[tefelica]

Hi guys. I cannot download any program from IE9 and from chrome too. The message is "file has a virus and is being deleted".
Also I cannot get rid of the Microsoft Security Essentials software on my computer either. It won't run, I can't uninstall it. When I try to run it a message pops up saying "windows can not access the specified device, path or file. You may not have the appropriate permissions to access them."

Please help me with this problem

[Advertisements]

Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Do you have another computer that we can use to download and transfer tools with a flash drive? If so, continue below. If not, let me know.

On the clean computer:


Download/Run Panda USB Vaccine:

Please download Panda USB Vaccine from here to the desktop of your machine.

• Right-click on USBVaccineSetup.exe and and select Run as Administrator >> follow the prompts in the installation wizard.
• At the configuration screen(settings)...
• Ensure both Run Panda USB Vaccine automatically when computer boots (/resident mode) & Automatically vaccinate any newly inserted USB key are selected >> plus NTFS support
• Now click on Next> >> ensure Launch Panda USB Vaccine is selected >> clcik on Finish.
• Insert the USB Drive in your machine...it will be automatically vaccinated(as will any USB drives connected in the future).

Note: You may uninstall Panda USB Vaccine when we have completed the Malware Removal process if you so wish. Though my advise would be to keep it installed.

Now, please download Farbar Recovery Scan Tool and save it to your flash drive.
Note: You need to run the version compatible with the infected computer. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


On the infected computer:

• Open FRST from the flash drive by double-clicking it to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[Buddierdl]

Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Do you have another computer that we can use to download and transfer tools with a flash drive? If so, continue below. If not, let me know.

On the clean computer:


Download/Run Panda USB Vaccine:

Please download Panda USB Vaccine from here to the desktop of your machine.

• Right-click on USBVaccineSetup.exe and and select Run as Administrator >> follow the prompts in the installation wizard.
• At the configuration screen(settings)...
• Ensure both Run Panda USB Vaccine automatically when computer boots (/resident mode) & Automatically vaccinate any newly inserted USB key are selected >> plus NTFS support
• Now click on Next> >> ensure Launch Panda USB Vaccine is selected >> clcik on Finish.
• Insert the USB Drive in your machine...it will be automatically vaccinated(as will any USB drives connected in the future).

Note: You may uninstall Panda USB Vaccine when we have completed the Malware Removal process if you so wish. Though my advise would be to keep it installed.

Now, please download Farbar Recovery Scan Tool and save it to your flash drive.
Note: You need to run the version compatible with the infected computer. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


On the infected computer:

• Open FRST from the flash drive by double-clicking it to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[tefelica]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-11-2013 02
Ran by Cosmin U (administrator) on COSMINU-PC on 18-11-2013 19:01:32
Running from I:\
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apache Software Foundation) D:\Programe\XAMPP\apache\bin\httpd.exe
() D:\Programe\XAMPP\mysql\bin\mysqld.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\system32\PnkBstrA.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Apache Software Foundation) D:\Programe\XAMPP\apache\bin\httpd.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Users\Cosmin U\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cosmin U\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cosmin U\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cosmin U\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cosmin U\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cosmin U\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cosmin U\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cosmin U\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cosmin U\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cosmin U\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cosmin U\AppData\Local\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe
(Google Inc.) C:\Users\Cosmin U\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10967656 2012-03-27] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] - "Cmd.exe" /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdcBase.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] ()
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [Dropbox] - C:\Users\Cosmin U\AppData\Roaming\46E48F\46E48F.exe [32592 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Cosmin U\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-01] (Google Inc.)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
MountPoints2: G - G:\Installer.exe
MountPoints2: I - I:\setup.exe
MountPoints2: {4f52e964-bfe2-11e2-88f0-6cf04919e65a} - G:\.\Setup.exe AUTORUN=1
MountPoints2: {e62a4bc5-f0b3-11df-8d85-806e6f6e6963} - G:\setup.exe
AppInit_DLLs: C:\Windows\System32\ [ ] ()
IMEO\htcsyncmanager.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
BootExecute: autocheck autochk * SmartDefragBootTime.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEF5BAC502E7FCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
URLSearchHook: HKCU - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
SearchScopes: HKLM - {D0295D2A-D6BC-40B1-9F18-D33EAA24B55D} URL = http://startsear.ch/...q={searchTerms}
SearchScopes: HKCU - {043C5167-00BB-4324-AF7E-62013FAEDACF} URL = http://vshare.toolba...Terms}&srch=dsp
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.c...q={searchTerms}
SearchScopes: HKCU - {9751D8DA-6E55-408F-B468-0A900F34E5C1} URL = http://websearch.ask...2C-5E516015EB5A
SearchScopes: HKCU - {D0295D2A-D6BC-40B1-9F18-D33EAA24B55D} URL = http://startsear.ch/...q={searchTerms}
BHO: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
Toolbar: HKCU - No Name - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Winsock: Catalog9 16 mswsock.dll File Not found ()
Winsock: Catalog9 17 mswsock.dll File Not found ()
Winsock: Catalog9 18 mswsock.dll File Not found ()
Winsock: Catalog9 19 mswsock.dll File Not found ()
Winsock: Catalog9 20 mswsock.dll File Not found ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 193.231.252.1 213.154.124.1

