TechSpot

Unable to download files

By Jaiisun
Jun 8, 2013
  1. Hi all! Firstly, this is my first post.. so please be nice!

    My situation appears to be the same as that posted here ['Post system vate antivirus' removal problems - unable to download any files'].

    Whilst I can follow the fixes of that thread to a point, there is a script written specifically for the user - and I don't want to screw up my machine any more than it is!

    I have attached my RKill log and my Farbar Recovery Scan logs (FRST.txt & Addition.txt):

    ==================RKILL====================
    Rkill 2.5.3 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2013 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html
    Program started at: 06/08/2013 10:35:46 AM in x86 mode.
    Windows Version: Windows 7 Enterprise
    Checking for Windows services to stop:
    * No malware services found to stop.
    Checking for processes to terminate:
    * C:\Windows\system32\PowerMan.exe (PID: 1688) [WD-HEUR]
    * C:\Users\alanav\procmonitor\procmonitor.exe (PID: 3500) [UP-HEUR]
    2 proccesses terminated!
    Checking Registry for malware related settings:
    * No issues found in the Registry.
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    Performing miscellaneous checks:
    * ALERT: ZEROACCESS rootkit symptoms found!
    * HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack]
    * HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]
    * C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939\ [ZA Dir]
    * C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939\@ [ZA File]
    * C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939\L\ [ZA Dir]
    * C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939\U\ [ZA Dir]
    * C:\$Recycle.Bin\S-1-5-21-137024685-2204166116-4157399963-88862\$714379b016ad7d5d38f17e35817e4939\ [ZA Dir]
    * C:\$Recycle.Bin\S-1-5-21-137024685-2204166116-4157399963-88862\$714379b016ad7d5d38f17e35817e4939\@ [ZA File]
    * C:\$Recycle.Bin\S-1-5-21-137024685-2204166116-4157399963-88862\$714379b016ad7d5d38f17e35817e4939\L\ [ZA Dir]
    * C:\$Recycle.Bin\S-1-5-21-137024685-2204166116-4157399963-88862\$714379b016ad7d5d38f17e35817e4939\U\ [ZA Dir]
    * ALERT: ZEROACCESS Reparse Point/Junction found!
    * C:\Program Files\Windows Defender\en-US => c:\windows\system32\config\ [Dir]
    * C:\Program Files\Windows Defender\MpAsDesc.dll => c:\windows\system32\config [File]
    * C:\Program Files\Windows Defender\MpClient.dll => c:\windows\system32\config [File]
    * C:\Program Files\Windows Defender\MpCmdRun.exe => c:\windows\system32\config [File]
    * C:\Program Files\Windows Defender\MpCommu.dll => c:\windows\system32\config [File]
    * C:\Program Files\Windows Defender\MpEvMsg.dll => c:\windows\system32\config [File]
    * C:\Program Files\Windows Defender\MpOAV.dll => c:\windows\system32\config [File]
    * C:\Program Files\Windows Defender\MpRTP.dll => c:\windows\system32\config [File]
    * C:\Program Files\Windows Defender\MpSvc.dll => c:\windows\system32\config [File]
    * C:\Program Files\Windows Defender\MSASCui.exe => c:\windows\system32\config [File]
    * C:\Program Files\Windows Defender\MsMpCom.dll => c:\windows\system32\config [File]
    * C:\Program Files\Windows Defender\MsMpLics.dll => c:\windows\system32\config [File]
    * C:\Program Files\Windows Defender\MsMpRes.dll => c:\windows\system32\config [File]
    * C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_b56e56591cecccb4\MpEvMsg.dll => c:\windows\system32\config [File]
    * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpAsDesc.dll => c:\windows\system32\config [File]
    * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpClient.dll => c:\windows\system32\config [File]
    * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpCmdRun.exe => c:\windows\system32\config [File]
    * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpCommu.dll => c:\windows\system32\config [File]
    * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpOAV.dll => c:\windows\system32\config [File]
    * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpRTP.dll => c:\windows\system32\config [File]
    * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpSvc.dll => c:\windows\system32\config [File]
    * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MSASCui.exe => c:\windows\system32\config [File]
    * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MsMpCom.dll => c:\windows\system32\config [File]
    * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MsMpLics.dll => c:\windows\system32\config [File]
    * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MsMpRes.dll => c:\windows\system32\config [File]
    * Reparse Point/Junctions Found (Most likely legitimate)!
    * C:\Windows\$NtUninstallKB57485$ => <Unknown Target> [Dir]
    Checking Windows Service Integrity:
    * DNS Client (Dnscache) is not Running.
    Startup Type set to: Automatic
    * Windows Update (wuauserv) is not Running.
    Startup Type set to: Disabled
    * Windows Firewall Authorization Driver (mpsdrv) is not Running.
    Startup Type set to: Manual
    * BFE [Missing Service]
    * iphlpsvc [Missing Service]
    * MpsSvc [Missing Service]
    * SharedAccess [Missing Service]
    * WinDefend [Missing Service]
    * wscsvc [Missing Service]
    Searching for Missing Digital Signatures:
    * No issues found.
    Checking HOSTS File:
    * No issues found.
    Program finished at: 06/08/2013 10:36:41 AM
    Execution time: 0 hours(s), 0 minute(s), and 55 seconds(s)

