Hi all! Firstly, this is my first post.. so please be nice!
My situation appears to be the same as that posted here ['Post system vate antivirus' removal problems - unable to download any files'].
Whilst I can follow the fixes of that thread to a point, there is a script written specifically for the user - and I don't want to screw up my machine any more than it is!
I have attached my RKill log and my Farbar Recovery Scan logs (FRST.txt & Addition.txt):
==================RKILL====================
Rkill 2.5.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 06/08/2013 10:35:46 AM in x86 mode.
Windows Version: Windows 7 Enterprise
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Windows\system32\PowerMan.exe (PID: 1688) [WD-HEUR]
* C:\Users\alanav\procmonitor\procmonitor.exe (PID: 3500) [UP-HEUR]
2 proccesses terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* ALERT: ZEROACCESS rootkit symptoms found!
* HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack]
* HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]
* C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939\U\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-137024685-2204166116-4157399963-88862\$714379b016ad7d5d38f17e35817e4939\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-137024685-2204166116-4157399963-88862\$714379b016ad7d5d38f17e35817e4939\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-137024685-2204166116-4157399963-88862\$714379b016ad7d5d38f17e35817e4939\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-137024685-2204166116-4157399963-88862\$714379b016ad7d5d38f17e35817e4939\U\ [ZA Dir]
* ALERT: ZEROACCESS Reparse Point/Junction found!
* C:\Program Files\Windows Defender\en-US => c:\windows\system32\config\ [Dir]
* C:\Program Files\Windows Defender\MpAsDesc.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpClient.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpCmdRun.exe => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpCommu.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpEvMsg.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpOAV.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpRTP.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpSvc.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MSASCui.exe => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MsMpCom.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MsMpLics.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MsMpRes.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_b56e56591cecccb4\MpEvMsg.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpAsDesc.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpClient.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpCmdRun.exe => c:\windows\system32\config [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpCommu.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpOAV.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpRTP.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpSvc.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MSASCui.exe => c:\windows\system32\config [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MsMpCom.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MsMpLics.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MsMpRes.dll => c:\windows\system32\config [File]
* Reparse Point/Junctions Found (Most likely legitimate)!
* C:\Windows\$NtUninstallKB57485$ => <Unknown Target> [Dir]
Checking Windows Service Integrity:
* DNS Client (Dnscache) is not Running.
Startup Type set to: Automatic
* Windows Update (wuauserv) is not Running.
Startup Type set to: Disabled
* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual
* BFE [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* SharedAccess [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* No issues found.
Program finished at: 06/08/2013 10:36:41 AM
Execution time: 0 hours(s), 0 minute(s), and 55 seconds(s)
==================FRST.txt===================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2013
Ran by alanav (administrator) on 08-06-2013 17:11:35
Running from C:\Users\alanav\Desktop\AntiVirus
Windows 7 Enterprise (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(UltraVNC) C:\Program Files\UltraVNC\WinVNC.exe
(Microsoft Corporation) C:\Windows\system32\CCM\CcmExec.exe
(UltraVNC) C:\Program Files\UltraVNC\WinVNC.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Nero AG) C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALMon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [128296 2008-05-23] (CyberLink Corp.)
HKLM\...\Run: [AutoGPUpdate] C:\Windows\system32\gpupdate.exe /force /wait:0 [16896 2009-07-14] (Microsoft Corporation)
HKLM\...\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart [1234216 2010-03-26] (Nero AG)
HKLM\...\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\almon.exe [900160 2013-06-08] (Sophos Limited)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess
HKCU\...\Run: [DomainLogin] C:\temp\stage2hook.bat [73 2012-02-29] ()
HKCU\...\Policies\system: [DisableChangePassword] 1
HKCU\...\Policies\system: [RunLogonScriptSync] 1
HKCU\...\Policies\system: [HideLogonScripts] 0
HKCU\...\Policies\system: [HideLogoffScripts] 0
BootExecute: autocheck autochk * SophosBootTasks
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU SearchScopes: DefaultScope {76B3B37D-57A0-4376-8616-05AF7BA591F1} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=5070001AA0682572
SearchScopes: HKCU - {76B3B37D-57A0-4376-8616-05AF7BA591F1} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 11 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 12 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 13 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 14 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 15 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 16 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 17 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 18 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 19 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 20 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 21 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 22 mswsock.dll [65024] (Microsoft Corporation)
Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google
riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U25) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Extension: (Docs) - C:\Users\alanav\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\alanav\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\alanav\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\alanav\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\alanav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
========================== Services (Whitelisted) =================
R2 CcmExec; C:\Windows\system32\CCM\CcmExec.exe [764768 2009-09-18] (Microsoft Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [490280 2010-03-25] (Nero AG)
S2 PowerMAN; C:\Windows\system32\PowerMan.exe [978944 2011-07-15] (Data Synergy UK Ltd)
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [216640 2013-06-08] (Sophos Limited)
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [139840 2013-06-08] (Sophos Limited)
S3 smstsmgr; C:\Windows\system32\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [232512 2013-06-08] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2013-06-08] (Sophos Limited)
R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2869824 2013-06-08] (Sophos Limited)
S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1459264 2013-06-08] (Sophos Limited)
R2 uvnc_service; C:\Program Files\UltraVNC\WinVNC.exe [1589704 2009-08-16] (UltraVNC)
S2 SAVCleanupService; "SAVCleanupService.exe" [x]
==================== Drivers (Whitelisted) ====================
S3 BTDriver; C:\Windows\system32\drivers\btport.sys [37160 2010-04-09] (Broadcom Corporation.)
S3 btwhid; C:\Windows\system32\drivers\btwhid.sys [56992 2010-04-09] (Broadcom Corporation.)
