Jump to content

uKash ransomware virus (Log included)


Recommended Posts

This virus has plagued this laptop for months and months and finally it has gotten to safe modes. Please help and thanks for your time.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by SYSTEM on MININT-SNNJ3P5 on 29-09-2013 15:10:31
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\InprocServer32: [Default-wbemess] \\.\globalroot\systemroot\Installer\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\n. ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$fe28e9e10fdaf2892a851c88e52d3347\n. ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QPService] - C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2009-06-23] (CyberLink Corp.)
HKLM-x32\...\Run: [uCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-17] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [581480 2009-05-12] (Symantec Corporation)
HKLM-x32\...\Run: [updatePRCShortCut] - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [brStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [brMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-01] (Research In Motion Limited)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-10-25] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-10-25] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
HKU\Tung\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-10-25] (Hewlett-Packard)
HKU\Tung\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\Tung\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\Tung\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-10] (Google Inc.)
HKU\Tung\...\Run: [Messenger (Yahoo!)] - C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
HKU\Tung\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Tung\...\Run: [Google Update] - [x]
HKU\Tung\...\Run: [u5iNplZZo.exe] - C:\Users\Tung\AppData\Local\2bZIdBjp\u5iNplZZo.exe [193536 2013-09-28] ()
HKU\Tung\...\Policies\system: [WallpaperStyle] 2
HKU\Tung\...\Winlogon: [shell] cmd.exe [344576 2009-07-13] (Microsoft Corporation) <==== ATTENTION
HKU\Tung\...\Command Processor: "C:\Users\Tung\AppData\Local\2bZIdBjp\u5iNplZZo.exe" <===== ATTENTION!
Startup: C:\Users\Tung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
ShortcutTarget: LimeWire On Startup.lnk -> C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)

==================== Services (Whitelisted) =================

S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 Browser Defender Update Service; C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [112592 2010-01-22] (Threat Expert Ltd.)
S2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [250368 2010-10-14] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
S2 sdAuxService; C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [366840 2010-03-11] (PC Tools)
S3 sdCoreService; C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [1142224 2010-03-15] (PC Tools)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)
S2 Winmgmt; C:\PROGRA~3\3rmq9to.pzz [x]
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\   \...\???\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-20] (Symantec Corporation)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-20] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-07-29] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-07-29] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-07-29] (Symantec Corporation)
S3 ew_mbbusbdev; C:\Windows\System32\DRIVERS\ew_mbbusbdev.sys [115584 2010-09-27] (MBB Technologies Co., Ltd.)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130813.001\IDSvia64.sys [513184 2013-08-01] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130813.001\IDSvia64.sys [513184 2013-08-01] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mbbdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [121600 2010-09-27] (MBB Technologies Co., Ltd.)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130815.022\ENG64.SYS [126040 2013-07-29] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130815.022\ENG64.SYS [126040 2013-07-29] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130815.022\EX64.SYS [2098776 2013-07-29] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130815.022\EX64.SYS [2098776 2013-07-29] (Symantec Corporation)
S0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [233488 2010-03-29] (PC Tools)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-31] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
S1 SymNetS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software)
S4 eabfiltr;
S5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [256000 2010-09-27] (MBB Technologies Co., Ltd.)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 SYMFW; \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMFW.SYS [x]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-29 15:10 - 2013-09-29 15:10 - 00000000 ____D C:\FRST
2013-09-28 23:07 - 2013-09-28 23:07 - 00238592 _____ C:\Users\Tung\AppData\Roaming\KilJXyIi
2013-09-28 23:07 - 2013-09-28 23:07 - 00238592 _____ C:\Users\Tung\AppData\Local\zVDPqadYQB
2013-09-28 23:07 - 2013-09-28 23:07 - 00238592 _____ C:\ProgramData\xvhAt8nP
2013-09-28 23:05 - 2013-09-28 23:09 - 00000000 ____D C:\Users\Tung\AppData\Local\2bZIdBjp
2013-09-28 16:28 - 2013-09-28 16:29 - 00000000 ____D C:\Users\Tung\AppData\Local\{4FCCC05A-B34E-44CE-8AAF-D2A2870539F1}
2013-09-27 21:58 - 2013-09-27 21:58 - 00000000 ____D C:\Users\Tung\AppData\Local\{9FC4A1AD-3453-4A09-B737-B818E0C854A2}
2013-09-26 16:27 - 2013-09-26 16:27 - 00000000 ____D C:\Users\Tung\AppData\Local\{DC3642FA-0443-4B12-996F-05565FF82990}
2013-09-25 16:59 - 2013-09-25 17:00 - 00000000 ____D C:\Users\Tung\AppData\Local\{53853691-1FB8-4704-95B6-D12AA6F39BB4}
2013-09-24 14:10 - 2013-09-24 14:10 - 00000000 ____D C:\Users\Tung\AppData\Local\{8EC8A217-2ECB-4FC6-9DE7-5CAE3E7695DE}
2013-09-23 20:18 - 2013-09-23 20:19 - 00000000 ____D C:\Users\Tung\AppData\Local\{7866218A-6A8B-44DF-A0F0-D7CF1E572C3E}
2013-09-23 01:29 - 2013-09-23 01:29 - 00000000 ____D C:\Users\Tung\AppData\Local\{589245A7-2616-4827-8A5E-CD80C6BE06FC}
2013-09-22 13:28 - 2013-09-22 13:28 - 00000000 ____D C:\Users\Tung\AppData\Local\{A7DDAF00-E55B-4D43-B75F-212F1F0716D7}
2013-09-22 12:05 - 2013-09-22 12:05 - 00000000 ____D C:\Users\Tung\AppData\Local\{322F8B9E-CA78-4F59-9E87-B97EFF0DD60E}
2013-09-22 12:01 - 2013-09-22 17:53 - 00000000 _____ C:\ProgramData\8z0lcrlcf.ctrl
2013-09-22 12:00 - 2013-09-22 17:53 - 95025368 ____T C:\ProgramData\8z0lcrlcf.pff
2013-09-21 23:16 - 2013-09-21 23:17 - 00000000 ____D C:\Users\Tung\AppData\Local\{1BD87D19-0C91-4F65-B83F-3FFAE76AB466}
2013-09-20 21:01 - 2013-09-20 21:02 - 00000000 ____D C:\Users\Tung\AppData\Local\{260DC1CF-97E0-47D5-9BD8-D5F9EFB75C24}
2013-09-19 16:29 - 2013-09-19 16:30 - 00000000 ____D C:\Users\Tung\AppData\Local\{0BEFAA3F-D1EF-48AF-8817-1E4ABBCA7ABC}
2013-09-18 14:18 - 2013-09-18 14:18 - 00000000 ____D C:\Users\Tung\AppData\Local\{EE39BB16-380E-443C-A27A-A29E8BC9C8B7}
2013-09-11 19:28 - 2013-09-11 19:28 - 00000000 ____D C:\Users\Tung\AppData\Local\{74093FC8-6775-4A72-BC92-71AAA9E4E7AD}
2013-09-11 18:58 - 2013-09-11 18:58 - 00000000 ____D C:\Users\Tung\AppData\Local\{96E8D612-AA75-4371-9EC3-440D8A1BC5E9}
2013-09-08 17:02 - 2013-09-08 17:02 - 00000000 ____D C:\Users\Tung\AppData\Local\{00B766A5-BFAC-4F42-BB78-6149A1054821}
2013-09-08 16:31 - 2013-09-08 16:31 - 00000000 ____D C:\Users\Tung\AppData\Local\{05BB3AC4-9ED2-4611-8264-26819C253101}
2013-09-07 23:11 - 2013-09-07 23:11 - 00000000 ____D C:\Users\Tung\AppData\Local\{4DCE333F-F464-4E90-B098-6A902BC6311E}
2013-09-06 17:10 - 2013-09-17 19:15 - 00000000 _____ C:\ProgramData\3rmq9to.ctrl
2013-09-06 17:10 - 2013-09-07 23:11 - 95025368 ____T C:\ProgramData\3rmq9to.pff
2013-09-06 16:34 - 2013-09-06 16:35 - 00000000 ____D C:\Users\Tung\AppData\Local\{103C39D4-B8E1-4566-80B8-EFA1691A134C}
2013-09-05 18:43 - 2013-09-05 18:43 - 00000000 ____D C:\Users\Tung\AppData\Local\{3809AC75-FB91-4FC7-812C-D62542C403BC}
2013-09-03 20:11 - 2013-09-04 17:57 - 00000000 ____D C:\Users\Tung\AppData\Local\{E394CA8A-E4BB-4FC2-874A-C510A9E0DEC2}
2013-09-01 16:24 - 2013-09-01 16:24 - 00000000 ____D C:\Users\Tung\AppData\Local\{B688669D-95BF-43AC-8B52-1BA56F084C17}
2013-08-31 21:09 - 2013-08-31 21:09 - 00000000 ____D C:\Users\Tung\AppData\Local\{0F3188DA-2D8B-4CBE-B070-463FB58C66A0}
2013-08-30 16:24 - 2013-08-30 16:24 - 00000000 ____D C:\Users\Tung\AppData\Local\{0140D4B1-65E2-4940-93F4-1AB649BEF836}

