jambampot

Results of screen317's Security Check version 0.99.77 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner JavaFX 2.1.1 Java 6 Update 30 Java 7 Update 5 Java version out of Date! Adobe Flash Player 11.9.900.117 Mozilla Firefox (25.0.1) Mozilla Thunderbird (24.1.1) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````

I only asked because nothing really popped out as important to me but then again I don't understand what I'm doing. I just clicked clear and here are the logs for everything I've done so far. AdwCleanerR3.txt AdwCleanerS1.txt mbam-log-2013-11-28 (17-31-28).txt

Here's the report I don't know if I should uncheck anything. AdwCleanerR1.txt

Here you guy. Anything else left to do? ComboFix.txt

What action should I do now? RKreport0_S_11242013_153620.txt

Here are all the related logs. What's the next step now? Fixlog.txt mbar-log-2013-11-23 (14-08-42).txt system-log.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-11-2013 01 Ran by Gilly (administrator) on GILLY-PC on 22-11-2013 17:00:11 Running from C:\Users\Gilly\Downloads Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AMD) C:\Windows\system32\atiesrxx.exe (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (AMD) C:\Windows\system32\atieclxx.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Ralink Technology, Corp.) C:\Program Files\Edimax\Common\RaRegistry.exe (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Tablet Driver) C:\Windows\System32\Drivers\WTSRV.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Tablet Driver) C:\Windows\System32\WTClient.exe (Realtek Semiconductor) C:\Program Files\REALTEK\Audio\HDA\RtHDVCpl.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Valve Corporation) C:\Program Files\Steam\Steam.exe (Ralink Technology, Corp.) C:\Program Files\Edimax\Common\RaUI.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe (Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ATICustomerCare] - C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-05-04] (Advanced Micro Devices, Inc.) HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [WTClient] - C:\Windows\System32\WTClient.exe [32768 2009-03-17] (Tablet Driver) HKLM\...\Run: [switchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [RTHDVCPL] - C:\Program Files\REALTEK\Audio\HDA\RtHDVCpl.exe [10967656 2012-03-27] (Realtek Semiconductor) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.) HKLM\...\Run: [MouseDriver] - C:\Windows\System32\TiltWheelMouse.exe [241152 2010-11-01] (Pixart Imaging Inc) HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.) HKLM\...\Run: [startCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-10-08] (Advanced Micro Devices, Inc.) Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X] HKCU\...\Run: [AdobeBridge] - [x] HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation) HKCU\...\Run: [steam] - C:\Program Files\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation) HKCU\...\Run: [Google Update] - C:\Users\Gilly\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-09] (Google Inc.) HKCU\...\Run: [fTBBRbkiJW2+60M6c1i4Ro+0] - C:\Users\Gilly\AppData\Roaming\.minecraft\saves\I just do things\mblctr.exe [466976 2010-11-20] () HKCU\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess? Startup: C:\Users\Gilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Delta AutoLoad.lnk ShortcutTarget: Delta AutoLoad.lnk -> C:\Program Files\Delta\delta.exe (No File) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKCU - {1299D771-7157-4BB1-BE40-BADB838080D7} URL = http://websearch.ask.com/redirect?client=ie&tb=ASV5&o=101715&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AK&apn_dtid=^YYYYYY^YY^GB&apn_uid=3AD0E45C-B0CB-4139-8EC7-F8B2CD63999D&apn_sauid=F820BC20-80A9-4E87-A4FE-62E8D75075C2 SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60475 SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search/web?q={searchTerms} BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll No File BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll No File BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll No File Toolbar: HKCU - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File Toolbar: HKCU - No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ] Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100 FireFox: ======== FF ProfilePath: C:\Users\Gilly\AppData\Roaming\Mozilla\Firefox\Profiles\1x0qnecx.default FF Homepage: www.google.com FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20(shExpMatch(host%2C%20'(*.turntable.fm%7Cturntable.fm)')%20%26%26%20url.indexOf('.css')%20%3D%3D%20-1%20%26%26%20url.indexOf('.js')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1)%20%7B%20return%20'PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us22.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us21.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us20.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=10.5.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin HKCU: @onlive.com/OnLiveGameClientDetector,version=1.0.0 - C:\Program Files\OnLive\Plugin\npolgdet.dll No File FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Gilly\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Gilly\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Gilly\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Gilly\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Gilly\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Gilly\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Gilly\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Users\Gilly\AppData\Roaming\Mozilla\Firefox\Profiles\1x0qnecx.default\searchplugins\askcom.xml FF Extension: LastPass - C:\Users\Gilly\AppData\Roaming\Mozilla\Firefox\Profiles\1x0qnecx.default\Extensions\support@lastpass.com FF Extension: WOT - C:\Users\Gilly\AppData\Roaming\Mozilla\Firefox\Profiles\1x0qnecx.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF Extension: DownloadHelper - C:\Users\Gilly\AppData\Roaming\Mozilla\Firefox\Profiles\1x0qnecx.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: Bitdefender QuickScan - C:\Users\Gilly\AppData\Roaming\Mozilla\Firefox\Profiles\1x0qnecx.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} FF Extension: adblockpopups - C:\Users\Gilly\AppData\Roaming\Mozilla\Firefox\Profiles\1x0qnecx.default\Extensions\adblockpopups@jessehakanen.net.xpi FF Extension: browserprotect - C:\Users\Gilly\AppData\Roaming\Mozilla\Firefox\Profiles\1x0qnecx.default\Extensions\browserprotect@browserprotect.com.xpi FF Extension: firefox - C:\Users\Gilly\AppData\Roaming\Mozilla\Firefox\Profiles\1x0qnecx.default\Extensions\firefox@ghostery.com.xpi FF Extension: jid1-QpHD8URtZWJC2A - C:\Users\Gilly\AppData\Roaming\Mozilla\Firefox\Profiles\1x0qnecx.