S3 IFCoEMP; C:\Windows\system32\drivers\ifM52x32.sys [264464 2011-03-10] (Intel(R) Corporation)
S3 IFCoEVB; C:\Windows\system32\drivers\ifP52X32.sys [57616 2011-03-10] (Intel(R) Corporation)
S3 itecir; C:\Windows\system32\drivers\itecir.sys [69736 2010-07-13] (ITE Tech. Inc. )
S3 MEI; C:\Windows\system32\drivers\HECI.sys [41088 2011-03-10] (Intel Corporation)
S3 NvStUSB; C:\Windows\system32\drivers\nvstusb.sys [277312 2011-10-15] (NVIDIA Corporation)
S3 prepdrvr; C:\Windows\system32\CCM\prepdrv.sys [20848 2009-09-18] (Microsoft Corporation)
S3 risdpcie; C:\Windows\system32\drivers\risdpe86.sys [47616 2009-10-28] (REDC)
S3 rixdpcie; C:\Windows\system32\drivers\rixdpe86.sys [38912 2009-12-11] (REDC)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [123680 2013-06-08] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [33696 2013-06-08] (Sophos Limited)
R1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [31736 2013-06-08] (Sophos Plc)
S3 SNTNLUSB; C:\Windows\system32\drivers\SNTNLUSB.SYS [38376 2009-09-17] (SafeNet, Inc.)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [22536 2013-06-08] (Sophos Plc)
==================== NetSvcs (Whitelisted) ===================
NETSVC: Mvc25U870_VID_1262&PID_25FD -> No Registry Path.
NETSVC: hap17v2k -> No Registry Path.
NETSVC: DNE -> No Registry Path.
NETSVC: mstdc -> No Registry Path.
NETSVC: hpzipr12 -> No Registry Path.
NETSVC: camdrl -> No Registry Path.
NETSVC: procmon10 -> No Registry Path.
NETSVC: timounter -> No Registry Path.
==================== One Month Created Files and Folders ========
2013-06-08 17:11 - 2013-06-08 17:11 - 00000000 ____D C:\FRST
2013-06-08 16:25 - 2013-06-08 16:25 - 00000000 ____D C:\Program Files\ESET
2013-06-08 16:22 - 2013-06-08 16:44 - 00009390 ____A C:\Users\alanav\Desktop\Rkill.txt
2013-06-08 12:38 - 2013-06-08 12:38 - 00002208 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-08 12:37 - 2013-06-08 16:42 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-08 12:37 - 2013-06-08 12:42 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-08 12:37 - 2013-06-08 12:38 - 00000000 ____D C:\Users\alanav\AppData\Local\Google
2013-06-08 12:37 - 2013-06-08 12:37 - 00000000 ____D C:\Program Files\Google
2013-06-08 12:36 - 2013-06-08 12:37 - 00000000 ____D C:\Users\alanav\AppData\Local\Deployment
2013-06-08 12:36 - 2013-06-08 12:36 - 00000000 ____D C:\Users\alanav\AppData\Local\Apps\2.0
2013-06-08 12:01 - 2013-06-08 12:01 - 00000204 ____A C:\Windows\System32\SophosBootTasks.txt
2013-06-08 11:00 - 2013-06-08 11:00 - 00000000 ____D C:\Program Files\Common Files\Sophos
2013-06-08 10:49 - 2013-06-08 10:49 - 00000000 ____D C:\Program Files\Common Files\Cisco Systems
2013-06-08 10:49 - 2013-06-08 10:47 - 00030744 ____A (Sophos Limited) C:\Windows\System32\SophosBootTasks.exe
2013-06-08 10:47 - 2013-06-08 10:47 - 00123680 ____A (Sophos Limited) C:\Windows\System32\Drivers\savonaccess.sys
2013-06-08 10:47 - 2013-06-08 10:47 - 00033696 ____A (Sophos Limited) C:\Windows\System32\Drivers\sdcfilter.sys
2013-06-08 10:46 - 2013-06-08 10:46 - 00131824 ____A (Sophos Plc) C:\Windows\System32\sdccoinstaller.dll
2013-06-08 10:46 - 2013-06-08 10:46 - 00031736 ____A (Sophos Plc) C:\Windows\System32\Drivers\skmscan.sys
2013-06-08 10:45 - 2013-06-08 10:45 - 00022536 ____A (Sophos Plc) C:\Windows\System32\Drivers\SophosBootDriver.sys
2013-06-08 10:43 - 2013-06-08 10:43 - 00000000 ____D C:\Users\alanav\AppData\Roaming\Malwarebytes
2013-06-08 10:43 - 2013-06-08 10:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-08 10:43 - 2013-06-08 10:43 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-08 10:43 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-08 10:37 - 2013-06-08 10:37 - 00000000 ____D C:\Program Files\CCleaner
2013-06-08 10:31 - 2013-06-08 17:11 - 00000000 ____D C:\Users\alanav\Desktop\AntiVirus
2013-06-07 20:37 - 2013-06-07 20:37 - 00000000 ____D C:\Users\alanav\AppData\Local\Sophos
2013-06-07 20:26 - 2013-06-07 20:26 - 00000000 ____D C:\Windows\System32\searchplugins
2013-06-07 20:26 - 2013-06-07 20:26 - 00000000 ____D C:\Windows\System32\Extensions
2013-06-07 20:26 - 2013-06-07 20:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-07 20:25 - 2013-06-07 20:25 - 00000000 ____D C:\Users\alanav\AppData\Roaming\Babylon
2013-06-07 20:25 - 2013-06-07 20:25 - 00000000 ____D C:\ProgramData\Babylon
2013-06-07 20:10 - 2013-06-07 20:10 - 00000000 ____D C:\Users\alanav\AppData\Local\Adobe
==================== One Month Modified Files and Folders ========
2013-06-08 17:11 - 2013-06-08 17:11 - 00000000 ____D C:\FRST
2013-06-08 17:11 - 2013-06-08 10:31 - 00000000 ____D C:\Users\alanav\Desktop\AntiVirus
2013-06-08 17:10 - 2011-08-18 10:40 - 00780930 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-08 17:05 - 2009-07-14 05:34 - 00021088 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-08 17:05 - 2009-07-14 05:34 - 00021088 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-08 16:51 - 2012-03-01 21:07 - 00000000 ____D C:\Users\alanav\AppData\Roaming\uTorrent
2013-06-08 16:44 - 2013-06-08 16:22 - 00009390 ____A C:\Users\alanav\Desktop\Rkill.txt
2013-06-08 16:42 - 2013-06-08 12:37 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-08 16:25 - 2013-06-08 16:25 - 00000000 ____D C:\Program Files\ESET
2013-06-08 16:17 - 2012-03-01 21:10 - 00000000 ____D C:\Program Files\uTorrent
2013-06-08 16:16 - 2011-08-18 11:27 - 00023061 ____A C:\powerman.xml