==================== One Month Modified Files and Folders =======

2013-09-29 15:10 - 2013-09-29 15:10 - 00000000 ____D C:\FRST
2013-09-29 10:50 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-29 10:50 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-29 10:43 - 2010-01-10 15:14 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-29 10:42 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-29 10:42 - 2009-07-13 20:51 - 01553120 _____ C:\Windows\setupact.log
2013-09-28 23:09 - 2013-09-28 23:05 - 00000000 ____D C:\Users\Tung\AppData\Local\2bZIdBjp
2013-09-28 23:07 - 2013-09-28 23:07 - 00238592 _____ C:\Users\Tung\AppData\Roaming\KilJXyIi
2013-09-28 23:07 - 2013-09-28 23:07 - 00238592 _____ C:\Users\Tung\AppData\Local\zVDPqadYQB
2013-09-28 23:07 - 2013-09-28 23:07 - 00238592 _____ C:\ProgramData\xvhAt8nP
2013-09-28 22:57 - 2009-10-20 00:49 - 00003039 _____ C:\ProgramData\hpqp.ini
2013-09-28 22:54 - 2010-01-24 13:12 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C6C32571-10B6-422B-B07B-4E9451795D1B}
2013-09-28 22:50 - 2010-08-25 19:31 - 00000000 ____D C:\Users\Tung\AppData\Roaming\LimeWire
2013-09-28 22:50 - 2010-01-07 08:32 - 00000000 ____D C:\Users\Tung\Tracing
2013-09-28 17:24 - 2010-01-10 15:14 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-28 16:29 - 2013-09-28 16:28 - 00000000 ____D C:\Users\Tung\AppData\Local\{4FCCC05A-B34E-44CE-8AAF-D2A2870539F1}
2013-09-27 21:58 - 2013-09-27 21:58 - 00000000 ____D C:\Users\Tung\AppData\Local\{9FC4A1AD-3453-4A09-B737-B818E0C854A2}
2013-09-26 20:17 - 2009-10-20 00:45 - 00113428 _____ C:\Windows\PFRO.log
2013-09-26 19:04 - 2010-06-25 01:11 - 00000000 ____D C:\Users\Tung\AppData\Local\Adobe
2013-09-26 18:45 - 2013-03-22 16:55 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-26 18:45 - 2013-03-22 16:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-26 16:27 - 2013-09-26 16:27 - 00000000 ____D C:\Users\Tung\AppData\Local\{DC3642FA-0443-4B12-996F-05565FF82990}
2013-09-25 17:00 - 2013-09-25 16:59 - 00000000 ____D C:\Users\Tung\AppData\Local\{53853691-1FB8-4704-95B6-D12AA6F39BB4}
2013-09-24 14:10 - 2013-09-24 14:10 - 00000000 ____D C:\Users\Tung\AppData\Local\{8EC8A217-2ECB-4FC6-9DE7-5CAE3E7695DE}
2013-09-23 20:19 - 2013-09-23 20:18 - 00000000 ____D C:\Users\Tung\AppData\Local\{7866218A-6A8B-44DF-A0F0-D7CF1E572C3E}
2013-09-23 01:29 - 2013-09-23 01:29 - 00000000 ____D C:\Users\Tung\AppData\Local\{589245A7-2616-4827-8A5E-CD80C6BE06FC}
2013-09-22 17:53 - 2013-09-22 12:01 - 00000000 _____ C:\ProgramData\8z0lcrlcf.ctrl
2013-09-22 17:53 - 2013-09-22 12:00 - 95025368 ____T C:\ProgramData\8z0lcrlcf.pff
2013-09-22 13:28 - 2013-09-22 13:28 - 00000000 ____D C:\Users\Tung\AppData\Local\{A7DDAF00-E55B-4D43-B75F-212F1F0716D7}
2013-09-22 12:05 - 2013-09-22 12:05 - 00000000 ____D C:\Users\Tung\AppData\Local\{322F8B9E-CA78-4F59-9E87-B97EFF0DD60E}
2013-09-22 04:29 - 2012-05-10 05:38 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-21 23:17 - 2013-09-21 23:16 - 00000000 ____D C:\Users\Tung\AppData\Local\{1BD87D19-0C91-4F65-B83F-3FFAE76AB466}
2013-09-20 21:02 - 2013-09-20 21:01 - 00000000 ____D C:\Users\Tung\AppData\Local\{260DC1CF-97E0-47D5-9BD8-D5F9EFB75C24}
2013-09-19 16:30 - 2013-09-19 16:29 - 00000000 ____D C:\Users\Tung\AppData\Local\{0BEFAA3F-D1EF-48AF-8817-1E4ABBCA7ABC}
2013-09-18 14:18 - 2013-09-18 14:18 - 00000000 ____D C:\Users\Tung\AppData\Local\{EE39BB16-380E-443C-A27A-A29E8BC9C8B7}
2013-09-17 19:15 - 2013-09-06 17:10 - 00000000 _____ C:\ProgramData\3rmq9to.ctrl
2013-09-11 19:28 - 2013-09-11 19:28 - 00000000 ____D C:\Users\Tung\AppData\Local\{74093FC8-6775-4A72-BC92-71AAA9E4E7AD}
2013-09-11 18:58 - 2013-09-11 18:58 - 00000000 ____D C:\Users\Tung\AppData\Local\{96E8D612-AA75-4371-9EC3-440D8A1BC5E9}
2013-09-11 18:57 - 2009-07-13 21:08 - 00032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-08 17:02 - 2013-09-08 17:02 - 00000000 ____D C:\Users\Tung\AppData\Local\{00B766A5-BFAC-4F42-BB78-6149A1054821}
2013-09-08 16:31 - 2013-09-08 16:31 - 00000000 ____D C:\Users\Tung\AppData\Local\{05BB3AC4-9ED2-4611-8264-26819C253101}
2013-09-07 23:11 - 2013-09-07 23:11 - 00000000 ____D C:\Users\Tung\AppData\Local\{4DCE333F-F464-4E90-B098-6A902BC6311E}
2013-09-07 23:11 - 2013-09-06 17:10 - 95025368 ____T C:\ProgramData\3rmq9to.pff
2013-09-06 16:35 - 2013-09-06 16:34 - 00000000 ____D C:\Users\Tung\AppData\Local\{103C39D4-B8E1-4566-80B8-EFA1691A134C}
2013-09-05 18:43 - 2013-09-05 18:43 - 00000000 ____D C:\Users\Tung\AppData\Local\{3809AC75-FB91-4FC7-812C-D62542C403BC}
2013-09-04 17:57 - 2013-09-03 20:11 - 00000000 ____D C:\Users\Tung\AppData\Local\{E394CA8A-E4BB-4FC2-874A-C510A9E0DEC2}
2013-09-01 16:24 - 2013-09-01 16:24 - 00000000 ____D C:\Users\Tung\AppData\Local\{B688669D-95BF-43AC-8B52-1BA56F084C17}
2013-08-31 21:09 - 2013-08-31 21:09 - 00000000 ____D C:\Users\Tung\AppData\Local\{0F3188DA-2D8B-4CBE-B070-463FB58C66A0}
2013-08-30 16:24 - 2013-08-30 16:24 - 00000000 ____D C:\Users\Tung\AppData\Local\{0140D4B1-65E2-4940-93F4-1AB649BEF836}