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi FF Extension: smarterwiki - C:\Users\Gilly\AppData\Roaming\Mozilla\Firefox\Profiles\1x0qnecx.default\Extensions\smarterwiki@wikiatic.com.xpi FF Extension: No Name - C:\Users\Gilly\AppData\Roaming\Mozilla\Firefox\Profiles\1x0qnecx.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi FF Extension: Adblock Plus - C:\Users\Gilly\AppData\Roaming\Mozilla\Firefox\Profiles\1x0qnecx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF HKLM\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Users\Gilly\AppData\Local\Google\Chrome\Application\12.0.742.122\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation) CHR Plugin: (Chrome NaCl) - C:\Users\Gilly\AppData\Local\Google\Chrome\Application\12.0.742.122\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Users\Gilly\AppData\Local\Google\Chrome\Application\12.0.742.122\pdf.dll No File CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll No File CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) CHR Plugin: (Default Plug-in) - default_plugin No File CHR HKLM\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Gilly\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx ========================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-10-08] (Advanced Micro Devices, Inc.) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 RalinkRegistryWriter; C:\Program Files\Edimax\Common\RaRegistry.exe [375872 2011-03-31] (Ralink Technology, Corp.) S3 RaMediaServer; C:\Program Files\Edimax\Common\RaMediaServer.exe [621632 2011-03-04] () R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.) R2 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [69632 2009-03-04] (Tablet Driver) S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [x] ==================== Drivers (Whitelisted) ==================== R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48808 2012-11-20] (Advanced Micro Devices) S3 athrusb6; C:\Windows\System32\DRIVERS\athru6.sys [873472 2007-07-05] (Atheros Communications, Inc.) S3 DCamUSBEMPIA; C:\Windows\System32\DRIVERS\emDevice.sys [100957 2005-12-21] (eMPIA Technology, Inc.) S3 emAudio; C:\Windows\System32\drivers\emAudio.sys [22528 2006-12-12] (Pinnacle Systems GmbH) S3 FiltUSBEMPIA; C:\Windows\System32\DRIVERS\emFilter.sys [5245 2005-12-21] (eMPIA Technology, Inc.) S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1239104 2011-07-27] (Ralink Technology Corp.) R3 PTSimBus; C:\Windows\System32\DRIVERS\PTSimBus.sys [18944 2007-06-07] (PenTablet Driver) R3 PTSimHid; C:\Windows\System32\DRIVERS\PTSimHid.sys [10752 2007-04-23] (PenTablet Driver) R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45968 2011-11-03] (Rovi Corporation) S3 ScanUSBEMPIA; C:\Windows\System32\DRIVERS\emScan.sys [4493 2005-12-21] (eMPIA Technology, Inc.) R3 TClass2k; C:\Windows\System32\DRIVERS\TClass2k.sys [18432 2007-04-23] (Tablet Driver) R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [20480 2009-04-16] () R3 UCTblHid; C:\Windows\System32\DRIVERS\UCTblHid.sys [14848 2008-09-08] (Tablet Driver) S3 XG762V32; C:\Windows\System32\DRIVERS\WlanUZG.sys [873472 2008-03-27] (Atheros Communications, Inc.) S3 ZDCNDIS5; C:\Windows\system32\ZDCNDIS5.SYS [20736 2008-03-27] (ZDC., Inc. (ZDC)) U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 athur; system32\DRIVERS\athur.sys [x] S3 clwvd; system32\DRIVERS\clwvd.sys [x] S3 DxVGrb; system32\drivers\DxVGrb.sys [x] S3 massfilter; system32\drivers\massfilter.sys [x] S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [x] S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [x] U2 WZCSVC; S3 ZDPSp50; System32\Drivers\ZDPSp50.sys [x] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x] S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [x] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-22 17:00 - 2013-11-22 17:00 - 00022961 _____ C:\Users\Gilly\Downloads\FRST.txt 2013-11-22 17:00 - 2013-11-22 17:00 - 00000000 ____D C:\FRST 2013-11-22 16:59 - 2013-11-22 16:59 - 01091001 _____ (Farbar) C:\Users\Gilly\Downloads\FRST.exe 2013-11-21 22:28 - 2013-11-21 22:28 - 00002985 _____ C:\Users\Gilly\Desktop\RKreport[0]_S_11212013_222819.txt 2013-11-21 22:25 - 2013-11-21 22:28 - 00000000 ____D C:\Users\Gilly\Desktop\RK_Quarantine 2013-11-21 22:25 - 2013-11-21 22:25 - 03679744 _____ C:\Users\Gilly\Downloads\RogueKiller.exe 2013-11-21 17:03 - 2013-11-21 17:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-11-21 17:02 - 2013-11-21 17:02 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Gilly\Downloads\mbar-1.07.0.1007.exe 2013-11-21 17:02 - 2013-11-21 17:02 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2013-11-21 16:53 - 2013-11-21 16:53 - 09452704 _____ (SurfRight B.V.) C:\Users\Gilly\Downloads\HitmanPro.exe 2013-11-21 16:35 - 2013-11-21 16:35 - 00000000 ____D C:\TDSSKiller_Quarantine 2013-11-21 16:31 - 2013-11-21 16:31 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Gilly\Downloads\tdsskiller.exe 2013-11-21 16:30 - 2013-11-21 16:30 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Gilly\Downloads\iExplore.exe 2013-11-20 22:51 - 2013-11-20 22:51 - 00000000 ____D C:\Users\Gilly\AppData\Local\AMD 2013-11-20 22:51 - 2013-11-20 22:51 - 00000000 ____D C:\ProgramData\ATI 2013-11-20 22:50 - 2013-11-20 22:50 - 00000000 ____D C:\Program Files\AMD AVT 2013-11-20 22:49 - 2013-11-20 22:50 - 00000000 ____D C:\ProgramData\AMD 2013-11-20 22:42 - 2013-11-20 22:42 - 00000000 ____D C:\ProgramData\Package Cache 2013-11-20 22:39 - 2013-11-20 22:39 - 00000000 ____D C:\AMD 2013-11-20 22:16 - 2013-11-20 22:16 - 00791552 _____ (AMD) C:\Users\Gilly\Downloads\amddriverdownloader.exe 2013-11-20 22:07 - 2013-11-20 22:37 - 09589779 _____ C:\Users\Gilly\Desktop\Untitled-1.psd 2013-11-17 22:45 - 2013-11-17 22:45 - 00144520 _____ C:\Windows\Minidump\111713-19141-01.dmp 2013-11-15 18:41 - 2013-11-15 18:42 - 11011100 _____ C:\Users\Gilly\Desktop\bandicam 2013-11-15 18-41-13-861.avi 2013-11-13 23:22 - 2013-10-12 07:04 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-11-13 23:22 - 2013-10-12 07:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-13 23:22 - 2013-10-12 07:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-13 23:22 - 2013-10-12 07:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-13 23:22 - 2013-10-12 07:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-13 23:22 - 2013-10-12 07:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-11-13 23:22 - 2013-10-12 07:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-13 23:22 - 2013-10-12 07:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-11-13 