-dd29-607970ff9a97}\?��?��?��\?��?��?��\???ﯹ๛\{daceff12-dd8e-7064-dd29-607970ff9a97}\U [-] --> DELETED
[ZeroAccess][Folder] {daceff12-dd8e-7064-dd29-607970ff9a97} : C:\Users\Asif Hussain\AppData\Local\Google\Desktop\Install\{daceff12-dd8e-7064-dd29-607970ff9a97}\?��?��?��\?��?��?��\???ﯹ๛\{daceff12-dd8e-7064-dd29-607970ff9a97} [-] --> DELETED
[ZeroAccess][Folder] ???ﯹ๛ : C:\Users\Asif Hussain\AppData\Local\Google\Desktop\Install\{daceff12-dd8e-7064-dd29-607970ff9a97}\?��?��?��\?��?��?��\???ﯹ๛ [-] --> DELETED
[ZeroAccess][Folder] ?��?��?�� : C:\Users\Asif Hussain\AppData\Local\Google\Desktop\Install\{daceff12-dd8e-7064-dd29-607970ff9a97}\?��?��?��\?��?��?�� [-] --> DELETED
[ZeroAccess][Folder] ?��?��?�� : C:\Users\Asif Hussain\AppData\Local\Google\Desktop\Install\{daceff12-dd8e-7064-dd29-607970ff9a97}\?��?��?�� [-] --> DELETED
[ZeroAccess][Folder] {daceff12-dd8e-7064-dd29-607970ff9a97} : C:\Users\Asif Hussain\AppData\Local\Google\Desktop\Install\{daceff12-dd8e-7064-dd29-607970ff9a97} [-] --> DELETED

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

10.15.38.1      shopmate

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK2565GSXV +++++
--- User ---
[MBR] ae56c492167425e47a7401a7ad2568aa
[BSP] c88331fe376a06082e03c1143f3bb134 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 821248 | Size: 119001 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 244535296 | Size: 119072 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_11182013_222519.txt >>
RKreport[0]_S_11182013_222213.txt

 

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

ADWCleaner logs:

 

# AdwCleaner v3.012 - Report created 18/11/2013 at 22:47:28
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Asif Hussain - TOSHIBA-LAPTOP
# Running from : C:\Users\Asif Hussain\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found C:\ProgramData\SoftSafe
Folder Found C:\Users\Asif Hussain\AppData\Local\PackageAware
Folder Found C:\Users\Asif Hussain\AppData\LocalLow\Conduit

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASMANCS
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Uniblue
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514

*************************

AdwCleaner[R0].txt - [2677 octets] - [18/11/2013 22:47:28]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2737 octets] ##########

 

# AdwCleaner v3.012 - Report created 18/11/2013 at 22:59:22
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Asif Hussain - TOSHIBA-LAPTOP
# Running from : C:\Users\Asif Hussain\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514

*************************

AdwCleaner[R0].txt - [2837 octets] - [18/11/2013 22:47:28]
AdwCleaner[R1].txt - [577 octets] - [18/11/2013 22:59:22]
AdwCleaner[S0].txt - [2806 octets] - [18/11/2013 22:55:22]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [696 octets] ##########

 

# AdwCleaner v3.012 - Report created 18/11/2013 at 22:55:22
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Asif Hussain - TOSHIBA-LAPTOP
# Running from : C:\Users\Asif Hussain\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\Users\Asif Hussain\AppData\Local\PackageAware
Folder Deleted : C:\Users\Asif Hussain\AppData\LocalLow\Conduit

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Uniblue

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514

*************************

AdwCleaner[R0].txt - [2837 octets] - [18/11/2013 22:47:28]
AdwCleaner[S0].txt - [2654 octets] - [18/11/2013 22:55:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2714 octets] ##########

 

# AdwCleaner v3.012 - Report created 18/11/2013 at 23:44:32
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Asif Hussain - TOSHIBA-LAPTOP
# Running from : C:\Users\Asif Hussain\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514

*************************

AdwCleaner[R0].txt - [2837 octets] - [18/11/2013 22:47:28]
AdwCleaner[R1].txt - [775 octets] - [18/11/2013 22:59:22]
AdwCleaner[S0].txt - [2806 octets] - [18/11/2013 22:55:22]
AdwCleaner[S1].txt - [697 octets] - [18/11/2013 23:44:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [756 octets] ##########

 

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

Junkware Removal Tool would not run, I tried everything, would just get a black command prompt window flash up for a millisecond!

 

I tried different versions, ran as administrator, diabled Mcafee but no joy..

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Security Check would also not run. THe command prompt window appeared saying "Preparing", then a list appeared saying "sc" is not a recognised command and would close the cmd window.

 

I tried running as administrator and rebooting and turning off antivirus but no joy.

 

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

On reboot the same 2 error messages are still coming up ie GfxUI not working and Toshiba Tempro not working.

 

I await your further instructions.

 

Thanks in advance.