ZeroAccess:
C:\Windows\Installer\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}
C:\Windows\Installer\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\@
C:\Windows\Installer\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\U\00000004.@
C:\Windows\Installer\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\L\00000004.@
C:\Windows\Installer\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\L\1afb2d56
C:\Windows\Installer\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\L\201d3dde

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3690061423-600262699-3150565116-1001\$fe28e9e10fdaf2892a851c88e52d3347

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$fe28e9e10fdaf2892a851c88e52d3347

ZeroAccess:
C:\Users\Tung\AppData\Local\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}
C:\Users\Tung\AppData\Local\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\@
C:\Users\Tung\AppData\Local\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\U\00000004.@
C:\Users\Tung\AppData\Local\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\L\00000004.@
C:\Users\Tung\AppData\Local\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\L\1afb2d56
C:\Users\Tung\AppData\Local\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\L\55490ac4
C:\Users\Tung\AppData\Local\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\L\80000032.@

Files to move or delete:
====================
C:\Users\Tung\AppData\Local\2bZIdBjp\u5iNplZZo.exe
C:\Users\Tung\AppData\Roaming\skype.ini
ZeroAccess:
C:\Users\Tung\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
C:\ProgramData\3rmq9to.ctrl
C:\ProgramData\3rmq9to.pff
C:\ProgramData\8z0lcrlcf.ctrl
C:\ProgramData\8z0lcrlcf.pff
C:\ProgramData\KfcBph0T.dat
C:\ProgramData\qwmfhugmepqgptumnht.bat
C:\ProgramData\qwmfhugmepqgptumnht.reg


Some content of TEMP:
====================
C:\Users\Tung\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Tung\AppData\Local\Temp\jna3358355228844508260.dll
C:\Users\Tung\AppData\Local\Temp\jna833693958272025940.dll
C:\Users\Tung\AppData\Local\Temp\tkfyajmiyqprjustnci.dll
C:\Users\Tung\AppData\Local\Temp\tkfyajmiyqprjustnci.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

2
Restore point made on: 2013-09-18 15:08:51
Restore point made on: 2013-09-26 17:49:27

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 3836.2 MB
Available physical RAM: 3105.61 MB
Total Pagefile: 3834.35 MB
Available Pagefile: 3103.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:219.09 GB) (Free:45.9 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:13.5 GB) (Free:2.25 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive h: () (Removable) (Total:7.8 GB) (Free:7.55 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 5FA6C626)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=219 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 8 GB) (Disk ID: B3382073)
Partition 1: (Not Active) - (Size=8 GB) - (Type=0B)


LastRegBack: 2013-09-22 19:50

==================== End Of Log ============================

Link to post
Share on other sites

Save the attached file color=red]fixlist.txt to your flash drive, same place as FRST.

Now please enter System Recovery Options as you did to get the log.

 

Run FRST64 or FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

Does your system boot ok now?

fixlist.txt

Link to post
Share on other sites

Wow you are absolutely amazing! Updating and scanning right now. Anything else I should do?

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-09-2013 02
Ran by SYSTEM at 2013-09-29 15:44:22 Run:1
Running from H:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Start
HKLM\...\InprocServer32: [Default-wbemess] \\.\globalroot\systemroot\Installer\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\n. ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$fe28e9e10fdaf2892a851c88e52d3347\n. ATTENTION! ====> ZeroAccess?
HKU\Tung\...\Run: [u5iNplZZo.exe] - C:\Users\Tung\AppData\Local\2bZIdBjp\u5iNplZZo.exe [193536 2013-09-28] ()
HKU\Tung\...\Winlogon: [shell] cmd.exe [344576 2009-07-13] (Microsoft Corporation) <==== ATTENTION
HKU\Tung\...\Command Processor: "C:\Users\Tung\AppData\Local\2bZIdBjp\u5iNplZZo.exe" <===== ATTENTION!
S2 Winmgmt; C:\PROGRA~3\3rmq9to.pzz [x]
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\   \...\???\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
C:\Users\Tung\AppData\Local\2bZIdBjp\u5iNplZZo.exe
C:\Program Files (x86)\Google\Desktop\Install\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\   \...\???\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\GoogleUpdate.exe
C:\Windows\Installer\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}
C:\Windows\Installer\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\@
C:\Windows\Installer\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\U\00000004.@
C:\Windows\Installer\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\L\00000004.@
C:\Windows\Installer\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\L\1afb2d56
C:\Windows\Installer\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\L\201d3dde
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\$Recycle.Bin\S-1-5-21-3690061423-600262699-3150565116-1001\$fe28e9e10fdaf2892a851c88e52d3347
C:\$Recycle.Bin\S-1-5-18\$fe28e9e10fdaf2892a851c88e52d3347
C:\Users\Tung\AppData\Local\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}
C:\Users\Tung\AppData\Local\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\@
C:\Users\Tung\AppData\Local\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\U\00000004.@
C:\Users\Tung\AppData\Local\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\L\00000004.@
C:\Users\Tung\AppData\Local\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\L\1afb2d56
C:\Users\Tung\AppData\Local\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\L\55490ac4
C:\Users\Tung\AppData\Local\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\L\80000032.@
C:\Users\Tung\AppData\Local\2bZIdBjp\u5iNplZZo.exe
C:\Users\Tung\AppData\Roaming\skype.ini
C:\Users\Tung\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
C:\ProgramData\3rmq9to.ctrl
C:\ProgramData\3rmq9to.pff
C:\ProgramData\8z0lcrlcf.ctrl
C:\ProgramData\8z0lcrlcf.pff
C:\ProgramData\KfcBph0T.dat
C:\ProgramData\qwmfhugmepqgptumnht.bat
C:\ProgramData\qwmfhugmepqgptumnht.reg
C:\Users\Tung\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Tung\AppData\Local\Temp\jna3358355228844508260.dll
C:\Users\Tung\AppData\Local\Temp\jna833693958272025940.dll
C:\Users\Tung\AppData\Local\Temp\tkfyajmiyqprjustnci.dll
C:\Users\Tung\AppData\Local\Temp\tkfyajmiyqprjustnci.exe
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
DeleteJunctionsIndirectory: C:\Windows\system64
End

