[Mercu]

For the last 2 days, after I login into Windows 7 Ultimate only a white screen appears.
If a do a Ctrl+Alt+Del, I discover in Windown Task Manager a process/application called 897YTghJK99876FD. I can shut this down, and the wallpaper appears. But I have to start a new task "explorer" to see again the Windows menu, shortcuts etc. on screen. Also, I cannot change the aspect of the window borders etc., I can't see some icons in the taskbar on the right (those for Avast Internet Security and the Comodo firewall) and some files I just saved on the desktop trying to solve this, and everything runs really slow (I stopped using the computer since yesterday because of this).

I scanned the system with Emsisoft Web Malware Scan, and it only found 4 problems (cracks I tried some months back), so I guess it's not them all of a sudden making problems.
I also tried to follow the advice found here on this forum: http://www.geekstogo...n-after-log-in/
But things didn't go as smooth as with that person that Buddierdl helped so nicely. For instance:
- the FRST log shows some errors that I have no idea about;
- the "Fix" button on FRST asks for some file that I cannot generate again (I think I deleted it by accident after the first run of the program);
- running OTL took more that an hour and I had to stop it after midnight (before any successful stop of its own);
- since some of my recent files seems to be "hidden", I thought it's not wise to run OTL fix, and because of that I also didn't run in the next step AdwCleaner... and then I stopped and decided to ask your expert help.

I hope you cand help recover my system, I started using it for work and it would be just horrible to just reinstall Windows and loose everything on it right now (no backup, very stupid of me).
Thank you for your help!

Edited by Mercu, 17 September 2013 - 01:33 PM.

[Advertisements]

Hi! My name is Jasmyne and Welcome to Geeks to Go!

I'm sorry you are having issues with your computer but I will do my best to resolve them as quickly as possible. I know having an infected computer is frustrating because I was once where you are now!

Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue.

• You may want to print out these instructions, or copy them to a text file so that will have a copy in case you loose your connection to the internet during a removal process.
• Please make sure to carefully read any instruction that I give you and in perform them in the order they are posted. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask! Never be afraid to ask questions!
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
• Please note that there is no "Quick & Easy Fix" to most malware infections and we may need to use several different tools to get your system clean.
• Please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
• Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.
• Please reply within 3 days. Topics with no reply in 4 days are closed!

With that all stated, let's get started!

Most fixes are created specific to each users computer as all systems are different, as is the malware that infects them in many cases.

Can you please most the FRST log you were able to generate? Then we can work on a plan specific for your machine.

[Jasmyne]

Hi! My name is Jasmyne and Welcome to Geeks to Go!

I'm sorry you are having issues with your computer but I will do my best to resolve them as quickly as possible. I know having an infected computer is frustrating because I was once where you are now!

Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue.

• You may want to print out these instructions, or copy them to a text file so that will have a copy in case you loose your connection to the internet during a removal process.
• Please make sure to carefully read any instruction that I give you and in perform them in the order they are posted. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask! Never be afraid to ask questions!
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
• Please note that there is no "Quick & Easy Fix" to most malware infections and we may need to use several different tools to get your system clean.
• Please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
• Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.
• Please reply within 3 days. Topics with no reply in 4 days are closed!

With that all stated, let's get started!

Most fixes are created specific to each users computer as all systems are different, as is the malware that infects them in many cases.

Can you please most the FRST log you were able to generate? Then we can work on a plan specific for your machine.

[Mercu]

Hello and thanks for the very quick reply!
I read a little more on your forums and I understood that removing completely (as I need it) takes quite some time and steps, so I'm ready to follow your instructions.

First of all, an update: my Avast asked to perform a reboot and a boot scan today at first start. During that procedure it discovered and erased 2 malware, one of them \Temp\vspyla.exe and the other from one infected crack (didn't write down the name of the malware at the time since I was multitasking through the room).
As a result, probably, at the next reboot the white screen dissapeared and everything seems to be normal on the desktop (apart from the "hidden" files, I have so many files on this computer that I don't know how to be sure none of them is still hidden as a result of malware).
I am using the "sick" computer for writing these very words.

The following FRST logs have been created yesterday, before today's improvements mentioned above in the update.
If necessary, I can create a new log now, after the improvements mentioned above in the update - just let me know.

1) I first ran the program following the advice from http://www.geekstogo...n-after-log-in/ from my everyday account where the troubles showed, and it created an incomplete log:



Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 01
Ran by SYSTEM on MININT-KCMG5UA on 16-09-2013 21:47:29
Running from G:\
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [9577680 2012-11-07] (COMODO)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [3019376 2011-02-21] (VIA)
HKLM-x32\...\Run: [XFastUsb] - C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2011-10-28] (FNet Co., Ltd.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-29] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKU\Cristinel\...\Policies\system: [LogonHoursAction] 2
HKU\Cristinel\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Obisnuit\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3514176 2011-11-10] (DT Soft Ltd)
HKU\Obisnuit\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Obisnuit\...\Policies\system: [LogonHoursAction] 2
HKU\Obisnuit\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Obisnuit\...\Winlogon: [Shell] explorer.exe,C:\Users\Obisnuit\AppData\Roaming\data.dat [149520 2009-07-13] () <==== ATTENTION
AppInit_DLLs: C:\Windows\system32\guard64.dll [390392 2012-11-07] (COMODO)
AppInit_DLLs-x32: C:\Windows\SysWOW64\guard32.dll [301264 2012-11-07] (COMODO)

==================== Services (Whitelisted) =================

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-29] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-08-29] (AVAST Software)
S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2828408 2012-11-07] (COMODO)
S2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2627920 2011-03-03] (Diskeeper Corporation)
S2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-02-17] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-29] (AVAST Software)
S0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2013-07-17] (ALWIL Software)
S0 aswNdis2; C:\Windows\System32\drivers\aswNdis2.sys [270824 2013-08-29] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-29] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-29] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-29] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-29] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-29] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-29] ()
S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [584056 2012-11-07] (COMODO)
S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38144 2012-11-07] (COMODO)
S3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [44624 2011-02-13] (Diskeeper Corporation)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-11-14] (DT Soft Ltd)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2011-10-27] (FNet Co., Ltd.)
S1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [94288 2012-11-07] (COMODO)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2011-11-10] (Duplex Secure Ltd.)
S1 A2DDA; \??\C:\Users\CRISTI~1\AppData\Local\Temp\A2ONLINESCAN\a2ddax64.sys [x]
S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [x]
S5 intelide; C:\Windows\System32\Drivers\intelide.sys [16960 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-16 21:47 - 2013-09-16 21:47 - 00000000 ____D C:\FRST
2013-09-16 09:36 - 2013-09-16 09:36 - 01497198 _____ C:\Users\Cristinel\Desktop\White screen after log in [Solved] - Geeks to Go Forums.mht
2013-09-16 09:23 - 2013-09-16 09:23 - 01951150 _____ (Farbar) C:\Users\Cristinel\Desktop\FRST64.exe
2013-09-16 06:41 - 2013-09-16 06:41 - 00000000 ____D C:\Users\Cristinel\AppData\Local\Macromedia
2013-09-16 06:37 - 2013-09-16 06:37 - 00000632 __RSH C:\Users\Cristinel\ntuser.pol
2013-09-10 10:55 - 2013-09-14 12:51 - 00000000 ____D C:\Users\Cristinel\Documents\iplfilesv5
2013-09-09 10:10 - 2013-09-10 11:14 - 00000000 ____D C:\Users\Obisnuit\Documents\iplfilesv5
2013-09-09 10:09 - 2013-09-09 10:09 - 00000821 _____ C:\Users\UpdatusUser\Desktop\iploungev5.lnk
2013-09-09 10:09 - 2013-09-09 10:09 - 00000821 _____ C:\Users\Obisnuit\Desktop\iploungev5.lnk
2013-09-09 10:09 - 2013-09-09 10:09 - 00000821 _____ C:\Users\Cristinel\Desktop\iploungev5.lnk
2013-09-09 08:21 - 2013-09-09 08:21 - 00000727 _____ C:\Users\Public\Desktop\NfS Porsche 2000.lnk
2013-09-09 01:59 - 2013-08-29 23:48 - 00270824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswNdis2.sys
2013-09-09 01:59 - 2013-08-29 23:48 - 00131232 _____ (AVAST Software) C:\Windows\System32\Drivers\aswFW.sys
2013-09-09 01:59 - 2013-08-29 23:48 - 00022600 _____ (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2013-09-09 01:59 - 2013-07-17 01:17 - 00012368 _____ (ALWIL Software) C:\Windows\System32\Drivers\aswNdis.sys
2013-09-09 01:56 - 2013-09-09 01:56 - 00001922 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk

