Jump to content

PC with rootkit and trojan infection


Recommended Posts

Hello,

My PC was clean until a few days ago. Today I noticed a few bad symptoms and I scanned it with MWB. The symptoms were the following: (1) Google chrome could not login, (2) Skype was giving a message that regsvc.exe was requesting access to it, and (3) I had a Windows alert that Windows security center was not turned on and when I tried to turn it on I get an error message that it can't be turned on. When the scan started, it found 6 Rootkit.0access. I stopped the scan, removed them and restarted my pc. Symptom number (1) was gone. Then I scanned again and this time I let the scan run its course. It found 4 trojan.inject.vds  (I'm not sure if it was vds or some other abbreviation). I removed them, restarted and symptom number (2) was gone. But symprom (3) is still present and I'm a little spooked because I've never been infected with rootkits before and I know they are bad news and hard to detect. So I think it is very likely my PC is still infected.

I've read the forum instructions, including that uTorrent must be disabled at all times. So here are the DDS logs and I hope someone can help:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.25.2
Run by Konstantin at 14:02:55 on 2013-10-27
Microsoft Windows 7 Professional   6.1.7601.1.1251.359.1033.18.8156.5144 [GMT 2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
C:\Windows\system32\spool\DRIVERS\x64\3\CNAB8SWK.EXE
C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\GamingMouse\mousehid.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\GamingMouse\trayicon.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - D:\Program Files D\Visual Studio 2012\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
EB: Web Test Recorder 10.0: {3142c289-f319-47f5-a594-a827028714c9} - 
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [DAEMON Tools Lite] "D:\Program Files D\DAEMON Tools Lite\DTLite.exe" -autorun                                                                                                                                                                                                               
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [GamingMouse] C:\Program Files (x86)\GamingMouse\mousehid.exe
uExplorerRun: [CDisplay] C:\Users\Konstantin\AppData\Roaming\F35F4B\F35F4B.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GIGABY~1.LNK - C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: mswsock.dll
TCP: NameServer = 192.168.100.1 192.168.0.1
TCP: Interfaces\{996E3AC5-6C90-4C06-BC70-16C6BC60CF1B} : DHCPNameServer = 192.168.100.1 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: AcroRd32.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: cpuz_x64.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: dtlite.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: package_inst.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: sptdinst-x64.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [CNAP2 Launcher] C:\Windows\System32\spool\DRIVERS\x64\3\CNAP2LAK.EXE
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: AcroRd32.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: cpuz_x64.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: dtlite.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: package_inst.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: sptdinst-x64.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-6-15 16152]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-6-15 283200]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-6-15 128280]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-6-15 161560]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-7-31 14997280]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-15 414496]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-11-29 2401632]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-6-15 363800]
R3 GPCIDrv;GPCIDrv;C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [2010-2-4 14376]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-6-15 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-6-15 787736]
R3 nmgmsFltr;USB Gaming Mouse;C:\Windows\System32\drivers\nmgms.sys [2013-6-15 14592]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-8-29 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-6-15 648808]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-11-16 11880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 BRDriver64;BRDriver64;C:\ProgramData\BitRaider\BRDriver64.sys [2013-6-15 75048]
S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\BitRaider\BRSptSvc.exe [2013-6-15 915736]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 FoxAwdWINFLASH;FoxAwdWINFLASH;C:\Program Files (x86)\Foxconn\FOX DMI\FoxAwdWINFLASH64.sys [2011-3-29 17808]
S3 FoxAwdWINFLASH64;FoxAwdWINFLASH64;C:\Program Files (x86)\Foxconn\FOX LiveUpdate\FoxAwdWINFLASH64.sys [2010-7-20 17808]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2013-7-1 137336]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-16 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-16 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-6-16 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-16 1255736]
.
=============== Created Last 30 ================
.
2013-10-27 10:39:06 -------- d-sh--r- C:\Users\Konstantin\mcbjb
2013-10-26 11:22:31 -------- d-sh--r- C:\Users\Konstantin\soyvl
2013-10-25 11:33:12 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A5A4CEEC-4E24-4654-AAD3-01DA943DA426}\mpengine.dll
2013-10-15 13:54:06 589600 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-10-09 11:21:59 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
.
==================== Find3M  ====================
.
2013-10-15 21:47:39 6665504 ----a-w- C:\Windows\System32\nvcpl.dll
2013-10-15 21:47:39 3489568 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-10-15 21:47:36 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-10-15 21:47:36 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-10-15 21:47:36 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-10-08 19:14:15 3398914 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-12 08:58:10 1884448 ----a-w- C:\Windows\System32\nvdispco6432723.dll
2013-09-12 08:58:10 1511712 ----a-w- C:\Windows\System32\nvdispgenco6432723.dll
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-03 11:35:10 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-08-20 13:33:40 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2013-08-20 13:32:58 29984 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-08-20 13:32:46 28448 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-08-01 12:09:36 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
.
============= FINISH: 14:03:01,60 ===============
 
 
 
 
 
