Inactive Malware Issue

Status
Not open for further replies.
MarkWayne

MarkWayne

Having Problems w/ the "random ads audio virus", and "every download is a virus" virus. Any help would be greatly appreciated. The following is a scan from the Farbar recovery tool;
The following is the scan from the farbar recovery scan tool Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by SYSTEM on 31-07-2013 20:14:01
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2012-01-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2012-01-14] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKLM\...\InprocServer32: [Default-cscui] <==== ATTENTION!
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-12-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2012-01-14] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2012-01-14] (cyberlink)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [WRSVC] - C:\Program Files\Webroot\WRSA.exe [742408 2013-07-13] (Webroot)
HKLM-x32\...\Run: [Anvi Smart Defender] - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe [1563720 2013-06-07] (Anvisoft)
HKU\Marques\...\Run: [AdobeBridge] - [x]
HKU\Marques\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\Marques\...\Policies\system: [DisableCMD] 0
HKU\Marques\...\Policies\system: [NoDispAppearancePage] 0
HKU\Marques\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Marques\...\Policies\system: [NoDispSettingsPage] 0
==================== Services (Whitelisted) =================
S2 AdblockerSrv; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [314064 2013-06-13] ()
S2 asdsrv; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [739400 2013-06-07] (Anvisoft)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-24] (CyberLink)
S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [742408 2013-07-13] (Webroot)
==================== Drivers (Whitelisted) ====================
S2 asdnet; C:\Windows\system32\DRIVERS\asdnet.sys [19280 2013-06-08] ()
S2 asdnet; C:\Windows\system32\DRIVERS\asdnet.sys [19280 2013-06-08] ()
S1 asdrm; C:\Windows\System32\DRIVERS\asdrm.sys [18768 2012-11-06] (Anvisoft)
S2 asdrs; C:\Windows\system32\DRIVERS\asdrs.sys [23376 2012-11-06] (Anvisoft)
S2 asdrs; C:\Windows\system32\DRIVERS\asdrs.sys [23376 2012-11-06] (Anvisoft)
S1 asdws; C:\Windows\System32\DRIVERS\asdws.sys [17232 2012-11-06] ()
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-12] (DT Soft Ltd)
S0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [114184 2013-07-13] (Webroot)
S0 SR;
S2 srservice;
S4 vsserv;
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-07-31 16:46 - 2013-07-31 16:46 - 00000000 ____D C:\FRST
2013-07-26 17:04 - 2013-07-31 15:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-26 17:04 - 2013-07-26 17:04 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-26 17:04 - 2013-07-26 17:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-23 19:14 - 2013-07-23 19:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Marques\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-23 18:50 - 2013-07-23 18:50 - 21041152 _____ C:\Users\Marques\Desktop\log.evtx
2013-07-23 18:50 - 2013-07-23 18:50 - 00000000 ____D C:\Users\Marques\Desktop\LocaleMetaData
2013-07-20 18:25 - 2013-07-20 18:32 - 00000000 ____D C:\Users\Marques\Downloads\[ www.UsaBit.com ] - Pacific Rim 2013 CAM XviD-THC
2013-07-20 18:25 - 2013-07-20 18:29 - 00000000 ____D C:\Users\Marques\Downloads\Despicable Me 2 2013 720p TS XviD MP3 MiLLENiUM
2013-07-20 18:24 - 2013-07-20 18:28 - 00000000 ____D C:\Users\Marques\Downloads\Superman.Man.of.Steel.2013.720p.R6.LiNE.x264.AAC-DiGiTAL