23:22 - 2013-10-12 07:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-11-13 23:22 - 2013-10-12 07:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-11-13 23:22 - 2013-10-12 07:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-11-13 23:22 - 2013-10-12 07:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-11-13 23:22 - 2013-10-12 07:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-11-13 23:22 - 2013-10-12 07:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-11-13 23:22 - 2013-10-12 06:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-11-13 23:22 - 2013-10-12 05:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-11-13 21:34 - 2013-10-12 02:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2013-11-13 21:34 - 2013-10-12 02:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-11-13 21:34 - 2013-10-12 02:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2013-11-13 21:34 - 2013-10-05 19:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-11-13 21:34 - 2013-10-04 01:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2013-11-13 21:34 - 2013-10-04 01:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2013-11-13 21:34 - 2013-10-04 01:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2013-11-13 21:34 - 2013-10-03 01:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-11-13 21:34 - 2013-09-25 02:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2013-11-13 21:34 - 2013-09-25 02:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2013-11-13 21:34 - 2013-09-25 01:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-11-13 21:34 - 2013-09-25 01:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2013-11-13 21:34 - 2013-09-25 01:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2013-11-13 21:34 - 2013-09-25 01:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2013-11-13 21:34 - 2013-09-25 01:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2013-11-13 21:34 - 2013-09-25 00:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2013-11-13 21:34 - 2013-09-25 00:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2013-11-13 21:34 - 2013-07-04 12:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2013-11-13 20:42 - 2013-11-19 01:06 - 00000639 _____ C:\Users\Gilly\Desktop\New Text Document (2).txt 2013-11-09 12:29 - 2013-11-22 16:34 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4972946-2827538782-2613711529-1000UA.job 2013-11-09 12:29 - 2013-11-22 12:34 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4972946-2827538782-2613711529-1000Core.job 2013-11-07 17:34 - 2013-11-07 17:34 - 00000216 _____ C:\Users\Gilly\Desktop\The Stanley Parable Demo.url 2013-11-06 16:40 - 2013-11-17 00:08 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-11-04 14:29 - 2013-11-04 14:46 - 00000000 ____D C:\Users\Gilly\Documents\Blood Omen 2 2013-11-03 18:50 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2013-11-03 18:50 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2013-11-01 12:42 - 2013-11-21 22:23 - 00000000 ____D C:\Program Files\Mozilla Thunderbird 2013-10-30 20:06 - 2013-11-22 15:27 - 00000000 ____D C:\Program Files\Steam 2013-10-30 20:06 - 2013-10-30 20:06 - 00000875 _____ C:\Users\Public\Desktop\Steam.lnk 2013-10-30 19:52 - 2013-10-30 19:52 - 01669632 _____ C:\Users\Gilly\Downloads\SteamInstall.msi 2013-10-30 08:44 - 2013-11-15 21:26 - 00000000 ____D C:\Users\Gilly\AppData\Roaming\Unity 2013-10-30 08:41 - 2013-10-30 08:41 - 00648160 _____ (Unity Technologies ApS) C:\Users\Gilly\Downloads\UnityWebPlayer.exe 2013-10-30 08:41 - 2013-10-30 08:41 - 00000000 ____D C:\Users\Gilly\AppData\Local\Unity 2013-10-30 08:07 - 2013-10-30 08:07 - 00000000 ____D C:\Users\Tiggs\AppData\Local\LogMeIn 2013-10-23 12:48 - 2013-11-04 12:16 - 00000748 _____ C:\Users\Gilly\Downloads\Minecraft - Shortcut.lnk 2013-10-23 12:46 - 2013-10-23 12:46 - 00675988 _____ C:\Users\Gilly\Downloads\Minecraft(1).exe 2013-10-23 08:38 - 2013-10-23 08:38 - 00000000 ____D C:\Users\Gilly\AppData\Local\LogMeIn 2013-10-23 08:38 - 2013-10-23 08:38 - 00000000 ____D C:\ProgramData\LogMeIn ==================== One Month Modified Files and Folders ======= 2013-11-22 17:00 - 2013-11-22 17:00 - 00022961 _____ C:\Users\Gilly\Downloads\FRST.txt 2013-11-22 17:00 - 2013-11-22 17:00 - 00000000 ____D C:\FRST 2013-11-22 16:59 - 2013-11-22 16:59 - 01091001 _____ (Farbar) C:\Users\Gilly\Downloads\FRST.exe 2013-11-22 16:45 - 2012-04-06 21:22 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4972946-2827538782-2613711529-1000UA.job 2013-11-22 16:43 - 2011-05-06 20:43 - 01379518 _____ C:\Windows\WindowsUpdate.log 2013-11-22 16:34 - 2013-11-09 12:29 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4972946-2827538782-2613711529-1000UA.job 2013-11-22 16:34 - 2012-04-04 11:53 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-22 15:27 - 2013-10-30 20:06 - 00000000 ____D C:\Program Files\Steam 2013-11-22 12:34 - 2013-11-09 12:29 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4972946-2827538782-2613711529-1000Core.job 2013-11-22 11:52 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-11-22 09:27 - 2012-07-18 00:27 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 417177d3-e566-4cdf-9e0b-27a4e2be9648.job 2013-11-22 09:14 - 2011-05-16 22:14 - 00000000 ____D C:\Users\Gilly\AppData\Local\Adobe 2013-11-22 09:12 - 2009-07-14 04:34 - 00014832 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-22 09:12 - 2009-07-14 04:34 - 00014832 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-22 09:04 - 2012-07-17 12:30 - 08895744 _____ C:\Windows\setupact.log 2013-11-22 09:04 - 2012-05-03 11:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-11-22 09:04 - 2009-07-14 04:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-21 22:54 - 2011-05-06 20:51 - 00866294 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-21 22:45 - 2012-04-06 21:22 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4972946-2827538782-2613711529-1000Core.job 2013-11-21 22:28 - 2013-11-21 22:28 - 00002985 _____ C:\Users\Gilly\Desktop\RKreport[0]_S_11212013_222819.txt 2013-11-21 22:28 - 2013-11-21 22:25 - 00000000 ____D C:\Users\Gilly\Desktop\RK_Quarantine 2013-11-21 22:25 - 2013-11-21 22:25 - 03679744 _____ C:\Users\Gilly\Downloads\RogueKiller.exe 2013-11-21 22:23 - 2013-11-01 12:42 - 00000000 ____D C:\Program Files\Mozilla Thunderbird 2013-11-21 22:22 - 2013-10-18 18:24 - 00000743 _____ C:\Users\Gilly\Desktop\New Text Document.txt 2013-11-21 18:11 - 2012-07-18 00:35 - 00150384 _____ C:\Windows\PFRO.log 2013-11-21 17:03 - 2013-11-21 17:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-11-21 17:02 - 2013-11-21 17:02 