 

J



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:48 AM

Posted 19 November 2013 - 10:06 AM

Run this tool it may indicate some problem with the programs or drivers.

Secunia Personal Software Inspector (PSI)
http://secunia.com/vulnerability_scanning/personal/
Secunia PSI is a security scanner which identifies programs/drivers that are damaged and need updates.

===

If that fails to solve the problems then possibly you will have to repair you .net framework as described in this article.

http://answers.microsoft.com/en-us/windows/forum/windows_7-system/gfxui-has-stopped-workingalso-internet-explorer/6613f37d-71a2-4b30-9a86-1f334fdf56a5

If you need help on the .net issue I suggest you start a new topic in the Windows 7 Forum
http://www.bleepingcomputer.com/forums/forum167.html

An helper with experience in this matter should be able to guide you.
This is not my domain.

#6 Jordie

Jordie
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 19 November 2013 - 11:13 AM

Ok, thanks will do so.

 

Any idea why I was unable to run the Junkware tool remover or the Security Check .exe files?

 

Does that suggest more problems?

 

Thanks

J



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:48 AM

Posted 19 November 2013 - 02:25 PM

Restart the computer if not already done and try to run the tools.

Keep me posted.

#8 Jordie

Jordie
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 20 November 2013 - 06:37 AM

Ok, the .Net issue has been resolved, thanks.

 

However I am still unable to run the JRT.exe or security check.exe files.

 

I have rebooted and turned Mcafee AV off.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:48 AM

Posted 20 November 2013 - 10:02 AM

Something is blocking these tools.
Do you have any error message?

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#10 Jordie

Jordie
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 20 November 2013 - 10:39 AM

Farbar Service Scanner Version: 10-11-2013
Ran by Asif Hussain (administrator) on 20-11-2013 at 15:35:13
Running from "C:\Users\Asif Hussain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7J5D088I"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs service is OK.

Other Services:
==============
Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.

 

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-11-14 02:01] - [2013-09-28 01:09] - 0497152 ____A (Microsoft Corporation) 79059559E89D06E8B80CE2944BE20228

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-10-10 19:16] - [2013-09-08 02:30] - 1903552 ____A (Microsoft Corporation) 40AF23633D197905F03AB5628C558C51

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:48 AM

Posted 20 November 2013 - 10:44 AM

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html
===

Download following registry file to your desktops:
RemoteAccess.reg from this site.
http://download.bleepingcomputer.com/win-services/7/

Double click on the .reg files and confirm the prompt.
Restart computer normally.
Post new FSS log.

Run the tools and post the logs if you can.

#12 Jordie

Jordie
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 20 November 2013 - 11:35 AM

Farbar Service Scanner Version: 10-11-2013
Ran by Asif Hussain (administrator) on 20-11-2013 at 16:23:15
Running from "C:\Users\Asif Hussain\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs service is OK.

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-11-14 02:01] - [2013-09-28 01:09] - 0497152 ____A (Microsoft Corporation) 79059559E89D06E8B80CE2944BE20228

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-10-10 19:16] - [2013-09-08 02:30] - 1903552 ____A (Microsoft Corporation) 40AF23633D197905F03AB5628C558C51

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****



#13 Jordie

Jordie
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 20 November 2013 - 11:37 AM

Still can't run JRT.exe or SecurityCheck.exe



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:48 AM

Posted 20 November 2013 - 02:18 PM

Never see this.

I'm curious let continue checking.

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

#15 Jordie

Jordie
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 21 November 2013 - 06:26 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by Asif Hussain (administrator) on TOSHIBA-LAPTOP on 21-11-2013 10:33:40
Running from C:\Users\Asif Hussain\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
( ) C:\Windows\system32\lxeacoms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA) C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe
(Samsung) C:\Program Files (x86)\SAMSUNG\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(McAfee, Inc.) c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(McAfee, Inc.) c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-05-11] (Toshiba Europe GmbH)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
Winlogon\Notify\igfxcui: C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe [4581280 2010-03-03] (TOSHIBA)
HKCU\...\Run: [] - C:\Program Files (x86)\SAMSUNG\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-10-28] (Samsung)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
MountPoints2: F - "F:\WD SmartWare.exe" autoplay=true
MountPoints2: {08b50aa1-b984-11df-8a5e-00266c72678e} - G:\StarterOfficeGuardian.exe
MountPoints2: {e14c1019-1c81-11e3-b43c-00266c72678e} - "F:\WD SmartWare.exe" autoplay=true
MountPoints2: {f419849b-f283-11e1-bdb9-00266c72678e} - F:\DPKMate.exe
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Java\jre7\bin\jusched.exe"
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

