TechSpot

Malware Issue

By MarkWayne
Jul 31, 2013
  1. Having Problems w/ the "random ads audio virus", and "every download is a virus" virus. Any help would be greatly appreciated. The following is a scan from the Farbar recovery tool;
    The following is the scan from the farbar recovery scan tool Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
    Ran by SYSTEM on 31-07-2013 20:14:01
    Running from H:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    Internet Explorer Version 10
    Boot Mode: Recovery
    The current controlset is ControlSet001
    ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
    ==================== Registry (Whitelisted) ==================
    HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2012-01-14] (Synaptics Incorporated)
    HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2012-01-14] (IDT, Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
    HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
    HKLM\...\InprocServer32: [Default-cscui] <==== ATTENTION!
    HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
    HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-12-30] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2012-01-14] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
    HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2012-01-14] (cyberlink)
    HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
    HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [WRSVC] - C:\Program Files\Webroot\WRSA.exe [742408 2013-07-13] (Webroot)
    HKLM-x32\...\Run: [Anvi Smart Defender] - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe [1563720 2013-06-07] (Anvisoft)
    HKU\Marques\...\Run: [AdobeBridge] - [x]
    HKU\Marques\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
    HKU\Marques\...\Policies\system: [DisableCMD] 0
    HKU\Marques\...\Policies\system: [NoDispAppearancePage] 0
    HKU\Marques\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\Marques\...\Policies\system: [NoDispSettingsPage] 0
    ==================== Services (Whitelisted) =================
    S2 AdblockerSrv; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [314064 2013-06-13] ()
    S2 asdsrv; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [739400 2013-06-07] (Anvisoft)
    S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-24] (CyberLink)
    S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [742408 2013-07-13] (Webroot)
    ==================== Drivers (Whitelisted) ====================
    S2 asdnet; C:\Windows\system32\DRIVERS\asdnet.sys [19280 2013-06-08] ()
    S2 asdnet; C:\Windows\system32\DRIVERS\asdnet.sys [19280 2013-06-08] ()
    S1 asdrm; C:\Windows\System32\DRIVERS\asdrm.sys [18768 2012-11-06] (Anvisoft)
    S2 asdrs; C:\Windows\system32\DRIVERS\asdrs.sys [23376 2012-11-06] (Anvisoft)
    S2 asdrs; C:\Windows\system32\DRIVERS\asdrs.sys [23376 2012-11-06] (Anvisoft)
    S1 asdws; C:\Windows\System32\DRIVERS\asdws.sys [17232 2012-11-06] ()
    S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-12] (DT Soft Ltd)
    S0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [114184 2013-07-13] (Webroot)
    S0 SR;
    S2 srservice;
    S4 vsserv;
    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========