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Gilly\Downloads\mbar-1.07.0.1007.exe 2013-11-21 17:02 - 2013-11-21 17:02 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2013-11-21 16:53 - 2013-11-21 16:53 - 09452704 _____ (SurfRight B.V.) C:\Users\Gilly\Downloads\HitmanPro.exe 2013-11-21 16:42 - 2011-03-14 01:49 - 00001945 _____ C:\Windows\epplauncher.mif 2013-11-21 16:35 - 2013-11-21 16:35 - 00000000 ____D C:\TDSSKiller_Quarantine 2013-11-21 16:31 - 2013-11-21 16:31 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Gilly\Downloads\tdsskiller.exe 2013-11-21 16:30 - 2013-11-21 16:30 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Gilly\Downloads\iExplore.exe 2013-11-20 22:51 - 2013-11-20 22:51 - 00000000 ____D C:\Users\Gilly\AppData\Local\AMD 2013-11-20 22:51 - 2013-11-20 22:51 - 00000000 ____D C:\ProgramData\ATI 2013-11-20 22:50 - 2013-11-20 22:50 - 00000000 ____D C:\Program Files\AMD AVT 2013-11-20 22:50 - 2013-11-20 22:49 - 00000000 ____D C:\ProgramData\AMD 2013-11-20 22:50 - 2011-01-07 21:00 - 00000000 ____D C:\Program Files\ATI Technologies 2013-11-20 22:42 - 2013-11-20 22:42 - 00000000 ____D C:\ProgramData\Package Cache 2013-11-20 22:39 - 2013-11-20 22:39 - 00000000 ____D C:\AMD 2013-11-20 22:37 - 2013-11-20 22:07 - 09589779 _____ C:\Users\Gilly\Desktop\Untitled-1.psd 2013-11-20 22:16 - 2013-11-20 22:16 - 00791552 _____ (AMD) C:\Users\Gilly\Downloads\amddriverdownloader.exe 2013-11-20 15:32 - 2011-02-22 02:59 - 00000000 ____D C:\Users\Gilly\AppData\Roaming\.minecraft 2013-11-19 01:06 - 2013-11-13 20:42 - 00000639 _____ C:\Users\Gilly\Desktop\New Text Document (2).txt 2013-11-17 23:03 - 2012-01-10 17:46 - 00000132 _____ C:\Users\Gilly\AppData\Roaming\Adobe PNG Format CS5 Prefs 2013-11-17 22:45 - 2013-11-17 22:45 - 00144520 _____ C:\Windows\Minidump\111713-19141-01.dmp 2013-11-17 22:45 - 2012-07-18 01:11 - 417260804 _____ C:\Windows\MEMORY.DMP 2013-11-17 22:45 - 2011-11-05 17:26 - 00000000 ____D C:\Windows\Minidump 2013-11-17 00:08 - 2013-11-06 16:40 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-11-16 21:41 - 2013-03-12 01:13 - 00000000 ____D C:\Users\Gilly\Desktop\Tiggs drawing 2013-11-15 21:26 - 2013-10-30 08:44 - 00000000 ____D C:\Users\Gilly\AppData\Roaming\Unity 2013-11-15 21:24 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\registration 2013-11-15 19:35 - 2011-06-25 21:40 - 00000000 ____D C:\Users\Gilly\Desktop\Games 2013-11-15 18:42 - 2013-11-15 18:41 - 11011100 _____ C:\Users\Gilly\Desktop\bandicam 2013-11-15 18-41-13-861.avi 2013-11-14 09:24 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\rescache 2013-11-13 23:25 - 2011-05-13 00:03 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-11-13 23:22 - 2013-09-17 15:10 - 00000000 ____D C:\Windows\system32\MRT 2013-11-13 23:20 - 2011-05-06 21:09 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-11-12 21:18 - 2012-05-08 19:18 - 00000000 ____D C:\Users\Gilly\AppData\Roaming\Skype 2013-11-11 18:18 - 2011-10-14 10:51 - 00000000 ____D C:\Users\Gilly\Desktop\Written work 2013-11-11 05:50 - 2011-01-11 16:44 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2013-11-10 16:27 - 2013-09-25 13:37 - 00001456 _____ C:\Users\Gilly\AppData\Local\Adobe Save for Web 12.0 Prefs 2013-11-10 02:00 - 2012-07-18 00:27 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0cedc5e7-b8b1-4b98-9d44-32a1326352d6.job 2013-11-09 17:34 - 2011-02-06 11:55 - 00000000 ____D C:\Users\Gilly\AppData\Roaming\Mozilla 2013-11-09 12:29 - 2011-06-07 21:26 - 00000000 ____D C:\Users\Gilly\AppData\Local\Google 2013-11-07 17:34 - 2013-11-07 17:34 - 00000216 _____ C:\Users\Gilly\Desktop\The Stanley Parable Demo.url 2013-11-04 14:46 - 2013-11-04 14:29 - 00000000 ____D C:\Users\Gilly\Documents\Blood Omen 2 2013-11-04 14:29 - 2011-07-27 13:31 - 00000000 ____D C:\Users\Gilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2013-11-04 12:16 - 2013-10-23 12:48 - 00000748 _____ C:\Users\Gilly\Downloads\Minecraft - Shortcut.lnk 2013-11-04 12:15 - 2011-05-25 23:14 - 00000000 ____D C:\Program Files\AVS4YOU 2013-11-03 19:08 - 2011-04-06 17:23 - 00000000 ____D C:\Program Files\REALTEK 2013-11-03 19:06 - 2012-07-14 21:15 - 00000000 ____D C:\Users\Gilly\AppData\Local\Black_Tree_Gaming 2013-11-03 19:05 - 2011-05-08 20:47 - 00000000 ____D C:\Users\Gilly\AppData\Local\LogMeIn Hamachi 2013-11-03 18:40 - 2013-07-01 23:20 - 00000000 ____D C:\Users\Gilly\Desktop\Clean-up later 2013-11-03 14:48 - 2013-01-25 15:48 - 00000000 ___RD C:\Program Files\Skype 2013-11-03 14:48 - 2012-05-08 19:17 - 00000000 ____D C:\ProgramData\Skype 2013-10-31 21:58 - 2009-07-14 04:52 - 00000000 ____D C:\Program Files\Microsoft Games 2013-10-31 07:56 - 2011-05-09 22:38 - 00000000 ____D C:\Program Files\Common Files\Steam 2013-10-30 20:06 - 2013-10-30 20:06 - 00000875 _____ C:\Users\Public\Desktop\Steam.lnk 2013-10-30 20:06 - 2011-05-06 20:29 - 00000000 ____D C:\Users\Gilly 2013-10-30 20:01 - 2011-05-28 01:07 - 00000000 ____D C:\Users\Gilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2013-10-30 19:52 - 2013-10-30 19:52 - 01669632 _____ C:\Users\Gilly\Downloads\SteamInstall.msi 2013-10-30 08:41 - 2013-10-30 08:41 - 00648160 _____ (Unity Technologies ApS) C:\Users\Gilly\Downloads\UnityWebPlayer.exe 2013-10-30 08:41 - 2013-10-30 08:41 - 00000000 ____D C:\Users\Gilly\AppData\Local\Unity 2013-10-30 08:07 - 2013-10-30 08:07 - 00000000 ____D C:\Users\Tiggs\AppData\Local\LogMeIn 2013-10-30 08:07 - 2012-11-24 23:47 - 00000000 ____D C:\Users\Tiggs\AppData\Local\LogMeIn Hamachi 2013-10-23 12:46 - 2013-10-23 12:46 - 00675988 _____ C:\Users\Gilly\Downloads\Minecraft(1).exe 2013-10-23 08:38 - 2013-10-23 08:38 - 00000000 ____D C:\Users\Gilly\AppData\Local\LogMeIn 2013-10-23 08:38 - 2013-10-23 08:38 - 00000000 ____D C:\ProgramData\LogMeIn ZeroAccess: C:\Users\Gilly\AppData\Local\Google\Desktop\Install ZeroAccess: C:\Program Files\Google\Desktop\Install Files to move or delete: ==================== C:\Users\Gilly\AppData\Roaming\Origin Some content of TEMP: ==================== C:\Users\Gilly\AppData\Local\temp\13-9_win7_win8_32_dd_ccc_whql.exe C:\Users\Gilly\AppData\Local\temp\drm_dyndata_7370014.dll C:\Users\Gilly\AppData\Local\temp\InstallFlashPlayer.exe C:\Users\Gilly\AppData\Local\temp\KUIU.EXE C:\Users\Gilly\AppData\Local\temp\ntdll_dump.dll C:\Users\Gilly\AppData\Local\temp\Second Life Setup.exe C:\Users\Gilly\AppData\Local\temp\_is2DE3.exe C:\Users\Gilly\AppData\Local\temp\_is499D.exe C:\Users\Gilly\AppData\Local\temp\_isA755.exe C:\Users\Gilly\AppData\Local\temp\_isAB0D.exe C:\Users\Gilly\AppData\Local\temp\_isCC82.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-21 10:53 ==================== End Of Log ============================ Addition.txt