ProxyServer: webcache.virginmedia.com:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {1C2DA6B6-6C82-4800-93CB-3D9B0602BA7A} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {1C2DA6B6-6C82-4800-93CB-3D9B0602BA7A} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKCU - {1C2DA6B6-6C82-4800-93CB-3D9B0602BA7A} URL =
SearchScopes: HKCU - {AEA50D9F-B7E1-4B4A-9A17-AB56B549AC54} URL =
BHO: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120625101213.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\McAfee\MSK\mskapbho.dll ()
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120625101213.dll (McAfee, Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM-x32 {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} http://192.168.1.66/RemoteWeb.cab
DPF: HKLM-x32 {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} http://192.168.1.66/VideoViewer.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Hosts: 10.15.38.1      shopmate
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1

==================== Services (Whitelisted) =================

R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2009-11-20] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-05-11] (Toshiba Europe GmbH)
U4 *etadpug;  <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-05-22] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
U3 mfeavfk02; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 mfeavfk01; \Device\mfeavfk01.sys [x]
S3 MFE_RR; \??\C:\Users\ASIFHU~1\AppData\Local\Temp\mfe_rr.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-21 10:33 - 2013-11-21 10:35 - 00014833 _____ C:\Users\Asif Hussain\Desktop\FRST.txt
2013-11-21 10:33 - 2013-11-21 10:33 - 00000000 ____D C:\FRST
2013-11-21 10:32 - 2013-11-21 10:32 - 01957964 _____ (Farbar) C:\Users\Asif Hussain\Desktop\FRST64.exe
2013-11-21 10:28 - 2013-11-21 10:28 - 00111672 _____ C:\Users\Asif Hussain\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-21 10:27 - 2013-11-21 10:27 - 00428256 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-21 10:27 - 2013-11-21 10:27 - 00000548 _____ C:\Windows\PFRO.log
2013-11-21 10:27 - 2013-11-21 10:27 - 00000056 _____ C:\Windows\setupact.log
2013-11-21 10:27 - 2013-11-21 10:27 - 00000000 _____ C:\Windows\setuperr.log
2013-11-20 18:16 - 2013-11-20 18:16 - 01034531 _____ (Thisisu) C:\Users\Asif Hussain\Desktop\JRT.exe
2013-11-20 17:46 - 2013-11-20 17:46 - 00003454 _____ C:\Windows\DPINST.LOG
2013-11-20 17:42 - 2013-11-20 17:42 - 01359824 _____ C:\Users\Asif Hussain\Desktop\pc-decrapifier-2.2.8.exe
2013-11-20 16:21 - 2013-11-20 16:21 - 00360775 _____ (Farbar) C:\Users\Asif Hussain\Desktop\FSS.exe
2013-11-20 15:35 - 2013-11-20 16:24 - 00003288 _____ C:\Users\Asif Hussain\Desktop\FSS.txt
2013-11-20 12:31 - 2013-11-20 12:31 - 00000000 ____D C:\Users\Asif Hussain\AppData\Roaming\VSRevoGroup
2013-11-20 12:29 - 2013-11-20 12:29 - 00001235 _____ C:\Users\Asif Hussain\Desktop\Revo Uninstaller.lnk
2013-11-20 12:29 - 2013-11-20 12:29 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-11-20 12:04 - 2013-11-20 12:04 - 00000640 _____ C:\Windows\SysWOW64\SGLCH32.USR
2013-11-20 11:15 - 2013-11-20 11:15 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-11-20 11:15 - 2013-11-20 11:15 - 00000000 ____D C:\Program Files\MSBuild
2013-11-20 11:15 - 2013-11-20 11:15 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-11-19 16:55 - 2013-11-20 17:17 - 00000000 ____D C:\Users\Asif Hussain\AppData\Local\CrashDumps
2013-11-19 15:14 - 2013-11-19 15:14 - 00000000 ____D C:\Users\Asif Hussain\AppData\Local\Secunia PSI
2013-11-19 15:14 - 2013-11-19 15:14 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-11-19 11:15 - 2013-11-19 11:15 - 00891200 _____ C:\Users\Asif Hussain\Desktop\SecurityCheck.exe
2013-11-18 23:25 - 2013-11-18 23:25 - 00000000 ____D C:\Users\Asif Hussain\Downloads\smali_files
2013-11-18 23:23 - 2013-11-18 23:23 - 00000000 ____D C:\Users\Asif Hussain\AppData\Local\qb18D152.8D
2013-11-18 23:00 - 2013-11-18 23:00 - 00000000 ____D C:\Users\Asif Hussain\AppData\Local\qb0414E6.E4
2013-11-18 22:47 - 2013-11-18 23:44 - 00000000 ____D C:\AdwCleaner
2013-11-18 22:46 - 2013-11-18 22:59 - 01085542 _____ C:\Users\Asif Hussain\Desktop\AdwCleaner.exe
2013-11-18 22:17 - 2013-11-18 22:40 - 00000000 ____D C:\Users\Asif Hussain\Desktop\RK_Quarantine
2013-11-18 22:16 - 2013-11-18 22:16 - 04161024 _____ C:\Users\Asif Hussain\Desktop\RogueKillerX64.exe
2013-11-18 14:33 - 2013-11-18 14:33 - 00000000 ____D C:\Users\Asif Hussain\AppData\Local\qb07BE8D.DA
2013-11-18 13:33 - 2013-11-18 23:28 - 00000000 ____D C:\Users\Asif Hussain\Downloads\supercharged
2013-11-18 13:33 - 2013-11-18 23:28 - 00000000 ____D C:\Users\Asif Hussain\Downloads\patch_this