    ==================FRST.txt===================
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2013
    Ran by alanav (administrator) on 08-06-2013 17:11:35
    Running from C:\Users\alanav\Desktop\AntiVirus
    Windows 7 Enterprise (X86) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal
    ==================== Processes (Whitelisted) ===================
    (Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    (Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    (Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    (Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
    (Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
    (UltraVNC) C:\Program Files\UltraVNC\WinVNC.exe
    (Microsoft Corporation) C:\Windows\system32\CCM\CcmExec.exe
    (UltraVNC) C:\Program Files\UltraVNC\WinVNC.exe
    (Nero AG) C:\Program Files\Nero\Update\NASvc.exe
    (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    (Nero AG) C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
    (Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    ==================== Registry (Whitelisted) ==================
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
    HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [128296 2008-05-23] (CyberLink Corp.)
    HKLM\...\Run: [AutoGPUpdate] C:\Windows\system32\gpupdate.exe /force /wait:0 [16896 2009-07-14] (Microsoft Corporation)
    HKLM\...\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart [1234216 2010-03-26] (Nero AG)
    HKLM\...\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\almon.exe [900160 2013-06-08] (Sophos Limited)
    HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess
    HKCU\...\Run: [DomainLogin] C:\temp\stage2hook.bat [73 2012-02-29] ()
    HKCU\...\Policies\system: [DisableChangePassword] 1
    HKCU\...\Policies\system: [RunLogonScriptSync] 1
    HKCU\...\Policies\system: [HideLogonScripts] 0
    HKCU\...\Policies\system: [HideLogoffScripts] 0
    BootExecute: autocheck autochk * SophosBootTasks
    ==================== Internet (Whitelisted) ====================
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    HKCU SearchScopes: DefaultScope {76B3B37D-57A0-4376-8616-05AF7BA591F1} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
    SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=5070001AA0682572
    SearchScopes: HKCU - {76B3B37D-57A0-4376-8616-05AF7BA591F1} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
    BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5 02 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Winsock: Catalog9 01 mswsock.dll [65024] (Microsoft Corporation)
    Winsock: Catalog9 02 mswsock.dll [65024] (Microsoft Corporation)
    Winsock: Catalog9 03 mswsock.dll [65024] (Microsoft Corporation)
    Winsock: Catalog9 04 mswsock.dll [65024] (Microsoft Corporation)
    Winsock: Catalog9 05 mswsock.dll [65024] (Microsoft Corporation)
    Winsock: Catalog9 06 mswsock.dll [65024] (Microsoft Corporation)
    Winsock: Catalog9 07 mswsock.dll [65024] (Microsoft Corporation)
    Winsock: Catalog9 08 mswsock.dll [65024] (Microsoft Corporation)
    Winsock: Catalog9 09 mswsock.dll [65024] (Microsoft Corporation)
    Winsock: Catalog9 10 mswsock.dll [65024] (Microsoft Corporation)
    Winsock: Catalog9 11 mswsock.dll [65024] (Microsoft Corporation)
    Winsock: Catalog9 12 mswsock.dll [65024] (Microsoft Corporation)
    Winsock: Catalog9 13 mswsock.dll [65024] (Microsoft Corporation)
    Winsock: Catalog9 14 mswsock.dll [65024] (Microsoft Corporation)
    Winsock: Catalog9 15 mswsock.dll [65024] (Microsoft Corporation)
    Winsock: Catalog9 16 mswsock.dll [65024] (Microsoft Corporation)
    Winsock: Catalog9 17 mswsock.dll [65024] (Microsoft Corporation)
    Winsock: Catalog9 18 mswsock.dll [65024] (Microsoft Corporation)
    Winsock: Catalog9 19 mswsock.dll [65024] (Microsoft Corporation)
    Winsock: Catalog9 20 mswsock.dll [65024] (Microsoft Corporation)