    2013-07-31 16:46 - 2013-07-31 16:46 - 00000000 ____D C:\FRST
    2013-07-26 17:04 - 2013-07-31 15:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-07-26 17:04 - 2013-07-26 17:04 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-07-26 17:04 - 2013-07-26 17:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-07-23 19:14 - 2013-07-23 19:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Marques\Downloads\mbam-setup-1.75.0.1300.exe
    2013-07-23 18:50 - 2013-07-23 18:50 - 21041152 _____ C:\Users\Marques\Desktop\log.evtx
    2013-07-23 18:50 - 2013-07-23 18:50 - 00000000 ____D C:\Users\Marques\Desktop\LocaleMetaData
    2013-07-20 18:25 - 2013-07-20 18:32 - 00000000 ____D C:\Users\Marques\Downloads\[ www.UsaBit.com ] - Pacific Rim 2013 CAM XviD-THC
    2013-07-20 18:25 - 2013-07-20 18:29 - 00000000 ____D C:\Users\Marques\Downloads\Despicable Me 2 2013 720p TS XviD MP3 MiLLENiUM
    2013-07-20 18:24 - 2013-07-20 18:28 - 00000000 ____D C:\Users\Marques\Downloads\Superman.Man.of.Steel.2013.720p.R6.LiNE.x264.AAC-DiGiTAL
    2013-07-20 18:21 - 2013-07-20 18:37 - 276939742 _____ C:\Users\Marques\Downloads\Filipina Sex Diary_March 19_TOPSIDER.avi
    2013-07-20 18:15 - 2013-07-20 18:18 - 00000000 ____D C:\Users\Marques\Downloads\Squirt.Gasms.XXX.DVDRip.x264-STARLETS
    2013-07-20 18:00 - 2013-07-20 18:00 - 00262144 _____ C:\Windows\Minidump\072013-27939-01.dmp
    2013-07-20 11:49 - 2013-07-20 11:49 - 00001460 _____ C:\Users\Public\Desktop\Anvi AD Blocker.lnk
    2013-07-20 11:48 - 2013-06-08 18:40 - 00019280 _____ C:\Windows\System32\Drivers\asdnet.sys
    2013-07-18 22:46 - 2013-07-18 22:46 - 00000000 ____D C:\Users\Marques\Downloads\Amateur Swinger Party 2 (Zero Tolerance) XXX (DVDRip)
    2013-07-17 22:57 - 2013-07-17 22:58 - 00000000 ____D C:\Users\Marques\Downloads\Tampa.Swingers.Party.2010.XXX.DVDRip.XviD-CiCXXX
    2013-07-15 21:27 - 2013-07-15 21:27 - 00000000 ____D C:\Users\Marques\Downloads\Mary Ann
    2013-07-15 12:47 - 2013-07-18 16:44 - 00000000 ____D C:\Users\Marques\AppData\Roaming\Anvisoft
    2013-07-15 12:46 - 2013-07-20 11:49 - 00000000 ____D C:\ProgramData\Anvisoft
    2013-07-15 12:46 - 2013-07-15 13:04 - 00001144 _____ C:\Users\Public\Desktop\Anvi Smart Defender.lnk
    2013-07-15 12:46 - 2013-07-15 12:46 - 00000000 ____D C:\Program Files (x86)\Anvisoft
    2013-07-15 12:46 - 2012-11-06 23:16 - 00023376 _____ (Anvisoft) C:\Windows\System32\Drivers\asdrs.sys
    2013-07-15 12:46 - 2012-11-06 23:16 - 00018768 _____ (Anvisoft) C:\Windows\System32\Drivers\asdrm.sys
    2013-07-15 12:46 - 2012-11-06 23:16 - 00017232 _____ C:\Windows\System32\Drivers\asdws.sys
    2013-07-15 12:44 - 2013-07-15 12:44 - 00000000 ____D C:\Users\Marques\Downloads\Anvi Smart Defender Pro v1.5 with Key [h33t][iahq76]
    2013-07-15 12:01 - 2013-07-15 12:01 - 00000000 ____D C:\TDSSKiller_Quarantine
    2013-07-14 23:13 - 2013-07-14 23:13 - 00000000 ____D C:\Users\Marques\Downloads\Adobe Flash Player 11.8.800.94
    2013-07-14 23:00 - 2013-07-14 23:00 - 00011383 _____ C:\Users\Marques\Downloads\[kickass.to]adobe.flash.player.11.8.800.94.july.2013.torrent
    2013-07-14 21:31 - 2013-07-14 21:32 - 00000000 ____D C:\Users\Marques\Downloads\Kaspersky TDSSKiller 2.7.30.0 Portable[Team Nanban][TPB]