Chrome:
=======
CHR RestoreOnStartup: ""
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Cosmin U\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Cosmin U\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Cosmin U\AppData\Local\Google\Chrome\Application\29.0.1547.76\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (vShare.tv plug-in) - C:\Users\Cosmin U\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_1\chvsharetvplg.dll No File
CHR Plugin: (vShare.tv plug-in) - C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll (vShare.tv )
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Cosmin U\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Extension: (Dr.Web Anti-Virus Link Checker) - C:\Users\COSMIN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleggpabliehgbeagmfhnodcijcmbonb\3.4_0
CHR Extension: (Rumola - bypass CAPTCHA) - C:\Users\COSMIN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjjgbdlbgjeoankjijbmheneoekbghcg\1.0.4_0
CHR Extension: (YouTube) - C:\Users\COSMIN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Firebug Lite for Google Chrome\u2122) - C:\Users\COSMIN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0
CHR Extension: (Subway Surfers for PC) - C:\Users\COSMIN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpncgglkpfjldmpgfomdggpppnbkgoo\1.0_0
CHR Extension: (VshareComplete plugin for chrome) - C:\Users\COSMIN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0
CHR Extension: (Pixlr-o-matic) - C:\Users\COSMIN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj\1.2_0
CHR Extension: (AdBlock) - C:\Users\COSMIN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.11_0
CHR Extension: (Cut the Rope) - C:\Users\COSMIN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\16_0
CHR Extension: (Pictico \u2014 Coloring for Kids) - C:\Users\COSMIN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndkeamlgkegbmmoheplcndpopglacgf\3.0.1_0
CHR Extension: (SearchPreview) - C:\Users\COSMIN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo\3.2_0
CHR Extension: (IE Tab) - C:\Users\COSMIN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\5.8.13.1_0
CHR Extension: (Image Properties Context Menu) - C:\Users\COSMIN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon\0.7.6_0
CHR Extension: (Picozu) - C:\Users\COSMIN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajpehananomepaahgohcnmgkgmkhogf\1.1_0
CHR Extension: (Awesome New Tab Page\u2122) - C:\Users\COSMIN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg\2013.446.11_0
CHR Extension: (Google Wallet) - C:\Users\COSMIN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Fangos) - C:\Users\COSMIN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pedijpnaiabopojfjbjbmmfoggenjegg\3.2.3_0
CHR HKLM\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Cosmin U\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx
CHR HKLM\...\Chrome\Extension: [dlfienamagdnkekbbbocojppncdambda] - C:\Program Files\VshareComplete\chrome\VshareCompleteChrome.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Cosmin U\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 Apache2.4; D:\Programe\XAMPP\apache\bin\httpd.exe [22016 2012-06-06] (Apache Software Foundation)
S3 FileZillaServer; D:\Programe\XAMPP\FileZillaFTP\FileZillaServer.exe [632320 2012-05-11] (FileZilla Project)
S4 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-01-29] (Nero AG)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] ()
R2 mysql; D:\Programe\XAMPP\mysql\bin\my.ini [5819 2012-08-26] ()
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] ()
R2 NitroDriverReadSpool8; C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe [197128 2012-10-01] (Nitro PDF Software)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2012-11-25] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1699168 2012-09-19] (TuneUp Software)
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{bdb5ce38-1571-11e0-06d9-6eaf5d8425a7}\ \...\???\{bdb5ce38-1571-11e0-06d9-6eaf5d8425a7}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30360 2011-09-02] (Logitech, Inc.)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [199528 2011-12-02] (Realtek Semiconductor Corp.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2010-11-26] ()
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-09-18] (TuneUp Software)
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x]
S0 sptd; System32\Drivers\sptd.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-18 19:01 - 2013-11-18 19:01 - 00000000 ____D C:\FRST
2013-11-18 18:59 - 2013-11-18 18:59 - 00000000 ____D C:\ProgramData\Panda Security
2013-11-18 18:59 - 2013-11-18 18:59 - 00000000 ____D C:\Program Files\Panda USB Vaccine
2013-11-18 18:57 - 2013-11-18 18:54 - 00848856 _____ (Panda Security ) C:\Users\Cosmin U\Desktop\USBVaccineSetup.exe
2013-11-18 18:56 - 2013-11-18 18:56 - 00094906 _____ C:\Users\Cosmin U\Desktop\OTL.Txt
2013-10-19 13:39 - 2013-10-19 13:42 - 00001908 _____ C:\Windows\diagwrn.xml
2013-10-19 13:39 - 2013-10-19 13:42 - 00001908 _____ C:\Windows\diagerr.xml
2013-10-19 12:58 - 2013-10-18 08:41 - 11265368 _____ (Microsoft Corporation) C:\Users\Cosmin U\Desktop\mseinstall.exe
2013-10-19 12:54 - 2013-10-19 12:55 - 00000000 ____D C:\WINSSLog