*****************

HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default => Value was restored successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKU\Tung\Software\Microsoft\Windows\CurrentVersion\Run\\u5iNplZZo.exe => Value deleted successfully.
HKU\Tung\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Tung\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
Winmgmt => Service restored successfully.
*etadpug => Unable to delete service
*etadpug => Service should be removed with FRST outside recovery mode.
C:\Users\Tung\AppData\Local\2bZIdBjp\u5iNplZZo.exe => Moved successfully.
"C:\Program Files (x86)\Google\Desktop\Install\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\   \...\???\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\GoogleUpdate.exe" => File/Directory not found.
C:\Windows\Installer\{fe28e9e1-0fda-f289-2a85-1c88e52d3347} => Moved successfully.
"C:\Windows\Installer\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\@" => File/Directory not found.
"C:\Windows\Installer\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\U\00000004.@" => File/Directory not found.
"C:\Windows\Installer\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\L\00000004.@" => File/Directory not found.
"C:\Windows\Installer\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\L\1afb2d56" => File/Directory not found.
"C:\Windows\Installer\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\L\201d3dde" => File/Directory not found.
C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-3690061423-600262699-3150565116-1001\$fe28e9e10fdaf2892a851c88e52d3347 => Moved successfully.
C:\$Recycle.Bin\S-1-5-18\$fe28e9e10fdaf2892a851c88e52d3347 => Moved successfully.
C:\Users\Tung\AppData\Local\{fe28e9e1-0fda-f289-2a85-1c88e52d3347} => Moved successfully.
"C:\Users\Tung\AppData\Local\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\@" => File/Directory not found.
"C:\Users\Tung\AppData\Local\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\U\00000004.@" => File/Directory not found.
"C:\Users\Tung\AppData\Local\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\L\00000004.@" => File/Directory not found.
"C:\Users\Tung\AppData\Local\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\L\1afb2d56" => File/Directory not found.
"C:\Users\Tung\AppData\Local\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\L\55490ac4" => File/Directory not found.
"C:\Users\Tung\AppData\Local\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\L\80000032.@" => File/Directory not found.
"C:\Users\Tung\AppData\Local\2bZIdBjp\u5iNplZZo.exe" => File/Directory not found.
C:\Users\Tung\AppData\Roaming\skype.ini => Moved successfully.
C:\Users\Tung\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.
C:\ProgramData\3rmq9to.ctrl => Moved successfully.
C:\ProgramData\3rmq9to.pff => Moved successfully.
C:\ProgramData\8z0lcrlcf.ctrl => Moved successfully.
C:\ProgramData\8z0lcrlcf.pff => Moved successfully.
C:\ProgramData\KfcBph0T.dat => Moved successfully.
C:\ProgramData\qwmfhugmepqgptumnht.bat => Moved successfully.
C:\ProgramData\qwmfhugmepqgptumnht.reg => Moved successfully.
C:\Users\Tung\AppData\Local\Temp\InstallFlashPlayer.exe => Moved successfully.
C:\Users\Tung\AppData\Local\Temp\jna3358355228844508260.dll => Moved successfully.
C:\Users\Tung\AppData\Local\Temp\jna833693958272025940.dll => Moved successfully.
C:\Users\Tung\AppData\Local\Temp\tkfyajmiyqprjustnci.dll => Moved successfully.
C:\Users\Tung\AppData\Local\Temp\tkfyajmiyqprjustnci.exe => Moved successfully.
Error: DeleteJunctionsIndirectory: C:\Program Files\Windows Defender => entry should be fixed outside recovery mode.
Error: DeleteJunctionsIndirectory: C:\Windows\system64 => entry should be fixed outside recovery mode.

==== End of Fixlog ====

Link to post
Share on other sites

Yes we need to run FRST from Normal mode now as follows:

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by Tung (administrator) on TUNG-PC on 29-09-2013 16:34:14
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Threat Expert Ltd.) C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
() C:\ProgramData\DatacardService\DCService.exe
() C:\ProgramData\DatacardService\DCSHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(PC Tools) C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
(Lime Wire, LLC) C:\Program Files (x86)\LimeWire\LimeWire.exe
(CyberLink Corp.) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKCU\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-10-25] (Hewlett-Packard)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-10] (Google Inc.)
HKCU\...\Run: [Messenger (Yahoo!)] - C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Policies\system: [WallpaperStyle] 2
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {439c2a79-78b0-11e0-accd-00269e900092} - F:\AutoRun.exe
MountPoints2: {439c2a7d-78b0-11e0-accd-00269e900092} - F:\AutoRun.exe
MountPoints2: {7c9e852c-bfee-11e0-a58f-00269e900092} - F:\AutoRun.exe
MountPoints2: {caf07d52-778c-11e0-932d-806e6f6e6963} - F:\AutoRun.exe
MountPoints2: {caf07d8a-778c-11e0-932d-00269e900092} - F:\AutoRun.exe
MountPoints2: {e6379b54-bd54-11de-abaf-806e6f6e6963} - rundll32.exe url.dll,FileProtocolHandler index.html
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QPService] - C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [uCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-18] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [581480 2009-05-12] (Symantec Corporation)
HKLM-x32\...\Run: [updatePRCShortCut] - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [brStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [brMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-10-25] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-10-25] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
IMEO\bb2-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\blasterball3-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\blasterball3_levelhandler.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\bobthebuilder zoo-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\brinstck.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\brolink0.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\brscutil.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\brstmonw.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\buildalot2-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\buildalot3-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\chocolatier-decadence-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\chuzzle-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\dora-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\drivegreen1-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\farmfrenzypizzaparty-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\fate-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\golf-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\haulin-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\hpsf.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\jqsolitaire2-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\lightscribecontrolpanel.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\liong2-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\lslauncher.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\mahjong2-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\mortimertimeparadox-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\mysterypinewyork-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\mysterypivegas-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\nobuactivation.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\onplay.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\peggle-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\penguins-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\polar-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\provider.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\slingo-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\supercollapseiii-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\thos-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\totem tribe-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\virtual villagers - the secret city-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\winbej2-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\worldofgoo-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\zuma-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
Startup: C:\Users\Tung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
ShortcutTarget: LimeWire On Startup.lnk -> C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Pavilion&pf=cnnb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Pavilion&pf=cnnb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Pavilion&pf=cnnb
URLSearchHook: (No Name) - {0002ee26-8c11-49eb-9cdf-56eeffef664f} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {40A01EDF-B4A1-4BA8-B0E9-0DCCDEF85F41} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {40A01EDF-B4A1-4BA8-B0E9-0DCCDEF85F41} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2604146
SearchScopes: HKCU - {40A01EDF-B4A1-4BA8-B0E9-0DCCDEF85F41} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2604146
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -  No File
BHO-x32: HotSpot International Toolbar - {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files (x86)\HotSpot_International\tbHotS.dll (Conduit Ltd.)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: PC Tools Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
Toolbar: HKLM-x32 - HotSpot International Toolbar - {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files (x86)\HotSpot_International\tbHotS.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -  No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU -  No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKCU -  No Name - {0002EE26-8C11-49EB-9CDF-56EEFFEF664F} -  No File
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 02 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation)
Hosts: 127.0.0.1 secure.tune-up.com  
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Tung\AppData\Roaming\Mozilla\Firefox\Profiles\79iac3a0.default
FF SelectedSearchEngine: HotSpot International Customized Web Search


FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @mywebsearch.com/Plugin - C:\Program Files (x86)\MyWebSearch\bar\firefox\ No File
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll No File
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Tung\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Tung\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Tung\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Tung\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Tung\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Tung\AppData\Roaming\Mozilla\Firefox\Profiles\79iac3a0.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: AVG Security Toolbar - C:\Users\Tung\AppData\Roaming\Mozilla\Firefox\Profiles\79iac3a0.default\Extensions\avg@toolbar
FF Extension: HotSpot International Community Toolbar - C:\Users\Tung\AppData\Roaming\Mozilla\Firefox\Profiles\79iac3a0.default\Extensions\{0002ee26-8c11-49eb-9cdf-56eeffef664f}
FF Extension: Adblock Plus - C:\Users\Tung\AppData\Roaming\Mozilla\Firefox\Profiles\79iac3a0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files (x86)\MyWebSearch\bar\firefox\
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn\
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [{32874E93-E660-46EE-93D5-60AAE8785892}] - C:\Users\Tung\AppData\Local\{32874E93-E660-46EE-93D5-60AAE8785892}
FF Extension: XULRunner - C:\Users\Tung\AppData\Local\{32874E93-E660-46EE-93D5-60AAE8785892}
FF HKCU\...\Firefox\Extensions: [{B7B7F700-CF2F-11E1-8270-B8AC6F996F26}] - C:\Users\Tung\AppData\Local\{B7B7F700-CF2F-11E1-8270-B8AC6F996F26}\
FF Extension: Mozilla Safe Browsing - C:\Users\Tung\AppData\Local\{B7B7F700-CF2F-11E1-8270-B8AC6F996F26}\

Chrome:
=======


CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Tung\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Tung\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (TVU Web Player for FireFox) - C:\Windows\system32\TVUAx\npTVUAx.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Norton Identity Protection) - C:\Users\Tung\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Tung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 Browser Defender Update Service; C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [112592 2010-01-22] (Threat Expert Ltd.)
R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [250368 2010-10-14] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 sdAuxService; C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [366840 2010-03-11] (PC Tools)
S3 sdCoreService; C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [1142224 2010-03-15] (PC Tools)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\   \...\???\{fe28e9e1-0fda-f289-2a85-1c88e52d3347}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-21] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-21] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-07-30] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-07-30] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-07-30] (Symantec Corporation)
S3 ew_mbbusbdev; C:\Windows\System32\DRIVERS\ew_mbbusbdev.sys [115584 2010-09-27] (MBB Technologies Co., Ltd.)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130813.001\IDSvia64.sys [513184 2013-08-01] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130813.001\IDSvia64.sys [513184 2013-08-01] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mbbdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [121600 2010-09-27] (MBB Technologies Co., Ltd.)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130815.022\ENG64.SYS [126040 2013-07-30] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130815.022\ENG64.SYS [126040 2013-07-30] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130815.022\EX64.SYS [2098776 2013-07-30] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130815.022\EX64.SYS [2098776 2013-07-30] (Symantec Corporation)
R0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [233488 2010-03-29] (PC Tools)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-08-01] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software)
U4 eabfiltr;
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [256000 2010-09-27] (MBB Technologies Co., Ltd.)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 SYMFW; \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMFW.SYS [x]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-29 19:10 - 2013-09-29 19:10 - 00000000 ____D C:\FRST
2013-09-29 15:48 - 2013-09-29 15:48 - 00000000 ____D C:\Users\Tung\AppData\Local\{95AC3AC8-3A10-4007-BC16-D3B265A65705}
2013-09-29 03:07 - 2013-09-29 03:07 - 00238592 _____ C:\Users\Tung\AppData\Roaming\KilJXyIi
2013-09-29 03:07 - 2013-09-29 03:07 - 00238592 _____ C:\Users\Tung\AppData\Local\zVDPqadYQB
2013-09-29 03:07 - 2013-09-29 03:07 - 00238592 _____ C:\ProgramData\xvhAt8nP
2013-09-29 03:05 - 2013-09-29 16:05 - 00000000 ____D C:\Users\Tung\AppData\Local\2bZIdBjp
2013-09-28 20:28 - 2013-09-28 20:29 - 00000000 ____D C:\Users\Tung\AppData\Local\{4FCCC05A-B34E-44CE-8AAF-D2A2870539F1}
2013-09-28 01:58 - 2013-09-28 01:58 - 00000000 ____D C:\Users\Tung\AppData\Local\{9FC4A1AD-3453-4A09-B737-B818E0C854A2}
2013-09-26 20:27 - 2013-09-26 20:27 - 00000000 ____D C:\Users\Tung\AppData\Local\{DC3642FA-0443-4B12-996F-05565FF82990}
2013-09-25 20:59 - 2013-09-25 21:00 - 00000000 ____D C:\Users\Tung\AppData\Local\{53853691-1FB8-4704-95B6-D12AA6F39BB4}
2013-09-24 18:10 - 2013-09-24 18:10 - 00000000 ____D C:\Users\Tung\AppData\Local\{8EC8A217-2ECB-4FC6-9DE7-5CAE3E7695DE}
2013-09-24 00:18 - 2013-09-24 00:19 - 00000000 ____D C:\Users\Tung\AppData\Local\{7866218A-6A8B-44DF-A0F0-D7CF1E572C3E}
2013-09-23 05:29 - 2013-09-23 05:29 - 00000000 ____D C:\Users\Tung\AppData\Local\{589245A7-2616-4827-8A5E-CD80C6BE06FC}
2013-09-22 17:28 - 2013-09-22 17:28 - 00000000 ____D C:\Users\Tung\AppData\Local\{A7DDAF00-E55B-4D43-B75F-212F1F0716D7}
2013-09-22 16:05 - 2013-09-22 16:05 - 00000000 ____D C:\Users\Tung\AppData\Local\{322F8B9E-CA78-4F59-9E87-B97EFF0DD60E}
2013-09-22 03:16 - 2013-09-22 03:17 - 00000000 ____D C:\Users\Tung\AppData\Local\{1BD87D19-0C91-4F65-B83F-3FFAE76AB466}
2013-09-21 01:01 - 2013-09-21 01:02 - 00000000 ____D C:\Users\Tung\AppData\Local\{260DC1CF-97E0-47D5-9BD8-D5F9EFB75C24}
2013-09-19 20:29 - 2013-09-19 20:30 - 00000000 ____D C:\Users\Tung\AppData\Local\{0BEFAA3F-D1EF-48AF-8817-1E4ABBCA7ABC}
2013-09-18 18:18 - 2013-09-18 18:18 - 00000000 ____D C:\Users\Tung\AppData\Local\{EE39BB16-380E-443C-A27A-A29E8BC9C8B7}
2013-09-11 23:28 - 2013-09-11 23:28 - 00000000 ____D C:\Users\Tung\AppData\Local\{74093FC8-6775-4A72-BC92-71AAA9E4E7AD}
2013-09-11 22:58 - 2013-09-11 22:58 - 00000000 ____D C:\Users\Tung\AppData\Local\{96E8D612-AA75-4371-9EC3-440D8A1BC5E9}
2013-09-08 21:02 - 2013-09-08 21:02 - 00000000 ____D C:\Users\Tung\AppData\Local\{00B766A5-BFAC-4F42-BB78-6149A1054821}
2013-09-08 20:31 - 2013-09-08 20:31 - 00000000 ____D C:\Users\Tung\AppData\Local\{05BB3AC4-9ED2-4611-8264-26819C253101}
2013-09-08 03:11 - 2013-09-08 03:11 - 00000000 ____D C:\Users\Tung\AppData\Local\{4DCE333F-F464-4E90-B098-6A902BC6311E}
2013-09-06 20:34 - 2013-09-06 20:35 - 00000000 ____D C:\Users\Tung\AppData\Local\{103C39D4-B8E1-4566-80B8-EFA1691A134C}
2013-09-05 22:43 - 2013-09-05 22:43 - 00000000 ____D C:\Users\Tung\AppData\Local\{3809AC75-FB91-4FC7-812C-D62542C403BC}
2013-09-04 00:11 - 2013-09-04 21:57 - 00000000 ____D C:\Users\Tung\AppData\Local\{E394CA8A-E4BB-4FC2-874A-C510A9E0DEC2}
2013-09-01 20:24 - 2013-09-01 20:24 - 00000000 ____D C:\Users\Tung\AppData\Local\{B688669D-95BF-43AC-8B52-1BA56F084C17}
2013-09-01 01:09 - 2013-09-01 01:09 - 00000000 ____D C:\Users\Tung\AppData\Local\{0F3188DA-2D8B-4CBE-B070-463FB58C66A0}
2013-08-30 20:24 - 2013-08-30 20:24 - 00000000 ____D C:\Users\Tung\AppData\Local\{0140D4B1-65E2-4940-93F4-1AB649BEF836}
2013-08-30 00:35 - 2013-08-30 00:35 - 00000000 ____D C:\Users\Tung\AppData\Local\{97D4C444-E27C-4C7F-8B61-9CC06AA77332}