    Winsock: Catalog9 21 mswsock.dll [65024] (Microsoft Corporation)
    Winsock: Catalog9 22 mswsock.dll [65024] (Microsoft Corporation)
    Hosts file not detected in the default directory
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Chrome:
    =======
    CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
    CHR Plugin: (Java(TM) Platform SE 6 U25) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    CHR Extension: (Docs) - C:\Users\alanav\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
    CHR Extension: (Google Drive) - C:\Users\alanav\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
    CHR Extension: (YouTube) - C:\Users\alanav\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
    CHR Extension: (Google Search) - C:\Users\alanav\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
    CHR Extension: (Gmail) - C:\Users\alanav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
    ========================== Services (Whitelisted) =================
    R2 CcmExec; C:\Windows\system32\CCM\CcmExec.exe [764768 2009-09-18] (Microsoft Corporation)
    R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [490280 2010-03-25] (Nero AG)
    S2 PowerMAN; C:\Windows\system32\PowerMan.exe [978944 2011-07-15] (Data Synergy UK Ltd)
    R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [216640 2013-06-08] (Sophos Limited)
    R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [139840 2013-06-08] (Sophos Limited)
    S3 smstsmgr; C:\Windows\system32\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
    R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [232512 2013-06-08] (Sophos Limited)
    R2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2013-06-08] (Sophos Limited)
    R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2869824 2013-06-08] (Sophos Limited)
    S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1459264 2013-06-08] (Sophos Limited)
    R2 uvnc_service; C:\Program Files\UltraVNC\WinVNC.exe [1589704 2009-08-16] (UltraVNC)
    S2 SAVCleanupService; "SAVCleanupService.exe" [x]
    ==================== Drivers (Whitelisted) ====================
    S3 BTDriver; C:\Windows\system32\drivers\btport.sys [37160 2010-04-09] (Broadcom Corporation.)
    S3 btwhid; C:\Windows\system32\drivers\btwhid.sys [56992 2010-04-09] (Broadcom Corporation.)
    S3 IFCoEMP; C:\Windows\system32\drivers\ifM52x32.sys [264464 2011-03-10] (Intel(R) Corporation)
    S3 IFCoEVB; C:\Windows\system32\drivers\ifP52X32.sys [57616 2011-03-10] (Intel(R) Corporation)
    S3 itecir; C:\Windows\system32\drivers\itecir.sys [69736 2010-07-13] (ITE Tech. Inc. )
    S3 MEI; C:\Windows\system32\drivers\HECI.sys [41088 2011-03-10] (Intel Corporation)
    S3 NvStUSB; C:\Windows\system32\drivers\nvstusb.sys [277312 2011-10-15] (NVIDIA Corporation)
    S3 prepdrvr; C:\Windows\system32\CCM\prepdrv.sys [20848 2009-09-18] (Microsoft Corporation)
    S3 risdpcie; C:\Windows\system32\drivers\risdpe86.sys [47616 2009-10-28] (REDC)
    S3 rixdpcie; C:\Windows\system32\drivers\rixdpe86.sys [38912 2009-12-11] (REDC)
    R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [123680 2013-06-08] (Sophos Limited)
    S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [33696 2013-06-08] (Sophos Limited)
    R1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [31736 2013-06-08] (Sophos Plc)
    S3 SNTNLUSB; C:\Windows\system32\drivers\SNTNLUSB.SYS [38376 2009-09-17] (SafeNet, Inc.)
    S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [22536 2013-06-08] (Sophos Plc)
    ==================== NetSvcs (Whitelisted) ===================
    NETSVC: Mvc25U870_VID_1262&PID_25FD -> No Registry Path.
    NETSVC: hap17v2k -> No Registry Path.
    NETSVC: DNE -> No Registry Path.
    NETSVC: mstdc -> No Registry Path.
    NETSVC: hpzipr12 -> No Registry Path.
    NETSVC: camdrl -> No Registry Path.
    NETSVC: procmon10 -> No Registry Path.