==================== One Month Modified Files and Folders =======

2013-09-16 21:47 - 2013-09-16 21:47 - 00000000 ____D C:\FRST
2013-09-16 10:41 - 2009-07-13 20:45 - 00014192 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-16 10:41 - 2009-07-13 20:45 - 00014192 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-16 10:40 - 2013-05-01 11:23 - 00014852 _____ C:\Windows\setupact.log
2013-09-16 10:40 - 2011-11-22 11:53 - 00000292 _____ C:\Windows\Tasks\AutoKMS.job
2013-09-16 10:40 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-16 10:39 - 2012-09-19 00:21 - 00000000 ____D C:\Program Files (x86)\Free Download Manager
2013-09-16 10:39 - 2012-06-19 01:40 - 01310221 _____ C:\Windows\WindowsUpdate.log
2013-09-16 10:28 - 2013-05-03 04:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-16 10:24 - 2012-09-19 00:21 - 00001071 _____ C:\Users\Cristinel\Desktop\Free Download Manager.lnk
2013-09-16 09:56 - 2011-11-30 14:11 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-16 09:36 - 2013-09-16 09:36 - 01497198 _____ C:\Users\Cristinel\Desktop\White screen after log in [Solved] - Geeks to Go Forums.mht
2013-09-16 09:24 - 2012-09-19 00:21 - 00000000 ____D C:\Users\Cristinel\AppData\Roaming\Free Download Manager
2013-09-16 09:23 - 2013-09-16 09:23 - 01951150 _____ (Farbar) C:\Users\Cristinel\Desktop\FRST64.exe
2013-09-16 08:55 - 2012-07-23 22:30 - 00000000 ____D C:\Users\Obisnuit\AppData\Roaming\Babylon
2013-09-16 08:44 - 2012-07-23 04:30 - 00000000 ____D C:\ProgramData\Babylon
2013-09-16 08:19 - 2011-11-30 14:11 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-16 06:47 - 2012-07-08 03:34 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-16 06:46 - 2011-10-27 13:13 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-16 06:41 - 2013-09-16 06:41 - 00000000 ____D C:\Users\Cristinel\AppData\Local\Macromedia
2013-09-16 06:37 - 2013-09-16 06:37 - 00000632 __RSH C:\Users\Cristinel\ntuser.pol
2013-09-16 06:37 - 2011-10-28 09:11 - 00000000 ____D C:\users\Cristinel
2013-09-15 10:11 - 2013-08-12 08:27 - 00000000 ____D C:\Users\Obisnuit\.VirtualBox
2013-09-15 02:40 - 2011-11-08 12:57 - 00006950 _____ C:\Users\Obisnuit\AppData\Roaming\mainhst.zgh
2013-09-15 00:51 - 2012-09-19 05:57 - 00000000 ____D C:\Users\Obisnuit\Documents\Chief Architect Premier X4 Data
2013-09-15 00:51 - 2012-09-19 05:57 - 00000000 ____D C:\Users\Obisnuit\AppData\Roaming\Chief Architect Premier X4
2013-09-14 12:51 - 2013-09-10 10:55 - 00000000 ____D C:\Users\Cristinel\Documents\iplfilesv5
2013-09-13 11:52 - 2011-10-27 13:57 - 00000000 ____D C:\Users\Obisnuit\AppData\Roaming\vlc
2013-09-11 13:36 - 2011-10-27 14:11 - 00000000 ____D C:\Users\Obisnuit\AppData\Roaming\uTorrent
2013-09-10 11:14 - 2013-09-09 10:10 - 00000000 ____D C:\Users\Obisnuit\Documents\iplfilesv5
2013-09-10 10:27 - 2009-07-13 21:08 - 00032626 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-09 10:09 - 2013-09-09 10:09 - 00000821 _____ C:\Users\UpdatusUser\Desktop\iploungev5.lnk
2013-09-09 10:09 - 2013-09-09 10:09 - 00000821 _____ C:\Users\Obisnuit\Desktop\iploungev5.lnk
2013-09-09 10:09 - 2013-09-09 10:09 - 00000821 _____ C:\Users\Cristinel\Desktop\iploungev5.lnk
2013-09-09 08:21 - 2013-09-09 08:21 - 00000727 _____ C:\Users\Public\Desktop\NfS Porsche 2000.lnk
2013-09-09 01:56 - 2013-09-09 01:56 - 00001922 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-08-29 23:48 - 2013-09-09 01:59 - 00270824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswNdis2.sys
2013-08-29 23:48 - 2013-09-09 01:59 - 00131232 _____ (AVAST Software) C:\Windows\System32\Drivers\aswFW.sys
2013-08-29 23:48 - 2013-09-09 01:59 - 00022600 _____ (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2013-08-29 23:48 - 2013-03-17 08:56 - 00204880 _____ C:\Windows\System32\Drivers\aswVmm.sys
2013-08-29 23:48 - 2013-03-17 08:56 - 00065336 _____ C:\Windows\System32\Drivers\aswRvrt.sys
2013-08-29 23:48 - 2012-02-26 07:09 - 00072016 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-08-29 23:48 - 2011-10-27 13:13 - 01030952 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-08-29 23:48 - 2011-10-27 13:13 - 00378944 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-08-29 23:48 - 2011-10-27 13:13 - 00080816 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-08-29 23:48 - 2011-10-27 13:13 - 00064288 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-08-29 23:48 - 2011-10-27 13:13 - 00033400 _____ (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-08-29 23:47 - 2011-10-27 13:13 - 00287840 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-08-29 23:47 - 2011-10-27 13:13 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-23 10:17 - 2012-07-03 09:15 - 00000992 _____ C:\Users\Obisnuit\Desktop\Sony Map Europe.lnk

Some content of TEMP:
====================
C:\Users\Obisnuit\AppData\Local\Temp\vspyla.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

1
Restore point made on: 2013-09-15 08:15:06

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 4078.12 MB
Available physical RAM: 3472.39 MB
Total Pagefile: 4076.27 MB
Available Pagefile: 3462.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:150 GB) (Free:93.1 GB) NTFS
Drive e: (Diverse) (Fixed) (Total:82.73 GB) (Free:2.47 GB) NTFS
Drive g: (A-DATA UFD) (Removable) (Total:1.87 GB) (Free:1.86 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: F00476FF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=83 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 04DD5721)
Partition 1: (Active) - (Size=2 GB) - (Type=0B)


LastRegBack: 2013-09-11 03:00

==================== End Of Log ============================




2) Then I ran it again as an Admin starting Windows in Safemode... and here is the complete log plus an Addition file resulted:


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 01
Ran by Cristinel (administrator) on JUGUPC on 16-09-2013 22:00:45
Running from H:\
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [9577680 2012-11-08] (COMODO)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [3019376 2011-02-22] (VIA)
HKLM-x32\...\Run: [XFastUsb] - C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2011-10-28] (FNet Co., Ltd.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKU\Obisnuit\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3514176 2011-11-10] (DT Soft Ltd)
HKU\Obisnuit\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\Obisnuit\...\Policies\system: [LogonHoursAction] 2
HKU\Obisnuit\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Obisnuit\...\Winlogon: [Shell] explorer.exe,C:\Users\Obisnuit\AppData\Roaming\data.dat [149520 2009-07-14] () <==== ATTENTION
AppInit_DLLs: C:\Windows\system32\guard64.dll [390392 2012-11-08] (COMODO)
AppInit_DLLs-x32: C:\Windows\SysWOW64\guard32.dll [301264 2012-11-08] (COMODO)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7A1339DD5F63CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {6E718D87-6909-4FCE-92D4-EDCB2F725727} file:///C:/Program%20Files%20(x86)/Netshop/VIEWERINSTALL/applications/Navigram.cab
DPF: HKLM-x32 {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.c...oft_webscan.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.137.1

FireFox:
========
FF ProfilePath: C:\Users\Cristinel\AppData\Roaming\Mozilla\Firefox\Profiles\ffisyljg.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Cristinel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Free Download Manager plugin - C:\Users\Cristinel\AppData\Roaming\Mozilla\Firefox\Profiles\ffisyljg.default\Extensions\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

==================== Services (Whitelisted) =================

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-08-30] (AVAST Software)
S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2828408 2012-11-08] (COMODO)
S2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2627920 2011-03-03] (Diskeeper Corporation)
S2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-02-17] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2013-07-17] (ALWIL Software)
R0 aswNdis2; C:\Windows\System32\drivers\aswNdis2.sys [270824 2013-08-30] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [584056 2012-11-08] (COMODO)
S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38144 2012-11-08] (COMODO)
S3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [44624 2011-02-14] (Diskeeper Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-11-14] (DT Soft Ltd)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2011-10-27] (FNet Co., Ltd.)
S1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [94288 2012-11-08] (COMODO)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2011-11-10] (Duplex Secure Ltd.)
S1 A2DDA; \??\C:\Users\CRISTI~1\AppData\Local\Temp\A2ONLINESCAN\a2ddax64.sys [x]
S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [x]
U5 intelide; C:\Windows\System32\Drivers\intelide.sys [16960 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-17 08:47 - 2013-09-17 08:47 - 00000000 ____D C:\FRST
2013-09-16 20:36 - 2013-09-16 20:36 - 01497198 _____ C:\Users\Cristinel\Desktop\White screen after log in [Solved] - Geeks to Go Forums.mht
2013-09-16 20:23 - 2013-09-16 20:23 - 01951150 _____ (Farbar) C:\Users\Cristinel\Desktop\FRST64.exe
2013-09-16 17:41 - 2013-09-16 17:41 - 00000000 ____D C:\Users\Cristinel\AppData\Local\Macromedia
2013-09-16 17:37 - 2013-09-16 17:37 - 00000632 __RSH C:\Users\Cristinel\ntuser.pol
2013-09-10 21:55 - 2013-09-14 23:51 - 00000000 ____D C:\Users\Cristinel\Documents\iplfilesv5
2013-09-09 21:10 - 2013-09-10 22:14 - 00000000 ____D C:\Users\Obisnuit\Documents\iplfilesv5
2013-09-09 21:09 - 2013-09-09 21:09 - 00000821 _____ C:\Users\UpdatusUser\Desktop\iploungev5.lnk
2013-09-09 21:09 - 2013-09-09 21:09 - 00000821 _____ C:\Users\Obisnuit\Desktop\iploungev5.lnk
2013-09-09 21:09 - 2013-09-09 21:09 - 00000821 _____ C:\Users\Cristinel\Desktop\iploungev5.lnk
2013-09-09 19:22 - 2013-09-09 19:22 - 00000000 ____D C:\Users\Obisnuit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-09 19:21 - 2013-09-09 19:21 - 00000727 _____ C:\Users\Public\Desktop\NfS Porsche 2000.lnk
2013-09-09 12:59 - 2013-08-30 10:48 - 00270824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys
2013-09-09 12:59 - 2013-08-30 10:48 - 00131232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFW.sys
2013-09-09 12:59 - 2013-08-30 10:48 - 00022600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2013-09-09 12:59 - 2013-07-17 12:17 - 00012368 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswNdis.sys
2013-09-09 12:56 - 2013-09-09 12:56 - 00001922 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk

==================== One Month Modified Files and Folders =======

2013-09-17 08:47 - 2013-09-17 08:47 - 00000000 ____D C:\FRST
2013-09-16 21:41 - 2009-07-14 07:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-16 21:41 - 2009-07-14 07:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-16 21:40 - 2013-05-01 22:23 - 00014852 _____ C:\Windows\setupact.log
2013-09-16 21:40 - 2011-11-22 22:53 - 00000292 _____ C:\Windows\Tasks\AutoKMS.job
2013-09-16 21:40 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-16 21:39 - 2012-09-19 11:21 - 00000000 ____D C:\Program Files (x86)\Free Download Manager
2013-09-16 21:39 - 2012-06-19 12:40 - 01310221 _____ C:\Windows\WindowsUpdate.log
2013-09-16 21:28 - 2013-05-03 15:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-16 21:24 - 2012-09-19 11:21 - 00001071 _____ C:\Users\Cristinel\Desktop\Free Download Manager.lnk
2013-09-16 20:56 - 2011-12-01 01:11 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-16 20:36 - 2013-09-16 20:36 - 01497198 _____ C:\Users\Cristinel\Desktop\White screen after log in [Solved] - Geeks to Go Forums.mht
2013-09-16 20:24 - 2012-09-19 11:21 - 00000000 ____D C:\Users\Cristinel\AppData\Roaming\Free Download Manager
2013-09-16 20:23 - 2013-09-16 20:23 - 01951150 _____ (Farbar) C:\Users\Cristinel\Desktop\FRST64.exe
2013-09-16 19:55 - 2012-07-24 09:30 - 00000000 ____D C:\Users\Obisnuit\AppData\Roaming\Babylon
2013-09-16 19:44 - 2012-07-23 15:30 - 00000000 ____D C:\ProgramData\Babylon
2013-09-16 19:19 - 2011-12-01 01:11 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-16 17:47 - 2012-07-08 14:34 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-16 17:46 - 2011-10-28 00:13 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-16 17:41 - 2013-09-16 17:41 - 00000000 ____D C:\Users\Cristinel\AppData\Local\Macromedia
2013-09-16 17:37 - 2013-09-16 17:37 - 00000632 __RSH C:\Users\Cristinel\ntuser.pol
2013-09-16 17:37 - 2011-10-28 20:11 - 00000000 ____D C:\Users\Cristinel
2013-09-15 21:11 - 2013-08-12 19:27 - 00000000 ____D C:\Users\Obisnuit\.VirtualBox
2013-09-15 13:40 - 2011-11-08 23:57 - 00006950 _____ C:\Users\Obisnuit\AppData\Roaming\mainhst.zgh
2013-09-15 11:51 - 2012-09-19 16:57 - 00000000 ____D C:\Users\Obisnuit\Documents\Chief Architect Premier X4 Data
2013-09-15 11:51 - 2012-09-19 16:57 - 00000000 ____D C:\Users\Obisnuit\AppData\Roaming\Chief Architect Premier X4
2013-09-14 23:51 - 2013-09-10 21:55 - 00000000 ____D C:\Users\Cristinel\Documents\iplfilesv5
2013-09-13 22:52 - 2011-10-28 00:57 - 00000000 ____D C:\Users\Obisnuit\AppData\Roaming\vlc
2013-09-12 00:36 - 2011-10-28 01:11 - 00000000 ____D C:\Users\Obisnuit\AppData\Roaming\uTorrent
2013-09-10 22:14 - 2013-09-09 21:10 - 00000000 ____D C:\Users\Obisnuit\Documents\iplfilesv5
2013-09-10 21:27 - 2009-07-14 08:08 - 00032626 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-09 21:09 - 2013-09-09 21:09 - 00000821 _____ C:\Users\UpdatusUser\Desktop\iploungev5.lnk
2013-09-09 21:09 - 2013-09-09 21:09 - 00000821 _____ C:\Users\Obisnuit\Desktop\iploungev5.lnk
2013-09-09 21:09 - 2013-09-09 21:09 - 00000821 _____ C:\Users\Cristinel\Desktop\iploungev5.lnk
2013-09-09 19:22 - 2013-09-09 19:22 - 00000000 ____D C:\Users\Obisnuit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-09 19:21 - 2013-09-09 19:21 - 00000727 _____ C:\Users\Public\Desktop\NfS Porsche 2000.lnk
2013-09-09 12:56 - 2013-09-09 12:56 - 00001922 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-08-30 10:48 - 2013-09-09 12:59 - 00270824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys
2013-08-30 10:48 - 2013-09-09 12:59 - 00131232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFW.sys
2013-08-30 10:48 - 2013-09-09 12:59 - 00022600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2013-08-30 10:48 - 2013-03-17 19:56 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-30 10:48 - 2013-03-17 19:56 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-30 10:48 - 2012-02-26 18:09 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-08-30 10:48 - 2011-10-28 00:13 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-30 10:48 - 2011-10-28 00:13 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-30 10:48 - 2011-10-28 00:13 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-30 10:48 - 2011-10-28 00:13 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-30 10:48 - 2011-10-28 00:13 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-30 10:47 - 2011-10-28 00:13 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-08-30 10:47 - 2011-10-28 00:13 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-23 21:17 - 2012-07-03 20:15 - 00000992 _____ C:\Users\Obisnuit\Desktop\Sony Map Europe.lnk

Some content of TEMP:
====================
C:\Users\Obisnuit\AppData\Local\Temp\vspyla.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 14:00

==================== End Of Log ============================





Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2013 01
Ran by Cristinel at 2013-09-16 22:01:06
Running from H:\
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Installed Programs =======================

µTorrent (x32 Version: 3.0.0)
Adobe AIR (x32 Version: 3.7.0.1530)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.169)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.169)
Adobe Reader XI (11.0.02) (x32 Version: 11.0.02)
Apple Application Support (x32 Version: 2.1.5)
Apple Software Update (x32 Version: 2.1.3.127)
Artlantis Studio 4.1.7 (Version: 4.1.7)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.35)
avast! Internet Security (x32 Version: 8.0.1497.0)
Babylon (x32)
Chess Mentor 3.0 (x32 Version: 3.0)
Chessmaster Grandmaster Edition (x32 Version: 1.00.0000)
Chief Architect Premier X3 (x32 Version: 13.2.0.0)
Chief Architect Premier X4 (64 bit) (Version: 14.3.2.0)
COMODO Internet Security (Version: 5.8.16726.2131)
DAEMON Tools Lite (x32 Version: 4.45.1.0236)
Diskeeper 2011 (Version: 15.0.951.64)
doPDF 7.3 printer
Electronic Arts Game Updater (x32)
formZ RenderZone Plus v6.5.4 (x32)
Foxit Reader (x32 Version: 5.4.3.920)
Free Download Manager 3.9.2 (x32)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google SketchUp Pro 8 (x32 Version: 3.0.4811)
Google Update Helper (x32 Version: 1.3.21.153)
iplounge V5.41 (x32)
Java Auto Updater (x32 Version: 2.0.6.1)
Java™ 6 Update 30 (x32 Version: 6.0.300)
Magic ISO Maker v5.5 (build 0281) (x32)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 1.1 (x32)
Microsoft Games for Windows - LIVE (x32 Version: 3.1.186.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.1.99.0)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Silverlight (Version: 5.0.61118.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Mozilla Firefox 15.0.1 (x86 en-US) (x32 Version: 15.0.1)
Mozilla Maintenance Service (x32 Version: 17.0.1)
Neat Image v7.2.0 Demo Standalone
Need For Speed - Porsche 2000 (x32)
NVIDIA Control Panel 306.97 (Version: 306.97)
NVIDIA Graphics Driver 306.97 (Version: 306.97)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA PhysX (x32 Version: 9.12.0604)
NVIDIA PhysX System Software 9.12.0604 (Version: 9.12.0604)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
OpenAL (x32)
Opera 12.16 (x32 Version: 12.16.1860)
Oracle VM VirtualBox 4.2.16 (Version: 4.2.16)
Platform (x32 Version: 1.36)
QuickTime (x32 Version: 7.71.80.42)
Rapture3D 2.3.22 Game (x32)
SketchyPhysics3.1 (x32)
Sokoban 3.1.2 (x32 Version: 3.1.2)
SU Podium V2 2.11.130 (x32)
Thea Render (Version: 1.2)
Twilight 1.4.5 (x32)
VIA Platform Device Manager (x32 Version: 1.36)
Virtual Pool 3 DL (x32 Version: 3.3.1.1)
VLC media player 2.0.3 (x32 Version: 2.0.3)
XFastUsb (x32)
Yahoo! Messenger (x32)
Your Uninstaller! 7 (x32 Version: 7.4.2011.10)
ZipGenius 6 (x32 Version: 6.3)

==================== Restore Points =========================

15-09-2013 16:14:59 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-14 05:34 - 2009-06-11 00:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {27ED97A8-E032-4766-9364-F67395A790FC} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {458570F0-AA29-4A4A-B061-F969D249CBEB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {4F058945-C972-4D37-9F1F-245F6271E148} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {720B16BF-89C2-4565-A48F-6A9C80FFD515} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-01] (Google Inc.)
Task: {7F74605F-7838-4852-A178-39712A9206B6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-03] (Adobe Systems Incorporated)
Task: {9513265B-5B0A-4E8D-B697-5C29A9D8E5CD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C83EE922-5933-4B2D-AEAA-34CAC58A19C9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-01] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51


==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: aswVmm
Description: aswVmm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: sptd
Description: sptd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: sptd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: aswRvrt
Description: aswRvrt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/16/2013 07:19:32 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16385, time stamp: 0x4a5bc9bb
Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdfe0
Exception code: 0xe06d7363
Fault offset: 0x000000000000aa7d
Faulting process id: 0xa9c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (09/15/2013 11:22:32 AM) (Source: Application Error) (User: )
Description: Faulting application name: Porsche.exe, version: 0.0.0.0, time stamp: 0x393c2e8f
Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdbdf
Exception code: 0xe06d7363
Fault offset: 0x0000b727
Faulting process id: 0xed0
Faulting application start time: 0xPorsche.exe0
Faulting application path: Porsche.exe1
Faulting module path: Porsche.exe2
Report Id: Porsche.exe3