RogueKiller V8.7.8 [Nov 14 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : Gilly [Admin rights] Mode : Scan -- Date : 11/21/2013 22:28:19 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : fD1GRLMiJ2+w60MzdWg= ("C:\Users\Gilly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Y356FAVW\imagecdn.godvine.com\finger.exe" [-]) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-4972946-2827538782-2613711529-1000\[...]\Run : fD1GRLMiJ2+w60MzdWg= ("C:\Users\Gilly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Y356FAVW\imagecdn.godvine.com\finger.exe" [-]) -> FOUND [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [FF][PROXY] 1x0qnecx.default : user_pref("network.proxy.type", 2); -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][Folder] Install : C:\Users\Gilly\AppData\Local\Google\Desktop\Install [-] --> FOUND [ZeroAccess][Folder] Install : C:\Program Files\Google\Desktop\Install [-] --> FOUND ¤¤¤ Driver : [LOADED] ¤¤¤ [Address] IAT @explorer.exe (HeapDestroy) : KERNEL32.dll -> HOOKED (Unknown @ 0x02914064) [Address] IAT @explorer.exe (GetMessageW) : USER32.dll -> HOOKED (Unknown @ 0x029122DD) [Address] IAT @explorer.exe (ExitWindowsEx) : USER32.dll -> HOOKED (Unknown @ 0x02912363) [inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xD2A4333C) [inline] EAT @explorer.exe (?ms_ReentrantSemaphore@GCUtilDLL@@2VGCReentrantSemaphore@@A) : GrooveUtil.DLL -> HOOKED (Unknown @ 0x71A7BF1C) [inline] EAT @firefox.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xD2A4333C) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HD103SJ ATA Device +++++ --- User --- [MBR] d31cea6eb9eac6ae959c91bc67257129 [bSP] 6f9a9f09ff81591fd51ab0f06b2021e1 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_11212013_222819.txt >>