2013-07-20 18:21 - 2013-07-20 18:37 - 276939742 _____ C:\Users\Marques\Downloads\Filipina Sex Diary_March 19_TOPSIDER.avi
2013-07-20 18:15 - 2013-07-20 18:18 - 00000000 ____D C:\Users\Marques\Downloads\Squirt.Gasms.XXX.DVDRip.x264-STARLETS
2013-07-20 18:00 - 2013-07-20 18:00 - 00262144 _____ C:\Windows\Minidump\072013-27939-01.dmp
2013-07-20 11:49 - 2013-07-20 11:49 - 00001460 _____ C:\Users\Public\Desktop\Anvi AD Blocker.lnk
2013-07-20 11:48 - 2013-06-08 18:40 - 00019280 _____ C:\Windows\System32\Drivers\asdnet.sys
2013-07-18 22:46 - 2013-07-18 22:46 - 00000000 ____D C:\Users\Marques\Downloads\Amateur Swinger Party 2 (Zero Tolerance) XXX (DVDRip)
2013-07-17 22:57 - 2013-07-17 22:58 - 00000000 ____D C:\Users\Marques\Downloads\Tampa.Swingers.Party.2010.XXX.DVDRip.XviD-CiCXXX
2013-07-15 21:27 - 2013-07-15 21:27 - 00000000 ____D C:\Users\Marques\Downloads\Mary Ann
2013-07-15 12:47 - 2013-07-18 16:44 - 00000000 ____D C:\Users\Marques\AppData\Roaming\Anvisoft
2013-07-15 12:46 - 2013-07-20 11:49 - 00000000 ____D C:\ProgramData\Anvisoft
2013-07-15 12:46 - 2013-07-15 13:04 - 00001144 _____ C:\Users\Public\Desktop\Anvi Smart Defender.lnk
2013-07-15 12:46 - 2013-07-15 12:46 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2013-07-15 12:46 - 2012-11-06 23:16 - 00023376 _____ (Anvisoft) C:\Windows\System32\Drivers\asdrs.sys
2013-07-15 12:46 - 2012-11-06 23:16 - 00018768 _____ (Anvisoft) C:\Windows\System32\Drivers\asdrm.sys
2013-07-15 12:46 - 2012-11-06 23:16 - 00017232 _____ C:\Windows\System32\Drivers\asdws.sys
2013-07-15 12:44 - 2013-07-15 12:44 - 00000000 ____D C:\Users\Marques\Downloads\Anvi Smart Defender Pro v1.5 with Key [h33t][iahq76]
2013-07-15 12:01 - 2013-07-15 12:01 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-14 23:13 - 2013-07-14 23:13 - 00000000 ____D C:\Users\Marques\Downloads\Adobe Flash Player 11.8.800.94
2013-07-14 23:00 - 2013-07-14 23:00 - 00011383 _____ C:\Users\Marques\Downloads\[kickass.to]adobe.flash.player.11.8.800.94.july.2013.torrent
2013-07-14 21:31 - 2013-07-14 21:32 - 00000000 ____D C:\Users\Marques\Downloads\Kaspersky TDSSKiller 2.7.30.0 Portable[Team Nanban][TPB]
2013-07-14 20:03 - 2013-07-14 20:03 - 00000000 ____D C:\Users\Marques\Downloads\Dexter S08E03 HDTV x264-ASAP[ettv]
2013-07-14 20:01 - 2013-07-14 20:41 - 480567235 _____ C:\Users\Marques\Downloads\True.Blood.S06E05.****.the.Pain.Away.WEB-DL.x264.AAC.mp4
2013-07-13 08:56 - 2013-07-13 09:09 - 00000000 ____D C:\Users\Marques\AppData\Local\lptmp523109329
2013-07-13 08:37 - 2013-07-20 21:56 - 00151728 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2013-07-13 08:37 - 2013-07-13 08:37 - 00114184 _____ (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2013-07-13 08:37 - 2013-07-13 08:37 - 00000000 ____D C:\Program Files\Webroot
2013-07-13 08:22 - 2013-07-13 08:22 - 00007334 _____ C:\Users\Marques\Downloads\[kickass.to]webroot.secureanywhere.complete.2013.crack.karanpc.torrent
2013-07-13 07:36 - 2013-07-13 07:36 - 00262144 _____ C:\Windows\Minidump\071313-22308-01.dmp
2013-07-12 10:27 - 2013-07-13 10:32 - 00000000 ____D C:\Users\Marques\Downloads\White House Down 2013 TS x264-THC
2013-07-11 17:59 - 2013-07-13 10:32 - 00000000 ____D C:\Users\Marques\AppData\Local\lptmp102322530
2013-07-11 17:56 - 2013-07-31 15:38 - 00000000 ____D C:\ProgramData\WRData
2013-07-11 17:54 - 2013-07-13 09:52 - 00000000 ____D C:\Users\Marques\Downloads\Webroot SecureAnywhere Complete 2013 [KaranPc]
2013-07-11 14:56 - 2013-07-11 14:56 - 00000000 ____D C:\Windows\Sun
2013-07-08 11:29 - 2013-07-08 11:31 - 00000000 ____D C:\Users\Marques\Downloads\The Lone Ranger 2013 TS XViD UNiQUE