==================== One Month Modified Files and Folders =======

2013-09-29 19:10 - 2013-09-29 19:10 - 00000000 ____D C:\FRST
2013-09-29 16:33 - 2010-08-25 23:31 - 00000000 ____D C:\Users\Tung\AppData\Roaming\LimeWire
2013-09-29 16:32 - 2010-01-10 19:14 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-29 16:32 - 2010-01-07 12:32 - 00000000 ____D C:\Users\Tung\Tracing
2013-09-29 16:32 - 2009-10-20 04:49 - 00003110 _____ C:\ProgramData\hpqp.ini
2013-09-29 16:32 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-29 16:31 - 2009-10-20 04:45 - 00113776 _____ C:\Windows\PFRO.log
2013-09-29 16:31 - 2009-07-14 00:51 - 01553400 _____ C:\Windows\setupact.log
2013-09-29 16:30 - 2010-01-10 19:14 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-29 16:05 - 2013-09-29 03:05 - 00000000 ____D C:\Users\Tung\AppData\Local\2bZIdBjp
2013-09-29 15:54 - 2009-07-14 00:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-29 15:54 - 2009-07-14 00:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-29 15:51 - 2009-07-14 01:13 - 00725952 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-29 15:48 - 2013-09-29 15:48 - 00000000 ____D C:\Users\Tung\AppData\Local\{95AC3AC8-3A10-4007-BC16-D3B265A65705}
2013-09-29 03:07 - 2013-09-29 03:07 - 00238592 _____ C:\Users\Tung\AppData\Roaming\KilJXyIi
2013-09-29 03:07 - 2013-09-29 03:07 - 00238592 _____ C:\Users\Tung\AppData\Local\zVDPqadYQB
2013-09-29 03:07 - 2013-09-29 03:07 - 00238592 _____ C:\ProgramData\xvhAt8nP
2013-09-29 02:54 - 2010-01-24 17:12 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C6C32571-10B6-422B-B07B-4E9451795D1B}
2013-09-28 20:29 - 2013-09-28 20:28 - 00000000 ____D C:\Users\Tung\AppData\Local\{4FCCC05A-B34E-44CE-8AAF-D2A2870539F1}
2013-09-28 01:58 - 2013-09-28 01:58 - 00000000 ____D C:\Users\Tung\AppData\Local\{9FC4A1AD-3453-4A09-B737-B818E0C854A2}
2013-09-26 23:04 - 2010-06-25 05:11 - 00000000 ____D C:\Users\Tung\AppData\Local\Adobe
2013-09-26 22:45 - 2013-03-22 20:55 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-26 22:45 - 2013-03-22 20:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-26 20:27 - 2013-09-26 20:27 - 00000000 ____D C:\Users\Tung\AppData\Local\{DC3642FA-0443-4B12-996F-05565FF82990}
2013-09-25 21:00 - 2013-09-25 20:59 - 00000000 ____D C:\Users\Tung\AppData\Local\{53853691-1FB8-4704-95B6-D12AA6F39BB4}
2013-09-24 18:10 - 2013-09-24 18:10 - 00000000 ____D C:\Users\Tung\AppData\Local\{8EC8A217-2ECB-4FC6-9DE7-5CAE3E7695DE}
2013-09-24 00:19 - 2013-09-24 00:18 - 00000000 ____D C:\Users\Tung\AppData\Local\{7866218A-6A8B-44DF-A0F0-D7CF1E572C3E}
2013-09-23 05:29 - 2013-09-23 05:29 - 00000000 ____D C:\Users\Tung\AppData\Local\{589245A7-2616-4827-8A5E-CD80C6BE06FC}
2013-09-23 00:26 - 2010-01-08 02:59 - 00000000 ___RD C:\Users\Tung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-22 17:28 - 2013-09-22 17:28 - 00000000 ____D C:\Users\Tung\AppData\Local\{A7DDAF00-E55B-4D43-B75F-212F1F0716D7}
2013-09-22 16:05 - 2013-09-22 16:05 - 00000000 ____D C:\Users\Tung\AppData\Local\{322F8B9E-CA78-4F59-9E87-B97EFF0DD60E}
2013-09-22 08:29 - 2012-05-10 09:38 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-22 03:17 - 2013-09-22 03:16 - 00000000 ____D C:\Users\Tung\AppData\Local\{1BD87D19-0C91-4F65-B83F-3FFAE76AB466}
2013-09-21 01:02 - 2013-09-21 01:01 - 00000000 ____D C:\Users\Tung\AppData\Local\{260DC1CF-97E0-47D5-9BD8-D5F9EFB75C24}
2013-09-19 20:30 - 2013-09-19 20:29 - 00000000 ____D C:\Users\Tung\AppData\Local\{0BEFAA3F-D1EF-48AF-8817-1E4ABBCA7ABC}
2013-09-18 18:18 - 2013-09-18 18:18 - 00000000 ____D C:\Users\Tung\AppData\Local\{EE39BB16-380E-443C-A27A-A29E8BC9C8B7}
2013-09-11 23:28 - 2013-09-11 23:28 - 00000000 ____D C:\Users\Tung\AppData\Local\{74093FC8-6775-4A72-BC92-71AAA9E4E7AD}
2013-09-11 22:58 - 2013-09-11 22:58 - 00000000 ____D C:\Users\Tung\AppData\Local\{96E8D612-AA75-4371-9EC3-440D8A1BC5E9}
2013-09-11 22:57 - 2009-07-14 01:08 - 00032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-08 21:02 - 2013-09-08 21:02 - 00000000 ____D C:\Users\Tung\AppData\Local\{00B766A5-BFAC-4F42-BB78-6149A1054821}
2013-09-08 20:31 - 2013-09-08 20:31 - 00000000 ____D C:\Users\Tung\AppData\Local\{05BB3AC4-9ED2-4611-8264-26819C253101}
2013-09-08 03:11 - 2013-09-08 03:11 - 00000000 ____D C:\Users\Tung\AppData\Local\{4DCE333F-F464-4E90-B098-6A902BC6311E}
2013-09-06 20:35 - 2013-09-06 20:34 - 00000000 ____D C:\Users\Tung\AppData\Local\{103C39D4-B8E1-4566-80B8-EFA1691A134C}
2013-09-05 22:43 - 2013-09-05 22:43 - 00000000 ____D C:\Users\Tung\AppData\Local\{3809AC75-FB91-4FC7-812C-D62542C403BC}
2013-09-04 21:57 - 2013-09-04 00:11 - 00000000 ____D C:\Users\Tung\AppData\Local\{E394CA8A-E4BB-4FC2-874A-C510A9E0DEC2}
2013-09-01 20:24 - 2013-09-01 20:24 - 00000000 ____D C:\Users\Tung\AppData\Local\{B688669D-95BF-43AC-8B52-1BA56F084C17}
2013-09-01 01:09 - 2013-09-01 01:09 - 00000000 ____D C:\Users\Tung\AppData\Local\{0F3188DA-2D8B-4CBE-B070-463FB58C66A0}
2013-08-30 20:24 - 2013-08-30 20:24 - 00000000 ____D C:\Users\Tung\AppData\Local\{0140D4B1-65E2-4940-93F4-1AB649BEF836}
2013-08-30 00:35 - 2013-08-30 00:35 - 00000000 ____D C:\Users\Tung\AppData\Local\{97D4C444-E27C-4C7F-8B61-9CC06AA77332}