==================== One Month Modified Files and Folders =======

2013-11-18 19:02 - 2011-12-01 22:12 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2140763589-1229600939-2173147066-1000UA.job
2013-11-18 19:02 - 2011-12-01 22:12 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2140763589-1229600939-2173147066-1000Core.job
2013-11-18 19:01 - 2013-11-18 19:01 - 00000000 ____D C:\FRST
2013-11-18 18:59 - 2013-11-18 18:59 - 00000000 ____D C:\ProgramData\Panda Security
2013-11-18 18:59 - 2013-11-18 18:59 - 00000000 ____D C:\Program Files\Panda USB Vaccine
2013-11-18 18:56 - 2013-11-18 18:56 - 00094906 _____ C:\Users\Cosmin U\Desktop\OTL.Txt
2013-11-18 18:54 - 2013-11-18 18:57 - 00848856 _____ (Panda Security ) C:\Users\Cosmin U\Desktop\USBVaccineSetup.exe
2013-11-18 18:52 - 2010-11-08 22:08 - 00778498 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-18 18:47 - 2009-07-14 06:34 - 00018224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-18 18:47 - 2009-07-14 06:34 - 00018224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-18 18:40 - 2013-09-25 12:41 - 00003676 _____ C:\Windows\setupact.log
2013-11-18 18:40 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-17 11:02 - 2010-11-08 15:06 - 00000000 ____D C:\Users\Cosmin U\AppData\Roaming\vlc
2013-11-17 10:38 - 2012-07-16 21:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-17 09:23 - 2010-11-08 16:17 - 00000000 ____D C:\Users\Cosmin U\AppData\Roaming\dvdcss
2013-11-05 18:13 - 2010-11-08 13:02 - 00000000 ____D C:\Users\Cosmin U\AppData\Roaming\uTorrent
2013-10-21 17:16 - 2010-11-08 22:07 - 01375361 _____ C:\Windows\WindowsUpdate.log
2013-10-21 17:09 - 2013-09-27 13:46 - 00009920 _____ C:\Windows\PFRO.log
2013-10-19 13:46 - 2011-03-16 09:55 - 00002121 _____ C:\Windows\epplauncher.mif
2013-10-19 13:46 - 2011-03-16 09:55 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-19 13:42 - 2013-10-19 13:39 - 00001908 _____ C:\Windows\diagwrn.xml
2013-10-19 13:42 - 2013-10-19 13:39 - 00001908 _____ C:\Windows\diagerr.xml
2013-10-19 13:39 - 2013-09-25 12:41 - 00000000 _____ C:\Windows\setuperr.log
2013-10-19 12:55 - 2013-10-19 12:54 - 00000000 ____D C:\WINSSLog
ZeroAccess:
C:\Users\Cosmin U\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install