Error: (09/15/2013 11:22:29 AM) (Source: Application Error) (User: )
Description: Faulting application name: Porsche.exe, version: 0.0.0.0, time stamp: 0x393c2e8f
Faulting module name: dx7z.DLL, version: 8192.3.1.6482, time stamp: 0x38bde56c
Exception code: 0xc0000005
Fault offset: 0x0001473e
Faulting process id: 0xed0
Faulting application start time: 0xPorsche.exe0
Faulting application path: Porsche.exe1
Faulting module path: Porsche.exe2
Report Id: Porsche.exe3

Error: (09/11/2013 10:28:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: Porsche.exe, version: 0.0.0.0, time stamp: 0x393c2e8f
Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdbdf
Exception code: 0xe06d7363
Fault offset: 0x0000b727
Faulting process id: 0x1bd8
Faulting application start time: 0xPorsche.exe0
Faulting application path: Porsche.exe1
Faulting module path: Porsche.exe2
Report Id: Porsche.exe3

Error: (09/11/2013 10:28:49 PM) (Source: Application Error) (User: )
Description: Faulting application name: Porsche.exe, version: 0.0.0.0, time stamp: 0x393c2e8f
Faulting module name: dx7z.DLL, version: 8192.3.1.6482, time stamp: 0x38bde56c
Exception code: 0xc0000005
Fault offset: 0x0001473e
Faulting process id: 0x1bd8
Faulting application start time: 0xPorsche.exe0
Faulting application path: Porsche.exe1
Faulting module path: Porsche.exe2
Report Id: Porsche.exe3

Error: (09/10/2013 11:35:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time stamp: 0x4a5bced5
Faulting module name: VIASysFx.dll, version: 1.0.0.0, time stamp: 0x4d5cecdf
Exception code: 0xc0000005
Fault offset: 0x0000000000059c7d
Faulting process id: 0x444
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3

Error: (08/05/2013 05:22:18 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT). hr = 0x8007045b, A system shutdown is in progress.
.

Error: (08/03/2013 03:32:37 PM) (Source: Application Hang) (User: )
Description: The program Heroes3.exe version 4.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1258

Start Time: 01ce90403b027adf

Termination Time: 28

Application Path: C:\Users\Obisnuit\AppData\Local\Temp\RarSFX0\Heroes3.exe

Report Id:

Error: (08/03/2013 02:41:41 PM) (Source: Application Hang) (User: )
Description: The program Heroes3.exe version 4.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fa8

Start Time: 01ce9037544629b8

Termination Time: 20

Application Path: C:\Users\Obisnuit\AppData\Local\Temp\RarSFX0\Heroes3.exe

Report Id:

Error: (08/02/2013 08:45:25 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (09/16/2013 10:00:23 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (09/16/2013 10:00:12 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/16/2013 09:58:05 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
aswFW
aswRdr
aswRvrt
aswSnx
aswSP
aswTdi
aswVmm
cmdGuard
cmdHlp
CSC
DfsC
discache
inspect
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
sptd
tdx
VBoxDrv
VBoxUSBMon
Wanarpv6
WfpLwf

Error: (09/16/2013 09:58:05 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:
%%1068

Error: (09/16/2013 09:58:05 PM) (Source: Service Control Manager) (User: )
Description: The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:
%%1068

Error: (09/16/2013 09:58:05 PM) (Source: Service Control Manager) (User: )
Description: The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:
%%1068

Error: (09/16/2013 09:58:05 PM) (Source: Service Control Manager) (User: )
Description: The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:
%%31

Error: (09/16/2013 09:58:05 PM) (Source: Service Control Manager) (User: )
Description: The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:
%%1068

Error: (09/16/2013 09:58:05 PM) (Source: Service Control Manager) (User: )
Description: The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:
%%1068

Error: (09/16/2013 09:58:05 PM) (Source: Service Control Manager) (User: )
Description: The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:
%%31


Microsoft Office Sessions:
=========================
Error: (09/16/2013 07:19:32 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7600.163854a5bc9bbKERNELBASE.dll6.1.7600.163854a5bdfe0e06d7363000000000000aa7da9c01ceb2f87fb43b4fC:\Windows\Explorer.EXEC:\Windows\system32\KERNELBASE.dllc444348c-1eeb-11e3-b42e-002522c1aef7

Error: (09/15/2013 11:22:32 AM) (Source: Application Error)(User: )
Description: Porsche.exe0.0.0.0393c2e8fKERNELBASE.dll6.1.7600.163854a5bdbdfe06d73630000b727ed001ceb1e4eb948904D:\Cristi\NfS Porsche 2000\Porsche.exeC:\Windows\syswow64\KERNELBASE.dllf7235f4c-1ddf-11e3-bb34-002522c1aef7

Error: (09/15/2013 11:22:29 AM) (Source: Application Error)(User: )
Description: Porsche.exe0.0.0.0393c2e8fdx7z.DLL8192.3.1.648238bde56cc00000050001473eed001ceb1e4eb948904D:\Cristi\NfS Porsche 2000\Porsche.exeD:\Cristi\NfS Porsche 2000\drivers\dx7z.DLLf590ab76-1ddf-11e3-bb34-002522c1aef7

Error: (09/11/2013 10:28:54 PM) (Source: Application Error)(User: )
Description: Porsche.exe0.0.0.0393c2e8fKERNELBASE.dll6.1.7600.163854a5bdbdfe06d73630000b7271bd801ceaf230370ef3dD:\Cristi\NfS Porsche 2000\Porsche.exeC:\Windows\syswow64\KERNELBASE.dll64add896-1b18-11e3-b1cf-002522c1aef7

Error: (09/11/2013 10:28:49 PM) (Source: Application Error)(User: )
Description: Porsche.exe0.0.0.0393c2e8fdx7z.DLL8192.3.1.648238bde56cc00000050001473e1bd801ceaf230370ef3dD:\Cristi\NfS Porsche 2000\Porsche.exeD:\Cristi\NfS Porsche 2000\drivers\dx7z.DLL61fb3199-1b18-11e3-b1cf-002522c1aef7

Error: (09/10/2013 11:35:57 PM) (Source: Application Error)(User: )
Description: AUDIODG.EXE6.1.7600.163854a5bced5VIASysFx.dll1.0.0.04d5cecdfc00000050000000000059c7d44401ceae53669fb4fbC:\Windows\system32\AUDIODG.EXEC:\Windows\system32\VIASysFx.dll980f5dd6-1a58-11e3-b48d-002522c1aef7

Error: (08/05/2013 05:22:18 PM) (Source: VSS)(User: )
Description: OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT)0x8007045b, A system shutdown is in progress.

Error: (08/03/2013 03:32:37 PM) (Source: Application Hang)(User: )
Description: Heroes3.exe4.0.0.0125801ce90403b027adf28C:\Users\Obisnuit\AppData\Local\Temp\RarSFX0\Heroes3.exe

Error: (08/03/2013 02:41:41 PM) (Source: Application Hang)(User: )
Description: Heroes3.exe4.0.0.0fa801ce9037544629b820C:\Users\Obisnuit\AppData\Local\Temp\RarSFX0\Heroes3.exe

Error: (08/02/2013 08:45:25 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\formZ Folder\formZ Application 7.2\Plugins\ffmt\Tdm.fzp


==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 4078.69 MB
Available physical RAM: 3130.58 MB
Total Pagefile: 8155.53 MB
Available Pagefile: 7208.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:150 GB) (Free:93.09 GB) NTFS
Drive d: (Diverse) (Fixed) (Total:82.73 GB) (Free:2.47 GB) NTFS
Drive h: (A-DATA UFD) (Removable) (Total:1.87 GB) (Free:1.86 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: F00476FF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=83 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 04DD5721)
Partition 1: (Active) - (Size=2 GB) - (Type=0B)

==================== End Of Log ============================

Edited by Mercu, 18 September 2013 - 05:46 AM.

[Jasmyne]

Hello and thanks for the very quick reply!
I read a little more on your forums and I understood that removing completely (as I need it) takes quite some time and steps, so I'm ready to follow your instructions.

You're welcome! Since changes have been made to the system since those logs and you can now boot in normal mode, let's get a fresh look at things to see what is left.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

[Mercu]

Hello!

FRST64 running from desktop, here are the fresh log and addition.
I'm surprised: there are so many errors indicated! I wouldn't have guessed so many thing go wrong underneath, can they be solved?