2013-11-18 13:33 - 2013-11-18 23:28 - 00000000 ____D C:\Users\Asif Hussain\Downloads\backup
2013-11-18 13:32 - 2013-11-18 13:32 - 06027776 _____ (Zep Corp) C:\Users\Asif Hussain\Downloads\Ultimatic_Jar_Patcher_Tools_RC6_ALL_DEX_Windows.exe
2013-11-18 11:56 - 2013-11-18 11:56 - 00000000 ____D C:\ProgramData\Sun
2013-11-18 11:56 - 2013-11-18 11:55 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-18 11:56 - 2013-11-18 11:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-18 11:56 - 2013-11-18 11:55 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-18 11:56 - 2013-11-18 11:55 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-18 11:53 - 2013-11-18 11:56 - 00000000 ____D C:\ProgramData\Oracle
2013-11-18 11:52 - 2013-11-18 11:52 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-18 11:52 - 2013-11-18 11:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-18 11:52 - 2013-11-18 11:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-18 11:52 - 2013-11-18 11:52 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-11-18 11:52 - 2013-11-18 11:52 - 00000000 ____D C:\Program Files\Java
2013-11-18 11:50 - 2013-11-18 11:50 - 30694824 _____ (Oracle Corporation) C:\Users\Asif Hussain\Desktop\jre-7u45-windows-x64.exe
2013-11-17 01:05 - 2013-11-17 01:12 - 215086104 _____ C:\Users\Asif Hussain\Downloads\firmware_archos_it4.aos
2013-11-16 23:25 - 2013-11-16 23:32 - 247937994 _____ C:\Users\Asif Hussain\Downloads\AG9fR 4.0.28 BUILD9.zip
2013-11-16 20:22 - 2013-11-16 20:29 - 299237376 _____ C:\Users\Asif Hussain\Downloads\cm10.1-20130527-UNOFFICIAL-archos_g9.zip
2013-11-16 19:08 - 2013-11-16 19:08 - 06810337 _____ C:\Users\Asif Hussain\Downloads\cwm-g9.zip
2013-11-16 18:27 - 2013-11-16 18:29 - 97880337 _____ C:\Users\Asif Hussain\Downloads\4.0.28 System n Apps Dump.zip
2013-11-14 14:41 - 2013-11-14 14:44 - 00001066 _____ C:\Users\Asif Hussain\Desktop\attach.txt
2013-11-14 14:41 - 2013-11-14 14:42 - 00021059 _____ C:\Users\Asif Hussain\Desktop\dds.txt
2013-11-14 14:37 - 2013-11-14 14:37 - 00688992 ____R (Swearware) C:\Users\Asif Hussain\Desktop\dds.com
2013-11-14 02:02 - 2013-10-05 20:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 02:02 - 2013-10-05 19:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 02:01 - 2013-10-04 02:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 02:01 - 2013-10-04 02:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 02:01 - 2013-10-04 02:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 02:01 - 2013-10-04 01:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 02:01 - 2013-10-04 01:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 02:01 - 2013-10-04 01:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 02:01 - 2013-09-28 01:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 02:00 - 2013-10-12 02:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 02:00 - 2013-10-12 02:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 02:00 - 2013-10-12 02:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 02:00 - 2013-10-12 02:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 02:00 - 2013-10-12 02:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 02:00 - 2013-10-03 02:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 02:00 - 2013-10-03 02:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 02:00 - 2013-09-25 02:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 02:00 - 2013-09-25 02:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 02:00 - 2013-09-25 02:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 02:00 - 2013-09-25 02:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 02:00 - 2013-09-25 02:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 02:00 - 2013-09-25 02:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 02:00 - 2013-09-25 02:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 02:00 - 2013-09-25 02:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 02:00 - 2013-09-25 01:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 02:00 - 2013-09-25 01:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 02:00 - 2013-09-25 01:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 02:00 - 2013-09-25 01:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 02:00 - 2013-09-25 01:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 02:00 - 2013-07-04 12:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-14 01:59 - 2013-10-12 02:31 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 01:59 - 2013-10-12 02:31 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 01:59 - 2013-10-12 02:31 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-14 01:59 - 2013-10-12 02:30 - 09071104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 