Files to move or delete:
====================
C:\Users\Cosmin U\AppData\Roaming\RegFree.ini


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client


LastRegBack: 2013-11-17 09:22

==================== End Of Log ============================

[tefelica]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-11-2013 02
Ran by Cosmin U at 2013-11-18 19:02:09
Running from I:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958)
µTorrent (Version: 2.0.4)
AAA Logo Business Edition 3.10
Adobe AIR (Version: 3.2.0.2070)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Photoshop Lightroom 4.4 (Version: 4.4.1)
Adobe Reader X (10.1.8) (Version: 10.1.8)
AMD Accelerated Video Transcoding (Version: 12.5.100.21116)
AMD APP SDK Runtime (Version: 10.0.937.2)
AMD Catalyst Install Manager (Version: 8.0.877.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71116.1554)
Ask Toolbar (Version: 1.15.9.0)
Assassin's Creed ® III (Version: 1.01)
ATI AVIVO Codecs (Version: 11.6.0.10126)
AutoCorect 4.1.5
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.1116.1515.27190)
Catalyst Control Center Graphics Previews Common (Version: 2012.1116.1515.27190)
Catalyst Control Center InstallProxy (Version: 2012.1116.1515.27190)
Catalyst Control Center Localization All (Version: 2012.1116.1515.27190)
CCC Help Chinese Standard (Version: 2012.1116.1514.27190)
CCC Help Chinese Traditional (Version: 2012.1116.1514.27190)
CCC Help Czech (Version: 2012.1116.1514.27190)
CCC Help Danish (Version: 2012.1116.1514.27190)
CCC Help Dutch (Version: 2012.1116.1514.27190)
CCC Help English (Version: 2012.1116.1514.27190)
CCC Help Finnish (Version: 2012.1116.1514.27190)
CCC Help French (Version: 2012.1116.1514.27190)
CCC Help German (Version: 2012.1116.1514.27190)
CCC Help Greek (Version: 2012.1116.1514.27190)
CCC Help Hungarian (Version: 2012.1116.1514.27190)
CCC Help Italian (Version: 2012.1116.1514.27190)
CCC Help Japanese (Version: 2012.1116.1514.27190)
CCC Help Korean (Version: 2012.1116.1514.27190)
CCC Help Norwegian (Version: 2012.1116.1514.27190)
CCC Help Polish (Version: 2012.1116.1514.27190)
CCC Help Portuguese (Version: 2012.1116.1514.27190)
CCC Help Russian (Version: 2012.1116.1514.27190)
CCC Help Spanish (Version: 2012.1116.1514.27190)
CCC Help Swedish (Version: 2012.1116.1514.27190)
CCC Help Thai (Version: 2012.1116.1514.27190)
CCC Help Turkish (Version: 2012.1116.1514.27190)
ccc-utility (Version: 2012.1116.1515.27190)
D3DX10 (Version: 15.4.2368.0902)
Driver Genius Professional Edition (Version: 11.0)
Dropbox (HKCU Version: 2.0.22)
eReg (Version: 1.20.138.34)