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 03
Ran by Cristinel (administrator) on JUGUPC on 18-09-2013 18:48:37
Running from C:\Users\Obisnuit\Desktop
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [9577680 2012-11-08] (COMODO)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [3019376 2011-02-22] (VIA)
HKLM-x32\...\Run: [XFastUsb] - C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2011-10-28] (FNet Co., Ltd.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
AppInit_DLLs: C:\Windows\system32\guard64.dll [390392 2012-11-08] (COMODO)
AppInit_DLLs-x32: C:\Windows\SysWOW64\guard32.dll [301264 2012-11-08] (COMODO)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7A1339DD5F63CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {6E718D87-6909-4FCE-92D4-EDCB2F725727} file:///C:/Program%20Files%20(x86)/Netshop/VIEWERINSTALL/applications/Navigram.cab
DPF: HKLM-x32 {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.c...oft_webscan.cab
Tcpip\..\Interfaces\{E6370F74-4A78-471F-99BA-486D7E7240DA}: [NameServer]213.154.124.1 193.231.252.1

FireFox:
========
FF ProfilePath: C:\Users\Cristinel\AppData\Roaming\Mozilla\Firefox\Profiles\ffisyljg.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Cristinel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Free Download Manager plugin - C:\Users\Cristinel\AppData\Roaming\Mozilla\Firefox\Profiles\ffisyljg.default\Extensions\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-08-30] (AVAST Software)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2828408 2012-11-08] (COMODO)
R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2627920 2011-03-03] (Diskeeper Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-02-17] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2013-07-17] (ALWIL Software)
R0 aswNdis2; C:\Windows\System32\drivers\aswNdis2.sys [270824 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [584056 2012-11-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38144 2012-11-08] (COMODO)
R3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [44624 2011-02-14] (Diskeeper Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-11-14] (DT Soft Ltd)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2011-10-27] (FNet Co., Ltd.)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [94288 2012-11-08] (COMODO)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2011-11-10] ()
U3 artq0r3m; C:\Windows\System32\Drivers\artq0r3m.sys [0 ] (Advanced Micro Devices)
S1 A2DDA; \??\C:\Users\CRISTI~1\AppData\Local\Temp\A2ONLINESCAN\a2ddax64.sys [x]
S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [x]
U5 intelide; C:\Windows\System32\Drivers\intelide.sys [16960 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-18 18:42 - 2013-09-18 18:42 - 01950524 _____ (Farbar) C:\Users\Obisnuit\Desktop\FRST64.exe
2013-09-18 11:43 - 2013-09-18 11:43 - 00001146 _____ C:\Users\Obisnuit\Desktop\q10 portabil.lnk
2013-09-17 21:37 - 2013-09-17 21:37 - 00000512 _____ C:\Users\Cristinel\Desktop\MBR.dat
2013-09-17 21:28 - 2013-09-16 21:28 - 04745728 _____ (AVAST Software) C:\Users\Obisnuit\Desktop\aswMBR.exe
2013-09-17 08:47 - 2013-09-17 08:47 - 00000000 ____D C:\FRST
2013-09-16 23:15 - 2013-09-16 21:24 - 00602112 _____ (OldTimer Tools) C:\Users\Obisnuit\Desktop\OTL.exe
2013-09-16 20:36 - 2013-09-16 20:36 - 01497198 _____ C:\Users\Cristinel\Desktop\White screen after log in [Solved] - Geeks to Go Forums.mht
2013-09-16 20:23 - 2013-09-16 20:23 - 01951150 _____ (Farbar) C:\Users\Cristinel\Desktop\FRST64.exe
2013-09-16 17:41 - 2013-09-16 17:41 - 00000000 ____D C:\Users\Cristinel\AppData\Local\Macromedia
2013-09-16 17:37 - 2013-09-16 17:37 - 00000632 __RSH C:\Users\Cristinel\ntuser.pol
2013-09-10 21:55 - 2013-09-14 23:51 - 00000000 ____D C:\Users\Cristinel\Documents\iplfilesv5
2013-09-09 21:10 - 2013-09-10 22:14 - 00000000 ____D C:\Users\Obisnuit\Documents\iplfilesv5
2013-09-09 21:09 - 2013-09-09 21:09 - 00000821 _____ C:\Users\UpdatusUser\Desktop\iploungev5.lnk
2013-09-09 21:09 - 2013-09-09 21:09 - 00000821 _____ C:\Users\Obisnuit\Desktop\iploungev5.lnk
2013-09-09 21:09 - 2013-09-09 21:09 - 00000821 _____ C:\Users\Cristinel\Desktop\iploungev5.lnk
2013-09-09 19:22 - 2013-09-09 19:22 - 00000000 ____D C:\Users\Obisnuit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-09 19:21 - 2013-09-09 19:21 - 00000727 _____ C:\Users\Public\Desktop\NfS Porsche 2000.lnk
2013-09-09 12:59 - 2013-08-30 10:48 - 00270824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys
2013-09-09 12:59 - 2013-08-30 10:48 - 00131232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFW.sys
2013-09-09 12:59 - 2013-08-30 10:48 - 00022600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2013-09-09 12:59 - 2013-07-17 12:17 - 00012368 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswNdis.sys
2013-09-09 12:56 - 2013-09-09 12:56 - 00001922 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk

==================== One Month Modified Files and Folders =======

2013-09-18 18:43 - 2011-10-28 20:11 - 00000000 ____D C:\Users\Cristinel
2013-09-18 18:42 - 2013-09-18 18:42 - 01950524 _____ (Farbar) C:\Users\Obisnuit\Desktop\FRST64.exe
2013-09-18 18:36 - 2011-10-28 01:11 - 00000000 ____D C:\Users\Obisnuit\AppData\Roaming\uTorrent
2013-09-18 18:31 - 2009-07-14 07:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-18 18:31 - 2009-07-14 07:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-18 18:29 - 2012-06-19 12:40 - 01328781 _____ C:\Windows\WindowsUpdate.log
2013-09-18 18:28 - 2013-05-03 15:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-18 18:26 - 2013-05-01 22:23 - 00015188 _____ C:\Windows\setupact.log
2013-09-18 18:26 - 2011-12-01 01:11 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-18 18:26 - 2011-11-22 22:53 - 00000292 _____ C:\Windows\Tasks\AutoKMS.job
2013-09-18 18:26 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-18 14:56 - 2011-12-01 01:11 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-18 11:43 - 2013-09-18 11:43 - 00001146 _____ C:\Users\Obisnuit\Desktop\q10 portabil.lnk
2013-09-18 10:58 - 2012-07-08 14:34 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-18 10:58 - 2011-10-28 00:13 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-17 21:37 - 2013-09-17 21:37 - 00000512 _____ C:\Users\Cristinel\Desktop\MBR.dat
2013-09-17 08:47 - 2013-09-17 08:47 - 00000000 ____D C:\FRST
2013-09-16 21:39 - 2012-09-19 11:21 - 00000000 ____D C:\Program Files (x86)\Free Download Manager
2013-09-16 21:28 - 2013-09-17 21:28 - 04745728 _____ (AVAST Software) C:\Users\Obisnuit\Desktop\aswMBR.exe
2013-09-16 21:24 - 2013-09-16 23:15 - 00602112 _____ (OldTimer Tools) C:\Users\Obisnuit\Desktop\OTL.exe
2013-09-16 21:24 - 2012-09-19 11:21 - 00001071 _____ C:\Users\Cristinel\Desktop\Free Download Manager.lnk
2013-09-16 20:36 - 2013-09-16 20:36 - 01497198 _____ C:\Users\Cristinel\Desktop\White screen after log in [Solved] - Geeks to Go Forums.mht
2013-09-16 20:24 - 2012-09-19 11:21 - 00000000 ____D C:\Users\Cristinel\AppData\Roaming\Free Download Manager
2013-09-16 20:23 - 2013-09-16 20:23 - 01951150 _____ (Farbar) C:\Users\Cristinel\Desktop\FRST64.exe
2013-09-16 19:55 - 2012-07-24 09:30 - 00000000 ____D C:\Users\Obisnuit\AppData\Roaming\Babylon
2013-09-16 19:44 - 2012-07-23 15:30 - 00000000 ____D C:\ProgramData\Babylon
2013-09-16 17:41 - 2013-09-16 17:41 - 00000000 ____D C:\Users\Cristinel\AppData\Local\Macromedia
2013-09-16 17:37 - 2013-09-16 17:37 - 00000632 __RSH C:\Users\Cristinel\ntuser.pol
2013-09-15 21:11 - 2013-08-12 19:27 - 00000000 ____D C:\Users\Obisnuit\.VirtualBox
2013-09-15 13:40 - 2011-11-08 23:57 - 00006950 _____ C:\Users\Obisnuit\AppData\Roaming\mainhst.zgh
2013-09-15 11:51 - 2012-09-19 16:57 - 00000000 ____D C:\Users\Obisnuit\Documents\Chief Architect Premier X4 Data
2013-09-15 11:51 - 2012-09-19 16:57 - 00000000 ____D C:\Users\Obisnuit\AppData\Roaming\Chief Architect Premier X4
2013-09-14 23:51 - 2013-09-10 21:55 - 00000000 ____D C:\Users\Cristinel\Documents\iplfilesv5
2013-09-13 22:52 - 2011-10-28 00:57 - 00000000 ____D C:\Users\Obisnuit\AppData\Roaming\vlc
2013-09-10 22:14 - 2013-09-09 21:10 - 00000000 ____D C:\Users\Obisnuit\Documents\iplfilesv5
2013-09-10 21:27 - 2009-07-14 08:08 - 00032626 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-09 21:09 - 2013-09-09 21:09 - 00000821 _____ C:\Users\UpdatusUser\Desktop\iploungev5.lnk
2013-09-09 21:09 - 2013-09-09 21:09 - 00000821 _____ C:\Users\Obisnuit\Desktop\iploungev5.lnk
2013-09-09 21:09 - 2013-09-09 21:09 - 00000821 _____ C:\Users\Cristinel\Desktop\iploungev5.lnk
2013-09-09 19:22 - 2013-09-09 19:22 - 00000000 ____D C:\Users\Obisnuit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-09 19:21 - 2013-09-09 19:21 - 00000727 _____ C:\Users\Public\Desktop\NfS Porsche 2000.lnk
2013-09-09 12:56 - 2013-09-09 12:56 - 00001922 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-08-30 10:48 - 2013-09-09 12:59 - 00270824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys
2013-08-30 10:48 - 2013-09-09 12:59 - 00131232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFW.sys
2013-08-30 10:48 - 2013-09-09 12:59 - 00022600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2013-08-30 10:48 - 2013-03-17 19:56 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-30 10:48 - 2013-03-17 19:56 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-30 10:48 - 2012-02-26 18:09 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-08-30 10:48 - 2011-10-28 00:13 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-30 10:48 - 2011-10-28 00:13 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-30 10:48 - 2011-10-28 00:13 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-30 10:48 - 2011-10-28 00:13 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-30 10:48 - 2011-10-28 00:13 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-30 10:47 - 2011-10-28 00:13 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-08-30 10:47 - 2011-10-28 00:13 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-23 21:17 - 2012-07-03 20:15 - 00000992 _____ C:\Users\Obisnuit\Desktop\Sony Map Europe.lnk

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 14:00

==================== End Of Log ============================




Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2013 03
Ran by Cristinel at 2013-09-18 18:48:52
Running from C:\Users\Obisnuit\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