It's possible I might have a zeroaccess rootkit and I would just like some help with finding out if I do have one and if so how to remove it. Thanks.

I can't thank you enough for all your help. My computer does seem to be running better, if I have an further problems regarding viruses atleast I know there is a great place like this where people like you provide great assistance.

Here's the log. Get back to me with what to do now? All processes killed ========== FILES ========== C:\FRST\Quarantine\{2d9a0716-c166-2392-4342-693a616bbada}\{2d9a0716-c166-2392-4342-693a616bbada}\U folder moved successfully. C:\FRST\Quarantine\{2d9a0716-c166-2392-4342-693a616bbada}\{2d9a0716-c166-2392-4342-693a616bbada}\L folder moved successfully. C:\FRST\Quarantine\{2d9a0716-c166-2392-4342-693a616bbada}\{2d9a0716-c166-2392-4342-693a616bbada} folder moved successfully. C:\FRST\Quarantine\{2d9a0716-c166-2392-4342-693a616bbada}\U folder moved successfully. C:\FRST\Quarantine\{2d9a0716-c166-2392-4342-693a616bbada}\L folder moved successfully. Folder move failed. C:\FRST\Quarantine\{2d9a0716-c166-2392-4342-693a616bbada} scheduled to be moved on reboot. Folder move failed. C:\FRST\Quarantine scheduled to be moved on reboot. C:\FRST\Logs folder moved successfully. C:\FRST\Hives folder moved successfully. C:\FRST folder moved successfully. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: Gilly ->Java cache emptied: 9706773 bytes User: Public Total Java Files Cleaned = 9.00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Gilly ->Temp folder emptied: 1145847 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 57084507 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 57014 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 26280 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 56.00 mb OTL by OldTimer - Version 3.2.54.0 log created on 07192012_000953 Files\Folders moved on Reboot... File\Folder C:\FRST\Quarantine\{2d9a0716-c166-2392-4342-693a616bbada} not found! File\Folder C:\FRST\Quarantine not found! PendingFileRenameOperations files... File C:\FRST\Quarantine\{2d9a0716-c166-2392-4342-693a616bbada} not found! File C:\FRST\Quarantine not found! Registry entries deleted on Reboot...

I've done everythign you stated I should do. I have just a few questions left. Is there anything left to do to see if I am as clean as I possibly can do? And why can't I removed the "FRST" folder from my C drive? And then I wait for the next step I need to take.