    2013-07-14 20:03 - 2013-07-14 20:03 - 00000000 ____D C:\Users\Marques\Downloads\Dexter S08E03 HDTV x264-ASAP[ettv]
    2013-07-14 20:01 - 2013-07-14 20:41 - 480567235 _____ C:\Users\Marques\Downloads\True.Blood.S06E05.****.the.Pain.Away.WEB-DL.x264.AAC.mp4
    2013-07-13 08:56 - 2013-07-13 09:09 - 00000000 ____D C:\Users\Marques\AppData\Local\lptmp523109329
    2013-07-13 08:37 - 2013-07-20 21:56 - 00151728 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
    2013-07-13 08:37 - 2013-07-13 08:37 - 00114184 _____ (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
    2013-07-13 08:37 - 2013-07-13 08:37 - 00000000 ____D C:\Program Files\Webroot
    2013-07-13 08:22 - 2013-07-13 08:22 - 00007334 _____ C:\Users\Marques\Downloads\[kickass.to]webroot.secureanywhere.complete.2013.crack.karanpc.torrent
    2013-07-13 07:36 - 2013-07-13 07:36 - 00262144 _____ C:\Windows\Minidump\071313-22308-01.dmp
    2013-07-12 10:27 - 2013-07-13 10:32 - 00000000 ____D C:\Users\Marques\Downloads\White House Down 2013 TS x264-THC
    2013-07-11 17:59 - 2013-07-13 10:32 - 00000000 ____D C:\Users\Marques\AppData\Local\lptmp102322530
    2013-07-11 17:56 - 2013-07-31 15:38 - 00000000 ____D C:\ProgramData\WRData
    2013-07-11 17:54 - 2013-07-13 09:52 - 00000000 ____D C:\Users\Marques\Downloads\Webroot SecureAnywhere Complete 2013 [KaranPc]
    2013-07-11 14:56 - 2013-07-11 14:56 - 00000000 ____D C:\Windows\Sun
    2013-07-08 11:29 - 2013-07-08 11:31 - 00000000 ____D C:\Users\Marques\Downloads\The Lone Ranger 2013 TS XViD UNiQUE
    2013-07-08 11:28 - 2013-07-11 10:47 - 00000000 ____D C:\Users\Marques\Downloads\Olympus.Has.Fallen.2013.BRRip.XviD-S4A
    2013-07-08 11:28 - 2013-07-11 10:47 - 00000000 ____D C:\Users\Marques\Downloads\Despicable Me 2 2013 HDCAM READNFO x264 AAC-BadMeetsEvil[rarbg]
    2013-07-07 15:59 - 2013-07-07 15:59 - 00000000 ____D C:\ProgramData\BDLogging
    2013-07-07 15:58 - 2013-07-07 16:01 - 00000000 ____D C:\ProgramData\Bitdefender
    2013-07-07 15:58 - 2013-07-07 15:58 - 00000000 ____D C:\Users\Marques\AppData\Roaming\Bitdefender
    2013-07-07 15:55 - 2013-07-07 15:55 - 00000000 ____D C:\Users\Marques\AppData\Roaming\QuickScan
    2013-07-07 15:53 - 2013-07-07 15:58 - 00000000 ____D C:\Program Files\Bitdefender
    2013-07-07 15:52 - 2013-07-07 15:53 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
    2013-07-04 10:46 - 2013-07-04 11:14 - 00000000 ____D C:\Users\Marques\Desktop\PARTY PICS
    ==================== One Month Modified Files and Folders =======
    2013-07-31 16:51 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-07-31 16:51 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-07-31 16:49 - 2009-07-13 21:13 - 00727136 _____ C:\Windows\System32\PerfStringBackup.INI
    2013-07-31 16:46 - 2013-07-31 16:46 - 00000000 ____D C:\FRST
    2013-07-31 16:44 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-07-31 16:43 - 2009-07-13 20:51 - 00093684 _____ C:\Windows\setupact.log
    2013-07-31 16:40 - 2012-07-14 12:41 - 00000000 ____D C:\Users\Marques\AppData\Roaming\BitTorrent
    2013-07-31 15:38 - 2013-07-11 17:56 - 00000000 ____D C:\ProgramData\WRData
    2013-07-31 15:30 - 2013-07-26 17:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-07-31 15:23 - 2011-12-26 21:31 - 00000000 ____D C:\Users\Marques\AppData\Local\CrashDumps