 
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 15.6.2013 г. 17:03:04
System Uptime: 27.10.2013 г. 13:33:49 (1 hours ago)
.
Motherboard: Foxconn |  | H77MXV/H77MXV-D
Processor: Intel® Core i5-3570 CPU @ 3.40GHz | SOCKET 0 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 15,306 GiB free.
D: is FIXED (NTFS) - 700 GiB total, 310,634 GiB free.
E: is FIXED (NTFS) - 231 GiB total, 149,719 GiB free.
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP103: 9.10.2013 г. 15:46:00 - Windows Update
RP104: 10.10.2013 г. 06:39:13 - Windows Update
RP105: 15.10.2013 г. 15:47:51 - Windows Update
RP106: 22.10.2013 г. 17:49:39 - Windows Update
.
==== Image File Execution Options =============
.
IFEO: AcroRd32.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: cpuz_x64.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: dtlite.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: package_inst.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: sptdinst-x64.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: ts3client_win64.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: uninstall.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: AcroRd32.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: cpuz_x64.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: dtlite.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: package_inst.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: sptdinst-x64.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: ts3client_win64.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: uninstall.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
.
==== Installed Programs ======================
.
 Tools for .Net 3.5
µTorrent
3DMark
Adobe Reader XI (11.0.03)
Assassin's Creed® III v1.03
Bigasoft Total Video Converter 3.7.24.4700
BitRaider Web Client
Blend for Visual Studio 2012
Blend for Visual Studio 2012 ENU resources
Blend for Visual Studio Add-in for Adobe FXG Import
Blend for Visual Studio SDK for .NET 4.5
Blend for Visual Studio SDK for Silverlight 5
Canon LBP3010/LBP3018/LBP3050
CDisplay 1.8
DAEMON Tools Lite
Deadpool
Dotfuscator and Analytics Community Edition
Entity Framework Designer for Visual Studio 2012 - enu
EVEREST Ultimate Edition v5.50
FOX DMI
FOX LiveUpdate
FOX LOGO
FOX ONE
Fraps (remove only)
Futuremark SystemInfo
GamingMouse
GeForce Experience NvStream Client Components
GIGABYTE OC_GURU II
Google Chrome
Google Drive
Google Update Helper
IIS 8.0 Express
IIS Express Application Compatibility Database for x64
IIS Express Application Compatibility Database for x86
Intel® Control Center
Intel® Manageability Engine Firmware Recovery Agent
Intel® Management Engine Components
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
ITE Infrared Transceiver
Java 7 Update 25
Java Auto Updater
JavaScript Tooling
LocalESPC
LocalESPCui for en-us
Malwarebytes Anti-Malware version 1.75.0.1300
Mass Effect 2
Mass Effect™ 3
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.5 Multi-Targeting Pack
Microsoft .NET Framework 4.5 SDK
Microsoft ASP.NET MVC 3
Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update
Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools - ENU
Microsoft ASP.NET MVC 4 Runtime
Microsoft ASP.NET Web Pages
Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools
Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools - ENU
Microsoft ASP.NET Web Pages 2 Runtime
Microsoft Expression Blend SDK for .NET 4
Microsoft Expression Blend SDK for Silverlight 4
Microsoft Help Viewer 2.0
Microsoft LightSwitch for Visual Studio 2012 Core
Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU
Microsoft LightSwitch for Visual Studio 2012 v3.0 Core
Microsoft LightSwitch for Visual Studio 2012 v3.0 CoreRes - ENU
Microsoft NuGet - Visual Studio 2012
Microsoft Office Access MUI (Bulgarian) 2007
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Bulgarian) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (Bulgarian) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office IME (Chinese (Simplified)) 2007
Microsoft Office IME (Chinese (Traditional)) 2007
Microsoft Office IME (Japanese) 2007
Microsoft Office IME (Korean) 2007
Microsoft Office InfoPath MUI (Bulgarian) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Language Pack 2007 - Bulgarian/български
Microsoft Office O MUI (Bulgarian) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (Bulgarian) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (Bulgarian) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (Bulgarian) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Bulgarian) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (Chinese (Simplified)) 2007
Microsoft Office Proof (Chinese (Traditional)) 2007
Microsoft Office Proof (Croatian) 2007
Microsoft Office Proof (Czech) 2007
Microsoft Office Proof (Danish) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Estonian) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Greek) 2007
Microsoft Office Proof (Gujarati) 2007
Microsoft Office Proof (Hebrew) 2007
Microsoft Office Proof (Hindi) 2007
Microsoft Office Proof (Hungarian) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proof (Japanese) 2007
Microsoft Office Proof (Kannada) 2007
Microsoft Office Proof (Korean) 2007
Microsoft Office Proof (Latvian) 2007
Microsoft Office Proof (Lithuanian) 2007
Microsoft Office Proof (Marathi) 2007
Microsoft Office Proof (Norwegian (Bokmal)) 2007
Microsoft Office Proof (Norwegian (Nynorsk)) 2007
Microsoft Office Proof (Polish) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Portuguese (Portugal)) 2007
Microsoft Office Proof (Punjabi) 2007
Microsoft Office Proof (Romanian) 2007
Microsoft Office Proof (Russian) 2007
Microsoft Office Proof (Serbian (Latin)) 2007
Microsoft Office Proof (Slovak) 2007
Microsoft Office Proof (Slovenian) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proof (Tamil) 2007
Microsoft Office Proof (Telugu) 2007
Microsoft Office Proof (Thai) 2007
Microsoft Office Proof (Turkish) 2007
Microsoft Office Proof (Ukrainian) 2007
Microsoft Office Proof (Urdu) 2007
Microsoft Office Proofing (Bulgarian) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Kit 2007
Microsoft Office Proofing Tools Kit 2007
Microsoft Office ProofMUI (English) 2007
Microsoft Office Publisher MUI (Bulgarian) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (Bulgarian) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (Bulgarian) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (Bulgarian) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office X MUI (Bulgarian) 2007
Microsoft Portable Library Multi-Targeting Pack
Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
Microsoft Report Viewer Add-On for Visual Studio 2012
Microsoft Silverlight
Microsoft Silverlight 4 SDK
Microsoft Silverlight 5 SDK
Microsoft SQL Server 2012 Command Line Utilities 
Microsoft SQL Server 2012 Data-Tier App Framework 
Microsoft SQL Server 2012 Express LocalDB 
Microsoft SQL Server 2012 Management Objects 
Microsoft SQL Server 2012 Management Objects  (x64)
Microsoft SQL Server 2012 Native Client 
Microsoft SQL Server 2012 T-SQL Language Service 
Microsoft SQL Server 2012 Transact-SQL Compiler Service 
Microsoft SQL Server 2012 Transact-SQL ScriptDom 
Microsoft SQL Server Compact 4.0 SP1 x64 ENU
Microsoft SQL Server Data Tools - enu (11.1.20627.00)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)
Microsoft SQL Server System CLR Types
Microsoft SQL Server System CLR Types (x64)
Microsoft System CLR Types for SQL Server 2012
Microsoft System CLR Types for SQL Server 2012 (x64)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012  x64 Designtime - 11.0.50727
Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
Microsoft Visual C++ 2012 Compilers
Microsoft Visual C++ 2012 Compilers - ENU Resources
Microsoft Visual C++ 2012 Core Libraries
Microsoft Visual C++ 2012 Extended Libraries
Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86-x64 Compilers
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft Visual Studio 2010 Office Developer Tools (x64)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio 2012 Devenv
Microsoft Visual Studio 2012 Devenv Resources
Microsoft Visual Studio 2012 IntelliTrace Core amd64
Microsoft Visual Studio 2012 IntelliTrace Core x86
Microsoft Visual Studio 2012 IntelliTrace Front End x86
Microsoft Visual Studio 2012 Performance Collection Tools
Microsoft Visual Studio 2012 Performance Collection Tools - ENU
Microsoft Visual Studio 2012 Preparation
Microsoft Visual Studio 2012 SharePoint Developer Tools
Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack
Microsoft Visual Studio 2012 Shell (Minimum)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
Microsoft Visual Studio 2012 Shell (Minimum) Resources
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
Microsoft Visual Studio Premium 2012
Microsoft Visual Studio Premium 2012 - ENU
Microsoft Visual Studio Professional 2012
Microsoft Visual Studio Professional 2012 - ENU
Microsoft Visual Studio Team Foundation Server 2012 Object Model
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
Microsoft Visual Studio Team Foundation Server 2012 Storyboarding
Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - ENU
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
Microsoft Visual Studio Ultimate 2012
Microsoft Visual Studio Ultimate 2012 - ENU
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
Microsoft Web Deploy 3.0
Microsoft Web Deploy dbSqlPackage Provider - enu
Microsoft Web Developer Tools 2012.2 - Visual Studio 2012
Microsoft Web Platform Installer 4.0
Microsoft WSE 3.0 Runtime
Mortal Kombat Komplete Edition
NVIDIA 3D Vision Controller Driver 331.58
NVIDIA 3D Vision Driver 331.58
NVIDIA Control Panel 331.58
NVIDIA GeForce Experience 1.6.1
NVIDIA Graphics Driver 331.58
NVIDIA HD Audio Driver 1.3.26.4
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 8.3.14
NVIDIA Update Components
NVIDIA Virtual Audio 1.2.5
Origin
PreEmptive Analytics Visual Studio Components
Prerequisites for SSDT 
PunkBuster Services
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
Security Update for Microsoft .NET Framework 4.5 (KB2861208)
SHIELD Streaming
Skype™ 6.6
SmartCharger
StarCraft II: Heart of the Swarm © Blizzard Entertainment version 1
TeamSpeak 3 Client
The KMPlayer (remove only)
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Pets
The Sims™ 3 University Life
The Sims™ 3 World Adventures
Tombraider
TuneUp Utilities 2013
TuneUp Utilities Language Pack (en-US)
Update for  (KB2504637)
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
VibrateGameDeviceDrivers40
Visual Studio 2012 Prerequisites
Visual Studio 2012 Prerequisites - ENU Language Pack
Visual Studio 2012 Update 3 (KB2707250)
Visual Studio Extensions for Windows Library for JavaScript
WCF Data Services 5.0 (for OData v3) Primary Components
WCF Data Services Tools for Microsoft Visual Studio 2012
WCF RIA Services V1.0 SP2
Winamp
Windows App Certification Kit Native Components
Windows App Certification Kit x64
Windows Azure Tools for LightSwitch HTML Client for Visual Studio 2012
Windows Runtime Intellisense Content - en-us
Windows Software Development Kit
Windows Software Development Kit DirectX x64 Remote
Windows Software Development Kit DirectX x86 Remote
Windows Software Development Kit for Windows Store Apps
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
Windows XP Targeting with C++
WinRAR 4.20 (64-битова версия)
.
==== Event Viewer Messages From Past Week ========
.
27.10.2013 г. 13:34:02, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891
27.10.2013 г. 13:34:02, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:  %%-2147024891
27.10.2013 г. 13:33:59, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
27.10.2013 г. 13:33:56, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
27.10.2013 г. 13:33:50, Error: volmgr [46]  - Crash dump initialization failed!
27.10.2013 г. 13:31:23, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891
27.10.2013 г. 13:31:23, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:  %%-2147024891
27.10.2013 г. 13:31:20, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
27.10.2013 г. 13:31:17, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
27.10.2013 г. 13:31:11, Error: volmgr [46]  - Crash dump initialization failed!
27.10.2013 г. 13:27:20, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891
27.10.2013 г. 13:27:20, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:  %%-2147024891
27.10.2013 г. 13:27:16, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
27.10.2013 г. 13:27:13, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
27.10.2013 г. 13:27:07, Error: volmgr [46]  - Crash dump initialization failed!
27.10.2013 г. 12:48:58, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891
27.10.2013 г. 12:48:58, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:  %%-2147024891
27.10.2013 г. 12:48:54, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
27.10.2013 г. 12:48:51, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
27.10.2013 г. 12:48:45, Error: volmgr [46]  - Crash dump initialization failed!
27.10.2013 г. 12:42:56, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891
27.10.2013 г. 12:42:56, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:  %%-2147024891
27.10.2013 г. 12:42:52, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
27.10.2013 г. 12:42:49, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
27.10.2013 г. 12:42:43, Error: volmgr [46]  - Crash dump initialization failed!
27.10.2013 г. 12:40:30, Error: Service Control Manager [7000]  - The Windows Defender service failed to start due to the following error:  The system cannot find the path specified.
27.10.2013 г. 12:38:23, Error: volmgr [46]  - Crash dump initialization failed!
26.10.2013 г. 14:10:27, Error: volmgr [46]  - Crash dump initialization failed!
25.10.2013 г. 14:29:16, Error: volmgr [46]  - Crash dump initialization failed!
24.10.2013 г. 18:40:46, Error: volmgr [46]  - Crash dump initialization failed!
24.10.2013 г. 12:30:20, Error: volmgr [46]  - Crash dump initialization failed!
23.10.2013 г. 19:53:59, Error: volmgr [46]  - Crash dump initialization failed!
23.10.2013 г. 13:09:34, Error: volmgr [46]  - Crash dump initialization failed!
22.10.2013 г. 16:51:43, Error: volmgr [46]  - Crash dump initialization failed!
21.10.2013 г. 22:20:44, Error: volmgr [46]  - Crash dump initialization failed!
21.10.2013 г. 20:21:25, Error: volmgr [46]  - Crash dump initialization failed!
21.10.2013 г. 15:01:25, Error: volmgr [46]  - Crash dump initialization failed!
20.10.2013 г. 20:40:14, Error: volmgr [46]  - Crash dump initialization failed!
20.10.2013 г. 13:21:54, Error: volmgr [46]  - Crash dump initialization failed!
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin...