2013-07-08 11:28 - 2013-07-11 10:47 - 00000000 ____D C:\Users\Marques\Downloads\Olympus.Has.Fallen.2013.BRRip.XviD-S4A
2013-07-08 11:28 - 2013-07-11 10:47 - 00000000 ____D C:\Users\Marques\Downloads\Despicable Me 2 2013 HDCAM READNFO x264 AAC-BadMeetsEvil[rarbg]
2013-07-07 15:59 - 2013-07-07 15:59 - 00000000 ____D C:\ProgramData\BDLogging
2013-07-07 15:58 - 2013-07-07 16:01 - 00000000 ____D C:\ProgramData\Bitdefender
2013-07-07 15:58 - 2013-07-07 15:58 - 00000000 ____D C:\Users\Marques\AppData\Roaming\Bitdefender
2013-07-07 15:55 - 2013-07-07 15:55 - 00000000 ____D C:\Users\Marques\AppData\Roaming\QuickScan
2013-07-07 15:53 - 2013-07-07 15:58 - 00000000 ____D C:\Program Files\Bitdefender
2013-07-07 15:52 - 2013-07-07 15:53 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-07-04 10:46 - 2013-07-04 11:14 - 00000000 ____D C:\Users\Marques\Desktop\PARTY PICS
==================== One Month Modified Files and Folders =======
2013-07-31 16:51 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-31 16:51 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-31 16:49 - 2009-07-13 21:13 - 00727136 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-31 16:46 - 2013-07-31 16:46 - 00000000 ____D C:\FRST
2013-07-31 16:44 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-31 16:43 - 2009-07-13 20:51 - 00093684 _____ C:\Windows\setupact.log
2013-07-31 16:40 - 2012-07-14 12:41 - 00000000 ____D C:\Users\Marques\AppData\Roaming\BitTorrent
2013-07-31 15:38 - 2013-07-11 17:56 - 00000000 ____D C:\ProgramData\WRData
2013-07-31 15:30 - 2013-07-26 17:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-31 15:23 - 2011-12-26 21:31 - 00000000 ____D C:\Users\Marques\AppData\Local\CrashDumps
2013-07-31 15:23 - 2009-07-13 21:08 - 00032634 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-26 17:22 - 2011-07-18 01:56 - 00260584 _____ C:\Windows\PFRO.log
2013-07-26 17:04 - 2013-07-26 17:04 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-26 17:04 - 2013-07-26 17:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-26 16:45 - 2013-02-10 01:11 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-23 19:14 - 2013-07-23 19:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Marques\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-23 18:50 - 2013-07-23 18:50 - 21041152 _____ C:\Users\Marques\Desktop\log.evtx
2013-07-23 18:50 - 2013-07-23 18:50 - 00000000 ____D C:\Users\Marques\Desktop\LocaleMetaData
2013-07-23 14:18 - 2011-07-18 01:32 - 01724812 _____ C:\Windows\WindowsUpdate.log
2013-07-20 21:56 - 2013-07-13 08:37 - 00151728 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2013-07-20 18:37 - 2013-07-20 18:21 - 276939742 _____ C:\Users\Marques\Downloads\Filipina Sex Diary_March 19_TOPSIDER.avi
2013-07-20 18:32 - 2013-07-20 18:25 - 00000000 ____D C:\Users\Marques\Downloads\[ www.UsaBit.com ] - Pacific Rim 2013 CAM XviD-THC
2013-07-20 18:29 - 2013-07-20 18:25 - 00000000 ____D C:\Users\Marques\Downloads\Despicable Me 2 2013 720p TS XviD MP3 MiLLENiUM
2013-07-20 18:28 - 2013-07-20 18:24 - 00000000 ____D C:\Users\Marques\Downloads\Superman.Man.of.Steel.2013.720p.R6.LiNE.x264.AAC-DiGiTAL
2013-07-20 18:18 - 2013-07-20 18:15 - 00000000 ____D C:\Users\Marques\Downloads\Squirt.Gasms.XXX.DVDRip.x264-STARLETS
2013-07-20 18:00 - 2013-07-20 18:00 - 00262144 _____ C:\Windows\Minidump\072013-27939-01.dmp
2013-07-20 18:00 - 2012-06-18 14:22 - 724369041 _____ C:\Windows\MEMORY.DMP
2013-07-20 18:00 - 2012-06-18 14:22 - 00000000 ____D C:\Windows\Minidump
2013-07-20 11:49 - 2013-07-20 11:49 - 00001460 _____ C:\Users\Public\Desktop\Anvi AD Blocker.lnk
2013-07-20 11:49 - 2013-07-15 12:46 - 00000000 ____D C:\ProgramData\Anvisoft