2013-06-08 12:42 - 2013-06-08 12:37 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-08 12:38 - 2013-06-08 12:38 - 00002208 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-08 12:38 - 2013-06-08 12:37 - 00000000 ____D C:\Users\alanav\AppData\Local\Google
2013-06-08 12:37 - 2013-06-08 12:37 - 00000000 ____D C:\Program Files\Google
2013-06-08 12:37 - 2013-06-08 12:36 - 00000000 ____D C:\Users\alanav\AppData\Local\Deployment
2013-06-08 12:36 - 2013-06-08 12:36 - 00000000 ____D C:\Users\alanav\AppData\Local\Apps\2.0
2013-06-08 12:01 - 2013-06-08 12:01 - 00000204 ____A C:\Windows\System32\SophosBootTasks.txt
2013-06-08 12:01 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-08 11:00 - 2013-06-08 11:00 - 00000000 ____D C:\Program Files\Common Files\Sophos
2013-06-08 10:50 - 2012-02-29 12:22 - 00000000 ____D C:\ProgramData\Sophos
2013-06-08 10:49 - 2013-06-08 10:49 - 00000000 ____D C:\Program Files\Common Files\Cisco Systems
2013-06-08 10:47 - 2013-06-08 10:49 - 00030744 ____A (Sophos Limited) C:\Windows\System32\SophosBootTasks.exe
2013-06-08 10:47 - 2013-06-08 10:47 - 00123680 ____A (Sophos Limited) C:\Windows\System32\Drivers\savonaccess.sys
2013-06-08 10:47 - 2013-06-08 10:47 - 00033696 ____A (Sophos Limited) C:\Windows\System32\Drivers\sdcfilter.sys
2013-06-08 10:46 - 2013-06-08 10:46 - 00131824 ____A (Sophos Plc) C:\Windows\System32\sdccoinstaller.dll
2013-06-08 10:46 - 2013-06-08 10:46 - 00031736 ____A (Sophos Plc) C:\Windows\System32\Drivers\skmscan.sys
2013-06-08 10:45 - 2013-06-08 10:45 - 00022536 ____A (Sophos Plc) C:\Windows\System32\Drivers\SophosBootDriver.sys
2013-06-08 10:43 - 2013-06-08 10:43 - 00000000 ____D C:\Users\alanav\AppData\Roaming\Malwarebytes
2013-06-08 10:43 - 2013-06-08 10:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-08 10:43 - 2013-06-08 10:43 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-08 10:39 - 2012-02-29 12:21 - 00000000 ____D C:\Program Files\Sophos
2013-06-08 10:38 - 2011-08-18 11:27 - 00000000 ____D C:\Windows\Panther
2013-06-08 10:37 - 2013-06-08 10:37 - 00000000 ____D C:\Program Files\CCleaner
2013-06-07 23:01 - 2012-03-01 21:56 - 00000000 ____D C:\Users\alanav\Downloads\Nero 10.0 + Serials en Keygen - DivXNL-Team
2013-06-07 20:37 - 2013-06-07 20:37 - 00000000 ____D C:\Users\alanav\AppData\Local\Sophos
2013-06-07 20:26 - 2013-06-07 20:26 - 00000000 ____D C:\Windows\System32\searchplugins
2013-06-07 20:26 - 2013-06-07 20:26 - 00000000 ____D C:\Windows\System32\Extensions
2013-06-07 20:26 - 2013-06-07 20:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-07 20:25 - 2013-06-07 20:25 - 00000000 ____D C:\Users\alanav\AppData\Roaming\Babylon
2013-06-07 20:25 - 2013-06-07 20:25 - 00000000 ____D C:\ProgramData\Babylon
2013-06-07 20:10 - 2013-06-07 20:10 - 00000000 ____D C:\Users\alanav\AppData\Local\Adobe
2013-06-07 20:10 - 2012-02-29 14:58 - 00000000 ____D C:\Users\alanav\AppData\Roaming\Adobe
2013-06-07 18:58 - 2012-02-29 12:27 - 00000463 ____A C:\Windows\SMSCFG.ini
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939
C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939\@
C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939\L
C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939\U
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939
C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939\@
C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939\L
C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939\U
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
LastRegBack: 2013-06-07 23:22
==================== End Of Log ============================
==================Addition.txt===================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-06-2013
Ran by alanav at 2013-06-08 17:12:40 Run:
Running from C:\Users\alanav\Desktop\AntiVirus
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Update for Microsoft Office 2007 (KB2508958)
µTorrent (Version: 3.1.2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.26)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Apple Application Support (Version: 1.4.1)
ArchiveOne Quick Link Client (Version: 6.0.0.2400)
CCleaner (Version: 4.02)
Chime Pro (from NAL) (Version: 1.00.0000)
Chinese Simplified Fonts Support For Adobe Reader X (Version: 10.0.0)
Chinese Traditional Fonts Support For Adobe Reader X (Version: 10.0.0)
Citrix online plug-in - web (Version: 12.1.0.30)
Citrix online plug-in (DV) (Version: 12.1.0.30)
Citrix online plug-in (HDX) (Version: 12.1.0.30)
Citrix online plug-in (USB) (Version: 12.1.0.30)
Citrix online plug-in (Web) (Version: 12.1.0.30)
Configuration Manager Client (Version: 4.00.6487.2000)
Document Express DjVu Plug-in (Version: 6.1.26155)
Dummy MSI (Version: 1.0)
ESET Online Scanner v3
Google Chrome (Version: 27.0.1453.110)
Google Update Helper (Version: 1.3.21.145)
High-Definition Video Playback 10 (Version: 7.0.11400.29.0)
Japanese Fonts Support For Adobe Reader X (Version: 10.0.0)
Java(TM) 6 Update 25 (Version: 6.0.250)
Korean Fonts Support For Adobe Reader X (Version: 10.0.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Expression Encoder 4 Screen Capture Codec (Version: 4.0.1653.0)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Nero 10 Menu TemplatePack Basic (Version: 10.0.10600.6.0)
Nero 10 Movie ThemePack Basic (Version: 10.0.10600.6.0)
Nero BackItUp 10 (Version: 5.4.11600.19.100)
Nero BackItUp 10 Help (CHM) (Version: 1.0.10700)
Nero Burning ROM 10 (Version: 10.0.11100.10.100)
Nero BurningROM 10 Help (CHM) (Version: 1.0.10700)