Link to post
Share on other sites

Hello, Kevin and thank you for your help

Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2013 01
Ran by Konstantin (administrator) on KONSTANTIN-PC on 27-10-2013 14:29:09
Running from C:\Users\Konstantin\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CANON INC.) C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
(CANON INC.) C:\Windows\system32\spool\DRIVERS\x64\3\CNAB8SWK.EXE
(GIGABYTE Technology Co.,Ltd.) C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\GamingMouse\mousehid.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\GamingMouse\trayicon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKLM\...\Run: [CNAP2 Launcher] - C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-10-14] (CANON INC.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-14] (Realtek Semiconductor)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20133824 2013-09-25] (Google)
HKCU\...\Run: [DAEMON Tools Lite] - D:\Program Files D\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Policies\Explorer\Run: [CDisplay] - C:\Users\Konstantin\AppData\Roaming\F35F4B\F35F4B.exe [32768 2013-08-29] ( (Microsoft Corporation))
MountPoints2: {14386d1d-d5a8-11e2-8f23-d02788c5efcf} - G:\setup.exe
HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [GamingMouse] - C:\Program Files (x86)\GamingMouse\mousehid.exe [749568 2011-12-23] ()
IMEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\cpuz_x64.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\dtlite.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\package_inst.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\sptdinst-x64.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\ts3client_win64.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x54B135D0D269CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
SearchScopes: HKCU - {8CFE6246-AC6E-4705-A143-983287B85441} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=FOXCSV
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - D:\Program Files D\Visual Studio 2012\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-26] (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 192.168.0.1
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Google Docs) - C:\Users\KONSTA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\KONSTA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\KONSTA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\KONSTA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (ABV Notifier) - C:\Users\KONSTA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbekonjicgkldkmopnamgglbfaiojje\1.0.0.3_0
CHR Extension: (AdBlock) - C:\Users\KONSTA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0
CHR Extension: (Grass) - C:\Users\KONSTA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiboiefncpfjihjdedpaoammipkilla\1.0_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\KONSTA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\KONSTA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
 
==================== Services (Whitelisted) =================
 
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2013-06-15] (BitRaider, LLC)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-06-18] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2401632 2012-11-29] (TuneUp Software)
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{51ba22d6-4f43-1b3e-b5d4-0ac5521585d1}\   \...\???\{51ba22d6-4f43-1b3e-b5d4-0ac5521585d1}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
 
==================== Drivers (Whitelisted) ====================
 
S3 BRDriver64; C:\programdata\bitraider\BRDriver64.sys [75048 2013-06-15] (BitRaider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-15] (DT Soft Ltd)
S3 FoxAwdWINFLASH; C:\Program Files (x86)\Foxconn\FOX DMI\FoxAwdWINFLASH64.sys [17808 2011-03-29] (Foxconn ® Corporation)
S3 FoxAwdWINFLASH64; C:\Program Files (x86)\Foxconn\FOX LiveUpdate\FoxAwdWINFLASH64.SYS [17808 2010-07-20] (Foxconn ® Corporation)
R3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] ()
R3 nmgmsFltr; C:\Windows\System32\drivers\nmgms.sys [14592 2009-11-13] ()
R3 nmgmsFltr; C:\Windows\SysWow64\drivers\nmgms.sys [12544 2009-11-13] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
S3 VSPerfDrv110; D:\Program Files D\Visual Studio 2012\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-27 14:28 - 2013-10-27 14:28 - 01956160 _____ (Farbar) C:\Users\Konstantin\Desktop\FRST64.exe
2013-10-27 14:28 - 2013-10-27 14:28 - 00000000 ____D C:\FRST
2013-10-27 14:03 - 2013-10-27 14:03 - 00020856 _____ C:\Users\Konstantin\Desktop\attach.txt
2013-10-27 14:03 - 2013-10-27 14:03 - 00017087 _____ C:\Users\Konstantin\Desktop\dds.txt
2013-10-27 13:52 - 2013-10-27 13:52 - 00688992 ____R (Swearware) C:\Users\Konstantin\Desktop\dds.scr
2013-10-27 12:39 - 2013-10-27 13:26 - 00000000 _RSHD C:\Users\Konstantin\mcbjb
2013-10-26 13:22 - 2013-10-27 13:26 - 00000000 _RSHD C:\Users\Konstantin\soyvl
2013-10-21 21:18 - 2013-10-16 02:48 - 30344992 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-10-21 21:18 - 2013-10-16 02:48 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-10-21 21:18 - 2013-10-16 02:48 - 22933280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-21 21:18 - 2013-10-16 02:48 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-21 21:18 - 2013-10-16 02:48 - 15858664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-10-21 21:18 - 2013-10-16 02:48 - 12537632 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-10-21 21:18 - 2013-10-16 02:48 - 11415232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-10-21 21:18 - 2013-10-16 02:48 - 11362672 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-10-21 21:18 - 2013-10-16 02:48 - 09516872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-21 21:18 - 2013-10-16 02:48 - 09472600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-21 21:18 - 2013-10-16 02:48 - 03131680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-10-21 21:18 - 2013-10-16 02:48 - 03124512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-10-21 21:18 - 2013-10-16 02:48 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-21 21:18 - 2013-10-16 02:48 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-21 21:18 - 2013-10-16 02:48 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433158.dll
2013-10-21 21:18 - 2013-10-16 02:48 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433158.dll
2013-10-21 21:18 - 2013-10-16 02:48 - 01241376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-10-21 21:18 - 2013-10-16 02:48 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-10-21 21:18 - 2013-10-16 02:48 - 00655136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-10-21 21:18 - 2013-10-16 02:48 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-21 21:18 - 2013-10-16 02:48 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-21 21:18 - 2013-10-16 02:48 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2013-10-21 21:18 - 2013-10-16 02:48 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-10-21 21:18 - 2013-10-16 02:48 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-10-21 21:18 - 2013-10-16 02:48 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-10-21 21:18 - 2013-10-16 02:48 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-10-21 21:18 - 2013-10-16 02:48 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-10-15 15:54 - 2013-10-15 15:54 - 00589600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-10-10 05:39 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-10 05:39 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-10 05:39 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-10 05:39 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-10 05:39 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-10 05:39 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-10 05:39 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-10 05:39 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-10 05:39 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-10 05:39 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-10 05:39 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-10 05:39 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-10 05:39 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-10 05:39 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 05:39 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 05:39 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 05:39 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 05:39 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 05:39 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 05:39 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 05:39 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 05:39 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 05:39 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 05:39 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 05:39 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 05:39 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 05:39 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 05:39 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 05:39 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-10 05:39 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 05:39 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 13:21 - 2013-10-27 12:49 - 00000000 __SHD C:\Users\Konstantin\AppData\Roaming\F35F4B
2013-10-09 13:21 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 13:21 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 13:21 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 13:21 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 13:21 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 13:21 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 13:21 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 13:21 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 13:21 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 13:21 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 13:21 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 13:21 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 13:21 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 13:21 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 13:21 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 13:21 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 13:21 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 13:21 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 13:21 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 13:21 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 13:21 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 13:21 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 13:21 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 13:21 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 13:21 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 13:21 - 2013-07-12 12:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 13:21 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 13:21 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 13:21 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 13:21 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 13:21 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 13:21 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 13:21 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 13:21 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 13:21 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 13:21 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 13:21 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 13:21 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 13:21 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 13:21 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 13:21 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 13:21 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 13:21 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 13:21 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 13:21 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 13:21 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
 