Foxit PDF Editor (Version: 2.2.1.1102)
Free YouTube Downloader 1.00
Galerie foto Windows Live (Version: 15.4.3502.0922)
Google Chrome (HKCU Version: 29.0.1547.76)
HTC BMP USB Driver (Version: 1.0.5375)
HTC Driver Installer (Version: 4.1.0.001)
HTC Sync (Version: 3.3.7)
HTC Sync Manager (Version: 2.0.58.0)
IPTInstaller (Version: 4.0.8)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Logitech SetPoint 6.32 (Version: 6.32.20)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Expression Blend 3 SDK (Version: 1.0.1343.0)
Microsoft Expression Blend SDK for .NET 4 (Version: 2.0.20525.0)
Microsoft Expression Blend SDK for Silverlight 4 (Version: 2.0.20525.0)
Microsoft Expression Studio 4 (Version: 4.0.20525.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office FrontPage 2003 (Version: 11.0.7969.0)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Silverlight 3 SDK (Version: 3.0.40818.0)
Microsoft Silverlight 4 SDK (Version: 4.0.50401.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60816.0)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 1.00.0000)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nero 8 Micro 8.1.1.3 (Version: 8.1.1.3)
Nitro Pro 8 (Version: 8.0.3.1)
OptimizerPro (Version: 1.0)
Panda USB Vaccine 1.0.1.4
PowerISO (Version: 4.6)
PunkBuster Services (Version: 0.991)
PxMergeModule (Version: 1.00.0000)
Realtek Ethernet Controller Driver (Version: 7.56.316.2012)
Realtek HDMI Audio Driver for ATI (Version: 6.0.1.6519)
Realtek High Definition Audio Driver (Version: 6.0.1.6602)
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) (Version: 1.0.0)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (Version: 1.0.0)
Smart Defrag 2 (Version: 2.2)
SopCast 3.3.2 (Version: 3.3.2)
Sothink SWF Decompiler (Version: 4.5)
StrongDC++ 2.41 (Version: 2.41)
swMSM (Version: 12.0.0.1)
TuneUp Utilities 2013 (Version: 13.0.2020.14)
TuneUp Utilities Language Pack (en-US) (Version: 10.0.4410.11)
TuneUp Utilities Language Pack (en-US) (Version: 13.0.2020.14)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Uplay (Version: 2.0)
Veetle TV 0.9.18 (Version: 0.9.18)
Visual Studio 2005 Tools for Office Second Edition Runtime
VLC media player 2.0.8 (Version: 2.0.8)
vShare Plugin
VshareComplete
Winamp (Version: 5.622 )
Winamp Detector Plug-in (HKCU Version: 1.0.0.1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WinRAR archiver
WPF Toolkit February 2010 (Version 3.5.50211.1) (Version: 3.5.50211.1)
XAMPP 1.8.0
XHeader (Version: 1.215)
Xilisoft YouTube HD Video Converter (Version: 3.3.3.20121114)
XSitePro2 (Version: 2.501)
Yahoo! Messenger