Some content of TEMP:
====================
C:\Users\Tung\AppData\Local\Temp\jna6214078709137390183.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64


LastRegBack: 2013-09-22 23:50

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2013 02
Ran by Tung at 2013-09-29 16:36:19
Running from F:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Spyware Doctor with AntiVirus (Disabled - Up to date) {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spyware Doctor (Disabled - Up to date) {94076BB2-F3DA-227F-9A1E-F060FF73600F}
AS: Norton Internet Security (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
Acrobat.com (x32 Version: 1.6.65)
Activate Norton Online Backup (x32 Version: 1.1.20.0)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.1)
Adobe AIR (x32 Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader 9.5.1 MUI (x32 Version: 9.5.1)
AMD USB Filter Driver (x32 Version: 1.0.10.84)
Apple Application Support (x32 Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (x32 Version: 2.1.3.127)
Atheros Driver Installation Program (x32 Version: 5.2)
ATI Catalyst Install Manager (Version: 3.0.732.0)
Bing Bar (x32 Version: 7.0.822.0)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.33)
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite DCP-7040 (x32 Version: 1.0.1.0)
Brother MFL-Pro Suite MFC-J415W (x32 Version: 1.0.3.0)
Browser Defender 2.0.6.15 (x32 Version: 2.0.6.15)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Full New (x32 Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Light (x32 Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0702.1239.20840)
Catalyst Control Center InstallProxy (x32 Version: 2009.0702.1239.20840)
Catalyst Control Center Localization All (x32 Version: 2009.0702.1239.20840)
CCC Help Chinese Standard (x32 Version: 2009.0702.1238.20840)
CCC Help Chinese Traditional (x32 Version: 2009.0702.1238.20840)
CCC Help Czech (x32 Version: 2009.0702.1238.20840)
CCC Help Danish (x32 Version: 2009.0702.1238.20840)
CCC Help Dutch (x32 Version: 2009.0702.1238.20840)
CCC Help English (x32 Version: 2009.0702.1238.20840)
CCC Help Finnish (x32 Version: 2009.0702.1238.20840)
CCC Help French (x32 Version: 2009.0702.1238.20840)
CCC Help German (x32 Version: 2009.0702.1238.20840)
CCC Help Greek (x32 Version: 2009.0702.1238.20840)
CCC Help Hungarian (x32 Version: 2009.0702.1238.20840)
CCC Help Italian (x32 Version: 2009.0702.1238.20840)
CCC Help Japanese (x32 Version: 2009.0702.1238.20840)
CCC Help Korean (x32 Version: 2009.0702.1238.20840)
CCC Help Norwegian (x32 Version: 2009.0702.1238.20840)
CCC Help Polish (x32 Version: 2009.0702.1238.20840)
CCC Help Portuguese (x32 Version: 2009.0702.1238.20840)
CCC Help Russian (x32 Version: 2009.0702.1238.20840)
CCC Help Spanish (x32 Version: 2009.0702.1238.20840)
CCC Help Swedish (x32 Version: 2009.0702.1238.20840)
CCC Help Thai (x32 Version: 2009.0702.1238.20840)
CCC Help Turkish (x32 Version: 2009.0702.1238.20840)
ccc-core-static (x32 Version: 2009.0702.1239.20840)
ccc-utility64 (Version: 2009.0702.1239.20840)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
CyberLink DVD Suite (x32 Version: 6.0.3101)
CyberLink YouCam (x32 Version: 2.0.3115)
D3DX10 (x32 Version: 15.4.2368.0902)
D-com 3G (x32 Version: D-com 3G)
DivX Plus Web Player (x32 Version: 2.0.0)
Gold Miner Vegas (remove only) (x32)
Google Chrome (x32 Version: 29.0.1547.76)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Talk Plugin (x32 Version: 4.3.2.14360)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752)
Google Update Helper (x32 Version: 1.3.21.153)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000)
HotSpot International Toolbar (x32 Version: 5.7.2.2)
HP Advisor (x32 Version: 3.2.9652.3188)
HP Customer Experience Enhancements (x32 Version: 5.7.0.3036)
HP DVD Play 3.7 (x32 Version: 3.7.0.6623)
HP Games (x32 Version: 1.0.0.71)
HP Product Detection (x32 Version: 11.14.0001)
HP Quick Launch Buttons (x32 Version: 6.50.5.1)
HP Setup (x32 Version: 1.2.3220.3079)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Support Assistant (x32 Version: 4.2.8.3)
HP Update (x32 Version: 5.001.000.014)
HP User Guides 0148 (x32 Version: 1.01.0005)
HP Wireless Assistant (x32 Version: 3.50.9.1)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3)
iCamSource (x32 Version: 2.1.5)
iCloud (Version: 1.1.0.40)
IDT Audio (x32 Version: 1.0.6225.0)
Internet Explorer (Enable DEP)
iTunes (Version: 11.0.0.163)
Java Auto Updater (x32 Version: 2.0.6.1)
Java 6 Update 14 (64-bit) (Version: 6.0.140)
Java 6 Update 30 (x32 Version: 6.0.300)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LabelPrint (x32 Version: 2.5.1913)
LightScribe System Software (x32 Version: 1.18.6.1)
LimeWire 5.5.16 (x32 Version: 5.5.16)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Live Search Toolbar (x32 Version: 3.0.560.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (x32 Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (x32 Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Works (x32 Version: 9.7.0621)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox (3.6.27) (x32 Version: 3.6.27 (en-US))
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
muvee Reveal (x32 Version: 7.0.40.10061)
Norton Internet Security (x32 Version: 20.4.0.40)
Power2Go (x32 Version: 6.0.3101)
PowerDirector (x32 Version: 7.0.3101)
PowerRecover (x32 Version: 5.5.1923)
QLBCASL (x32 Version: 6.40.17.2)
QuickTime (x32 Version: 7.71.80.42)
Realtek 8136 8168 8169 Ethernet Driver (x32 Version: 1.00.0007)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7100.30094)
Safari (x32 Version: 5.34.52.7)
SmartWebPrinting (x32 Version: 140.0.186.000)
Spyware Doctor 7.0 (x32 Version: 7.0)
Synaptics Pointing Device Driver (Version: 13.2.4.12)
TuneUp Utilities 2012 (x32 Version: 12.0.3600.104)
TuneUp Utilities Language Pack (en-US) (x32 Version: 12.0.3600.104)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0)
VLC media player 2.0.0 (x32 Version: 2.0.0)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8064.206)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Mobile Device Center (Version: 6.1.6965.0)
WinRAR 4.01 (64-bit) (Version: 4.01.0)
WinRAR archiver (x32 Version: 4.01.0)
WinSCP 4.1.7 (x32 Version: 4.1.7)
Yahoo! Messenger (x32)
Yahoo! Toolbar (x32)