==================== One Month Modified Files and Folders =======
 
2013-10-27 14:28 - 2013-10-27 14:28 - 01956160 _____ (Farbar) C:\Users\Konstantin\Desktop\FRST64.exe
2013-10-27 14:28 - 2013-10-27 14:28 - 00000000 ____D C:\FRST
2013-10-27 14:03 - 2013-10-27 14:03 - 00020856 _____ C:\Users\Konstantin\Desktop\attach.txt
2013-10-27 14:03 - 2013-10-27 14:03 - 00017087 _____ C:\Users\Konstantin\Desktop\dds.txt
2013-10-27 13:58 - 2013-06-15 11:35 - 00001006 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-27 13:52 - 2013-10-27 13:52 - 00688992 ____R (Swearware) C:\Users\Konstantin\Desktop\dds.scr
2013-10-27 13:41 - 2013-06-15 14:07 - 00000000 ____D C:\Users\Konstantin\AppData\Roaming\Skype
2013-10-27 13:41 - 2009-07-14 06:45 - 00022928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-27 13:41 - 2009-07-14 06:45 - 00022928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-27 13:40 - 2009-07-14 07:13 - 00782106 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-27 13:33 - 2013-06-16 18:59 - 00067706 _____ C:\Windows\setupact.log
2013-10-27 13:33 - 2013-06-15 16:14 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-10-27 13:33 - 2013-06-15 13:33 - 00000000 ____D C:\Users\Konstantin\AppData\Roaming\uTorrent
2013-10-27 13:33 - 2013-06-15 11:35 - 00001002 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-27 13:33 - 2013-06-15 11:28 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-27 13:33 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-27 13:27 - 2013-06-18 00:08 - 00225846 _____ C:\Windows\PFRO.log
2013-10-27 13:26 - 2013-10-27 12:39 - 00000000 _RSHD C:\Users\Konstantin\mcbjb
2013-10-27 13:26 - 2013-10-26 13:22 - 00000000 _RSHD C:\Users\Konstantin\soyvl
2013-10-27 12:54 - 2013-06-15 14:00 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
2013-10-27 12:49 - 2013-10-09 13:21 - 00000000 __SHD C:\Users\Konstantin\AppData\Roaming\F35F4B
2013-10-27 12:39 - 2013-06-15 16:03 - 00000000 ____D C:\Users\Konstantin
2013-10-27 12:38 - 2013-06-15 11:35 - 00000000 ____D C:\Users\Konstantin\AppData\Local\Google
2013-10-27 12:38 - 2013-06-15 11:35 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-27 05:01 - 2013-06-15 16:03 - 01362803 _____ C:\Windows\WindowsUpdate.log
2013-10-26 20:51 - 2013-06-15 18:58 - 00000000 ____D C:\Users\Konstantin\AppData\Local\CrashDumps
2013-10-26 14:05 - 2013-06-15 16:14 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-10-26 00:09 - 2013-06-15 12:49 - 00000000 ____D C:\Program Files (x86)\Origin
2013-10-23 12:15 - 2013-06-16 01:21 - 00003696 _____ C:\Windows\System32\Tasks\Adobe online update program
2013-10-22 15:51 - 2009-07-14 07:08 - 00032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-21 21:19 - 2013-06-15 11:28 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-10-21 21:19 - 2013-06-15 11:28 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-16 02:48 - 2013-10-21 21:18 - 30344992 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-10-16 02:48 - 2013-10-21 21:18 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-10-16 02:48 - 2013-10-21 21:18 - 22933280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-16 02:48 - 2013-10-21 21:18 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-16 02:48 - 2013-10-21 21:18 - 15858664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-10-16 02:48 - 2013-10-21 21:18 - 12537632 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-10-16 02:48 - 2013-10-21 21:18 - 11415232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-10-16 02:48 - 2013-10-21 21:18 - 11362672 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-10-16 02:48 - 2013-10-21 21:18 - 09516872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-16 02:48 - 2013-10-21 21:18 - 09472600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-16 02:48 - 2013-10-21 21:18 - 03131680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-10-16 02:48 - 2013-10-21 21:18 - 03124512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-10-16 02:48 - 2013-10-21 21:18 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-16 02:48 - 2013-10-21 21:18 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-16 02:48 - 2013-10-21 21:18 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433158.dll
2013-10-16 02:48 - 2013-10-21 21:18 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433158.dll
2013-10-16 02:48 - 2013-10-21 21:18 - 01241376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-10-16 02:48 - 2013-10-21 21:18 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-10-16 02:48 - 2013-10-21 21:18 - 00655136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-10-16 02:48 - 2013-10-21 21:18 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-16 02:48 - 2013-10-21 21:18 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-16 02:48 - 2013-10-21 21:18 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2013-10-16 02:48 - 2013-10-21 21:18 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-10-16 02:48 - 2013-10-21 21:18 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-10-16 02:48 - 2013-10-21 21:18 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-10-16 02:48 - 2013-10-21 21:18 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-10-16 02:48 - 2013-10-21 21:18 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-10-16 02:48 - 2013-06-15 16:21 - 15244272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-10-16 02:48 - 2013-06-15 16:20 - 03067560 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-10-16 02:48 - 2013-06-15 16:20 - 02694664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-10-16 02:48 - 2013-06-15 16:20 - 01435504 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-10-16 02:48 - 2013-06-15 11:58 - 18290536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-10-16 02:48 - 2013-06-15 11:58 - 18243632 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-10-16 02:48 - 2013-06-15 11:28 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2013-10-16 02:48 - 2013-06-15 11:28 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2013-10-16 02:48 - 2013-06-15 11:28 - 00023287 _____ C:\Windows\system32\nvinfo.pb
2013-10-15 23:47 - 2013-06-15 11:28 - 06665504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-10-15 23:47 - 2013-06-15 11:28 - 03489568 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-10-15 23:47 - 2013-06-15 11:28 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-10-15 23:47 - 2013-06-15 11:28 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-10-15 23:47 - 2013-06-15 11:28 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-10-15 15:54 - 2013-10-15 15:54 - 00589600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-10-11 21:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-10-10 14:01 - 2009-07-14 06:45 - 00416112 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-09 14:48 - 2013-06-15 11:54 - 00766336 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-09 14:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\inetsrv
2013-10-09 14:46 - 2013-08-14 17:28 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 14:46 - 2013-06-16 16:14 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-08 21:14 - 2013-06-15 11:28 - 03398914 _____ C:\Windows\system32\nvcoproc.bin
2013-10-03 20:53 - 2013-06-15 11:35 - 00004002 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-03 20:53 - 2013-06-15 11:35 - 00003750 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-01 23:45 - 2013-06-16 23:14 - 00006991 _____ C:\Users\Konstantin\Documents\TombRaider.log
 
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
 
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
 
Files to move or delete:
====================
ZeroAccess:
C:\Users\Konstantin\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
 