Okay then, I guess I'm ready for the next step then. I used the online scanner to remove all the items it quarantined so I guess those logs are gone now? So I'll just go back to the ComboFix page and use the instructions to uninstall it and then use some tool to clear up any left over logs... Is that correct or do you suggest doing something different?

What about when I went into the quaratine and deleted the services.exe, was that a mistake? Also, is there anyway I can remove these quaratined items so they don't set off virus scanners, like the online scanners, in the future? Here's the log, is it suppose to be that short? ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK

Bad news. I've ran several scans in the past 2 hours. 1. MBAM in full scan detected a "trojan.0access" in the location "C:\FRST\Quarantine" it was called "services.exe" I deleted it. Should I have done that? 2. The Online Scanner detected several viruses,this is what they were called: - Win32/Sirefef.EV trojan - HTML/lframe.B.Gen virus - Java/TrojanDownloader.Agent.AC trojan - Java/Exploit.CVE-2012-0507.BR trojan - multiple threats - multiple threats - Win32/Somoto application Although the scanner said it quarintined these viruses and deleted a couple of them I am still worried because my as you know my most Anti-Virus software I've ran have said they've removed the issue and the virus manages to always return. Also, what if this online scanner missed some viruses, much like how MBAB never managed to pick up all the threats the online scanner managed to pick up. My worry is I have much more work to do before my computer can be as clean as it can be. What should I do? How should I continue?

I finally got my internet back up using a different dongle. I managed to download MSE with no problem and run a scan uninterurpted, unlike before. I ran quick scans with both MSE and MBAM, both fully updated, and niether detected anything. I know you stated in your warning that my computer can never be 100% trusted again, but what are my chances that I'm in the all clear? And what would I need to do to make my chances of being in the clear better? I thank you for all your help so far, it's been very valuable to me.

I got two quick questions. How come my wireless 'N' USB adapter no longer works and can I reinstall Microsoft Security Essentials if I wanted to? Here is my log from MBAM. Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.17.15 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Gilly :: GILLY-PC [administrator] Protection: Enabled 18/07/2012 19:11:47 mbam-log-2012-07-18 (19-11-47).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 216911 Time elapsed: 4 minute(s), 4 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

I can't open MBAM because I get an error that says: "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Illegal operation attempted on a registry key that has been marked for deletion." In fact, I can't go on an array of other things aswell. I keep getting that error. Have any ideas what might be wrong?