01:59 - 2013-10-12 02:30 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 01:59 - 2013-10-12 02:30 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-14 01:59 - 2013-10-12 02:29 - 12295168 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 01:59 - 2013-10-12 02:29 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 01:59 - 2013-10-12 02:29 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 01:59 - 2013-10-12 02:29 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 01:59 - 2013-10-12 02:04 - 01232384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 01:59 - 2013-10-12 02:04 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 01:59 - 2013-10-12 02:04 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-14 01:59 - 2013-10-12 02:02 - 06038528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 01:59 - 2013-10-12 02:02 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 01:59 - 2013-10-12 02:02 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-14 01:59 - 2013-10-12 02:01 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 01:59 - 2013-10-12 02:01 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 01:59 - 2013-10-12 02:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 01:59 - 2013-10-12 02:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 01:59 - 2013-10-12 01:32 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 01:59 - 2013-10-12 01:15 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 01:24 - 2013-11-14 01:24 - 00001080 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-14 01:24 - 2013-11-14 01:24 - 00000000 ____D C:\Users\Asif Hussain\AppData\Roaming\Malwarebytes
2013-11-14 01:24 - 2013-11-14 01:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-14 01:24 - 2013-11-14 01:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-14 01:24 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-14 01:21 - 2013-11-14 01:21 - 00000175 _____ C:\Windows\SysWOW64\RootkitRemover_20131114_012105.log
2013-11-14 01:11 - 2013-11-14 00:57 - 00782640 ____N (McAfee, Inc.) C:\Users\Asif Hussain\Desktop\rootkitremover.exe
2013-11-14 00:59 - 2013-11-21 10:34 - 00763488 _____ C:\Windows\WindowsUpdate.log
2013-11-10 10:48 - 2013-11-10 10:48 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-11-09 21:52 - 2013-11-09 21:52 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-08 13:45 - 2013-09-04 12:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-08 13:45 - 2013-09-04 12:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-08 13:45 - 2013-09-04 12:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-08 13:45 - 2013-09-04 12:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-08 13:45 - 2013-09-04 12:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-11-08 13:45 - 2013-09-04 12:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-08 13:45 - 2013-09-04 12:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-02 13:46 - 2013-11-02 13:46 - 00000000 ____D C:\ProgramData\WEBREG
2013-11-02 13:40 - 2013-11-02 13:40 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-11-02 13:29 - 2013-11-02 13:29 - 00001282 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
2013-11-02 13:29 - 2013-11-02 13:29 - 00000000 ____D C:\Windows\SysWOW64\spool
2013-11-02 13:29 - 2013-11-02 13:29 - 00000000 ____D C:\ProgramData\HP Product Assistant
2013-11-02 13:27 - 2013-11-02 13:27 - 00001976 _____ C:\Users\Public\Desktop\HP ePrinterCenter.lnk
2013-11-02 13:24 - 2013-11-02 13:46 - 00212920 _____ C:\Windows\hpoins52.dat
2013-11-02 13:24 - 2010-03-31 13:33 - 00001333 ____N C:\Windows\hpomdl52.dat
2013-11-02 01:26 - 2013-11-02 01:27 - 00211518 _____ C:\Users\Asif Hussain\Downloads\ODIN_Flashprogram_Samsung_S5830_+_Ops.zip
2013-11-02 01:16 - 2013-11-02 01:16 - 142392957 _____ C:\Users\Asif Hussain\Downloads\GT-S5830_INU_S5830DDKQ_8S5830ODDKQ7_S5830DDKQ8.zip
2013-11-01 18:42 - 2013-11-01 18:42 - 00001973 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-11-01 18:42 - 2013-06-21 00:07 - 00203672 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2013-11-01 18:42 - 2013-06-21 00:07 - 00103448 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2013-11-01 18:36 - 2013-11-01 18:36 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-10-28 18:06 - 2013-10-28 18:06 - 177648807 _____ C:\Users\Asif Hussain\Downloads\archos.ext4.update_4.0.4.zip
2013-10-27 15:55 - 2013-10-27 15:55 - 00000009 _____ C:\Users\Asif Hussain\.android_usb.ini
2013-10-27 15:14 - 2013-10-27 15:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2013-10-27 15:11 - 2011-10-21 17:55 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2013-10-27 12:01 - 2013-10-27 12:01 - 199616024 _____ C:\Users\Asif Hussain\Downloads\Archos_4.0.28.zip