    NETSVC: timounter -> No Registry Path.
    ==================== One Month Created Files and Folders ========
    2013-06-08 17:11 - 2013-06-08 17:11 - 00000000 ____D C:\FRST
    2013-06-08 16:25 - 2013-06-08 16:25 - 00000000 ____D C:\Program Files\ESET
    2013-06-08 16:22 - 2013-06-08 16:44 - 00009390 ____A C:\Users\alanav\Desktop\Rkill.txt
    2013-06-08 12:38 - 2013-06-08 12:38 - 00002208 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2013-06-08 12:37 - 2013-06-08 16:42 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-06-08 12:37 - 2013-06-08 12:42 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-06-08 12:37 - 2013-06-08 12:38 - 00000000 ____D C:\Users\alanav\AppData\Local\Google
    2013-06-08 12:37 - 2013-06-08 12:37 - 00000000 ____D C:\Program Files\Google
    2013-06-08 12:36 - 2013-06-08 12:37 - 00000000 ____D C:\Users\alanav\AppData\Local\Deployment
    2013-06-08 12:36 - 2013-06-08 12:36 - 00000000 ____D C:\Users\alanav\AppData\Local\Apps\2.0
    2013-06-08 12:01 - 2013-06-08 12:01 - 00000204 ____A C:\Windows\System32\SophosBootTasks.txt
    2013-06-08 11:00 - 2013-06-08 11:00 - 00000000 ____D C:\Program Files\Common Files\Sophos
    2013-06-08 10:49 - 2013-06-08 10:49 - 00000000 ____D C:\Program Files\Common Files\Cisco Systems
    2013-06-08 10:49 - 2013-06-08 10:47 - 00030744 ____A (Sophos Limited) C:\Windows\System32\SophosBootTasks.exe
    2013-06-08 10:47 - 2013-06-08 10:47 - 00123680 ____A (Sophos Limited) C:\Windows\System32\Drivers\savonaccess.sys
    2013-06-08 10:47 - 2013-06-08 10:47 - 00033696 ____A (Sophos Limited) C:\Windows\System32\Drivers\sdcfilter.sys
    2013-06-08 10:46 - 2013-06-08 10:46 - 00131824 ____A (Sophos Plc) C:\Windows\System32\sdccoinstaller.dll
    2013-06-08 10:46 - 2013-06-08 10:46 - 00031736 ____A (Sophos Plc) C:\Windows\System32\Drivers\skmscan.sys
    2013-06-08 10:45 - 2013-06-08 10:45 - 00022536 ____A (Sophos Plc) C:\Windows\System32\Drivers\SophosBootDriver.sys
    2013-06-08 10:43 - 2013-06-08 10:43 - 00000000 ____D C:\Users\alanav\AppData\Roaming\Malwarebytes
    2013-06-08 10:43 - 2013-06-08 10:43 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-06-08 10:43 - 2013-06-08 10:43 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2013-06-08 10:43 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-06-08 10:37 - 2013-06-08 10:37 - 00000000 ____D C:\Program Files\CCleaner
    2013-06-08 10:31 - 2013-06-08 17:11 - 00000000 ____D C:\Users\alanav\Desktop\AntiVirus
    2013-06-07 20:37 - 2013-06-07 20:37 - 00000000 ____D C:\Users\alanav\AppData\Local\Sophos
    2013-06-07 20:26 - 2013-06-07 20:26 - 00000000 ____D C:\Windows\System32\searchplugins
    2013-06-07 20:26 - 2013-06-07 20:26 - 00000000 ____D C:\Windows\System32\Extensions
    2013-06-07 20:26 - 2013-06-07 20:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2013-06-07 20:25 - 2013-06-07 20:25 - 00000000 ____D C:\Users\alanav\AppData\Roaming\Babylon
    2013-06-07 20:25 - 2013-06-07 20:25 - 00000000 ____D C:\ProgramData\Babylon
    2013-06-07 20:10 - 2013-06-07 20:10 - 00000000 ____D C:\Users\alanav\AppData\Local\Adobe
    ==================== One Month Modified Files and Folders ========
    2013-06-08 17:11 - 2013-06-08 17:11 - 00000000 ____D C:\FRST
    2013-06-08 17:11 - 2013-06-08 10:31 - 00000000 ____D C:\Users\alanav\Desktop\AntiVirus
    2013-06-08 17:10 - 2011-08-18 10:40 - 00780930 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-06-08 17:05 - 2009-07-14 05:34 - 00021088 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-06-08 17:05 - 2009-07-14 05:34 - 00021088 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-06-08 16:51 - 2012-03-01 21:07 - 00000000 ____D C:\Users\alanav\AppData\Roaming\uTorrent
    2013-06-08 16:44 - 2013-06-08 16:22 - 00009390 ____A C:\Users\alanav\Desktop\Rkill.txt
    2013-06-08 16:42 - 2013-06-08 12:37 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-06-08 16:25 - 2013-06-08 16:25 - 00000000 ____D C:\Program Files\ESET