    2013-07-31 15:23 - 2009-07-13 21:08 - 00032634 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2013-07-26 17:22 - 2011-07-18 01:56 - 00260584 _____ C:\Windows\PFRO.log
    2013-07-26 17:04 - 2013-07-26 17:04 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-07-26 17:04 - 2013-07-26 17:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-07-26 16:45 - 2013-02-10 01:11 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2013-07-23 19:14 - 2013-07-23 19:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Marques\Downloads\mbam-setup-1.75.0.1300.exe
    2013-07-23 18:50 - 2013-07-23 18:50 - 21041152 _____ C:\Users\Marques\Desktop\log.evtx
    2013-07-23 18:50 - 2013-07-23 18:50 - 00000000 ____D C:\Users\Marques\Desktop\LocaleMetaData
    2013-07-23 14:18 - 2011-07-18 01:32 - 01724812 _____ C:\Windows\WindowsUpdate.log
    2013-07-20 21:56 - 2013-07-13 08:37 - 00151728 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
    2013-07-20 18:37 - 2013-07-20 18:21 - 276939742 _____ C:\Users\Marques\Downloads\Filipina Sex Diary_March 19_TOPSIDER.avi
    2013-07-20 18:32 - 2013-07-20 18:25 - 00000000 ____D C:\Users\Marques\Downloads\[ www.UsaBit.com ] - Pacific Rim 2013 CAM XviD-THC
    2013-07-20 18:29 - 2013-07-20 18:25 - 00000000 ____D C:\Users\Marques\Downloads\Despicable Me 2 2013 720p TS XviD MP3 MiLLENiUM
    2013-07-20 18:28 - 2013-07-20 18:24 - 00000000 ____D C:\Users\Marques\Downloads\Superman.Man.of.Steel.2013.720p.R6.LiNE.x264.AAC-DiGiTAL
    2013-07-20 18:18 - 2013-07-20 18:15 - 00000000 ____D C:\Users\Marques\Downloads\Squirt.Gasms.XXX.DVDRip.x264-STARLETS
    2013-07-20 18:00 - 2013-07-20 18:00 - 00262144 _____ C:\Windows\Minidump\072013-27939-01.dmp
    2013-07-20 18:00 - 2012-06-18 14:22 - 724369041 _____ C:\Windows\MEMORY.DMP
    2013-07-20 18:00 - 2012-06-18 14:22 - 00000000 ____D C:\Windows\Minidump
    2013-07-20 11:49 - 2013-07-20 11:49 - 00001460 _____ C:\Users\Public\Desktop\Anvi AD Blocker.lnk
    2013-07-20 11:49 - 2013-07-15 12:46 - 00000000 ____D C:\ProgramData\Anvisoft
    2013-07-18 23:07 - 2012-03-20 13:50 - 00000000 ____D C:\Users\Marques\AppData\Roaming\vlc
    2013-07-18 22:46 - 2013-07-18 22:46 - 00000000 ____D C:\Users\Marques\Downloads\Amateur Swinger Party 2 (Zero Tolerance) XXX (DVDRip)
    2013-07-18 17:02 - 2011-12-26 19:07 - 00000000 ____D C:\users\Marques
    2013-07-18 16:44 - 2013-07-15 12:47 - 00000000 ____D C:\Users\Marques\AppData\Roaming\Anvisoft
    2013-07-17 22:58 - 2013-07-17 22:57 - 00000000 ____D C:\Users\Marques\Downloads\Tampa.Swingers.Party.2010.XXX.DVDRip.XviD-CiCXXX
    2013-07-15 21:27 - 2013-07-15 21:27 - 00000000 ____D C:\Users\Marques\Downloads\Mary Ann
    2013-07-15 13:04 - 2013-07-15 12:46 - 00001144 _____ C:\Users\Public\Desktop\Anvi Smart Defender.lnk
    2013-07-15 12:46 - 2013-07-15 12:46 - 00000000 ____D C:\Program Files (x86)\Anvisoft
    2013-07-15 12:44 - 2013-07-15 12:44 - 00000000 ____D C:\Users\Marques\Downloads\Anvi Smart Defender Pro v1.5 with Key [h33t][iahq76]
    2013-07-15 12:01 - 2013-07-15 12:01 - 00000000 ____D C:\TDSSKiller_Quarantine
    2013-07-14 23:13 - 2013-07-14 23:13 - 00000000 ____D C:\Users\Marques\Downloads\Adobe Flash Player 11.8.800.94