2013-07-18 23:07 - 2012-03-20 13:50 - 00000000 ____D C:\Users\Marques\AppData\Roaming\vlc
2013-07-18 22:46 - 2013-07-18 22:46 - 00000000 ____D C:\Users\Marques\Downloads\Amateur Swinger Party 2 (Zero Tolerance) XXX (DVDRip)
2013-07-18 17:02 - 2011-12-26 19:07 - 00000000 ____D C:\users\Marques
2013-07-18 16:44 - 2013-07-15 12:47 - 00000000 ____D C:\Users\Marques\AppData\Roaming\Anvisoft
2013-07-17 22:58 - 2013-07-17 22:57 - 00000000 ____D C:\Users\Marques\Downloads\Tampa.Swingers.Party.2010.XXX.DVDRip.XviD-CiCXXX
2013-07-15 21:27 - 2013-07-15 21:27 - 00000000 ____D C:\Users\Marques\Downloads\Mary Ann
2013-07-15 13:04 - 2013-07-15 12:46 - 00001144 _____ C:\Users\Public\Desktop\Anvi Smart Defender.lnk
2013-07-15 12:46 - 2013-07-15 12:46 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2013-07-15 12:44 - 2013-07-15 12:44 - 00000000 ____D C:\Users\Marques\Downloads\Anvi Smart Defender Pro v1.5 with Key [h33t][iahq76]
2013-07-15 12:01 - 2013-07-15 12:01 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-14 23:13 - 2013-07-14 23:13 - 00000000 ____D C:\Users\Marques\Downloads\Adobe Flash Player 11.8.800.94
2013-07-14 23:00 - 2013-07-14 23:00 - 00011383 _____ C:\Users\Marques\Downloads\[kickass.to]adobe.flash.player.11.8.800.94.july.2013.torrent
2013-07-14 21:32 - 2013-07-14 21:31 - 00000000 ____D C:\Users\Marques\Downloads\Kaspersky TDSSKiller 2.7.30.0 Portable[Team Nanban][TPB]
2013-07-14 20:41 - 2013-07-14 20:01 - 480567235 _____ C:\Users\Marques\Downloads\True.Blood.S06E05.****.the.Pain.Away.WEB-DL.x264.AAC.mp4
2013-07-14 20:03 - 2013-07-14 20:03 - 00000000 ____D C:\Users\Marques\Downloads\Dexter S08E03 HDTV x264-ASAP[ettv]
2013-07-13 10:32 - 2013-07-12 10:27 - 00000000 ____D C:\Users\Marques\Downloads\White House Down 2013 TS x264-THC
2013-07-13 10:32 - 2013-07-11 17:59 - 00000000 ____D C:\Users\Marques\AppData\Local\lptmp102322530
2013-07-13 10:32 - 2012-01-02 14:26 - 00000000 ____D C:\Windows\System32\Macromed
2013-07-13 10:32 - 2011-01-10 19:51 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-13 10:32 - 2011-01-10 19:45 - 00000000 ____D C:\ProgramData\RoxioNow
2013-07-13 10:32 - 2011-01-10 19:38 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-07-13 10:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-07-13 10:29 - 2011-01-10 19:51 - 00000000 ____D C:\ProgramData\Adobe
2013-07-13 09:52 - 2013-07-11 17:54 - 00000000 ____D C:\Users\Marques\Downloads\Webroot SecureAnywhere Complete 2013 [KaranPc]
2013-07-13 09:52 - 2013-05-31 22:07 - 00000000 __SHD C:\Users\Marques\Documents\WT087372
2013-07-13 09:09 - 2013-07-13 08:56 - 00000000 ____D C:\Users\Marques\AppData\Local\lptmp523109329
2013-07-13 08:37 - 2013-07-13 08:37 - 00114184 _____ (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2013-07-13 08:37 - 2013-07-13 08:37 - 00000000 ____D C:\Program Files\Webroot
2013-07-13 08:22 - 2013-07-13 08:22 - 00007334 _____ C:\Users\Marques\Downloads\[kickass.to]webroot.secureanywhere.complete.2013.crack.karanpc.torrent
2013-07-13 07:36 - 2013-07-13 07:36 - 00262144 _____ C:\Windows\Minidump\071313-22308-01.dmp
2013-07-13 03:39 - 2013-06-21 11:49 - 00000000 ____D C:\Users\Marques\AppData\Roaming\Skype
2013-07-12 10:50 - 2012-03-29 05:29 - 00000000 ____D C:\Users\Marques\AppData\Local\Adobe
2013-07-11 14:56 - 2013-07-11 14:56 - 00000000 ____D C:\Windows\Sun
2013-07-11 11:51 - 2013-06-24 16:58 - 00000000 ____D C:\Users\Marques\Downloads\Trojan Killer v2.1.5.0 + Patch
2013-07-11 10:48 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 10:47 - 2013-07-08 11:28 - 00000000 ____D C:\Users\Marques\Downloads\Olympus.Has.Fallen.2013.BRRip.XviD-S4A