 
LastRegBack: 2013-10-21 20:41
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2013 01
Ran by Konstantin at 2013-10-27 14:29:31
Running from C:\Users\Konstantin\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
 Tools for .Net 3.5 (x32 Version: 3.11.50727)
µTorrent (x32 Version: 3.3.0.29677)
3DMark (x32 Version: 1.1)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Assassin's Creed® III v1.03 (x32 Version: 1.03)
Bigasoft Total Video Converter 3.7.24.4700 (x32)
BitRaider Web Client (x32 Version: 1.1.6.3)
Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0)
Blend for Visual Studio 2012 ENU resources (x32 Version: 5.0.30709.0)
Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0)
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0)
Canon LBP3010/LBP3018/LBP3050
CDisplay 1.8 (x32)
DAEMON Tools Lite (x32 Version: 4.45.4.0315)
Deadpool (x32 Version: 1.0)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298)
Entity Framework Designer for Visual Studio 2012 - enu (x32 Version: 11.1.21009.00)
EVEREST Ultimate Edition v5.50 (x32 Version: 5.50)
FOX DMI (x32 Version: 2.0.0.0)
FOX LiveUpdate (x32 Version: 2.1.6.26)
FOX LOGO (x32 Version: 2.0.2.19)
FOX ONE (x32 Version: 2.0.22.5)
Fraps (remove only) (x32)
Futuremark SystemInfo (x32 Version: 4.17.0)
GamingMouse (x32 Version: 1.00)
GeForce Experience NvStream Client Components (Version: 0.1.87)
GIGABYTE OC_GURU II (x32 Version: 1.44.0000)
Google Chrome (x32 Version: 30.0.1599.101)
Google Drive (x32 Version: 1.12.5329.1887)
Google Update Helper (x32 Version: 1.3.21.165)
IIS 8.0 Express (Version: 8.0.1557)
IIS Express Application Compatibility Database for x64
IIS Express Application Compatibility Database for x86
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.35132)
Intel® Management Engine Components (x32 Version: 8.0.0.1351)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214)
Intel® Trusted Connect Service Client (Version: 1.23.216.0)
ITE Infrared Transceiver (x32 Version: 1.00.0000)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
JavaScript Tooling (Version: 11.0.60315)
JavaScript Tooling (x32 Version: 11.0.60315)
LocalESPC (x32 Version: 8.59.25584)
LocalESPCui for en-us (x32 Version: 8.59.25584)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mass Effect 2 (x32 Version: 1.02)
Mass Effect™ 3 (x32 Version: 1.05.0.0)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (x32 Version: 4.5.50709)
Microsoft .NET Framework 4.5 SDK (x32 Version: 4.5.50709)
Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update (x32 Version: 3.0.30710.0)
Microsoft ASP.NET MVC 3 (x32 Version: 3.0.20105.0)
Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools - ENU (x32 Version: 4.1.20219.0)
Microsoft ASP.NET MVC 4 Runtime (x32 Version: 4.0.20710.0)
Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools (x32 Version: 1.0.20710.0)
Microsoft ASP.NET Web Pages (x32 Version: 1.0.20105.0)
Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools - ENU (x32 Version: 4.1.20219.0)
Microsoft ASP.NET Web Pages 2 Runtime (x32 Version: 2.0.20715.0)
Microsoft Expression Blend SDK for .NET 4 (x32 Version: 2.0.20525.0)
Microsoft Expression Blend SDK for Silverlight 4 (x32 Version: 2.0.20525.0)
Microsoft Help Viewer 2.0 (x32 Version: 2.0.50727)
Microsoft LightSwitch for Visual Studio 2012 Core (x32 Version: 11.0.50727)
Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU (x32 Version: 11.0.50727)
Microsoft LightSwitch for Visual Studio 2012 v3.0 Core (x32 Version: 11.0.60517)
Microsoft LightSwitch for Visual Studio 2012 v3.0 CoreRes - ENU (x32 Version: 11.0.60517)
Microsoft NuGet - Visual Studio 2012 (x32 Version: 2.0.30625.9003)
Microsoft Office Access MUI (Bulgarian) 2007 (x32 Version: 12.0.4518.1042)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Excel MUI (Bulgarian) 2007 (x32 Version: 12.0.4518.1042)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Groove MUI (Bulgarian) 2007 (x32 Version: 12.0.4518.1042)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office IME (Chinese (Simplified)) 2007 (Version: 12.0.4518.1014)
Microsoft Office IME (Chinese (Simplified)) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office IME (Chinese (Traditional)) 2007 (Version: 12.0.4518.1014)
Microsoft Office IME (Chinese (Traditional)) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office IME (Japanese) 2007 (Version: 12.0.4518.1014)
Microsoft Office IME (Japanese) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office IME (Korean) 2007 (Version: 12.0.4518.1014)
Microsoft Office IME (Korean) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (Bulgarian) 2007 (x32 Version: 12.0.4518.1042)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Language Pack 2007 - Bulgarian/български (x32 Version: 12.0.4518.1042)
Microsoft Office O MUI (Bulgarian) 2007 (x32 Version: 12.0.4518.1042)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (Bulgarian) 2007 (x32 Version: 12.0.4518.1042)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (Bulgarian) 2007 (x32 Version: 12.0.4518.1042)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (Bulgarian) 2007 (x32 Version: 12.0.4518.1042)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (Arabic) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (Basque) 2007 (x32 Version: 12.0.4518.1070)
Microsoft Office Proof (Bulgarian) 2007 (x32 Version: 12.0.4518.1042)
Microsoft Office Proof (Catalan) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (Chinese (Simplified)) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (Chinese (Traditional)) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (Croatian) 2007 (x32 Version: 12.0.4518.1039)
Microsoft Office Proof (Czech) 2007 (x32 Version: 12.0.4518.1025)
Microsoft Office Proof (Danish) 2007 (x32 Version: 12.0.4518.1021)
Microsoft Office Proof (Dutch) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (Estonian) 2007 (x32 Version: 12.0.4518.1042)
Microsoft Office Proof (Finnish) 2007 (x32 Version: 12.0.4518.1017)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (Galician) 2007 (x32 Version: 12.0.4518.1070)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (Greek) 2007 (x32 Version: 12.0.4518.1029)
Microsoft Office Proof (Gujarati) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (Hebrew) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (Hindi) 2007 (x32 Version: 12.0.4518.1017)
Microsoft Office Proof (Hungarian) 2007 (x32 Version: 12.0.4518.1029)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (Japanese) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (Kannada) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (Korean) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (Latvian) 2007 (x32 Version: 12.0.4518.1045)
Microsoft Office Proof (Lithuanian) 2007 (x32 Version: 12.0.4518.1048)
Microsoft Office Proof (Marathi) 2007 (x32 Version: 12.0.4518.1017)
Microsoft Office Proof (Norwegian (Bokmål)) 2007 (x32 Version: 12.0.4518.1022)
Microsoft Office Proof (Norwegian (Nynorsk)) 2007 (x32 Version: 12.0.4518.1022)
Microsoft Office Proof (Polish) 2007 (x32 Version: 12.0.4518.1020)
Microsoft Office Proof (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (Portuguese (Portugal)) 2007 (x32 Version: 12.0.4518.1029)
Microsoft Office Proof (Punjabi) 2007 (x32 Version: 12.0.4518.1017)
Microsoft Office Proof (Romanian) 2007 (x32 Version: 12.0.4518.1039)
Microsoft Office Proof (Russian) 2007 (x32 Version: 12.0.4518.1024)
Microsoft Office Proof (Serbian (Latin)) 2007 (x32 Version: 12.0.4518.1041)
Microsoft Office Proof (Slovak) 2007 (x32 Version: 12.0.4518.1025)
Microsoft Office Proof (Slovenian) 2007 (x32 Version: 12.0.4518.1039)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (Swedish) 2007 (x32 Version: 12.0.4518.1018)
Microsoft Office Proof (Tamil) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (Telugu) 2007 (x32 Version: 12.0.4518.1017)
Microsoft Office Proof (Thai) 2007 (x32 Version: 12.0.4518.1017)
Microsoft Office Proof (Turkish) 2007 (x32 Version: 12.0.4518.1027)
Microsoft Office Proof (Ukrainian) 2007 (x32 Version: 12.0.4518.1022)
Microsoft Office Proof (Urdu) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (Bulgarian) 2007 (x32 Version: 12.0.4518.1043)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Kit 2007 (x32 Version: 12.0.4518.1070)
Microsoft Office Proofing Tools Kit 2007 (x32 Version: 12.0.4518.1070)