    2013-06-08 16:17 - 2012-03-01 21:10 - 00000000 ____D C:\Program Files\uTorrent
    2013-06-08 16:16 - 2011-08-18 11:27 - 00023061 ____A C:\powerman.xml
    2013-06-08 12:42 - 2013-06-08 12:37 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-06-08 12:38 - 2013-06-08 12:38 - 00002208 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2013-06-08 12:38 - 2013-06-08 12:37 - 00000000 ____D C:\Users\alanav\AppData\Local\Google
    2013-06-08 12:37 - 2013-06-08 12:37 - 00000000 ____D C:\Program Files\Google
    2013-06-08 12:37 - 2013-06-08 12:36 - 00000000 ____D C:\Users\alanav\AppData\Local\Deployment
    2013-06-08 12:36 - 2013-06-08 12:36 - 00000000 ____D C:\Users\alanav\AppData\Local\Apps\2.0
    2013-06-08 12:01 - 2013-06-08 12:01 - 00000204 ____A C:\Windows\System32\SophosBootTasks.txt
    2013-06-08 12:01 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-06-08 11:00 - 2013-06-08 11:00 - 00000000 ____D C:\Program Files\Common Files\Sophos
    2013-06-08 10:50 - 2012-02-29 12:22 - 00000000 ____D C:\ProgramData\Sophos
    2013-06-08 10:49 - 2013-06-08 10:49 - 00000000 ____D C:\Program Files\Common Files\Cisco Systems
    2013-06-08 10:47 - 2013-06-08 10:49 - 00030744 ____A (Sophos Limited) C:\Windows\System32\SophosBootTasks.exe
    2013-06-08 10:47 - 2013-06-08 10:47 - 00123680 ____A (Sophos Limited) C:\Windows\System32\Drivers\savonaccess.sys
    2013-06-08 10:47 - 2013-06-08 10:47 - 00033696 ____A (Sophos Limited) C:\Windows\System32\Drivers\sdcfilter.sys
    2013-06-08 10:46 - 2013-06-08 10:46 - 00131824 ____A (Sophos Plc) C:\Windows\System32\sdccoinstaller.dll
    2013-06-08 10:46 - 2013-06-08 10:46 - 00031736 ____A (Sophos Plc) C:\Windows\System32\Drivers\skmscan.sys
    2013-06-08 10:45 - 2013-06-08 10:45 - 00022536 ____A (Sophos Plc) C:\Windows\System32\Drivers\SophosBootDriver.sys
    2013-06-08 10:43 - 2013-06-08 10:43 - 00000000 ____D C:\Users\alanav\AppData\Roaming\Malwarebytes
    2013-06-08 10:43 - 2013-06-08 10:43 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-06-08 10:43 - 2013-06-08 10:43 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2013-06-08 10:39 - 2012-02-29 12:21 - 00000000 ____D C:\Program Files\Sophos
    2013-06-08 10:38 - 2011-08-18 11:27 - 00000000 ____D C:\Windows\Panther
    2013-06-08 10:37 - 2013-06-08 10:37 - 00000000 ____D C:\Program Files\CCleaner
    2013-06-07 23:01 - 2012-03-01 21:56 - 00000000 ____D C:\Users\alanav\Downloads\Nero 10.0 + Serials en Keygen - DivXNL-Team
    2013-06-07 20:37 - 2013-06-07 20:37 - 00000000 ____D C:\Users\alanav\AppData\Local\Sophos
    2013-06-07 20:26 - 2013-06-07 20:26 - 00000000 ____D C:\Windows\System32\searchplugins
    2013-06-07 20:26 - 2013-06-07 20:26 - 00000000 ____D C:\Windows\System32\Extensions
    2013-06-07 20:26 - 2013-06-07 20:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2013-06-07 20:25 - 2013-06-07 20:25 - 00000000 ____D C:\Users\alanav\AppData\Roaming\Babylon
    2013-06-07 20:25 - 2013-06-07 20:25 - 00000000 ____D C:\ProgramData\Babylon
    2013-06-07 20:10 - 2013-06-07 20:10 - 00000000 ____D C:\Users\alanav\AppData\Local\Adobe
    2013-06-07 20:10 - 2012-02-29 14:58 - 00000000 ____D C:\Users\alanav\AppData\Roaming\Adobe
    2013-06-07 18:58 - 2012-02-29 12:27 - 00000463 ____A C:\Windows\SMSCFG.ini
    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939
    C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939\@
    C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939\L
    C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939\U
    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939
    C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939\@
    C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939\L
    C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939\U
    ==================== Bamital & volsnap Check =================
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