==================== Restore Points  =========================

18-09-2013 23:08:28 Scheduled Checkpoint
27-09-2013 01:48:48 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-13 22:34 - 2013-08-03 21:48 - 00000856 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 secure.tune-up.com  

==================== Scheduled Tasks (whitelisted) =============

Task: {0D3437DB-F9E6-41F6-AD46-EDF0644483E4} - System32\Tasks\HP online update program => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08] (Hewlett-Packard)
Task: {0E10F346-FCA4-4907-AC06-03AAC0EA8CD3} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {1071945D-1D9A-411E-960E-F3D27945B8DE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2306A83C-B586-4657-B227-B1DD75D10095} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {3A79AADF-A377-4BD0-9BAC-B725E6EEBBEE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-10] (Google Inc.)
Task: {4E7918AD-F43C-486E-AACA-E1B0184F394A} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2012-05-29] (TuneUp Software)
Task: {6671C585-E9C2-480A-B525-4EB9FD9A7ACC} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-27] (Microsoft Corporation)
Task: {6BA2402A-87DA-4FE0-9425-15734EB1BD47} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-10] (Google Inc.)
Task: {7395E334-EFAC-4FDA-AE6B-3A4B9C89D7BA} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09] (Sun Microsystems, Inc.)
Task: {7F45E7B4-CD2D-4248-875E-8097DDAB13A9} - System32\Tasks\User_Feed_Synchronization-{C6C32571-10B6-422B-B07B-4E9451795D1B} => C:\Windows\system32\msfeedssync.exe [2012-03-20] (Microsoft Corporation)
Task: {9BC55EB6-FEA2-458B-93BD-AB7CF7672BE6} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade\HpSAUpgrade.exe [2009-11-19] (Hewlett-Packard)
Task: {AADEF69F-8252-4519-9724-2130F91C2398} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-11-02] (Hewlett-Packard)
Task: {AC713A12-31D3-4B25-A004-663FD2950938} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {C0712DFA-5FAD-4105-BF12-FFE0377A2013} - System32\Tasks\Sun Microsystems online update program => C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-25] (Sun Microsystems, Inc.)
Task: {E9F256D6-F46E-418D-8CC3-4DE7DAE609C3} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03] (Adobe Systems Incorporated)
Task: {F07B75D5-1CD4-4F64-A1BD-EB572B744CE8} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-11-02] (Hewlett-Packard)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-07-07 14:56 - 2009-07-07 14:56 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-10-20 04:25 - 2009-10-20 04:25 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-08-15 15:58 - 2010-01-27 13:51 - 00767952 _____ () C:\Windows\BDTSupport.dll
2013-08-01 01:22 - 2012-05-30 10:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2009-10-25 23:27 - 2009-10-25 23:27 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-10-25 23:27 - 2009-10-25 23:27 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-10-25 23:27 - 2009-10-25 23:27 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-10-25 23:27 - 2009-10-25 23:27 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-10-25 23:27 - 2009-10-25 23:27 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-10-25 23:27 - 2009-10-25 23:27 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-10-25 23:27 - 2009-10-25 23:27 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2009-10-25 23:27 - 2009-10-25 23:27 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2010-09-30 16:14 - 2010-09-30 16:14 - 00090112 _____ () C:\Program Files (x86)\LimeWire\lib\SystemUtilities.dll
2011-10-19 14:21 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2010-01-16 02:31 - 2010-06-01 10:17 - 00929792 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:57DC3B52
AlternateDataStreams: C:\ProgramData\Temp:A8ADE5D8
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/27/2013 01:34:02 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/27/2013 01:33:52 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/27/2013 01:33:46 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (09/26/2013 11:56:46 PM) (Source: Wininit) (User: )
Description: A critical system process, C:\Windows\system32\lsass.exe, failed with status code 5.  The machine must now be restarted.

Error: (09/26/2013 09:46:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/26/2013 09:46:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/26/2013 09:46:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (09/24/2013 10:55:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/24/2013 10:54:55 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/24/2013 10:54:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (09/29/2013 04:32:18 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (09/29/2013 04:32:17 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (09/29/2013 04:32:16 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/29/2013 03:46:32 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (09/29/2013 03:46:32 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (09/29/2013 03:46:24 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/29/2013 03:46:05 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:06:40 PM on ‎29/‎09/‎2013 was unexpected.

Error: (09/29/2013 03:06:12 PM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (09/29/2013 03:05:59 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
BHDrvx64
ccSet_NIS
DfsC
discache
eeCtrl
IDSVia64
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
SRTSPX
SymIRON
SymNetS
tdx
vwififlt
Wanarpv6
WfpLwf

Error: (09/29/2013 03:05:59 PM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2011-12-11 09:52:22.767
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-12-11 09:45:27.249
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-12-11 09:33:49.387
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-12-11 09:27:39.291
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-12-11 09:21:58.391
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-12-11 09:16:09.660
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-12-11 09:07:24.291
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-12-11 08:26:32.243
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-12-11 06:35:19.672
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-12-11 05:25:22.600
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 38%
Total physical RAM: 3836.2 MB
Available physical RAM: 2356.88 MB
Total Pagefile: 7670.54 MB
Available Pagefile: 5893.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:219.09 GB) (Free:45.94 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:13.5 GB) (Free:2.25 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:7.8 GB) (Free:7.55 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 5FA6C626)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=219 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 8 GB) (Disk ID: B3382073)
Partition 1: (Not Active) - (Size=8 GB) - (Type=0B)

==================== End Of Log ============================

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Run Malwarebytes, check for updates and run quick scan. Kill anything it finds...

 

Next,

 

UNinstall the following:

 

LimeWire
Spyware Doctor
Tuneup Utilities

 

Let me see the logs from FRST, Malwarebytes and AdwCleaner. Let me know if any issues or concerns remain..

 

Kevin

fixlist.txt

Link to post
Share on other sites

We need to run an online AV scan to ensure there are no remnants of the infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report here

 

Finally,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Let me see those two logs,

 

Kevin..

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.