Microsoft Office ProofMUI (English) 2007 (x32 Version: 12.0.4518.1070)
Microsoft Office Publisher MUI (Bulgarian) 2007 (x32 Version: 12.0.4518.1042)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (Bulgarian) 2007 (Version: 12.0.4518.1042)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (Bulgarian) 2007 (x32 Version: 12.0.4518.1042)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Word MUI (Bulgarian) 2007 (x32 Version: 12.0.4518.1042)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office X MUI (Bulgarian) 2007 (x32 Version: 12.0.4518.1042)
Microsoft Portable Library Multi-Targeting Pack (x32 Version: 11.0.60418.17931)
Microsoft Portable Library Multi-Targeting Pack Language Pack - enu (x32 Version: 11.0.50709.17929)
Microsoft Report Viewer Add-On for Visual Studio 2012 (x32 Version: 11.1.2802.16)
Microsoft Silverlight (x32 Version: 5.1.10411.0)
Microsoft Silverlight 4 SDK (x32 Version: 4.0.60310.0)
Microsoft Silverlight 5 SDK (x32 Version: 5.0.61118.0)
Microsoft SQL Server 2012 Command Line Utilities  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Data-Tier App Framework  (Version: 11.0.2316.0)
Microsoft SQL Server 2012 Data-Tier App Framework  (x32 Version: 11.0.2316.0)
Microsoft SQL Server 2012 Express LocalDB  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Management Objects  (x32 Version: 11.0.2100.60)
Microsoft SQL Server 2012 Management Objects  (x64) (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Native Client  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 T-SQL Language Service  (x32 Version: 11.0.2100.60)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (Version: 4.0.8876.1)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (x32 Version: 11.1.20627.00)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (x32 Version: 11.1.20627.00)
Microsoft SQL Server System CLR Types (x32 Version: 10.50.1600.1)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1600.1)
Microsoft System CLR Types for SQL Server 2012 (x32 Version: 11.0.2100.60)
Microsoft System CLR Types for SQL Server 2012 (x64) (Version: 11.0.2100.60)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012  x64 Designtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 32bit Compilers - ENU Resources (x32 Version: 11.0.60610)
Microsoft Visual C++ 2012 Compilers - ENU Resources (x32 Version: 11.0.60610)
Microsoft Visual C++ 2012 Compilers (x32 Version: 11.0.60610)
Microsoft Visual C++ 2012 Core Libraries (x32 Version: 11.0.51106)
Microsoft Visual C++ 2012 Extended Libraries (x32 Version: 11.0.60610)
Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries (x32 Version: 11.0.60610)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610)
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.60610 (x32 Version: 11.0.60610)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610)
Microsoft Visual C++ 2012 x86-x64 Compilers (x32 Version: 11.0.60610)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 11.0.50727)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31125)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31130)
Microsoft Visual Studio 2012 Devenv (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 Devenv Resources (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 IntelliTrace Core amd64 (Version: 11.0.60315)
Microsoft Visual Studio 2012 IntelliTrace Core x86 (x32 Version: 11.0.60315)
Microsoft Visual Studio 2012 IntelliTrace Front End x86 (x32 Version: 11.0.60315)
Microsoft Visual Studio 2012 Performance Collection Tools - ENU (Version: 11.0.50727)
Microsoft Visual Studio 2012 Performance Collection Tools (Version: 11.0.50727)
Microsoft Visual Studio 2012 Preparation (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 SharePoint Developer Tools (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 Shell (Minimum) (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 Shell (Minimum) Resources (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU (x32 Version: 4.0.8876.1)
Microsoft Visual Studio Premium 2012 - ENU (x32 Version: 11.0.50727)
Microsoft Visual Studio Premium 2012 (x32 Version: 11.0.50727)
Microsoft Visual Studio Professional 2012 - ENU (x32 Version: 11.0.50727)
Microsoft Visual Studio Professional 2012 (x32 Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Object Model (Version: 11.0.60610)
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU (Version: 11.0.60610)
Microsoft Visual Studio Team Foundation Server 2012 Storyboarding (Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - ENU (Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer (x32 Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU (x32 Version: 11.0.50727)
Microsoft Visual Studio Ultimate 2012 - ENU (x32 Version: 11.0.50727)
Microsoft Visual Studio Ultimate 2012 (x32 Version: 11.0.50727)
Microsoft Visual Studio Ultimate 2012 (x32 Version: 11.0.50727.1)
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core (x32 Version: 11.0.50727)
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources (x32 Version: 11.0.50727)
Microsoft Web Deploy 3.0 (Version: 3.1236.1631)
Microsoft Web Deploy dbSqlPackage Provider - enu (x32 Version: 10.3.20225.0)
Microsoft Web Developer Tools 2012.2 - Visual Studio 2012 (x32 Version: 1.2.40308.0)
Microsoft Web Platform Installer 4.0 (Version: 4.0.1622)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Mortal Kombat Komplete Edition (x32)
NVIDIA 3D Vision Controller Driver 331.58 (Version: 331.58)
NVIDIA 3D Vision Driver 331.58 (Version: 331.58)
NVIDIA Control Panel 331.58 (Version: 331.58)
NVIDIA GeForce Experience 1.6.1 (Version: 1.6.1)
NVIDIA Graphics Driver 331.58 (Version: 331.58)
NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4)
NVIDIA Install Application (Version: 2.1002.133.902)
NVIDIA PhysX (x32 Version: 9.13.0725)
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3158)
NVIDIA Update 8.3.14 (Version: 8.3.14)
NVIDIA Update Components (Version: 8.3.14)
NVIDIA Virtual Audio 1.2.5 (Version: 1.2.5)
Origin (x32 Version: 9.2.1.4399)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1)
Prerequisites for SSDT  (x32 Version: 11.0.2100.60)
PunkBuster Services (x32 Version: 0.991)
Realtek Ethernet Controller Driver (x32 Version: 7.50.1123.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6690)
SHIELD Streaming (Version: 1.05.28)
Skype™ 6.6 (x32 Version: 6.6.106)
SmartCharger (Version: 1.0.4.1)
StarCraft II: Heart of the Swarm © Blizzard Entertainment version 1 (x32 Version: 1)
TeamSpeak 3 Client (Version: 3.0.10)
The KMPlayer (remove only) (x32 Version: 3.6.0.87)
The Sims™ 3 (x32 Version: 1.50.56)
The Sims™ 3 Ambitions (x32 Version: 4.0.87)
The Sims™ 3 Pets (x32 Version: 10.0.96)
The Sims™ 3 University Life (x32 Version: 18.0.126)
The Sims™ 3 World Adventures (x32 Version: 2.0.86)
Tombraider (x32)
TuneUp Utilities 2013 (x32 Version: 13.0.3000.138)
TuneUp Utilities Language Pack (en-US) (x32 Version: 13.0.3000.138)
Update for  (KB2504637) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
VibrateGameDeviceDrivers40 (Version: 4.0.09.1130)
Visual Studio 2012 Prerequisites - ENU Language Pack (Version: 11.0.50727)
Visual Studio 2012 Prerequisites (Version: 11.0.50727)
Visual Studio 2012 Update 3 (KB2707250) (x32 Version: 11.0.60610)
Visual Studio Extensions for Windows Library for JavaScript (x32 Version: 1.0.9201.20602)
WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0)
WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0)
WCF RIA Services V1.0 SP2 (x32 Version: 4.1.61829.0)
Winamp (x32 Version: 5.63 )
Windows App Certification Kit Native Components (Version: 8.59.29736)
Windows App Certification Kit x64 (x32 Version: 8.59.29750)
Windows Azure Tools for LightSwitch HTML Client for Visual Studio 2012 (x32 Version: 1.8.60301.1601)
Windows Runtime Intellisense Content - en-us (x32 Version: 8.59.25584)
Windows Software Development Kit (x32 Version: 8.59.25584)
Windows Software Development Kit DirectX x64 Remote (Version: 8.59.25584)
Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.59.25584)
Windows Software Development Kit for Windows Store Apps (x32 Version: 8.59.25584)
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.59.25584)
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (x32 Version: 8.59.25584)
Windows XP Targeting with C++ (Version: 11.0.51106)
Windows XP Targeting with C++ (x32 Version: 11.0.51106)
WinRAR 4.20 (64-битова версия) (Version: 4.20.0)
 