==================== Restore Points =========================

17-10-2013 14:17:01 avast! Pro Antivirus Setup
17-10-2013 18:57:21 avast! Pro Antivirus Setup
03-11-2013 17:35:14 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-14 04:04 - 2013-10-17 16:08 - 00001939 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 125.252.224.90
127.0.0.1 125.252.224.91
127.0.0.1 hl2rcv.adobe.com


==================== Scheduled Tasks (whitelisted) =============

Task: {0FED5BD7-BA0D-412D-B3BB-0C82D6F15D81} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2140763589-1229600939-2173147066-1000UA => C:\Users\Cosmin U\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-01] (Google Inc.)
Task: {12A25A76-49B6-49E0-AA3C-2E498A331211} - System32\Tasks\PandaUSBVaccine => C:\Program Files\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {283ABB0D-24CC-48A0-A401-7D86D3B996A4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {3A4EA779-0985-468C-9FA7-06D7AC431666} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-11] (Adobe Systems Incorporated)
Task: {400B8592-2749-4ACB-92E5-75D65F4B0A3D} - System32\Tasks\AdobeAAMUpdater-1.0-CosminU-PC-Cosmin U => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {82915E67-AF24-401F-9F3D-BABD935F4CD7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2140763589-1229600939-2173147066-1000Core => C:\Users\Cosmin U\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-01] (Google Inc.)
Task: {83C0F107-56C2-47A6-BA54-211162BEFFB0} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2140763589-1229600939-2173147066-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {8ADC5B1B-BA8F-44DA-A368-667F3733156F} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
Task: {A073B13F-445F-4899-8D29-6BA3BB376C58} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {A0967CFC-6EF6-43E0-B961-D0514F062091} - System32\Tasks\wrSpySweeper_LFADC6E8AA9F441E0B40A67344D551F57 => C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
Task: {A636E17B-7B64-493B-92A0-BA6777802BC0} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2013\OneClick.exe [2012-09-19] (TuneUp Software)
Task: {AC01DDE1-F146-43BF-9B58-BDA296E8AF52} - \Google Update No Task File
Task: {AFDEDD29-31DF-4734-BE7C-7A383CFB1BBD} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] ()
Task: {C9F41E5B-889C-4770-972D-8321BC0E11F0} - System32\Tasks\Google Updater and Installer => C:\Users\Cosmin U\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-01] (Google Inc.)
Task: {CCEE59FF-B759-4068-B9D1-20AC3F5E2992} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {E2A2CCA6-4D8C-41C8-B075-B2C8EA9FD428} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-05-29] ()
Task: {F3C4E374-47E1-4A56-979B-802D176D1AEE} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2140763589-1229600939-2173147066-1000Core.job => C:\Users\Cosmin U\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2140763589-1229600939-2173147066-1000UA.job => C:\Users\Cosmin U\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-11-08 12:53 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2011-10-07 11:41 - 2011-10-07 11:41 - 00879896 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2012-11-16 14:09 - 2012-11-16 14:09 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-09-26 12:42 - 2013-09-17 05:20 - 00709584 _____ () C:\Users\Cosmin U\AppData\Local\Google\Chrome\Application\29.0.1547.76\libglesv2.dll
2013-09-26 12:42 - 2013-09-17 05:20 - 00099792 _____ () C:\Users\Cosmin U\AppData\Local\Google\Chrome\Application\29.0.1547.76\libegl.dll
2013-09-26 12:42 - 2013-09-17 05:21 - 04053456 _____ () C:\Users\Cosmin U\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll
2013-09-26 12:42 - 2013-09-17 05:21 - 00410576 _____ () C:\Users\Cosmin U\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
2013-09-26 12:42 - 2013-09-17 05:20 - 01604560 _____ () C:\Users\Cosmin U\AppData\Local\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll
2013-08-15 21:15 - 2013-08-15 21:15 - 00216576 _____ () C:\Users\Cosmin U\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\5.8.13.1_0\plugin\blackfishietab.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:140AD176
AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9
AlternateDataStreams: C:\ProgramData\TEMP:408F95E5
AlternateDataStreams: C:\ProgramData\TEMP:5520ED93
AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:ECF54A0E
AlternateDataStreams: C:\Users\Cosmin U\Downloads\pt licenta.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/17/2013 09:22:26 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/03/2013 07:29:37 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/03/2013 07:28:47 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/03/2013 07:28:07 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/03/2013 05:54:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: TuneUpUtilitiesService32.exe, version: 13.0.2020.14, time stamp: 0x505999de
Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp: 0x51db96c5
Exception code: 0xc000070a
Fault offset: 0x0009bd4f
Faulting process id: 0xf8
Faulting application start time: 0xTuneUpUtilitiesService32.exe0
Faulting application path: TuneUpUtilitiesService32.exe1
Faulting module path: TuneUpUtilitiesService32.exe2
Report Id: TuneUpUtilitiesService32.exe3

Error: (10/30/2013 08:23:47 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/30/2013 08:22:58 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/30/2013 08:22:20 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/19/2013 01:46:53 PM) (Source: Microsoft Security Client Setup) (User: CosminU-PC)
Description: HRESULT:0x80070643
Description:Cannot complete uninstall wizard. An error has prevented the Security Essentials Uninstall Wizard from continuing. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (10/19/2013 01:46:48 PM) (Source: MsiInstaller) (User: CosminU-PC)
Description: Product: Microsoft Security Client -- Error 1316. A network error occurred while attempting to read from the file: C:\Windows\Installer\epp.msi


System errors:
=============
Error: (11/18/2013 06:40:33 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (11/18/2013 06:40:33 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (11/18/2013 06:40:29 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (11/18/2013 06:40:04 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%5

Error: (11/18/2013 06:39:29 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (11/17/2013 09:05:21 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (11/17/2013 09:05:21 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (11/17/2013 09:05:15 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (11/17/2013 09:05:01 AM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%5

Error: (11/17/2013 09:04:55 AM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!