Nero BurnRights 10 (Version: 4.0.11000.12.100)
Nero BurnRights 10 Help (CHM) (Version: 1.0.10600)
Nero Control Center 10 (Version: 10.0.12000.1.4)
Nero ControlCenter 10 Help (CHM) (Version: 1.0.10700)
Nero Core Components 10 (Version: 2.0.13700.0.1)
Nero CoverDesigner 10 (Version: 5.0.10900.11.100)
Nero CoverDesigner 10 Help (CHM) (Version: 1.0.10600)
Nero DiscCopy Gadget 10 (Version: 3.0.10700.9.100)
Nero DiscCopyGadget 10 Help (CHM) (Version: 1.0.10600)
Nero DiscSpeed 10 (Version: 6.0.10800.7.100)
Nero DiscSpeed 10 Help (CHM) (Version: 1.0.10600)
Nero Dolby Files 10 (Version: 2.0.11000.0.10)
Nero Express 10 (Version: 10.0.11000.10.100)
Nero Express 10 Help (CHM) (Version: 1.0.10700)
Nero InfoTool 10 (Version: 7.0.10800.8.100)
Nero InfoTool 10 Help (CHM) (Version: 1.0.10600)
Nero MediaHub 10 (Version: 1.0.13400.11.100)
Nero MediaHub 10 Help (CHM) (Version: 1.0.10700)
Nero Multimedia Suite 10 (Version: 10.0.13100)
Nero Recode 10 (Version: 4.6.10900.4.100)
Nero Recode 10 Help (CHM) (Version: 1.0.10600)
Nero RescueAgent 10 (Version: 3.0.10900.9.100)
Nero RescueAgent 10 Help (CHM) (Version: 1.0.10700)
Nero SoundTrax 10 (Version: 4.6.10600.2.100)
Nero SoundTrax 10 Help (CHM) (Version: 1.0.10600)
Nero StartSmart 10 (Version: 10.0.11200.12.100)
Nero StartSmart 10 Help (CHM) (Version: 1.0.10700)
Nero Update (Version: 1.0.0017)
Nero Vision 10 (Version: 7.0.11100.8.100)
Nero Vision 10 Help (CHM) (Version: 1.0.10600)
Nero WaveEditor 10 (Version: 5.6.10600.2.100)
Nero WaveEditor 10 Help (CHM) (Version: 1.0.10600)
PowerDVD (Version: 8.1)
QuickTime (Version: 7.69.80.9)
Shockwave (Version: 11)
Sophos Anti-Virus (Version: 10.0.10)
Sophos AutoUpdate (Version: 2.7.4.317)
UltraVNC (Version: 1.0.65)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
==================== Restore Points =========================
11-05-2012 13:11:00 Scheduled Checkpoint
27-05-2012 11:32:27 Scheduled Checkpoint
07-06-2013 22:29:34 Scheduled Checkpoint
08-06-2013 09:37:22 Removed Sophos AutoUpdate
08-06-2013 09:38:10 Removed Sophos Remote Management System
08-06-2013 09:38:52 Installed Sophos AutoUpdate
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/08/2013 00:10:37 PM) (Source: PerfNet) (User: )
Description:
Error: (06/08/2013 00:04:37 PM) (Source: PerfNet) (User: )
Description:
Error: (06/08/2013 00:02:32 PM) (Source: PerfNet) (User: )
Description:
Error: (06/08/2013 00:02:29 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (06/08/2013 00:01:56 PM) (Source: Sophos Anti-Virus) (User: NT AUTHORITY)
Description: Virus/spyware 'Mal/ZAccConf-A' was not removed because of errors.
Error: (06/07/2013 08:32:33 PM) (Source: Application Hang) (User: )
Description: The program Setup.exe version 2011.3.11.1355 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: d34
Start Time: 01ce63b5a6517dbc
Termination Time: 45
Application Path: C:\PROGRA~2\TARMAI~1\{C4ED7~1\Setup.exe
Report Id: fe847de3-cfa8-11e2-a873-001aa0682572
Error: (06/07/2013 08:27:39 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (06/07/2013 08:12:50 PM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of Product Certificate failed. hr=0xC004C003
Sku Id=9abf5984-9c16-46f2-ad1e-7fe15931a8dd
Error: (06/07/2013 08:12:50 PM) (Source: Software Protection Platform Service) (User: )
Description: License acquisition failure details.
hr=0xC004C003
Error: (06/07/2013 08:09:23 PM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of Product Certificate failed. hr=0xC004C003
Sku Id=9abf5984-9c16-46f2-ad1e-7fe15931a8dd
System errors:
=============
Error: (06/08/2013 04:22:15 PM) (Source: Service Control Manager) (User: )
Description: The PowerMAN Power Management Service service terminated unexpectedly. It has done this 1 time(s).
Error: (06/08/2013 04:13:11 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain LIVAD due to the following:
%%1311
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
Error: (06/08/2013 01:41:36 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891
Error: (06/08/2013 01:41:36 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891
Error: (06/08/2013 01:41:27 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (06/08/2013 01:41:24 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (06/08/2013 01:41:23 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (06/08/2013 01:41:20 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (06/08/2013 01:41:19 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
Error: (06/08/2013 00:06:47 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 47%
Total physical RAM: 3069.61 MB
Available physical RAM: 1613.87 MB
Total Pagefile: 6137.5 MB
Available Pagefile: 4625.17 MB
Total Virtual: 2047.88 MB
Available Virtual: 1890.46 MB
==================== Drives ================================
Drive c: (MWS) (Fixed) (Total:74.5 GB) (Free:48.3 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Removable) (Total:1.94 GB) (Free:0.18 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 96239623)
Partition 1: (Active) - (Size=74 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 6F727265)
Partition 1: (Not Active) - (Size=812 GB) - (Type=6C)
Partition 2: (Not Active) - (Size=259 GB) - (Type=6E)
Partition 3: (Not Active) - (Size=257 GB) - (Type=79)
Partition 4: (Not Active) - (Size=10 MB) - (Type=53)
==================== End Of Log ============================
My situation appears to be the same as that posted here ['Post system vate antivirus' removal problems - unable to download any files'].