µTorrent (x32 Version: 3.0.0)
Adobe AIR (x32 Version: 3.7.0.1530)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.169)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.169)
Adobe Reader XI (11.0.02) (x32 Version: 11.0.02)
Apple Application Support (x32 Version: 2.1.5)
Apple Software Update (x32 Version: 2.1.3.127)
Artlantis Studio 4.1.7 (Version: 4.1.7)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.35)
avast! Internet Security (x32 Version: 8.0.1497.0)
Babylon (x32)
Chess Mentor 3.0 (x32 Version: 3.0)
Chessmaster Grandmaster Edition (x32 Version: 1.00.0000)
Chief Architect Premier X3 (x32 Version: 13.2.0.0)
Chief Architect Premier X4 (64 bit) (Version: 14.3.2.0)
COMODO Internet Security (Version: 5.8.16726.2131)
DAEMON Tools Lite (x32 Version: 4.45.1.0236)
Diskeeper 2011 (Version: 15.0.951.64)
doPDF 7.3 printer
Electronic Arts Game Updater (x32)
formZ RenderZone Plus v6.5.4 (x32)
Foxit Reader (x32 Version: 5.4.3.920)
Free Download Manager 3.9.2 (x32)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google SketchUp Pro 8 (x32 Version: 3.0.4811)
Google Update Helper (x32 Version: 1.3.21.153)
iplounge V5.41 (x32)
Java Auto Updater (x32 Version: 2.0.6.1)
Java™ 6 Update 30 (x32 Version: 6.0.300)
Magic ISO Maker v5.5 (build 0281) (x32)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 1.1 (x32)
Microsoft Games for Windows - LIVE (x32 Version: 3.1.186.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.1.99.0)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Silverlight (Version: 5.0.61118.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Mozilla Firefox 15.0.1 (x86 en-US) (x32 Version: 15.0.1)
Mozilla Maintenance Service (x32 Version: 17.0.1)
Neat Image v7.2.0 Demo Standalone
Need For Speed - Porsche 2000 (x32)
NVIDIA Control Panel 306.97 (Version: 306.97)
NVIDIA Graphics Driver 306.97 (Version: 306.97)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA PhysX (x32 Version: 9.12.0604)
NVIDIA PhysX System Software 9.12.0604 (Version: 9.12.0604)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
OpenAL (x32)
Opera 12.16 (x32 Version: 12.16.1860)
Oracle VM VirtualBox 4.2.16 (Version: 4.2.16)
Platform (x32 Version: 1.36)
QuickTime (x32 Version: 7.71.80.42)
Rapture3D 2.3.22 Game (x32)
SketchyPhysics3.1 (x32)
Sokoban 3.1.2 (x32 Version: 3.1.2)
SU Podium V2 2.11.130 (x32)
Thea Render (Version: 1.2)
Twilight 1.4.5 (x32)
VIA Platform Device Manager (x32 Version: 1.36)
Virtual Pool 3 DL (x32 Version: 3.3.1.1)
VLC media player 2.0.3 (x32 Version: 2.0.3)
XFastUsb (x32)
Yahoo! Messenger (x32)
Your Uninstaller! 7 (x32 Version: 7.4.2011.10)
ZipGenius 6 (x32 Version: 6.3)

==================== Restore Points =========================

18-09-2013 10:30:57 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-14 05:34 - 2009-06-11 00:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {27ED97A8-E032-4766-9364-F67395A790FC} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {317418D1-BDBD-4909-B06A-595EE7084E09} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {720B16BF-89C2-4565-A48F-6A9C80FFD515} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-01] (Google Inc.)
Task: {7F74605F-7838-4852-A178-39712A9206B6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-03] (Adobe Systems Incorporated)
Task: {9513265B-5B0A-4E8D-B697-5C29A9D8E5CD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A23DD33B-F4AD-4A5E-B265-A2D57C813AA7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {C83EE922-5933-4B2D-AEAA-34CAC58A19C9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-01] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-07-14 03:22 - 2009-07-14 04:38 - 00081408 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2011-11-08 23:53 - 2011-03-15 17:38 - 01590534 _____ (Wininizio.it Software) C:\Program Files (x86)\ZipGenius 6\contmenu.dll
2011-12-18 15:41 - 2008-05-23 00:25 - 00043520 _____ (MagicISO, Inc.) C:\Program Files (x86)\MagicISO\misosh64.dll
2011-10-28 00:06 - 2012-10-03 01:21 - 14922600 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2011-10-28 20:25 - 2011-02-22 09:03 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2011-10-28 20:25 - 2011-02-22 09:03 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2011-10-28 20:25 - 2011-02-22 09:03 - 00621168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2011-10-28 20:25 - 2011-02-22 09:03 - 01672816 ____R (TODO: <Company name>) C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin3.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51


==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/18/2013 00:10:39 PM) (Source: Application Hang) (User: )
Description: The program opera.exe version 12.16.1860.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e18

Start Time: 01ceb4449e201bdc

Termination Time: 10

Application Path: C:\Users\Obisnuit\AppData\Local\Programs\Opera\opera.exe

Report Id: 2a355f88-2042-11e3-b8b1-002522c1aef7

Error: (09/17/2013 00:32:53 AM) (Source: Application Hang) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 674

Start Time: 01ceb31b5c045e1b

Termination Time: 16

Application Path: C:\Users\Obisnuit\Desktop\OTL.exe

Report Id: 88c62041-1f17-11e3-8d75-002522c1aef7

Error: (09/16/2013 11:28:35 PM) (Source: Application Hang) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 7d4

Start Time: 01ceb31986d437b5

Termination Time: 0

Application Path: C:\Users\Obisnuit\Desktop\OTL.exe

Report Id: 8d3c9c6a-1f0e-11e3-8d75-002522c1aef7

Error: (09/16/2013 07:19:32 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16385, time stamp: 0x4a5bc9bb
Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdfe0
Exception code: 0xe06d7363
Fault offset: 0x000000000000aa7d
Faulting process id: 0xa9c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (09/15/2013 11:22:32 AM) (Source: Application Error) (User: )
Description: Faulting application name: Porsche.exe, version: 0.0.0.0, time stamp: 0x393c2e8f
Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdbdf
Exception code: 0xe06d7363
Fault offset: 0x0000b727
Faulting process id: 0xed0
Faulting application start time: 0xPorsche.exe0
Faulting application path: Porsche.exe1
Faulting module path: Porsche.exe2
Report Id: Porsche.exe3

Error: (09/15/2013 11:22:29 AM) (Source: Application Error) (User: )
Description: Faulting application name: Porsche.exe, version: 0.0.0.0, time stamp: 0x393c2e8f
Faulting module name: dx7z.DLL, version: 8192.3.1.6482, time stamp: 0x38bde56c
Exception code: 0xc0000005
Fault offset: 0x0001473e
Faulting process id: 0xed0
Faulting application start time: 0xPorsche.exe0
Faulting application path: Porsche.exe1
Faulting module path: Porsche.exe2
Report Id: Porsche.exe3

Error: (09/11/2013 10:28:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: Porsche.exe, version: 0.0.0.0, time stamp: 0x393c2e8f
Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdbdf
Exception code: 0xe06d7363
Fault offset: 0x0000b727
Faulting process id: 0x1bd8
Faulting application start time: 0xPorsche.exe0
Faulting application path: Porsche.exe1
Faulting module path: Porsche.exe2
Report Id: Porsche.exe3

Error: (09/11/2013 10:28:49 PM) (Source: Application Error) (User: )
Description: Faulting application name: Porsche.exe, version: 0.0.0.0, time stamp: 0x393c2e8f
Faulting module name: dx7z.DLL, version: 8192.3.1.6482, time stamp: 0x38bde56c
Exception code: 0xc0000005
Fault offset: 0x0001473e
Faulting process id: 0x1bd8
Faulting application start time: 0xPorsche.exe0
Faulting application path: Porsche.exe1
Faulting module path: Porsche.exe2
Report Id: Porsche.exe3

Error: (09/10/2013 11:35:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time stamp: 0x4a5bced5
Faulting module name: VIASysFx.dll, version: 1.0.0.0, time stamp: 0x4d5cecdf
Exception code: 0xc0000005
Fault offset: 0x0000000000059c7d
Faulting process id: 0x444
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3

Error: (08/05/2013 05:22:18 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT). hr = 0x8007045b, A system shutdown is in progress.
.


System errors:
=============
Error: (09/16/2013 10:28:22 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (09/16/2013 10:07:34 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/16/2013 10:00:23 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (09/16/2013 10:00:12 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/16/2013 09:58:05 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
aswFW
aswRdr
aswRvrt
aswSnx
aswSP
aswTdi
aswVmm
cmdGuard
cmdHlp
CSC
DfsC
discache
inspect
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
sptd
tdx
VBoxDrv
VBoxUSBMon
Wanarpv6
WfpLwf

Error: (09/16/2013 09:58:05 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:
%%1068

Error: (09/16/2013 09:58:05 PM) (Source: Service Control Manager) (User: )
Description: The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:
%%1068

Error: (09/16/2013 09:58:05 PM) (Source: Service Control Manager) (User: )
Description: The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:
%%1068

Error: (09/16/2013 09:58:05 PM) (Source: Service Control Manager) (User: )
Description: The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:
%%31

Error: (09/16/2013 09:58:05 PM) (Source: Service Control Manager) (User: )
Description: The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (09/18/2013 00:10:39 PM) (Source: Application Hang)(User: )
Description: opera.exe12.16.1860.0e1801ceb4449e201bdc10C:\Users\Obisnuit\AppData\Local\Programs\Opera\opera.exe2a355f88-2042-11e3-b8b1-002522c1aef7

Error: (09/17/2013 00:32:53 AM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.69.067401ceb31b5c045e1b16C:\Users\Obisnuit\Desktop\OTL.exe88c62041-1f17-11e3-8d75-002522c1aef7