Microsoft Office Sessions:
=========================
Error: (04/17/2011 00:54:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 97 seconds with 60 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 55%
Total physical RAM: 2046.49 MB
Available physical RAM: 912.15 MB
Total Pagefile: 4092.98 MB
Available Pagefile: 2562.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1881.72 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:68.26 GB) (Free:17.35 GB) NTFS
Drive d: () (Fixed) (Total:104.43 GB) (Free:53.18 GB) NTFS
Drive e: () (Fixed) (Total:292.97 GB) (Free:132.88 GB) NTFS
Drive i: () (Removable) (Total:7.44 GB) (Free:3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 96DF96DF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=68 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=397 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[Buddierdl]

Please download the attached fixlist.txt to the same flash drive as FRST. Then run FRST again, but this time click "Fix." Post the resulting log.

Please don't try to uninstall MSE now. It has been "booby-trapped" by the infection and removing it will damage your computer. We will fix it next.

Attached Files

•  fixlist.txt   1.98KB   170 downloads

[tefelica]

Hi. I folow your steps and this is the result.





Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-11-2013 02
Ran by Cosmin U at 2013-11-19 08:15:36 Run:1
Running from I:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKCU\...\Run: [Dropbox] - C:\Users\Cosmin U\AppData\Roaming\46E48F\46E48F.exe [32592 2010-11-20] (Microsoft Corporation)
C:\Users\Cosmin U\AppData\Roaming\46E48F
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
AppInit_DLLs: C:\Windows\System32\ [ ] ()
URLSearchHook: HKCU - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
SearchScopes: HKLM - {D0295D2A-D6BC-40B1-9F18-D33EAA24B55D} URL = http://startsear.ch/...q={searchTerms}
SearchScopes: HKCU - {043C5167-00BB-4324-AF7E-62013FAEDACF} URL = http://vshare.toolba...Terms}&srch=dsp
SearchScopes: HKCU - {D0295D2A-D6BC-40B1-9F18-D33EAA24B55D} URL = http://startsear.ch/...q={searchTerms}
BHO: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
C:\Program Files\vShare
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM - vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
Toolbar: HKCU - No Name - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No File
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{bdb5ce38-1571-11e0-06d9-6eaf5d8425a7}\ \...\???\{bdb5ce38-1571-11e0-06d9-6eaf5d8425a7}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
C:\Users\Cosmin U\AppData\Local\Google\Desktop\Install
C:\Program Files\Google\Desktop\Install
cmd: netsh winsock reset

*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Dropbox => Value deleted successfully.
C:\Users\Cosmin U\AppData\Roaming\46E48F => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D0295D2A-D6BC-40B1-9F18-D33EAA24B55D} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D0295D2A-D6BC-40B1-9F18-D33EAA24B55D} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D0295D2A-D6BC-40B1-9F18-D33EAA24B55D} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D0295D2A-D6BC-40B1-9F18-D33EAA24B55D} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Key deleted successfully.
HKCR\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Key deleted successfully.
C:\Program Files\vShare => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Value deleted successfully.
HKCR\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Value deleted successfully.
HKCR\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} => Value deleted successfully.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} => Key not found.
HKCR\PROTOCOLS\Handler\vsharechrome => Key deleted successfully.
HKCR\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} => Key deleted successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000007\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
*etadpug => Service deleted successfully.
C:\Users\Cosmin U\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\Program Files\Google\Desktop\Install => Moved successfully.

========= netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


==== End of Fixlog ====

Edited by tefelica, 19 November 2013 - 12:18 AM.

[Buddierdl]

Okay. Run this new fixlist in the same way, and then let me know if MSE works again. Would you like to keep MSE, or try something different, like AVAST?

Then, please run this scan:


Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the all of the options are checked:
  
  
  
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Attached Files

•  fixlist.txt   207bytes   137 downloads

[tefelica]

Hi and thanks for help.
I don't want to keep MSE. I want to try BitDefender AV.
I will folow your steps, but after doing that can i uninstall MSE?