    2013-07-14 23:00 - 2013-07-14 23:00 - 00011383 _____ C:\Users\Marques\Downloads\[kickass.to]adobe.flash.player.11.8.800.94.july.2013.torrent
    2013-07-14 21:32 - 2013-07-14 21:31 - 00000000 ____D C:\Users\Marques\Downloads\Kaspersky TDSSKiller 2.7.30.0 Portable[Team Nanban][TPB]
    2013-07-14 20:41 - 2013-07-14 20:01 - 480567235 _____ C:\Users\Marques\Downloads\True.Blood.S06E05.****.the.Pain.Away.WEB-DL.x264.AAC.mp4
    2013-07-14 20:03 - 2013-07-14 20:03 - 00000000 ____D C:\Users\Marques\Downloads\Dexter S08E03 HDTV x264-ASAP[ettv]
    2013-07-13 10:32 - 2013-07-12 10:27 - 00000000 ____D C:\Users\Marques\Downloads\White House Down 2013 TS x264-THC
    2013-07-13 10:32 - 2013-07-11 17:59 - 00000000 ____D C:\Users\Marques\AppData\Local\lptmp102322530
    2013-07-13 10:32 - 2012-01-02 14:26 - 00000000 ____D C:\Windows\System32\Macromed
    2013-07-13 10:32 - 2011-01-10 19:51 - 00000000 ____D C:\Program Files (x86)\Adobe
    2013-07-13 10:32 - 2011-01-10 19:45 - 00000000 ____D C:\ProgramData\RoxioNow
    2013-07-13 10:32 - 2011-01-10 19:38 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2013-07-13 10:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
    2013-07-13 10:29 - 2011-01-10 19:51 - 00000000 ____D C:\ProgramData\Adobe
    2013-07-13 09:52 - 2013-07-11 17:54 - 00000000 ____D C:\Users\Marques\Downloads\Webroot SecureAnywhere Complete 2013 [KaranPc]
    2013-07-13 09:52 - 2013-05-31 22:07 - 00000000 __SHD C:\Users\Marques\Documents\WT087372
    2013-07-13 09:09 - 2013-07-13 08:56 - 00000000 ____D C:\Users\Marques\AppData\Local\lptmp523109329
    2013-07-13 08:37 - 2013-07-13 08:37 - 00114184 _____ (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
    2013-07-13 08:37 - 2013-07-13 08:37 - 00000000 ____D C:\Program Files\Webroot
    2013-07-13 08:22 - 2013-07-13 08:22 - 00007334 _____ C:\Users\Marques\Downloads\[kickass.to]webroot.secureanywhere.complete.2013.crack.karanpc.torrent
    2013-07-13 07:36 - 2013-07-13 07:36 - 00262144 _____ C:\Windows\Minidump\071313-22308-01.dmp
    2013-07-13 03:39 - 2013-06-21 11:49 - 00000000 ____D C:\Users\Marques\AppData\Roaming\Skype
    2013-07-12 10:50 - 2012-03-29 05:29 - 00000000 ____D C:\Users\Marques\AppData\Local\Adobe
    2013-07-11 14:56 - 2013-07-11 14:56 - 00000000 ____D C:\Windows\Sun
    2013-07-11 11:51 - 2013-06-24 16:58 - 00000000 ____D C:\Users\Marques\Downloads\Trojan Killer v2.1.5.0 + Patch
    2013-07-11 10:48 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
    2013-07-11 10:47 - 2013-07-08 11:28 - 00000000 ____D C:\Users\Marques\Downloads\Olympus.Has.Fallen.2013.BRRip.XviD-S4A
    2013-07-11 10:47 - 2013-07-08 11:28 - 00000000 ____D C:\Users\Marques\Downloads\Despicable Me 2 2013 HDCAM READNFO x264 AAC-BadMeetsEvil[rarbg]
    2013-07-11 06:22 - 2012-12-11 18:36 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForMarques.job
    2013-07-11 06:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
    2013-07-09 17:06 - 2012-12-11 18:36 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMarques
    2013-07-09 17:06 - 2012-01-21 18:25 - 00000000 _____ C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2013-07-08 11:31 - 2013-07-08 11:29 - 00000000 ____D C:\Users\Marques\Downloads\The Lone Ranger 2013 TS XViD UNiQUE
    2013-07-07 16:17 - 2013-06-22 12:58 - 00000000 ____D C:\Users\Marques\AppData\Local\WinRAR SFX