==================== Restore Points  =========================
 
09-10-2013 12:46:00 Windows Update
10-10-2013 03:39:13 Windows Update
15-10-2013 12:47:51 Windows Update
22-10-2013 14:49:39 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {3CED8E2C-4A52-4F73-9BF4-BB7DE25E16F0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-15] (Google Inc.)
Task: {3D9AEB5B-87BA-4C98-8A9B-28A4FE3CCED3} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {7349FF85-0FBF-4815-8885-9347890919BA} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {7D0B76BC-3EA1-4CF7-AA00-64D92F37BDD3} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2012-11-29] (TuneUp Software)
Task: {9AA6981E-23BB-47A0-A920-61F93BD8E311} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {ADE68BB3-92FA-45BC-809D-0AEBDFBF6189} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11] (Adobe Systems Incorporated)
Task: {C42BC674-52FB-4DDB-AC88-66C58A631B0F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-15] (Google Inc.)
Task: {DC76DC97-B24D-40F3-97C2-1E4FCD958ADC} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-10-27 13:33 - 2013-10-27 13:33 - 00098816 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\win32api.pyd
2013-10-27 13:33 - 2013-10-27 13:33 - 00110080 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\PyWinTypes27.dll
2013-10-27 13:33 - 2013-10-27 13:33 - 00364544 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\pythoncom27.dll
2013-10-27 13:33 - 2013-10-27 13:33 - 00044032 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\_socket.pyd
2013-10-27 13:33 - 2013-10-27 13:33 - 01153024 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\_ssl.pyd
2013-10-27 13:33 - 2013-10-27 13:33 - 00320512 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\win32com.shell.shell.pyd
2013-10-27 13:33 - 2013-10-27 13:33 - 00711680 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\_hashlib.pyd
2013-10-27 13:33 - 2013-10-27 13:33 - 01175040 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\wx._core_.pyd
2013-10-27 13:33 - 2013-10-27 13:33 - 00805888 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\wx._gdi_.pyd
2013-10-27 13:33 - 2013-10-27 13:33 - 00811008 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\wx._windows_.pyd
2013-10-27 13:33 - 2013-10-27 13:33 - 01062400 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\wx._controls_.pyd
2013-10-27 13:33 - 2013-10-27 13:33 - 00735232 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\wx._misc_.pyd
2013-10-27 13:33 - 2013-10-27 13:33 - 00128512 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\_elementtree.pyd
2013-10-27 13:33 - 2013-10-27 13:33 - 00127488 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\pyexpat.pyd
2013-10-27 13:33 - 2013-10-27 13:33 - 00557056 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\pysqlite2._sqlite.pyd
2013-10-27 13:33 - 2013-10-27 13:33 - 00087040 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\_ctypes.pyd
2013-10-27 13:33 - 2013-10-27 13:33 - 00119808 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\win32file.pyd
2013-10-27 13:33 - 2013-10-27 13:33 - 00108544 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\win32security.pyd
2013-10-27 13:33 - 2013-10-27 13:33 - 00018432 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\win32event.pyd
2013-10-27 13:33 - 2013-10-27 13:33 - 00038912 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\win32inet.pyd
2013-10-27 13:33 - 2013-10-27 13:33 - 00122368 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\wx._wizard.pyd
2013-10-27 13:33 - 2013-10-27 13:33 - 00686080 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\unicodedata.pyd
2013-10-27 13:33 - 2013-10-27 13:33 - 00026624 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\_multiprocessing.pyd
2013-10-27 13:33 - 2013-10-27 13:33 - 00070656 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\wx._html2.pyd
2013-10-27 13:33 - 2013-10-27 13:33 - 00010240 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\select.pyd
2013-10-27 13:33 - 2013-10-27 13:33 - 00025600 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\win32pdh.pyd
2013-10-27 13:33 - 2013-10-27 13:33 - 00504832 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\windows._cacheinvalidation.pyd
2013-10-27 13:33 - 2013-10-27 13:33 - 00011264 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\win32crypt.pyd
2013-10-27 13:33 - 2013-10-27 13:33 - 00035840 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\win32process.pyd
2013-10-27 13:33 - 2013-10-27 13:33 - 00017408 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\win32profile.pyd
2013-10-27 13:33 - 2013-10-27 13:33 - 00022528 _____ () C:\Users\Konstantin\AppData\Local\Temp\_MEI25002\win32ts.pyd
2013-06-18 00:10 - 2009-10-28 08:28 - 00249856 _____ () C:\Program Files (x86)\GamingMouse\language.dll
2013-06-15 16:13 - 2011-12-16 04:39 - 01198872 ____R () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-10-17 17:00 - 2013-10-09 02:01 - 00698832 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
2013-10-17 17:00 - 2013-10-09 02:01 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
2013-10-17 17:00 - 2013-10-09 02:02 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-10-17 17:00 - 2013-10-09 02:02 - 00415184 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-10-17 17:00 - 2013-10-09 02:01 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/27/2013 01:35:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/27/2013 01:33:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/27/2013 01:29:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/27/2013 00:50:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/27/2013 00:44:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/27/2013 00:40:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/26/2013 08:51:23 PM) (Source: Application Error) (User: )
Description: Faulting application name: BatmanOrigins.exe, version: 1.0.0.0, time stamp: 0x52623198
Faulting module name: BatmanOrigins.exe, version: 1.0.0.0, time stamp: 0x52623198
Exception code: 0xc0000005
Fault offset: 0x000a32c4
Faulting process id: 0x15fc
Faulting application start time: 0xBatmanOrigins.exe0
Faulting application path: BatmanOrigins.exe1
Faulting module path: BatmanOrigins.exe2
Report Id: BatmanOrigins.exe3
 
Error: (10/26/2013 01:12:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/26/2013 00:10:22 AM) (Source: Application Error) (User: )
Description: Faulting application name: MassEffect3.exe, version: 1.5.5427.124, time stamp: 0x50d4cab0
Faulting module name: MassEffect3.exe, version: 1.5.5427.124, time stamp: 0x50d4cab0
Exception code: 0xc0000005
Fault offset: 0x007a8d44
Faulting process id: 0xaec
Faulting application start time: 0xMassEffect3.exe0
Faulting application path: MassEffect3.exe1
Faulting module path: MassEffect3.exe2
Report Id: MassEffect3.exe3
 
Error: (10/25/2013 01:31:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (10/27/2013 02:04:29 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%-2147024891
 
Error: (10/27/2013 02:04:29 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891
 
Error: (10/27/2013 01:34:02 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891
 
Error: (10/27/2013 01:34:02 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%-2147024891
 
Error: (10/27/2013 01:33:59 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
Error: (10/27/2013 01:33:56 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
 
Error: (10/27/2013 01:33:50 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!
 
Error: (10/27/2013 01:31:23 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%-2147024891
 
Error: (10/27/2013 01:31:23 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891
 
Error: (10/27/2013 01:31:20 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-07-23 00:44:13.279
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Foxconn\FOX LiveUpdate\FXDrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-23 00:44:13.260
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Foxconn\FOX LiveUpdate\FXDrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-30 06:08:48.650
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Foxconn\FOX LiveUpdate\FXDrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-30 06:08:48.634
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Foxconn\FOX LiveUpdate\FXDrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-30 06:08:02.753
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Foxconn\FOX LiveUpdate\FXDrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-30 06:08:02.737
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Foxconn\FOX LiveUpdate\FXDrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-30 06:03:14.732
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Foxconn\FOX LiveUpdate\FXDrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-30 06:03:14.716
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Foxconn\FOX LiveUpdate\FXDrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-30 05:52:21.115
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Foxconn\FOX LiveUpdate\FXDrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-30 05:52:21.097
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Foxconn\FOX LiveUpdate\FXDrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 37%
Total physical RAM: 8156.09 MB
Available physical RAM: 5113.05 MB
Total Pagefile: 8154.27 MB
Available Pagefile: 4933.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: (SSD) (Fixed) (Total:111.69 GB) (Free:15.18 GB) NTFS
Drive d: (HDD Part 1) (Fixed) (Total:700.1 GB) (Free:310.63 GB) NTFS
Drive e: (HDD Part 2) (Fixed) (Total:231.41 GB) (Free:149.72 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 3843E0B6)
Partition 1: (Not Active) - (Size=932 GB) - (Type=42)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 3843E08D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Run Malwarebytes Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware,

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the log

 

Next,

 

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:

 


Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender

 


Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Let me see those logs...

 

Kevin

 

fixlist.txt

Link to post
Share on other sites

Ok, here it is:

 

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-10-2013 01
Ran by Konstantin at 2013-10-27 15:07:09 Run:1
Running from C:\Users\Konstantin\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Policies\Explorer\Run: [CDisplay] - C:\Users\Konstantin\AppData\Roaming\F35F4B\F35F4B.exe [32768 2013-08-29] ( (Microsoft Corporation))
C:\Users\Konstantin\AppData\Roaming\F35F4B\F35F4B.exe
MountPoints2: {14386d1d-d5a8-11e2-8f23-d02788c5efcf} - G:\setup.exe
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation)
cmd: netsh winsock reset
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{51ba22d6-4f43-1b3e-b5d4-0ac5521585d1}\   \...\???\{51ba22d6-4f43-1b3e-b5d4-0ac5521585d1}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
2013-10-27 12:39 - 2013-10-27 13:26 - 00000000 _RSHD C:\Users\Konstantin\mcbjb
2013-10-26 13:22 - 2013-10-27 13:26 - 00000000 _RSHD C:\Users\Konstantin\soyvl
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Users\Konstantin\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
End
 
 
 
*****************
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\CDisplay => Value deleted successfully.
C:\Users\Konstantin\AppData\Roaming\F35F4B\F35F4B.exe => Moved successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14386d1d-d5a8-11e2-8f23-d02788c5efcf} => Key deleted successfully.
HKCR\CLSID\{14386d1d-d5a8-11e2-8f23-d02788c5efcf} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
The possible legit Catalog entry 000000000001 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000002 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000003 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000004 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000005 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000006 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000007 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000008 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000009 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000010 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
The possible legit Catalog entry 000000000001 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000002 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000003 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000004 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000005 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000006 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000007 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000008 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000009 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000010 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
 
=========  netsh winsock reset =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
*etadpug => Service deleted successfully.
C:\Users\Konstantin\mcbjb => Moved successfully.
C:\Users\Konstantin\soyvl => Moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.
C:\Users\Konstantin\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
 
==== End of Fixlog ====
 
MWB log (didn't detect any malware):
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.27.03
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Konstantin :: KONSTANTIN-PC [administrator]
 
27.10.2013 г. 15:09:45 ч.
mbam-log-2013-10-27 (15-09-45).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: File System | P2P
Objects scanned: 220386
Time elapsed: 12 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
 
 
 
 
 
 
 
 
 
Farbar service scanner log:
 
 
Farbar Service Scanner Version: 24-10-2013
Ran by Konstantin (administrator) on 27-10-2013 at 15:14:23
Running from "C:\Users\Konstantin\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
 
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of MpsSvc. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of MpsSvc. The value does not exist.
Unable to retrieve ServiceDll of MpsSvc. The value does not exist.
 
bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
 
 
Firewall Disabled Policy: 
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
 
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
 
 
Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
 
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
 
Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
 
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-10-09 13:21] - [2013-09-14 03:10] - 0497152 ____A (Microsoft Corporation) 314C17917AC8523EC77A710215012A65
 
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-10-09 13:21] - [2013-09-08 04:30] - 1903552 ____A (Microsoft Corporation) 40AF23633D197905F03AB5628C558C51
 
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
 
 
 
security check log:
 
 Results of screen317's Security Check version 0.99.74  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 TuneUp Utilities 2013   
 TuneUp Utilities Language Pack (en-US) 
 TuneUp Utilities 2013   
 Visual Studio Extensions for Windows Library for JavaScript 
 Java 7 Update 25  
 JavaScript Tooling    
 Java version out of Date! 
 Adobe Reader XI  
 Google Chrome 30.0.1599.101  
 Google Chrome 30.0.1599.69  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 30% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
 
 
 
 
Link to post
Share on other sites

Download Services Repair tool, available here - http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe and Save it to your Desktop. Right click on it and select Run As Administrator, follow the prompts. It should reboot when it finishes. If not reboot it yourself.