2013-07-11 10:47 - 2013-07-08 11:28 - 00000000 ____D C:\Users\Marques\Downloads\Despicable Me 2 2013 HDCAM READNFO x264 AAC-BadMeetsEvil[rarbg]
2013-07-11 06:22 - 2012-12-11 18:36 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForMarques.job
2013-07-11 06:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
2013-07-09 17:06 - 2012-12-11 18:36 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMarques
2013-07-09 17:06 - 2012-01-21 18:25 - 00000000 _____ C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-07-08 11:31 - 2013-07-08 11:29 - 00000000 ____D C:\Users\Marques\Downloads\The Lone Ranger 2013 TS XViD UNiQUE
2013-07-07 16:17 - 2013-06-22 12:58 - 00000000 ____D C:\Users\Marques\AppData\Local\WinRAR SFX
2013-07-07 16:17 - 2012-05-09 18:11 - 00000000 ____D C:\Users\Marques\AppData\Local\{2589A21F-BEEB-4500-9C7B-F0B82C907392}
2013-07-07 16:01 - 2013-07-07 15:58 - 00000000 ____D C:\ProgramData\Bitdefender
2013-07-07 15:59 - 2013-07-07 15:59 - 00000000 ____D C:\ProgramData\BDLogging
2013-07-07 15:58 - 2013-07-07 15:58 - 00000000 ____D C:\Users\Marques\AppData\Roaming\Bitdefender
2013-07-07 15:58 - 2013-07-07 15:53 - 00000000 ____D C:\Program Files\Bitdefender
2013-07-07 15:55 - 2013-07-07 15:55 - 00000000 ____D C:\Users\Marques\AppData\Roaming\QuickScan
2013-07-07 15:53 - 2013-07-07 15:52 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-07-07 15:45 - 2011-12-26 20:41 - 00000000 ____D C:\Users\Marques\AppData\Roaming\Macromedia
2013-07-04 11:14 - 2013-07-04 10:46 - 00000000 ____D C:\Users\Marques\Desktop\PARTY PICS
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2548433537-4247105570-963836067-1001\$96f3d1ab420038c7466132f7fdef6143
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$96f3d1ab420038c7466132f7fdef6143
==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-06-27 01:11:01
Restore point made on: 2013-06-28 00:00:40
Restore point made on: 2013-07-02 21:33:29
Restore point made on: 2013-07-03 20:15:47
Restore point made on: 2013-07-07 16:24:25
Restore point made on: 2013-07-11 12:42:37
Restore point made on: 2013-07-12 10:41:41
Restore point made on: 2013-07-12 10:47:59
Restore point made on: 2013-07-12 10:50:13
==================== Memory info ===========================
Percentage of memory in use: 11%
Total physical RAM: 8139.86 MB
Available physical RAM: 7225.94 MB
Total Pagefile: 8138.01 MB
Available Pagefile: 7218.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:914.48 GB) (Free:682.72 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:16.74 GB) (Free:2.07 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32 (Disk=0 Partition=4)
Drive h: () (Removable) (Total:0.97 GB) (Free:0.72 GB) FAT (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (ATTENTION: ===> MBR IS INFECTED. Use FixMbr command in Recovery Mode) (Size: 932 GB) (Disk ID: DA73E482)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=914 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
========================================================
Disk: 1 (Size: 992 MB) (Disk ID: 91F72D24)
Partition 1: (Active) - (Size=992 MB) - (Type=06)

LastRegBack: 2013-07-08 12:14
==================== End Of Log ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
Next....

Restart normally...

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 

Attachments

  • fixlist.txt
    395 bytes · Views: 1
Status
Not open for further replies.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
Nicki
Solved Must have picked up something... some COVID computer variant???
Replies
9
Views
3K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni

Latest posts

Back