==================== One Month Modified Files and Folders =======

2013-11-21 10:35 - 2013-11-21 10:33 - 00014833 _____ C:\Users\Asif Hussain\Desktop\FRST.txt
2013-11-21 10:34 - 2013-11-14 00:59 - 00763488 _____ C:\Windows\WindowsUpdate.log
2013-11-21 10:33 - 2013-11-21 10:33 - 00000000 ____D C:\FRST
2013-11-21 10:32 - 2013-11-21 10:32 - 01957964 _____ (Farbar) C:\Users\Asif Hussain\Desktop\FRST64.exe
2013-11-21 10:32 - 2011-04-11 13:43 - 00001835 _____ C:\Users\Public\Desktop\McAfee Total Protection.lnk
2013-11-21 10:28 - 2013-11-21 10:28 - 00111672 _____ C:\Users\Asif Hussain\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-21 10:27 - 2013-11-21 10:27 - 00428256 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-21 10:27 - 2013-11-21 10:27 - 00000548 _____ C:\Windows\PFRO.log
2013-11-21 10:27 - 2013-11-21 10:27 - 00000056 _____ C:\Windows\setupact.log
2013-11-21 10:27 - 2013-11-21 10:27 - 00000000 _____ C:\Windows\setuperr.log
2013-11-21 10:27 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-20 18:26 - 2009-07-14 05:13 - 00736074 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-20 18:16 - 2013-11-20 18:16 - 01034531 _____ (Thisisu) C:\Users\Asif Hussain\Desktop\JRT.exe
2013-11-20 17:48 - 2013-07-31 12:43 - 00000000 ____D C:\Program Files (x86)\Real
2013-11-20 17:48 - 2013-07-31 12:41 - 00000000 ____D C:\ProgramData\Real
2013-11-20 17:47 - 2013-07-31 12:42 - 00000000 ____D C:\Users\Asif Hussain\AppData\Roaming\Real
2013-11-20 17:46 - 2013-11-20 17:46 - 00003454 _____ C:\Windows\DPINST.LOG
2013-11-20 17:45 - 2010-12-22 15:15 - 00000037 _____ C:\Windows\iltwain.ini
2013-11-20 17:42 - 2013-11-20 17:42 - 01359824 _____ C:\Users\Asif Hussain\Desktop\pc-decrapifier-2.2.8.exe
2013-11-20 17:17 - 2013-11-19 16:55 - 00000000 ____D C:\Users\Asif Hussain\AppData\Local\CrashDumps
2013-11-20 17:17 - 2010-09-06 12:52 - 00000000 ____D C:\Windows\Minidump
2013-11-20 17:14 - 2011-10-03 04:34 - 00000829 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-11-20 17:14 - 2011-10-03 04:34 - 00000000 ____D C:\Program Files\CCleaner
2013-11-20 16:24 - 2013-11-20 15:35 - 00003288 _____ C:\Users\Asif Hussain\Desktop\FSS.txt
2013-11-20 16:24 - 2009-07-14 04:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-20 16:24 - 2009-07-14 04:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-20 16:21 - 2013-11-20 16:21 - 00360775 _____ (Farbar) C:\Users\Asif Hussain\Desktop\FSS.exe
2013-11-20 13:19 - 2013-02-14 13:34 - 00000072 _____ C:\Users\Public\LMDebug.log
2013-11-20 12:31 - 2013-11-20 12:31 - 00000000 ____D C:\Users\Asif Hussain\AppData\Roaming\VSRevoGroup
2013-11-20 12:29 - 2013-11-20 12:29 - 00001235 _____ C:\Users\Asif Hussain\Desktop\Revo Uninstaller.lnk
2013-11-20 12:29 - 2013-11-20 12:29 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-11-20 12:04 - 2013-11-20 12:04 - 00000640 _____ C:\Windows\SysWOW64\SGLCH32.USR
2013-11-20 11:56 - 2013-09-21 09:47 - 00003366 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2755607273-3844235050-4258724913-1001
2013-11-20 11:56 - 2013-09-21 09:47 - 00003246 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2755607273-3844235050-4258724913-1001
2013-11-20 11:15 - 2013-11-20 11:15 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-11-20 11:15 - 2013-11-20 11:15 - 00000000 ____D C:\Program Files\MSBuild
2013-11-20 11:15 - 2013-11-20 11:15 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-11-20 11:15 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-11-20 11:03 - 2010-09-04 17:20 - 00003978 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8C514E06-2F59-4040-85A9-5C54FCFBF54F}
2013-11-19 16:54 - 2010-09-04 18:26 - 00000000 ____D C:\Users\Asif Hussain\AppData\Local\Adobe
2013-11-19 15:14 - 2013-11-19 15:14 - 00000000 ____D C:\Users\Asif Hussain\AppData\Local\Secunia PSI
2013-11-19 15:14 - 2013-11-19 15:14 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-11-19 11:15 - 2013-11-19 11:15 - 00891200 _____ C:\Users\Asif Hussain\Desktop\SecurityCheck.exe
2013-11-18 23:44 - 2013-11-18 22:47 - 00000000 ____D C:\AdwCleaner