    LastRegBack: 2013-06-07 23:22
    ==================== End Of Log ============================

    ==================Addition.txt===================
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-06-2013
    Ran by alanav at 2013-06-08 17:12:40 Run:
    Running from C:\Users\alanav\Desktop\AntiVirus
    Boot Mode: Normal
    ==========================================================

    ==================== Installed Programs =======================
    Update for Microsoft Office 2007 (KB2508958)
    ĀµTorrent (Version: 3.1.2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    Adobe Flash Player 10 ActiveX (Version: 10.3.181.26)
    Adobe Reader X (10.1.1) (Version: 10.1.1)
    Apple Application Support (Version: 1.4.1)
    ArchiveOne Quick Link Client (Version: 6.0.0.2400)
    CCleaner (Version: 4.02)
    Chime Pro (from NAL) (Version: 1.00.0000)
    Chinese Simplified Fonts Support For Adobe Reader X (Version: 10.0.0)
    Chinese Traditional Fonts Support For Adobe Reader X (Version: 10.0.0)
    Citrix online plug-in - web (Version: 12.1.0.30)
    Citrix online plug-in (DV) (Version: 12.1.0.30)
    Citrix online plug-in (HDX) (Version: 12.1.0.30)
    Citrix online plug-in (USB) (Version: 12.1.0.30)
    Citrix online plug-in (Web) (Version: 12.1.0.30)
    Configuration Manager Client (Version: 4.00.6487.2000)
    Document Express DjVu Plug-in (Version: 6.1.26155)
    Dummy MSI (Version: 1.0)
    ESET Online Scanner v3
    Google Chrome (Version: 27.0.1453.110)
    Google Update Helper (Version: 1.3.21.145)
    High-Definition Video Playback 10 (Version: 7.0.11400.29.0)
    Japanese Fonts Support For Adobe Reader X (Version: 10.0.0)
    Java(TM) 6 Update 25 (Version: 6.0.250)
    Korean Fonts Support For Adobe Reader X (Version: 10.0.0)
    Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
    Microsoft Expression Encoder 4 Screen Capture Codec (Version: 4.0.1653.0)
    Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
    Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
    Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
    Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
    Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
    Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
    Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
    Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
    Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
    Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
    Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
    Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
    Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
    Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
    Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
    Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
    Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
    Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42)
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
    Nero 10 Menu TemplatePack Basic (Version: 10.0.10600.6.0)
    Nero 10 Movie ThemePack Basic (Version: 10.0.10600.6.0)
    Nero BackItUp 10 (Version: 5.4.11600.19.100)
    Nero BackItUp 10 Help (CHM) (Version: 1.0.10700)
    Nero Burning ROM 10 (Version: 10.0.11100.10.100)
    Nero BurningROM 10 Help (CHM) (Version: 1.0.10700)
    Nero BurnRights 10 (Version: 4.0.11000.12.100)
    Nero BurnRights 10 Help (CHM) (Version: 1.0.10600)
    Nero Control Center 10 (Version: 10.0.12000.1.4)
    Nero ControlCenter 10 Help (CHM) (Version: 1.0.10700)
    Nero Core Components 10 (Version: 2.0.13700.0.1)
    Nero CoverDesigner 10 (Version: 5.0.10900.11.100)
    Nero CoverDesigner 10 Help (CHM) (Version: 1.0.10600)
    Nero DiscCopy Gadget 10 (Version: 3.0.10700.9.100)
    Nero DiscCopyGadget 10 Help (CHM) (Version: 1.0.10600)
    Nero DiscSpeed 10 (Version: 6.0.10800.7.100)
    Nero DiscSpeed 10 Help (CHM) (Version: 1.0.10600)
    Nero Dolby Files 10 (Version: 2.0.11000.0.10)
    Nero Express 10 (Version: 10.0.11000.10.100)
    Nero Express 10 Help (CHM) (Version: 1.0.10700)
    Nero InfoTool 10 (Version: 7.0.10800.8.100)
    Nero InfoTool 10 Help (CHM) (Version: 1.0.10600)
    Nero MediaHub 10 (Version: 1.0.13400.11.100)
    Nero MediaHub 10 Help (CHM) (Version: 1.0.10700)
    Nero Multimedia Suite 10 (Version: 10.0.13100)
    Nero Recode 10 (Version: 4.6.10900.4.100)
    Nero Recode 10 Help (CHM) (Version: 1.0.10600)
    Nero RescueAgent 10 (Version: 3.0.10900.9.100)
    Nero RescueAgent 10 Help (CHM) (Version: 1.0.10700)
    Nero SoundTrax 10 (Version: 4.6.10600.2.100)
    Nero SoundTrax 10 Help (CHM) (Version: 1.0.10600)
    Nero StartSmart 10 (Version: 10.0.11200.12.100)
    Nero StartSmart 10 Help (CHM) (Version: 1.0.10700)
    Nero Update (Version: 1.0.0017)
    Nero Vision 10 (Version: 7.0.11100.8.100)
    Nero Vision 10 Help (CHM) (Version: 1.0.10600)
    Nero WaveEditor 10 (Version: 5.6.10600.2.100)
    Nero WaveEditor 10 Help (CHM) (Version: 1.0.10600)
    PowerDVD (Version: 8.1)
    QuickTime (Version: 7.69.80.9)
    Shockwave (Version: 11)
    Sophos Anti-Virus (Version: 10.0.10)
    Sophos AutoUpdate (Version: 2.7.4.317)
    UltraVNC (Version: 1.0.65)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
    Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
    Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    ==================== Restore Points =========================
    11-05-2012 13:11:00 Scheduled Checkpoint
    27-05-2012 11:32:27 Scheduled Checkpoint
    07-06-2013 22:29:34 Scheduled Checkpoint
    08-06-2013 09:37:22 Removed Sophos AutoUpdate
    08-06-2013 09:38:10 Removed Sophos Remote Management System
    08-06-2013 09:38:52 Installed Sophos AutoUpdate
    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (06/08/2013 00:10:37 PM) (Source: PerfNet) (User: )
    Description:
    Error: (06/08/2013 00:04:37 PM) (Source: PerfNet) (User: )
    Description:
    Error: (06/08/2013 00:02:32 PM) (Source: PerfNet) (User: )
    Description:
    Error: (06/08/2013 00:02:29 PM) (Source: Microsoft-Windows-CAPI2) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
    .
    Error: (06/08/2013 00:01:56 PM) (Source: Sophos Anti-Virus) (User: NT AUTHORITY)
    Description: Virus/spyware 'Mal/ZAccConf-A' was not removed because of errors.
    Error: (06/07/2013 08:32:33 PM) (Source: Application Hang) (User: )
    Description: The program Setup.exe version 2011.3.11.1355 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
    Process ID: d34
    Start Time: 01ce63b5a6517dbc
    Termination Time: 45
    Application Path: C:\PROGRA~2\TARMAI~1\{C4ED7~1\Setup.exe
    Report Id: fe847de3-cfa8-11e2-a873-001aa0682572
    Error: (06/07/2013 08:27:39 PM) (Source: Microsoft-Windows-CAPI2) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
    .
    Error: (06/07/2013 08:12:50 PM) (Source: Software Protection Platform Service) (User: )
    Description: Acquisition of Product Certificate failed. hr=0xC004C003
    Sku Id=9abf5984-9c16-46f2-ad1e-7fe15931a8dd
    Error: (06/07/2013 08:12:50 PM) (Source: Software Protection Platform Service) (User: )
    Description: License acquisition failure details.
    hr=0xC004C003
    Error: (06/07/2013 08:09:23 PM) (Source: Software Protection Platform Service) (User: )
    Description: Acquisition of Product Certificate failed. hr=0xC004C003
    Sku Id=9abf5984-9c16-46f2-ad1e-7fe15931a8dd