Error: (09/16/2013 11:28:35 PM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.69.07d401ceb31986d437b50C:\Users\Obisnuit\Desktop\OTL.exe8d3c9c6a-1f0e-11e3-8d75-002522c1aef7

Error: (09/16/2013 07:19:32 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7600.163854a5bc9bbKERNELBASE.dll6.1.7600.163854a5bdfe0e06d7363000000000000aa7da9c01ceb2f87fb43b4fC:\Windows\Explorer.EXEC:\Windows\system32\KERNELBASE.dllc444348c-1eeb-11e3-b42e-002522c1aef7

Error: (09/15/2013 11:22:32 AM) (Source: Application Error)(User: )
Description: Porsche.exe0.0.0.0393c2e8fKERNELBASE.dll6.1.7600.163854a5bdbdfe06d73630000b727ed001ceb1e4eb948904D:\Cristi\NfS Porsche 2000\Porsche.exeC:\Windows\syswow64\KERNELBASE.dllf7235f4c-1ddf-11e3-bb34-002522c1aef7

Error: (09/15/2013 11:22:29 AM) (Source: Application Error)(User: )
Description: Porsche.exe0.0.0.0393c2e8fdx7z.DLL8192.3.1.648238bde56cc00000050001473eed001ceb1e4eb948904D:\Cristi\NfS Porsche 2000\Porsche.exeD:\Cristi\NfS Porsche 2000\drivers\dx7z.DLLf590ab76-1ddf-11e3-bb34-002522c1aef7

Error: (09/11/2013 10:28:54 PM) (Source: Application Error)(User: )
Description: Porsche.exe0.0.0.0393c2e8fKERNELBASE.dll6.1.7600.163854a5bdbdfe06d73630000b7271bd801ceaf230370ef3dD:\Cristi\NfS Porsche 2000\Porsche.exeC:\Windows\syswow64\KERNELBASE.dll64add896-1b18-11e3-b1cf-002522c1aef7

Error: (09/11/2013 10:28:49 PM) (Source: Application Error)(User: )
Description: Porsche.exe0.0.0.0393c2e8fdx7z.DLL8192.3.1.648238bde56cc00000050001473e1bd801ceaf230370ef3dD:\Cristi\NfS Porsche 2000\Porsche.exeD:\Cristi\NfS Porsche 2000\drivers\dx7z.DLL61fb3199-1b18-11e3-b1cf-002522c1aef7

Error: (09/10/2013 11:35:57 PM) (Source: Application Error)(User: )
Description: AUDIODG.EXE6.1.7600.163854a5bced5VIASysFx.dll1.0.0.04d5cecdfc00000050000000000059c7d44401ceae53669fb4fbC:\Windows\system32\AUDIODG.EXEC:\Windows\system32\VIASysFx.dll980f5dd6-1a58-11e3-b48d-002522c1aef7

Error: (08/05/2013 05:22:18 PM) (Source: VSS)(User: )
Description: OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT)0x8007045b, A system shutdown is in progress.


==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 4078.69 MB
Available physical RAM: 2772.74 MB
Total Pagefile: 8155.53 MB
Available Pagefile: 6714.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:150 GB) (Free:99.5 GB) NTFS
Drive d: (Diverse) (Fixed) (Total:82.73 GB) (Free:2.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: F00476FF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=83 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[Jasmyne]

FRST64 running from desktop, here are the fresh log and addition.
I'm surprised: there are so many errors indicated! I wouldn't have guessed so many thing go wrong underneath, can they be solved?

Thank you for the new logs, the errors listed are for any and all problems that Windows logs with itself, drivers, other applications, everything therefore anytime an application hangs, or you have malware causing issues there is a log of that error. After we get the system clean of malware/adware issues if there are still any remaining issues or major errors we will deal with them.

A few other things before moving on:

!! Two Antivirus Programs Warning !! I have noticed in your logs that you currently have two antivirus programs running (Comodo Internet Security and Avast!). Having two antivirus programs not only hogs system resources, but many times they conflict with each other and the detection rates are worse, not better. Both are good antivirus programs, so keep which ever one you would like and please uninstall the other one.

P2P Warning!

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

uTorrent

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur. Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

Cyber Education Letter
File sharing infects 500,000 computers
USAToday

I would recommend that you uninstall the above, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you decide to keep the program in spite of the risks involved, do not use it until I have finished cleaning your computer and have given you the all clear.
[/list]
----------------------------
Now that's out of the way, lets get started


Now a few more scans I need to look at from what is indicated from your FRST log.

Step 1 - Run MGADiag

Before we continue, I would like to see a MGADiag log please as it will help us with the problem diagnosis.

• Download MGADiag (by Microsoft) from the link found below:
  
  http://go.microsoft....k/?linkid=52012
  
• Run the tool by double-clicking on the file. Press Continue when prompted
• When it has finished, press Copy then Paste (Ctrl+V) this into your next post please

Step 2 - Run CKScanner

Download CKScannerfrom here

Important : Save it to your desktop.

• Doubleclick CKScanner.exe and click Search For Files.
• After a very short time, when the cursor hourglass disappears, click Save List To File.
• A message box will verify that the file is saved.
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 3 - AdwCleaner Log

Please download AdwCleaner by Xplode from here

• Close all open windows and browsers
• Run the tool by double-clicking it. If you are using Windows Vista, 7 or 8, right click on the Adwcleaner icon and choose Run as Administrator to execute the program
• Click the Scan button and wait for the scan to finish.
  
  
  
• Now Click the Report button and copy/paste the log in your next reply. This report is also saved to C:\AdwCleaner[**].txt
  
  

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. MGADiag Log
2. CKScanner Log
3. AdwCleaner Log

[Mercu]

Thank you for the explanations and the help! They are in line with my intentions but I stopped cleaning up various programs i tested in order not to modify the system while you are helping me.
About the double antivirus: I don't have 2 antiviruses, just 2 firewalls I have Comodo Firewall (without the antivirus) and a 30 days test of Avast Internet Security (which I need for the antivirus but which also has its own firewall for the remaining 10 days, than it will revert to only the antivirus). You think I should uninstall Avast Internet Security now and reinstall just the Avast antivirus (as i had before)?
The p2p I use very rarely, when searching for some book (it's a lot more difficult being a student in my country since the income is far smaller than in the US and it's hard to find part-time jobs these last years since the crisis, while the price of everything is often more expensive because of taxes). But i am aware of the security risks, that's why i almost abandoned using those tools.
Now the logs:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-X92GV-V7DCV-P4K27
Windows Product Key Hash: aU2z1/fnhnLHmhBm699qYZT2E6s=
Windows Product ID: 00426-OEM-8992662-00400
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7600.2.00010100.0.0.001
ID: {07E1445A-45A7-4AC5-AE80-C9138AC86145}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7600.win7_rtm.090713-1255
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{07E1445A-45A7-4AC5-AE80-C9138AC86145}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-P4K27</PKey><PID>00426-OEM-8992662-00400</PID><PIDType>2</PIDType><SID>S-1-5-21-2055069993-1269243817-2121617519</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P1.10</Version><SMBIOSVersion major="2" minor="7"/><Date>20110303000000.000000+000</Date></BIOS><HWID>BBB93607018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GTB Standard Time(GMT+02:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>QA09 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7600.16385

Name: Windows® 7, Ultimate edition
Description: Windows Operating System - Windows® 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600400-02-1033-7600.0000-3012011
Installation ID: 012854144342419964305862990615344771568121981924706524
Processor Certificate URL: http://go.microsoft....k/?LinkID=88338
Machine Certificate URL: http://go.microsoft....k/?LinkID=88339
Use License URL: http://go.microsoft....k/?LinkID=88341
Product Key Certificate URL: http://go.microsoft....k/?LinkID=88340
Partial Product Key: P4K27
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 9/19/2013 9:38:35 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NAAAAAIABAABAAEAAQABAAAAAQABAAEA6GEmURYOdxbaATihYjRK3eogrHIHRdSzDtYucw==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ALASKA A M I
FACP ALASKA A M I
HPET ALASKA A M I
MCFG ALASKA A M I
SSDT AMICPU PROC
AAFT ALASKA OEMAAFT
SLIC DELL QA09



CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files\chief architect\chief architect premier x4 (64 bit)\referenced files\corecatalogfiles\cracked-mud.thm
c:\users\obisnuit\documents\chief architect premier x3 data\textures\chiefarchitectbasiccontent\cracked-mud.thm
c:\windows\kmsemulator.exe
scanner sequence 3.AB.11.KENARZ
----- EOF -----



# AdwCleaner v3.004 - Report created 19/09/2013 at 09:48:16
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Ultimate (64 bits)
# Username : Cristinel - JUGUPC
# Running from : C:\Users\Obisnuit\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Public\Desktop\Babylon.lnk
Folder Found C:\Program Files (x86)\Babylon
Folder Found C:\ProgramData\Babylon
Folder Found C:\Users\Cristinel\AppData\Local\Babylon
Folder Found C:\Users\Cristinel\AppData\Roaming\Babylon
Folder Found C:\Users\Obisnuit\AppData\Local\Babylon
Folder Found C:\Users\Obisnuit\AppData\Roaming\Babylon

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Babylon
Key Found : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin
Key Found : [x64] HKCU\Software\Babylon
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Found : HKLM\SOFTWARE\Classes\BabyDict
Key Found : HKLM\SOFTWARE\Classes\BabyGloss
Key Found : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Key Found : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Key Found : HKLM\SOFTWARE\Classes\BabyOptFile
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Mozilla Firefox v15.0.1 (en-US)

[ File : C:\Users\Cristinel\AppData\Roaming\Mozilla\Firefox\Profiles\ffisyljg.default\prefs.js ]


[ File : C:\Users\Obisnuit\AppData\Roaming\Mozilla\Firefox\Profiles\ihqubc0p.default\prefs.js ]

Line Found : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title

+ .WRCN {display:inline !important; background: url(\"I[...]
Line Found : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Found : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important;

background: url(\"IMAGE\") right no-repeat}");

*************************

AdwCleaner[R0].txt - [3100 octets] - [19/09/2013 09:48:16]

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [3160 octets] ##########

[Jasmyne]

Thank you for the explanations and the help! They are in line with my intentions but I stopped cleaning up various programs i tested in order not to modify the system while you are helping me.