2013-11-18 23:28 - 2013-11-18 13:33 - 00000000 ____D C:\Users\Asif Hussain\Downloads\supercharged
2013-11-18 23:28 - 2013-11-18 13:33 - 00000000 ____D C:\Users\Asif Hussain\Downloads\patch_this
2013-11-18 23:28 - 2013-11-18 13:33 - 00000000 ____D C:\Users\Asif Hussain\Downloads\backup
2013-11-18 23:25 - 2013-11-18 23:25 - 00000000 ____D C:\Users\Asif Hussain\Downloads\smali_files
2013-11-18 23:23 - 2013-11-18 23:23 - 00000000 ____D C:\Users\Asif Hussain\AppData\Local\qb18D152.8D
2013-11-18 23:00 - 2013-11-18 23:00 - 00000000 ____D C:\Users\Asif Hussain\AppData\Local\qb0414E6.E4
2013-11-18 22:59 - 2013-11-18 22:46 - 01085542 _____ C:\Users\Asif Hussain\Desktop\AdwCleaner.exe
2013-11-18 22:40 - 2013-11-18 22:17 - 00000000 ____D C:\Users\Asif Hussain\Desktop\RK_Quarantine
2013-11-18 22:16 - 2013-11-18 22:16 - 04161024 _____ C:\Users\Asif Hussain\Desktop\RogueKillerX64.exe
2013-11-18 14:33 - 2013-11-18 14:33 - 00000000 ____D C:\Users\Asif Hussain\AppData\Local\qb07BE8D.DA
2013-11-18 14:15 - 2010-04-08 08:14 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-18 13:32 - 2013-11-18 13:32 - 06027776 _____ (Zep Corp) C:\Users\Asif Hussain\Downloads\Ultimatic_Jar_Patcher_Tools_RC6_ALL_DEX_Windows.exe
2013-11-18 11:56 - 2013-11-18 11:56 - 00000000 ____D C:\ProgramData\Sun
2013-11-18 11:56 - 2013-11-18 11:53 - 00000000 ____D C:\ProgramData\Oracle
2013-11-18 11:55 - 2013-11-18 11:56 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-18 11:55 - 2013-11-18 11:56 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-18 11:55 - 2013-11-18 11:56 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-18 11:55 - 2013-11-18 11:56 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-18 11:52 - 2013-11-18 11:52 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-18 11:52 - 2013-11-18 11:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-18 11:52 - 2013-11-18 11:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-18 11:52 - 2013-11-18 11:52 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-11-18 11:52 - 2013-11-18 11:52 - 00000000 ____D C:\Program Files\Java
2013-11-18 11:50 - 2013-11-18 11:50 - 30694824 _____ (Oracle Corporation) C:\Users\Asif Hussain\Desktop\jre-7u45-windows-x64.exe
2013-11-17 01:12 - 2013-11-17 01:05 - 215086104 _____ C:\Users\Asif Hussain\Downloads\firmware_archos_it4.aos
2013-11-16 23:40 - 2012-09-05 13:15 - 00000000 ____D C:\Users\Asif Hussain\AppData\Roaming\Mozilla
2013-11-16 23:32 - 2013-11-16 23:25 - 247937994 _____ C:\Users\Asif Hussain\Downloads\AG9fR 4.0.28 BUILD9.zip
2013-11-16 20:29 - 2013-11-16 20:22 - 299237376 _____ C:\Users\Asif Hussain\Downloads\cm10.1-20130527-UNOFFICIAL-archos_g9.zip
2013-11-16 19:08 - 2013-11-16 19:08 - 06810337 _____ C:\Users\Asif Hussain\Downloads\cwm-g9.zip
2013-11-16 18:29 - 2013-11-16 18:27 - 97880337 _____ C:\Users\Asif Hussain\Downloads\4.0.28 System n Apps Dump.zip
2013-11-15 18:19 - 2010-04-22 16:52 - 00000000 ____D C:\Users\Asif Hussain\Documents\Sage Local Backups
2013-11-14 14:44 - 2013-11-14 14:41 - 00001066 _____ C:\Users\Asif Hussain\Desktop\attach.txt
2013-11-14 14:42 - 2013-11-14 14:41 - 00021059 _____ C:\Users\Asif Hussain\Desktop\dds.txt
2013-11-14 14:37 - 2013-11-14 14:37 - 00688992 ____R (Swearware) C:\Users\Asif Hussain\Desktop\dds.com
2013-11-14 03:15 - 2010-07-16 20:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-14 03:11 - 2013-07-16 17:42 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 03:05 - 2010-09-04 18:51 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 01:24 - 2013-11-14 01:24 - 00001080 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-14 01:24 - 2013-11-14 01:24 - 00000000 ____D C:\Users\Asif Hussain\AppData\Roaming\Malwarebytes
2013-11-14 01:24 - 2013-11-14 01:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-14 01:24 - 2013-11-14 01:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-14 01:21 - 2013-11-14 01:21 - 00000175 _____ C:\Windows\SysWOW64\RootkitRemover_20131114_012105.log
2013-11-14 00:57 - 2013-11-14 01:11 - 00782640 ____N (McAfee, Inc.) C:\Users\Asif Hussain\Desktop\rootkitremover.exe