Whilst I can follow the fixes of that thread to a point, there is a script written specifically for the user - and I don't want to screw up my machine any more than it is!
I have attached my RKill log and my Farbar Recovery Scan logs (FRST.txt & Addition.txt):
==================RKILL====================
Rkill 2.5.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 06/08/2013 10:35:46 AM in x86 mode.
Windows Version: Windows 7 Enterprise
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Windows\system32\PowerMan.exe (PID: 1688) [WD-HEUR]
* C:\Users\alanav\procmonitor\procmonitor.exe (PID: 3500) [UP-HEUR]
2 proccesses terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* ALERT: ZEROACCESS rootkit symptoms found!
* HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack]
* HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]
* C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939\U\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-137024685-2204166116-4157399963-88862\$714379b016ad7d5d38f17e35817e4939\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-137024685-2204166116-4157399963-88862\$714379b016ad7d5d38f17e35817e4939\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-137024685-2204166116-4157399963-88862\$714379b016ad7d5d38f17e35817e4939\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-137024685-2204166116-4157399963-88862\$714379b016ad7d5d38f17e35817e4939\U\ [ZA Dir]
* ALERT: ZEROACCESS Reparse Point/Junction found!
* C:\Program Files\Windows Defender\en-US => c:\windows\system32\config\ [Dir]
* C:\Program Files\Windows Defender\MpAsDesc.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpClient.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpCmdRun.exe => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpCommu.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpEvMsg.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpOAV.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpRTP.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpSvc.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MSASCui.exe => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MsMpCom.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MsMpLics.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MsMpRes.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_b56e56591cecccb4\MpEvMsg.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpAsDesc.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpClient.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpCmdRun.exe => c:\windows\system32\config [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpCommu.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpOAV.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpRTP.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpSvc.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MSASCui.exe => c:\windows\system32\config [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MsMpCom.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MsMpLics.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MsMpRes.dll => c:\windows\system32\config [File]
* Reparse Point/Junctions Found (Most likely legitimate)!
* C:\Windows\$NtUninstallKB57485$ => <Unknown Target> [Dir]
Checking Windows Service Integrity:
* DNS Client (Dnscache) is not Running.
Startup Type set to: Automatic
* Windows Update (wuauserv) is not Running.
Startup Type set to: Disabled
* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual
* BFE [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* SharedAccess [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* No issues found.
Program finished at: 06/08/2013 10:36:41 AM
Execution time: 0 hours(s), 0 minute(s), and 55 seconds(s)
==================FRST.txt===================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2013
Ran by alanav (administrator) on 08-06-2013 17:11:35
Running from C:\Users\alanav\Desktop\AntiVirus
Windows 7 Enterprise (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(UltraVNC) C:\Program Files\UltraVNC\WinVNC.exe
(Microsoft Corporation) C:\Windows\system32\CCM\CcmExec.exe
(UltraVNC) C:\Program Files\UltraVNC\WinVNC.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Nero AG) C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALMon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [128296 2008-05-23] (CyberLink Corp.)
HKLM\...\Run: [AutoGPUpdate] C:\Windows\system32\gpupdate.exe /force /wait:0 [16896 2009-07-14] (Microsoft Corporation)
HKLM\...\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart [1234216 2010-03-26] (Nero AG)
HKLM\...\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\almon.exe [900160 2013-06-08] (Sophos Limited)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess
HKCU\...\Run: [DomainLogin] C:\temp\stage2hook.bat [73 2012-02-29] ()
HKCU\...\Policies\system: [DisableChangePassword] 1
HKCU\...\Policies\system: [RunLogonScriptSync] 1
HKCU\...\Policies\system: [HideLogonScripts] 0
HKCU\...\Policies\system: [HideLogoffScripts] 0
BootExecute: autocheck autochk * SophosBootTasks
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU SearchScopes: DefaultScope {76B3B37D-57A0-4376-8616-05AF7BA591F1} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=5070001AA0682572
SearchScopes: HKCU - {76B3B37D-57A0-4376-8616-05AF7BA591F1} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 11 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 12 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 13 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 14 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 15 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 16 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 17 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 18 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 19 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 20 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 21 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 22 mswsock.dll [65024] (Microsoft Corporation)
Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google
riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U25) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Extension: (Docs) - C:\Users\alanav\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\alanav\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\alanav\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\alanav\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\alanav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
========================== Services (Whitelisted) =================
R2 CcmExec; C:\Windows\system32\CCM\CcmExec.exe [764768 2009-09-18] (Microsoft Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [490280 2010-03-25] (Nero AG)
S2 PowerMAN; C:\Windows\system32\PowerMan.exe [978944 2011-07-15] (Data Synergy UK Ltd)
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [216640 2013-06-08] (Sophos Limited)
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [139840 2013-06-08] (Sophos Limited)
S3 smstsmgr; C:\Windows\system32\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [232512 2013-06-08] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2013-06-08] (Sophos Limited)
R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2869824 2013-06-08] (Sophos Limited)
S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1459264 2013-06-08] (Sophos Limited)
R2 uvnc_service; C:\Program Files\UltraVNC\WinVNC.exe [1589704 2009-08-16] (UltraVNC)
S2 SAVCleanupService; "SAVCleanupService.exe" [x]
==================== Drivers (Whitelisted) ====================
S3 BTDriver; C:\Windows\system32\drivers\btport.sys [37160 2010-04-09] (Broadcom Corporation.)
S3 btwhid; C:\Windows\system32\drivers\btwhid.sys [56992 2010-04-09] (Broadcom Corporation.)