    2013-07-07 16:17 - 2012-05-09 18:11 - 00000000 ____D C:\Users\Marques\AppData\Local\{2589A21F-BEEB-4500-9C7B-F0B82C907392}
    2013-07-07 16:01 - 2013-07-07 15:58 - 00000000 ____D C:\ProgramData\Bitdefender
    2013-07-07 15:59 - 2013-07-07 15:59 - 00000000 ____D C:\ProgramData\BDLogging
    2013-07-07 15:58 - 2013-07-07 15:58 - 00000000 ____D C:\Users\Marques\AppData\Roaming\Bitdefender
    2013-07-07 15:58 - 2013-07-07 15:53 - 00000000 ____D C:\Program Files\Bitdefender
    2013-07-07 15:55 - 2013-07-07 15:55 - 00000000 ____D C:\Users\Marques\AppData\Roaming\QuickScan
    2013-07-07 15:53 - 2013-07-07 15:52 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
    2013-07-07 15:45 - 2011-12-26 20:41 - 00000000 ____D C:\Users\Marques\AppData\Roaming\Macromedia
    2013-07-04 11:14 - 2013-07-04 10:46 - 00000000 ____D C:\Users\Marques\Desktop\PARTY PICS
    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini
    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini
    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-21-2548433537-4247105570-963836067-1001\$96f3d1ab420038c7466132f7fdef6143
    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-18\$96f3d1ab420038c7466132f7fdef6143
    ==================== Known DLLs (Whitelisted) ================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2013-06-27 01:11:01
    Restore point made on: 2013-06-28 00:00:40
    Restore point made on: 2013-07-02 21:33:29
    Restore point made on: 2013-07-03 20:15:47
    Restore point made on: 2013-07-07 16:24:25
    Restore point made on: 2013-07-11 12:42:37
    Restore point made on: 2013-07-12 10:41:41
    Restore point made on: 2013-07-12 10:47:59
    Restore point made on: 2013-07-12 10:50:13
    ==================== Memory info ===========================
    Percentage of memory in use: 11%
    Total physical RAM: 8139.86 MB
    Available physical RAM: 7225.94 MB
    Total Pagefile: 8138.01 MB
    Available Pagefile: 7218.19 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.86 MB
    ==================== Drives ================================
    Drive c: () (Fixed) (Total:914.48 GB) (Free:682.72 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
    Drive e: (RECOVERY) (Fixed) (Total:16.74 GB) (Free:2.07 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
    Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32 (Disk=0 Partition=4)
    Drive h: () (Removable) (Total:0.97 GB) (Free:0.72 GB) FAT (Disk=1 Partition=1)
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (ATTENTION: ===> MBR IS INFECTED. Use FixMbr command in Recovery Mode) (Size: 932 GB) (Disk ID: DA73E482)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=914 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
    ========================================================
    Disk: 1 (Size: 992 MB) (Disk ID: 91F72D24)
    Partition 1: (Active) - (Size=992 MB) - (Type=06)

    LastRegBack: 2013-07-08 12:14
    ==================== End Of Log ============================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
    Next....

    Restart normally...

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     

    Attached Files:

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...