You're very welcome, it is much appreciated that you are not modifying anything while we are working, it makes things much easier for both of us.

About the double antivirus: I don't have 2 antiviruses, just 2 firewalls I have Comodo Firewall (without the antivirus) and a 30 days test of Avast Internet Security (which I need for the antivirus but which also has its own firewall for the remaining 10 days, than it will revert to only the antivirus). You think I should uninstall Avast Internet Security now and reinstall just the Avast antivirus (as i had before)?

Two firewalls is also something that is not recommended, as they can conflict with each other and allow things past that shouldn't be. I would just use the Avast Antivirus.

The p2p I use very rarely, when searching for some book (it's a lot more difficult being a student in my country since the income is far smaller than in the US and it's hard to find part-time jobs these last years since the crisis, while the price of everything is often more expensive because of taxes). But i am aware of the security risks, that's why i almost abandoned using those tools.

The P2P warning is one we give when we see any signs of it on a computer, as some actually aren't aware of the risks. I also understand the struggles of being a student, as I am one myself, even in the US it is difficult to find books at time that are not expensive. I've been lucky this semester as one of my professors is using free online resources. I wish many more would take advantage of it.

I'm in the process of analyzing the previous logs, while I'm doing so I have one more scan for you.

Scan with WVCheck:

Please download WVCheck and save it to the desktop.

• Double click on WVCheck.exe and follow the prompts.
• The scan may take some time depending on the Hard-Drive size.
• Please post the contents of the notepad file WVCheck_nnnn_dd-mm-yyyy that can be located on the desktop.

[Mercu]

Ok, here is the scan, hope it helps.
I hoped for a scan and a "remove virus" option in some program I haven't heard about, but this seems to be a really mean malware Do you have an idea when I will be able to use this computer again completely?

Windows Validation Check
Version: 1.9.12.5
Log Created On: 2010_20-09-2013
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Do not download or install updates automatically.
-----------------------
Last success time for Automatic Updates for 'Detect', 'Download' and 'Install' could not be found.


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Windows\System32\slwga.dll
Size: 13824 bytes
Creation; 14/7/2009 2:36:22
Modification; 14/7/2009 4:16:15
MD5; 01fe4bdd0b47a7d8bf34d78d2bc23ddb
Matched: slwga.dll
-----------------------
C:\Windows\SysWOW64\slwga.dll
Size: 13824 bytes
Creation; 14/7/2009 2:36:22
Modification; 14/7/2009 4:16:15
MD5; 01fe4bdd0b47a7d8bf34d78d2bc23ddb
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_5b467ba9bd0679bb\slwga.dll
Size: 14848 bytes
Creation; 14/7/2009 2:52:11
Modification; 14/7/2009 4:41:54
MD5; cc03cf9f24946dcbd70acb3e1b2f05bf
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_ff27e02604a90885\slwga.dll
Size: 13824 bytes
Creation; 14/7/2009 2:36:22
Modification; 14/7/2009 4:16:15
MD5; 01fe4bdd0b47a7d8bf34d78d2bc23ddb
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - e8b0ffc209e504cb7e79fc24e6c085f0


-------- End of File, program close at 2011_20-09-2013 --------

[Jasmyne]

I appreciate your patience, many times new logs are asked for from other programs based off of what was seen or not seen on previous scans. Each log takes time to analyze and then each new step is posted to my instructor to get approval prior to posting to you since I'm still in training. Most of the removal here isn't an "remove virus" option as much of it is custom scripted for each machine. Many of the programs we do use that do automatic removal are case by case and if used on the wrong system unnecessarily can cause issues. Hopefully we will be finished soon.

Step 1

• Please download and save the following fixlist.txt to the same location as FRST  fixlist.txt   36bytes   152 downloads
  
  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system On Vista or Windows 7
  
  
• Run FRST and press the Fix button just once and wait. It will create a log (Fixlog.txt) please post it in your next reply.

Please reboot your computer after running FRST.


Step 2

Please re-run MGADiag by double-clicking on the file.

• Press Continue when prompted
• When it has finished, press Copy then Paste (Ctrl+V) this into your next post please

[Mercu]

I really appreciate your effort and time spent on this bad thing. It's just a really bad timing for me, since thinks are getting agitated, schools is about to start and I wanted to use this computer to give me some head start . I hope the recovery will be possible soon, I'd hate to start looking again for another computer. Please tell me this malware is not affecting also the docs, pdf etc., I need to be able to use them on another computer in case this problem is not solved soon (or will the malware will spread with them?).
Thank you again


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-09-2013 03
Ran by Obisnuit at 2013-09-21 19:59:54 Run:2
Running from C:\Users\Obisnuit\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Files:
c:\windows\kmsemulator.exe

*****************

Could not move "c:\windows\kmsemulator.exe" => Scheduled to move on reboot.

=========== Result of Scheduled Files to move ===========

"c:\windows\kmsemulator.exe" => File could not move.

==== End of Fixlog ====



Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-xxxxx-xxxxx-xxxxx
Windows Product Key Hash: aU2z1/fnhnLHmhBm699qYZT2E6s=
Windows Product ID: 00426-OEM-8992662-00400
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7600.2.00010100.0.0.001
ID: {07E1445A-45A7-4AC5-AE80-C9138AC86145}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7600.win7_rtm.090713-1255
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{07E1445A-45A7-4AC5-AE80-C9138AC86145}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-P4K27</PKey><PID>00426-OEM-8992662-00400</PID><PIDType>2</PIDType><SID>S-1-5-21-2055069993-1269243817-2121617519</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P1.10</Version><SMBIOSVersion major="2" minor="7"/><Date>20110303000000.000000+000</Date></BIOS><HWID>BBB93607018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GTB Standard Time(GMT+02:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>QA09 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7600.16385

Name: Windows® 7, Ultimate edition
Description: Windows Operating System - Windows® 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600400-02-1033-7600.0000-3012011
Installation ID: 012854144342419964305862990615344771568121981924706524
Processor Certificate URL: http://go.microsoft....k/?LinkID=88338
Machine Certificate URL: http://go.microsoft....k/?LinkID=88339
Use License URL: http://go.microsoft....k/?LinkID=88341
Product Key Certificate URL: http://go.microsoft....k/?LinkID=88340
Partial Product Key: P4K27
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 9/21/2013 8:05:20 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NAAAAAIABAABAAEAAQABAAAAAQABAAEA6GEmURYOdxbaATihYjRK3eogrHIHRdSzDtYucw==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ALASKA A M I
FACP ALASKA A M I
HPET ALASKA A M I
MCFG ALASKA A M I
SSDT AMICPU PROC
AAFT ALASKA OEMAAFT
SLIC DELL QA09

[Jasmyne]

I really appreciate your effort and time spent on this bad thing. It's just a really bad timing for me, since thinks are getting agitated, schools is about to start and I wanted to use this computer to give me some head start . I hope the recovery will be possible soon, I'd hate to start looking again for another computer. Please tell me this malware is not affecting also the docs, pdf etc., I need to be able to use them on another computer in case this problem is not solved soon (or will the malware will spread with them?).
Thank you again

The docs or pdf's shouldn't be infected but you need to make sure you use protection for your USB's if you choose to transfer them to another computer just in case. I honestly keep it on all my USB's that I use on multipe computer just to make sure I don't pick anything up from another machine. Here's the instructions for the program I use.

Please download Panda USB Vaccine from here to the desktop of your machine.

• Right-click on USBVaccineSetup.exe and and select Run as Administrator
• Follow the prompts in the installation wizard.
  
• Choose your language.
• At the Welcome Screen Click Next
• At the License Agreement Screen Click I accept the agreement and the Next
• At the Select Destination Location Either allow the default location or select where you would like it installed.
• At the Configuration settings Screen
  
• Check that Run Panda USB Vaccine automatically when computer boots (/resident mode) is selected.
• Check that Automatically vaccinate any new inserted USB Key is selected.
• Check that Enable NTFS file system support is selected.
• Then click Next

[*] It will then complete the installation and open the Completing the Panda USB Vaccine Setup Wizard Screen.

• Check that Launch Panda USB Vaccine is selected and click Finish

[*]Insert the USB Drive in your machine...it will be automatically vaccinated (as will any usb drives connected in the future).[/list]Note: You may uninstall Panda USB Vaccine when we have completed the Malware Removal process if you so wish. I would recommend keeping it for future use as it will prevent malware from spreading through removable media to or from your computers.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Now that file is choosing to be stubborn so I have another tool for it.

1. Please download The Avenger by Swandog46 to your Desktop.

• Right click on the Avenger.zip folder and select "Extract All..."
• Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to Delete:
c:\windows\kmsemulator.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

• Right click on the window under Input script here:, and select Paste.
• You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
• Click on Execute
• Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
• On reboot, it will briefly open a black command window on your desktop, this is normal.
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply.

[Mercu]

Thank you for the advice, I will start using that USB protection.
I ran the program, and two things happened:

1) Avast announced: "Avast File System Shield has blocked a threat.
Object: C:\cleanup.bat
BV:Malware-gen
Action: moved to chest

2) The Avenger said:

"Error: Could not open RunOnce key to register cleanup.Aborting execution! (error 0: the operation completed successfully.)"

And when I closed it, it warned me that no action has been set for the next reboot.


Is this normal, that malware warning?

Edited by Mercu, 22 September 2013 - 04:49 AM.

[Jasmyne]

Disable your Avast, and then re-run Avenger. Then after your computer reboots make sure you enable your Avast again.

[Mercu]

Well, I disabled both the antivirus and the firewall, but again the same message "Error: Could not open RunOnce key to register cleanup.Aborting execution! (error 0: the operation completed successfully.)".
It's a successful cleaning operation, and that's a good thing, right?