S3 IFCoEMP; C:\Windows\system32\drivers\ifM52x32.sys [264464 2011-03-10] (Intel(R) Corporation)
S3 IFCoEVB; C:\Windows\system32\drivers\ifP52X32.sys [57616 2011-03-10] (Intel(R) Corporation)
S3 itecir; C:\Windows\system32\drivers\itecir.sys [69736 2010-07-13] (ITE Tech. Inc. )
S3 MEI; C:\Windows\system32\drivers\HECI.sys [41088 2011-03-10] (Intel Corporation)
S3 NvStUSB; C:\Windows\system32\drivers\nvstusb.sys [277312 2011-10-15] (NVIDIA Corporation)
S3 prepdrvr; C:\Windows\system32\CCM\prepdrv.sys [20848 2009-09-18] (Microsoft Corporation)
S3 risdpcie; C:\Windows\system32\drivers\risdpe86.sys [47616 2009-10-28] (REDC)
S3 rixdpcie; C:\Windows\system32\drivers\rixdpe86.sys [38912 2009-12-11] (REDC)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [123680 2013-06-08] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [33696 2013-06-08] (Sophos Limited)
R1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [31736 2013-06-08] (Sophos Plc)
S3 SNTNLUSB; C:\Windows\system32\drivers\SNTNLUSB.SYS [38376 2009-09-17] (SafeNet, Inc.)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [22536 2013-06-08] (Sophos Plc)
==================== NetSvcs (Whitelisted) ===================
NETSVC: Mvc25U870_VID_1262&PID_25FD -> No Registry Path.
NETSVC: hap17v2k -> No Registry Path.
NETSVC: DNE -> No Registry Path.
NETSVC: mstdc -> No Registry Path.
NETSVC: hpzipr12 -> No Registry Path.
NETSVC: camdrl -> No Registry Path.
NETSVC: procmon10 -> No Registry Path.
NETSVC: timounter -> No Registry Path.
==================== One Month Created Files and Folders ========
2013-06-08 17:11 - 2013-06-08 17:11 - 00000000 ____D C:\FRST
2013-06-08 16:25 - 2013-06-08 16:25 - 00000000 ____D C:\Program Files\ESET
2013-06-08 16:22 - 2013-06-08 16:44 - 00009390 ____A C:\Users\alanav\Desktop\Rkill.txt
2013-06-08 12:38 - 2013-06-08 12:38 - 00002208 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-08 12:37 - 2013-06-08 16:42 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-08 12:37 - 2013-06-08 12:42 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-08 12:37 - 2013-06-08 12:38 - 00000000 ____D C:\Users\alanav\AppData\Local\Google
2013-06-08 12:37 - 2013-06-08 12:37 - 00000000 ____D C:\Program Files\Google
2013-06-08 12:36 - 2013-06-08 12:37 - 00000000 ____D C:\Users\alanav\AppData\Local\Deployment
2013-06-08 12:36 - 2013-06-08 12:36 - 00000000 ____D C:\Users\alanav\AppData\Local\Apps\2.0
2013-06-08 12:01 - 2013-06-08 12:01 - 00000204 ____A C:\Windows\System32\SophosBootTasks.txt
2013-06-08 11:00 - 2013-06-08 11:00 - 00000000 ____D C:\Program Files\Common Files\Sophos
2013-06-08 10:49 - 2013-06-08 10:49 - 00000000 ____D C:\Program Files\Common Files\Cisco Systems
2013-06-08 10:49 - 2013-06-08 10:47 - 00030744 ____A (Sophos Limited) C:\Windows\System32\SophosBootTasks.exe
2013-06-08 10:47 - 2013-06-08 10:47 - 00123680 ____A (Sophos Limited) C:\Windows\System32\Drivers\savonaccess.sys
2013-06-08 10:47 - 2013-06-08 10:47 - 00033696 ____A (Sophos Limited) C:\Windows\System32\Drivers\sdcfilter.sys
2013-06-08 10:46 - 2013-06-08 10:46 - 00131824 ____A (Sophos Plc) C:\Windows\System32\sdccoinstaller.dll
2013-06-08 10:46 - 2013-06-08 10:46 - 00031736 ____A (Sophos Plc) C:\Windows\System32\Drivers\skmscan.sys
2013-06-08 10:45 - 2013-06-08 10:45 - 00022536 ____A (Sophos Plc) C:\Windows\System32\Drivers\SophosBootDriver.sys
2013-06-08 10:43 - 2013-06-08 10:43 - 00000000 ____D C:\Users\alanav\AppData\Roaming\Malwarebytes
2013-06-08 10:43 - 2013-06-08 10:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-08 10:43 - 2013-06-08 10:43 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-08 10:43 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-08 10:37 - 2013-06-08 10:37 - 00000000 ____D C:\Program Files\CCleaner
2013-06-08 10:31 - 2013-06-08 17:11 - 00000000 ____D C:\Users\alanav\Desktop\AntiVirus
2013-06-07 20:37 - 2013-06-07 20:37 - 00000000 ____D C:\Users\alanav\AppData\Local\Sophos
2013-06-07 20:26 - 2013-06-07 20:26 - 00000000 ____D C:\Windows\System32\searchplugins
2013-06-07 20:26 - 2013-06-07 20:26 - 00000000 ____D C:\Windows\System32\Extensions
2013-06-07 20:26 - 2013-06-07 20:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-07 20:25 - 2013-06-07 20:25 - 00000000 ____D C:\Users\alanav\AppData\Roaming\Babylon
2013-06-07 20:25 - 2013-06-07 20:25 - 00000000 ____D C:\ProgramData\Babylon
2013-06-07 20:10 - 2013-06-07 20:10 - 00000000 ____D C:\Users\alanav\AppData\Local\Adobe
==================== One Month Modified Files and Folders ========
2013-06-08 17:11 - 2013-06-08 17:11 - 00000000 ____D C:\FRST
2013-06-08 17:11 - 2013-06-08 10:31 - 00000000 ____D C:\Users\alanav\Desktop\AntiVirus
2013-06-08 17:10 - 2011-08-18 10:40 - 00780930 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-08 17:05 - 2009-07-14 05:34 - 00021088 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-08 17:05 - 2009-07-14 05:34 - 00021088 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-08 16:51 - 2012-03-01 21:07 - 00000000 ____D C:\Users\alanav\AppData\Roaming\uTorrent
2013-06-08 16:44 - 2013-06-08 16:22 - 00009390 ____A C:\Users\alanav\Desktop\Rkill.txt
2013-06-08 16:42 - 2013-06-08 12:37 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-08 16:25 - 2013-06-08 16:25 - 00000000 ____D C:\Program Files\ESET
2013-06-08 16:17 - 2012-03-01 21:10 - 00000000 ____D C:\Program Files\uTorrent
2013-06-08 16:16 - 2011-08-18 11:27 - 00023061 ____A C:\powerman.xml