    System errors:
    =============
    Error: (06/08/2013 04:22:15 PM) (Source: Service Control Manager) (User: )
    Description: The PowerMAN Power Management Service service terminated unexpectedly. It has done this 1 time(s).
    Error: (06/08/2013 04:13:11 PM) (Source: NETLOGON) (User: )
    Description: This computer was not able to set up a secure session with a domain
    controller in domain LIVAD due to the following:
    %%1311
    This may lead to authentication problems. Make sure that this
    computer is connected to the network. If the problem persists,
    please contact your domain administrator.

    ADDITIONAL INFO
    If this computer is a domain controller for the specified domain, it
    sets up the secure session to the primary domain controller emulator in the specified
    domain. Otherwise, this computer sets up the secure session to any domain controller
    in the specified domain.
    Error: (06/08/2013 01:41:36 PM) (Source: Service Control Manager) (User: )
    Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
    %%-2147024891
    Error: (06/08/2013 01:41:36 PM) (Source: Service Control Manager) (User: )
    Description: The Function Discovery Resource Publication service terminated with the following error:
    %%-2147024891
    Error: (06/08/2013 01:41:27 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.
    Error: (06/08/2013 01:41:24 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.
    Error: (06/08/2013 01:41:23 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.
    Error: (06/08/2013 01:41:20 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.
    Error: (06/08/2013 01:41:19 PM) (Source: Service Control Manager) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
    Error: (06/08/2013 00:06:47 PM) (Source: Service Control Manager) (User: )
    Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
    %%-2147024891