 

Next,

 

Rerun FSS and post a fresh log....

Link to post
Share on other sites

Download Services Repair tool, available here - http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe and Save it to your Desktop. Right click on it and select Run As Administrator, follow the prompts. It should reboot when it finishes. If not reboot it yourself.

 

Next,

 

Rerun FSS and post a fresh log....

 

Here it is:

 

Farbar Service Scanner Version: 24-10-2013
Ran by Konstantin (administrator) on 27-10-2013 at 16:07:54
Running from "C:\Users\Konstantin\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Other Services:
==============
Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
 
Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
 
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-10-09 13:21] - [2013-09-14 03:10] - 0497152 ____A (Microsoft Corporation) 314C17917AC8523EC77A710215012A65
 
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-10-09 13:21] - [2013-09-08 04:30] - 1903552 ____A (Microsoft Corporation) 40AF23633D197905F03AB5628C558C51
 
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
Link to post
Share on other sites

I attache two zip files, unzip each one in turn to your Desktop. Double click each .reg file in turn to merge to the registry. Accept any alerts or prompts. Re-boot when complete.

 

Re-run FSS and post new log

 

Farbar Service Scanner Version: 24-10-2013
Ran by Konstantin (administrator) on 27-10-2013 at 16:29:53
Running from "C:\Users\Konstantin\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-10-09 13:21] - [2013-09-14 03:10] - 0497152 ____A (Microsoft Corporation) 314C17917AC8523EC77A710215012A65
 
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-10-09 13:21] - [2013-09-08 04:30] - 1903552 ____A (Microsoft Corporation) 40AF23633D197905F03AB5628C558C51
 
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
Link to post
Share on other sites

Services all look good now, how is your system responding?

 

One issue I can see is no Anti-virus program installed, that must be corrected immediately. Go to the following link:

 

http://www.microsoft.com/en-gb/security/pc-security/mse.aspx

 

Download and install MSE, update and run a quick scan. Let me know if anything is found.

 

Next,

 

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

 

Let me know if the above completes OK, also if any remaining issues or concerns..

 

Kevin

Link to post
Share on other sites

Thank you very much for your help, Kevin! Everything seems ok now, and MSE didn't find any threats. I have to say, though, I still have concerns that there could be malware we haven't detected. I know that rootkits are very hard to detect. Do you think I should consider making a system restore, or reinstalling Windows, or anything like that? And one other thing. I have depended on MWB to protect my PC for a long time and I consider it one of the best anti malware solutions out there. I hadn't installed another anti virus program for fear they could interfere with one another. Do you think I should keep both MWB and MSE or just use one of them?

Link to post
Share on other sites

I believe your system is clean, however I will want to run an online AV scan before we give the all clear. The scan I use is by ESET, is very thorough and will take several hours.

 

Regarding security, yes Malwarebytes is very highly recommended not just at this Forum but many others also, you must be aware that MWB does not have an Anti-virus component, you have to run one such as I recommended side by side with MWB.

 

My own set up follows, you may find this helpful:

 

Windows own Firewall, Microsoft Security Essentials and Malwarebytes Pro. Windows FW and MSE are free, MB does also have a free version, however I prefer the pro version as it provides auto updates and realtime protection. Cost is about £20 for a lifetime license.

 

As an extra layer I also use WinPatrol, the free version is adeqaute for general home use. Available here: http://www.winpatrol.com/download.html

 

For my browser I use Firefox with these addons: Web of Trust, Adblock Plus, Flash Block, NoScipt, Ghostery. When Firefox is open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons, use, start, stop or disable those features etc....

Before using NoScript read from this link http://noscript.net/ makes it easy to understand....

 

Understanding Windows 7 Firewall - http://windows.microsoft.com/en-GB/windows7/Understanding-Windows-Firewall-settings

 

Understanding Microsoft Security Essentials - http://www.microsoft.com/en-gb/security/pc-security/mse.aspx

 

Understanding Malwarebytes, how to create an exclusion in MSE - http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=162100entry162100

 

Understanding WinPatrol - http://www.winpatrol.com/features.html

 

I also use the Professional version of Sandboxie, I believe there is also free version available. Visit this link http://www.sandboxie.com/ for access to d/l, also make sure to use the "Help and FAQ" option to understand its uses, specifically how to run your browser sandboxed!.

 

Next,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report here

 

Kevin...

Link to post
Share on other sites

Before I scan with ESET, I want to share some results. I did a full scan with MSE and it found 6 trojans, and all of them were in the folder C\FRST\Quarantine. Does that mean that FRST found some trojans and quarantined them? Because I don't remember getting a notification it found any malware. I'm gonna scan with ESET now.

Link to post
Share on other sites

Yep Sunderland is my team, good result today but many more needed like that to survive... We can clean up now:

 

We need to remove FRST, first it is very important to deal with its Quarantine folder using FRST itself..

OK, we continue:

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful. 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 

  • Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.
  • Double click OTC_Icon.jpg icon to start the program.
    If you are using Vista or Windows 7 accept UAC
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
  • This will remove tools we have used and itself.

 

Any tools/logs remaining on the Desktop or downloads folder can be deleted.

 

Next,

 

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

 

Next,

 

Create a new restore point:

 

   1. Right-click on Computer and go to Properties.

   2. Next click on the System Protection link.

   3. The System Properties dialog screen opens up and you will want to click on Create.

   4. Type in a description for the restore point which will help you remember the point at which it was created. Click on create.

   5. You should see the message "The restore point was created successfully

 

To remove all but the most recent restore point do the following:

 

   1.      Open Disk Cleanup by clicking the Start button 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33.jpg. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.

   2.      If prompted, select the drive that you want to clean up, and then click OK.

   3.      In the Disk Cleanup for (usually C:\) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

   4.      If prompted, select the drive that you want to clean up, and then click OK.

   5.      Click the More Options tab, under System Restore and Shadow Copies, click Clean up.

   6.      In the Disk Cleanup dialog box, click Delete.

   7.      Click Delete Files, and then click OK. Re-Boot your PC.

 

Let me know if those steps complete OK, also if any remaining issues or concerns...

 

Kevin

Link to post
Share on other sites

You`re very welcome, comeback anytime....

 

If all is ok with no issues here are some tips to reduce the potential for malware infection in the future:

 

Make proper use of your antivirus and firewall

 

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

 

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

 

Install and use WinPatrol from here http://www.winpatrol.com/download.html  This will inform you of any attempted unauthorized changes to your system.

 

WinPatrol features explained here http://www.winpatrol.com/features.html

 

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates. (Use stand alone version, not a full install)

If Java or Adobe are updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed. <--- Very important

 

Use a safer web browser

 

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

 

FireFox http://www.mozilla.com/en-US/,

 

Opera http://www.opera.com/, and

 

Chrome http://www.google.com/chrome.

 

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here http://www.bleepingcomputer.com/tutorials/tutorial102.html which will help you to make IE MUCH safer.

 

These browser add-ons will help to make your browser safer:

 

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

 

Available for Firefox and Internet Explorer.

 

Green to go,

Yellow for caution, and

Red to stop.

 

 

Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

 

These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article:

http://browsers.about.com/od/addonsplugi2/tp/browser_security_privacy.htm

 

Here a couple of links by two security experts that will give some excellent tips and advice.

 

So how did I get infected in the first place by Tony Klein from here: http://www.spywareinfoforum.com/index.php?/topic/60955-so-how-did-i-get-infected-in-the-first-place/

 

How to prevent Malware by Miekiemoes from here: http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

 

Finally this link http://www.geekstogo.com/forum/topic/38-free-antivirus-and-antispyware-software will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

 

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

 

Take care,

 

Kevin

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.