2013-06-08 12:42 - 2013-06-08 12:37 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-08 12:38 - 2013-06-08 12:38 - 00002208 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-08 12:38 - 2013-06-08 12:37 - 00000000 ____D C:\Users\alanav\AppData\Local\Google
2013-06-08 12:37 - 2013-06-08 12:37 - 00000000 ____D C:\Program Files\Google
2013-06-08 12:37 - 2013-06-08 12:36 - 00000000 ____D C:\Users\alanav\AppData\Local\Deployment
2013-06-08 12:36 - 2013-06-08 12:36 - 00000000 ____D C:\Users\alanav\AppData\Local\Apps\2.0
2013-06-08 12:01 - 2013-06-08 12:01 - 00000204 ____A C:\Windows\System32\SophosBootTasks.txt
2013-06-08 12:01 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-08 11:00 - 2013-06-08 11:00 - 00000000 ____D C:\Program Files\Common Files\Sophos
2013-06-08 10:50 - 2012-02-29 12:22 - 00000000 ____D C:\ProgramData\Sophos
2013-06-08 10:49 - 2013-06-08 10:49 - 00000000 ____D C:\Program Files\Common Files\Cisco Systems
2013-06-08 10:47 - 2013-06-08 10:49 - 00030744 ____A (Sophos Limited) C:\Windows\System32\SophosBootTasks.exe
2013-06-08 10:47 - 2013-06-08 10:47 - 00123680 ____A (Sophos Limited) C:\Windows\System32\Drivers\savonaccess.sys
2013-06-08 10:47 - 2013-06-08 10:47 - 00033696 ____A (Sophos Limited) C:\Windows\System32\Drivers\sdcfilter.sys
2013-06-08 10:46 - 2013-06-08 10:46 - 00131824 ____A (Sophos Plc) C:\Windows\System32\sdccoinstaller.dll
2013-06-08 10:46 - 2013-06-08 10:46 - 00031736 ____A (Sophos Plc) C:\Windows\System32\Drivers\skmscan.sys
2013-06-08 10:45 - 2013-06-08 10:45 - 00022536 ____A (Sophos Plc) C:\Windows\System32\Drivers\SophosBootDriver.sys
2013-06-08 10:43 - 2013-06-08 10:43 - 00000000 ____D C:\Users\alanav\AppData\Roaming\Malwarebytes
2013-06-08 10:43 - 2013-06-08 10:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-08 10:43 - 2013-06-08 10:43 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-08 10:39 - 2012-02-29 12:21 - 00000000 ____D C:\Program Files\Sophos
2013-06-08 10:38 - 2011-08-18 11:27 - 00000000 ____D C:\Windows\Panther
2013-06-08 10:37 - 2013-06-08 10:37 - 00000000 ____D C:\Program Files\CCleaner
2013-06-07 23:01 - 2012-03-01 21:56 - 00000000 ____D C:\Users\alanav\Downloads\Nero 10.0 + Serials en Keygen - DivXNL-Team
2013-06-07 20:37 - 2013-06-07 20:37 - 00000000 ____D C:\Users\alanav\AppData\Local\Sophos
2013-06-07 20:26 - 2013-06-07 20:26 - 00000000 ____D C:\Windows\System32\searchplugins
2013-06-07 20:26 - 2013-06-07 20:26 - 00000000 ____D C:\Windows\System32\Extensions
2013-06-07 20:26 - 2013-06-07 20:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-07 20:25 - 2013-06-07 20:25 - 00000000 ____D C:\Users\alanav\AppData\Roaming\Babylon
2013-06-07 20:25 - 2013-06-07 20:25 - 00000000 ____D C:\ProgramData\Babylon
2013-06-07 20:10 - 2013-06-07 20:10 - 00000000 ____D C:\Users\alanav\AppData\Local\Adobe
2013-06-07 20:10 - 2012-02-29 14:58 - 00000000 ____D C:\Users\alanav\AppData\Roaming\Adobe
2013-06-07 18:58 - 2012-02-29 12:27 - 00000463 ____A C:\Windows\SMSCFG.ini
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939
C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939\@
C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939\L
C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939\U
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939
C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939\@
C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939\L
C:\$Recycle.Bin\S-1-5-18\$714379b016ad7d5d38f17e35817e4939\U
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
LastRegBack: 2013-06-07 23:22
==================== End Of Log ============================
==================Addition.txt===================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-06-2013
Ran by alanav at 2013-06-08 17:12:40 Run:
Running from C:\Users\alanav\Desktop\AntiVirus
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Update for Microsoft Office 2007 (KB2508958)
µTorrent (Version: 3.1.2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.26)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Apple Application Support (Version: 1.4.1)
ArchiveOne Quick Link Client (Version: 6.0.0.2400)
CCleaner (Version: 4.02)
Chime Pro (from NAL) (Version: 1.00.0000)
Chinese Simplified Fonts Support For Adobe Reader X (Version: 10.0.0)
Chinese Traditional Fonts Support For Adobe Reader X (Version: 10.0.0)
Citrix online plug-in - web (Version: 12.1.0.30)
Citrix online plug-in (DV) (Version: 12.1.0.30)
Citrix online plug-in (HDX) (Version: 12.1.0.30)
Citrix online plug-in (USB) (Version: 12.1.0.30)
Citrix online plug-in (Web) (Version: 12.1.0.30)
Configuration Manager Client (Version: 4.00.6487.2000)
Document Express DjVu Plug-in (Version: 6.1.26155)
Dummy MSI (Version: 1.0)
ESET Online Scanner v3
Google Chrome (Version: 27.0.1453.110)
Google Update Helper (Version: 1.3.21.145)
High-Definition Video Playback 10 (Version: 7.0.11400.29.0)
Japanese Fonts Support For Adobe Reader X (Version: 10.0.0)
Java(TM) 6 Update 25 (Version: 6.0.250)
Korean Fonts Support For Adobe Reader X (Version: 10.0.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Expression Encoder 4 Screen Capture Codec (Version: 4.0.1653.0)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Nero 10 Menu TemplatePack Basic (Version: 10.0.10600.6.0)
Nero 10 Movie ThemePack Basic (Version: 10.0.10600.6.0)
Nero BackItUp 10 (Version: 5.4.11600.19.100)
Nero BackItUp 10 Help (CHM) (Version: 1.0.10700)
Nero Burning ROM 10 (Version: 10.0.11100.10.100)