[Buddierdl]

Yes, run the steps above, and then we will fix your services before changing the AV. Limit internet browsing as much as possible until we get the AV situation fixed.

[tefelica]

Farbar Service Scanner Version: 10-11-2013
Ran by Cosmin U (administrator) on 19-11-2013 at 18:29:59
Running from "I:\"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Parameters\FirewallPolicy\FirewallRules" registry key. The key does not exist.

Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.

Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.



File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-08-14 15:24] - [2013-07-06 07:05] - 1293760 ____A (Microsoft Corporation) 4E8B9BE71B807B3BAEDB7F4243F85E3C

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll
[2012-12-11 22:16] - [2012-08-21 15:35] - 0163840 ____A (Microsoft Corporation) 320B13F43726EB73B2D7AE8869AFAACE

C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-14 15:24] - [2013-07-09 06:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9


ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll Reparse point on file detected.

C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

[tefelica]

I can't acces MSE after your last advice

[Buddierdl]

You forgot to run the new fixlist with FRST. I have attached it again below. Copy it to your flash drive, then run FRST and click the "Fix" button. Make sure to delete the old fixlist.txt first.

Then,


Download the ESET services repair tool, extract the file to your desktop.

• Double-click ServicesRepair.exe.
• If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed.
• Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
• A log will be saved in the CCSupport folder the tool created on your desktop, please post the content in your next reply.

Then, run Farbar's Service Scanner (FSS) again and post a fresh scan.

Attached Files

•  fixlist.txt   207bytes   182 downloads

[tefelica]

I hope it's ok now
MSE working.Can i update it?


Log Opened: 2013-11-19 @ 19:03:52
19:03:52 - -----------------
19:03:52 - | Begin Logging |
19:03:52 - -----------------
19:03:52 - Fix started on a WIN_7 X86 computer
19:03:52 - Prep in progress. Please Wait.
19:03:55 - Prep complete
19:03:55 - Repairing Services Now. Please wait...
19:03:56 - Services Repair Complete.
19:04:02 - Reboot Initiated



Farbar Service Scanner Version: 10-11-2013
Ran by Cosmin U (administrator) on 19-11-2013 at 19:08:15
Running from "I:\"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Parameters\FirewallPolicy\FirewallRules" registry key. The key does not exist.

Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.

Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.



File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-08-14 15:24] - [2013-07-06 07:05] - 1293760 ____A (Microsoft Corporation) 4E8B9BE71B807B3BAEDB7F4243F85E3C

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll
[2012-12-11 22:16] - [2012-08-21 15:35] - 0163840 ____A (Microsoft Corporation) 320B13F43726EB73B2D7AE8869AFAACE

C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-14 15:24] - [2013-07-09 06:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-11 15:48] - [2013-05-27 06:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Attached Files

•  SvcRepair.log   362bytes   163 downloads
•  FSS.txt   7.04KB   167 downloads

Edited by Buddierdl, 19 November 2013 - 11:20 AM.

[Buddierdl]

MSE working.Can i update it?

Do you mean change to BitDefender? If so, not quite yet. If you mean update the definitions, go ahead.

ESET didn't work. Let's try a different tool.

Download Windows Repair (all in one) from this site

Install the programme then run



You can skip the optional steps here:



Select only #25 Restore Important Windows Services.


Let the program run, then get a fresh FSS scan again.

[tefelica]

Farbar Service Scanner Version: 10-11-2013
Ran by Cosmin U (administrator) on 19-11-2013 at 19:50:45
Running from "I:\"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is set to Demand. The default start type is Auto.
The ImagePath of cryptsvc service is OK.
The ServiceDll of cryptsvc: "%SystemRoot%\system32\cryptsvc.dll".


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.

Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.



File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-08-14 15:24] - [2013-07-06 07:05] - 1293760 ____A (Microsoft Corporation) 4E8B9BE71B807B3BAEDB7F4243F85E3C

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll
[2012-12-11 22:16] - [2012-08-21 15:35] - 0163840 ____A (Microsoft Corporation) 320B13F43726EB73B2D7AE8869AFAACE

C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-14 15:24] - [2013-07-09 06:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-11 15:48] - [2013-05-27 06:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****