2013-11-13 15:35 - 2012-07-05 11:01 - 00000000 ____D C:\Users\Asif Hussain\Documents\NAP
2013-11-10 10:48 - 2013-11-10 10:48 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-11-09 21:52 - 2013-11-09 21:52 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-09 21:52 - 2007-12-07 10:17 - 00000000 ____D C:\Users\Asif Hussain\AppData\Local\Google
2013-11-09 20:56 - 2012-08-01 16:29 - 00000000 ____D C:\Users\Asif Hussain\Documents\Alphacams
2013-11-08 23:20 - 2007-04-17 17:08 - 00000000 ____D C:\Users\Asif Hussain\AppData\Local\Microsoft Games
2013-11-07 10:33 - 2009-07-14 05:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-04 15:27 - 2010-09-06 07:02 - 00000000 ____D C:\Program Files (x86)\SAMSUNG
2013-11-04 15:27 - 2010-04-08 08:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-04 15:26 - 2011-10-28 14:00 - 00020680 _____ C:\ProgramData\hpzinstall.log
2013-11-04 15:24 - 2011-10-28 14:04 - 00000000 ____D C:\Program Files (x86)\HP
2013-11-02 13:46 - 2013-11-02 13:46 - 00000000 ____D C:\ProgramData\WEBREG
2013-11-02 13:46 - 2013-11-02 13:24 - 00212920 _____ C:\Windows\hpoins52.dat
2013-11-02 13:46 - 2008-02-29 17:37 - 00000000 ____D C:\Users\Asif Hussain\AppData\Roaming\HP
2013-11-02 13:42 - 2011-10-28 13:59 - 00000000 ____D C:\ProgramData\HP
2013-11-02 13:40 - 2013-11-02 13:40 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-11-02 13:40 - 2012-12-04 12:54 - 00000000 ____D C:\Users\Asif Hussain\AppData\Local\HP
2013-11-02 13:40 - 2009-07-14 02:34 - 00000513 _____ C:\Windows\win.ini
2013-11-02 13:37 - 2009-10-16 10:08 - 00000000 ____D C:\Users\Asif Hussain\AppData\Roaming\HpUpdate
2013-11-02 13:29 - 2013-11-02 13:29 - 00001282 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
2013-11-02 13:29 - 2013-11-02 13:29 - 00000000 ____D C:\Windows\SysWOW64\spool
2013-11-02 13:29 - 2013-11-02 13:29 - 00000000 ____D C:\ProgramData\HP Product Assistant
2013-11-02 13:27 - 2013-11-02 13:27 - 00001976 _____ C:\Users\Public\Desktop\HP ePrinterCenter.lnk
2013-11-02 01:27 - 2013-11-02 01:26 - 00211518 _____ C:\Users\Asif Hussain\Downloads\ODIN_Flashprogram_Samsung_S5830_+_Ops.zip
2013-11-02 01:16 - 2013-11-02 01:16 - 142392957 _____ C:\Users\Asif Hussain\Downloads\GT-S5830_INU_S5830DDKQ_8S5830ODDKQ7_S5830DDKQ8.zip
2013-11-01 18:44 - 2009-03-02 12:15 - 00000000 ____D C:\Users\Asif Hussain\AppData\Local\Downloaded Installations
2013-11-01 18:42 - 2013-11-01 18:42 - 00001973 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-11-01 18:36 - 2013-11-01 18:36 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-11-01 18:36 - 2011-08-06 15:24 - 00000000 ____D C:\Users\Asif Hussain\AppData\Roaming\Samsung
2013-10-28 18:06 - 2013-10-28 18:06 - 177648807 _____ C:\Users\Asif Hussain\Downloads\archos.ext4.update_4.0.4.zip
2013-10-27 15:55 - 2013-10-27 15:55 - 00000009 _____ C:\Users\Asif Hussain\.android_usb.ini
2013-10-27 15:55 - 2010-09-04 17:02 - 00000000 ____D C:\Users\Asif Hussain
2013-10-27 15:52 - 2011-08-29 15:04 - 00000000 ____D C:\android-sdk
2013-10-27 15:26 - 2011-08-29 14:18 - 00000000 ____D C:\Users\Asif Hussain\.android
2013-10-27 15:14 - 2013-10-27 15:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2013-10-27 12:01 - 2013-10-27 12:01 - 199616024 _____ C:\Users\Asif Hussain\Downloads\Archos_4.0.28.zip
2013-10-27 09:42 - 2011-04-11 13:42 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-10-24 09:37 - 2012-04-26 08:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-24 09:37 - 2011-05-18 08:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Files to move or delete:
====================
C:\Users\Asif Hussain\AppData\Roaming\desktop.ini

Some content of TEMP:
====================
C:\Users\Asif Hussain\AppData\Local\Temp\efiwngfe.dll
C:\Users\Asif Hussain\AppData\Local\Temp\msvcr90.dll
C:\Users\Asif Hussain\AppData\Local\Temp\pc-decrapifier.exe
C:\Users\Asif Hussain\AppData\Local\Temp\sqlite3.dll
C:\Users\Asif Hussain\AppData\Local\Temp\ssu_3idy.dll
C:\Users\Asif Hussain\AppData\Local\Temp\wtdvjieo.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-09-17 16:07

 

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users