Nero BurningROM 10 Help (CHM) (Version: 1.0.10700)
Nero BurnRights 10 (Version: 4.0.11000.12.100)
Nero BurnRights 10 Help (CHM) (Version: 1.0.10600)
Nero Control Center 10 (Version: 10.0.12000.1.4)
Nero ControlCenter 10 Help (CHM) (Version: 1.0.10700)
Nero Core Components 10 (Version: 2.0.13700.0.1)
Nero CoverDesigner 10 (Version: 5.0.10900.11.100)
Nero CoverDesigner 10 Help (CHM) (Version: 1.0.10600)
Nero DiscCopy Gadget 10 (Version: 3.0.10700.9.100)
Nero DiscCopyGadget 10 Help (CHM) (Version: 1.0.10600)
Nero DiscSpeed 10 (Version: 6.0.10800.7.100)
Nero DiscSpeed 10 Help (CHM) (Version: 1.0.10600)
Nero Dolby Files 10 (Version: 2.0.11000.0.10)
Nero Express 10 (Version: 10.0.11000.10.100)
Nero Express 10 Help (CHM) (Version: 1.0.10700)
Nero InfoTool 10 (Version: 7.0.10800.8.100)
Nero InfoTool 10 Help (CHM) (Version: 1.0.10600)
Nero MediaHub 10 (Version: 1.0.13400.11.100)
Nero MediaHub 10 Help (CHM) (Version: 1.0.10700)
Nero Multimedia Suite 10 (Version: 10.0.13100)
Nero Recode 10 (Version: 4.6.10900.4.100)
Nero Recode 10 Help (CHM) (Version: 1.0.10600)
Nero RescueAgent 10 (Version: 3.0.10900.9.100)
Nero RescueAgent 10 Help (CHM) (Version: 1.0.10700)
Nero SoundTrax 10 (Version: 4.6.10600.2.100)
Nero SoundTrax 10 Help (CHM) (Version: 1.0.10600)
Nero StartSmart 10 (Version: 10.0.11200.12.100)
Nero StartSmart 10 Help (CHM) (Version: 1.0.10700)
Nero Update (Version: 1.0.0017)
Nero Vision 10 (Version: 7.0.11100.8.100)
Nero Vision 10 Help (CHM) (Version: 1.0.10600)
Nero WaveEditor 10 (Version: 5.6.10600.2.100)
Nero WaveEditor 10 Help (CHM) (Version: 1.0.10600)
PowerDVD (Version: 8.1)
QuickTime (Version: 7.69.80.9)
Shockwave (Version: 11)
Sophos Anti-Virus (Version: 10.0.10)
Sophos AutoUpdate (Version: 2.7.4.317)
UltraVNC (Version: 1.0.65)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
==================== Restore Points =========================
11-05-2012 13:11:00 Scheduled Checkpoint
27-05-2012 11:32:27 Scheduled Checkpoint
07-06-2013 22:29:34 Scheduled Checkpoint
08-06-2013 09:37:22 Removed Sophos AutoUpdate
08-06-2013 09:38:10 Removed Sophos Remote Management System
08-06-2013 09:38:52 Installed Sophos AutoUpdate
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/08/2013 00:10:37 PM) (Source: PerfNet) (User: )
Description:
Error: (06/08/2013 00:04:37 PM) (Source: PerfNet) (User: )
Description:
Error: (06/08/2013 00:02:32 PM) (Source: PerfNet) (User: )
Description:
Error: (06/08/2013 00:02:29 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (06/08/2013 00:01:56 PM) (Source: Sophos Anti-Virus) (User: NT AUTHORITY)
Description: Virus/spyware 'Mal/ZAccConf-A' was not removed because of errors.
Error: (06/07/2013 08:32:33 PM) (Source: Application Hang) (User: )
Description: The program Setup.exe version 2011.3.11.1355 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: d34
Start Time: 01ce63b5a6517dbc
Termination Time: 45
Application Path: C:\PROGRA~2\TARMAI~1\{C4ED7~1\Setup.exe
Report Id: fe847de3-cfa8-11e2-a873-001aa0682572
Error: (06/07/2013 08:27:39 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (06/07/2013 08:12:50 PM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of Product Certificate failed. hr=0xC004C003
Sku Id=9abf5984-9c16-46f2-ad1e-7fe15931a8dd
Error: (06/07/2013 08:12:50 PM) (Source: Software Protection Platform Service) (User: )
Description: License acquisition failure details.
hr=0xC004C003
Error: (06/07/2013 08:09:23 PM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of Product Certificate failed. hr=0xC004C003
Sku Id=9abf5984-9c16-46f2-ad1e-7fe15931a8dd
System errors:
=============
Error: (06/08/2013 04:22:15 PM) (Source: Service Control Manager) (User: )
Description: The PowerMAN Power Management Service service terminated unexpectedly. It has done this 1 time(s).
Error: (06/08/2013 04:13:11 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain LIVAD due to the following:
%%1311
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
Error: (06/08/2013 01:41:36 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891
Error: (06/08/2013 01:41:36 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891
Error: (06/08/2013 01:41:27 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (06/08/2013 01:41:24 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (06/08/2013 01:41:23 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (06/08/2013 01:41:20 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (06/08/2013 01:41:19 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
Error: (06/08/2013 00:06:47 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 47%
Total physical RAM: 3069.61 MB
Available physical RAM: 1613.87 MB
Total Pagefile: 6137.5 MB
Available Pagefile: 4625.17 MB
Total Virtual: 2047.88 MB
Available Virtual: 1890.46 MB
==================== Drives ================================
Drive c: (MWS) (Fixed) (Total:74.5 GB) (Free:48.3 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Removable) (Total:1.94 GB) (Free:0.18 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 96239623)
Partition 1: (Active) - (Size=74 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 6F727265)
Partition 1: (Not Active) - (Size=812 GB) - (Type=6C)
Partition 2: (Not Active) - (Size=259 GB) - (Type=6E)
Partition 3: (Not Active) - (Size=257 GB) - (Type=79)
Partition 4: (Not Active) - (Size=10 MB) - (Type=53)
==================== End Of Log ============================