    Microsoft Office Sessions:
    =========================
    ==================== Memory info ===========================
    Percentage of memory in use: 47%
    Total physical RAM: 3069.61 MB
    Available physical RAM: 1613.87 MB
    Total Pagefile: 6137.5 MB
    Available Pagefile: 4625.17 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1890.46 MB
    ==================== Drives ================================
    Drive c: (MWS) (Fixed) (Total:74.5 GB) (Free:48.3 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive e: () (Removable) (Total:1.94 GB) (Free:0.18 GB) FAT
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 96239623)
    Partition 1: (Active) - (Size=74 GB) - (Type=07 NTFS)
    ========================================================
    Disk: 1 (Size: 2 GB) (Disk ID: 6F727265)
    Partition 1: (Not Active) - (Size=812 GB) - (Type=6C)
    Partition 2: (Not Active) - (Size=259 GB) - (Type=6E)
    Partition 3: (Not Active) - (Size=257 GB) - (Type=79)
    Partition 4: (Not Active) - (Size=10 MB) - (Type=53)
    ==================== End Of Log ============================
     
  2. Jaiisun

    Jaiisun TS Rookie Topic Starter

    It turns out my problem was exactly as the thread mentioned at the top of my first post! I used the same fixlist.txt file (as I noticed errors match) and I can now download again!

    Kudos to Broni.. without even posting here!

    I would however, like assistance to ensure I am completely free of any malware or anything on my machine. Thanks in advance.
     
  3. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================

    It might have worked for you but never ever run any script written for another user.
    You may make things worse.

    Please post fresh FRST log.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...