Here is my ComboFix report. ComboFix 12-07-18.04 - Gilly 18/07/2012 18:03:08.1.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3327.2296 [GMT 1:00] Running from: c:\users\Gilly\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\DEBUG.log c:\windows\system32\PCLECoInst.dll . . ((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 ))))))))))))))))))))))))))))))) . . 2012-07-19 00:52 . 2012-07-19 00:52 -------- d-----w- C:\FRST 2012-07-18 15:17 . 2012-07-18 15:17 -------- d-----w- c:\users\Gilly\AppData\Roaming\AVG2012 2012-07-18 01:08 . 2012-07-18 01:08 -------- d-----w- C:\$AVG 2012-07-18 01:08 . 2012-07-18 15:18 -------- d-----w- c:\programdata\AVG2012 2012-07-18 01:08 . 2012-07-18 01:08 -------- d-----w- c:\windows\system32\drivers\AVG 2012-07-18 01:07 . 2012-07-18 01:07 -------- d-----w- c:\program files\AVG 2012-07-18 01:04 . 2012-07-18 16:58 -------- d-----w- c:\programdata\MFAData 2012-07-18 01:04 . 2012-07-18 01:04 -------- d--h--w- c:\programdata\Common Files 2012-07-18 00:27 . 2012-07-18 00:27 -------- d-----w- c:\users\Gilly\AppData\Roaming\SUPERAntiSpyware.com 2012-07-18 00:26 . 2012-07-18 00:27 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-07-18 00:26 . 2012-07-18 00:26 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-07-18 00:25 . 2012-07-03 12:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-17 22:59 . 2012-07-17 22:59 -------- d-----w- c:\users\Gilly\AppData\Roaming\Malwarebytes 2012-07-17 22:59 . 2012-07-18 00:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-17 22:59 . 2012-07-17 22:59 -------- d-----w- c:\programdata\Malwarebytes 2012-07-17 19:18 . 2012-07-17 19:18 -------- d-----w- c:\program files\Common Files\logishrd 2012-07-14 21:15 . 2012-07-14 21:15 -------- d-----w- c:\users\Gilly\AppData\Local\Black_Tree_Gaming 2012-07-14 21:15 . 2012-07-14 21:15 -------- d-----w- c:\program files\Nexus Mod Manager 2012-07-12 17:54 . 2012-07-12 17:54 -------- d-----w- c:\users\Gilly\AppData\Local\CRE 2012-07-12 17:54 . 2012-07-12 17:54 -------- d-----w- c:\program files\Conduit 2012-07-12 17:54 . 2012-07-12 18:29 -------- d-----w- c:\users\Gilly\AppData\Local\Conduit 2012-07-12 11:02 . 2008-05-15 02:28 20384 ----a-w- c:\windows\system32\drivers\jswpslwf.sys 2012-07-12 11:02 . 2012-07-12 11:02 -------- d-----w- c:\program files\NETGEAR 2012-07-12 11:02 . 2010-10-11 16:09 1564160 ----a-w- c:\windows\system32\drivers\athur.sys 2012-07-11 08:00 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-07-04 08:08 . 2012-07-04 08:08 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-07-04 08:08 . 2012-07-04 08:08 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-06-29 08:02 . 2012-06-29 08:02 -------- d-----w- c:\program files\LogMeIn Hamachi 2012-06-23 13:25 . 2012-06-23 13:25 -------- d-----w- c:\users\Gilly\AppData\Local\Macromedia 2012-06-20 22:14 . 2012-06-20 22:14 -------- d-----w- c:\users\Gilly\AppData\Roaming\BANDISOFT 2012-06-20 22:14 . 2012-06-20 22:14 -------- d-----w- c:\program files\Bandicam 2012-06-20 22:14 . 2012-06-20 22:14 -------- d-----w- c:\program files\BandiMPEG1 2012-06-19 08:38 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-19 08:38 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-19 08:38 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-19 08:38 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-19 08:37 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-19 08:37 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-19 08:37 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-19 08:37 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-19 08:37 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-19 00:38 . 2012-06-19 00:38 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-06-19 00:38 . 2012-06-19 00:38 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-06-19 00:28 . 2012-06-19 00:28 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-06-19 00:27 . 2012-06-19 00:27 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-16 21:13 . 2011-07-23 15:51 2373056 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2012-07-13 11:34 . 2012-04-04 11:53 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-13 11:34 . 2011-06-23 08:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-10 18:28 . 2012-05-10 18:25 916480 ----a-w- c:\windows\expstart.exe 2012-05-10 18:03 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll 2012-05-10 18:03 . 2011-05-06 21:37 2755072 ----a-w- c:\windows\system32\themeui.dll 2012-05-10 18:03 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll 2012-05-04 09:59 . 2012-06-13 10:03 514560 ----a-w- c:\windows\system32\qdvd.dll 2012-05-01 04:44 . 2012-06-13 09:22 164352 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:17 . 2012-06-13 09:22 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 04:45 . 2012-06-13 09:22 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 04:45 . 2012-06-13 09:22 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 04:41 . 2012-06-13 09:22 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 04:36 . 2012-06-13 09:22 1158656 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-13 09:22 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 04:36 . 2012-06-13 09:22 103936 ----a-w- c:\windows\system32\cryptnet.dll 2012-07-04 08:08 . 2011-06-06 09:31 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "Facebook Update"="c:\users\Gilly\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "WTClient"="WTClient.exe" [2009-03-17 32768] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-03-27 10967656] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736] "MouseDriver"="TiltWheelMouse.exe" [2010-11-01 241152] "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCInstallQueue"="netman.dll" [2009-07-14 280576] . c:\users\Gilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [N/A] Delta AutoLoad.lnk - c:\program files\Delta\delta.exe [N/A] Facebook Messenger.lnk - c:\users\Gilly\AppData\Local\Facebook\Messenger\2.1.4570.0\FacebookMessenger.exe [2012-7-6 217536] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ NETGEAR WNDA3200 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe [2012-7-12 565248] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2011-08-02 11:44 1242448 ----a-w- c:\program files\Steam\steam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\DRIVERS\athru6.sys [x] R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [x] R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNDA3200\jswpsapi.exe [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\Drivers\UsbFltr.sys [x] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 XG762V32;Zoom 802.11a/b/g 762N vista Driver;c:\windows\system32\DRIVERS\WlanUZG.sys [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x] S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [x] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x] S2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files\NETGEAR\WNDA3200\WifiDevChkSvc.exe [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [x] S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] S3 t_mouse.sys;iBall Advanced Mouse;c:\windows\system32\DRIVERS\t_mouse.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 11:34] . 2012-07-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4972946-2827538782-2613711529-1000Core.job - c:\users\Gilly\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 21:27] . 2012-07-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4972946-2827538782-2613711529-1000UA.job - c:\users\Gilly\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 21:27] . 2012-07-18 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 0cedc5e7-b8b1-4b98-9d44-32a1326352d6.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . 2012-07-18 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 417177d3-e566-4cdf-9e0b-27a4e2be9648.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Gilly\AppData\Roaming\Mozilla\Firefox\Profiles\1x0qnecx.default\ . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file) WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file) HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe HKCU-Run-AdobeBridge - (no file) HKCU-Run-Spotify - c:\users\Gilly\AppData\Roaming\Spotify\Spotify.exe HKLM-Run-USB2Check - c:\windows\system32\PCLECoInst.dll HKLM-Run-TQ566808 - D:\Setup.exe SafeBoot-mcmscsvc SafeBoot-MCODS . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-4972946-2827538782-2613711529-1000\Software\SecuROM\License information*] "datasecu"=hex:9f,fa,ad,06,e6,56,cb,c3,c0,8f,22,c2,9d,a6,fa,bc,6a,34,bd,c8,ea, 6a,8a,a9,65,c0,e2,e5,4e,26,b6,57,aa,32,1e,8d,e2,ed,57,30,05,19,f9,48,25,75,\ "rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG2012\avgrsx.exe c:\program files\AVG\AVG2012\avgcsrvx.exe c:\windows\system32\atieclxx.exe c:\windows\SYSTEM32\WISPTIS.EXE c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\System32\Drivers\WTSRV.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\AVG\AVG2012\avgnsx.exe c:\program files\AVG\AVG2012\avgemcx.exe c:\windows\system32\taskhost.exe c:\windows\system32\WTClient.exe c:\windows\SYSTEM32\WISPTIS.EXE c:\program files\Common Files\microsoft shared\ink\TabTip.exe c:\windows\system32\conhost.exe c:\windows\System32\rundll32.exe c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe c:\windows\system32\sppsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\AVG\AVG2012\avgcsrvx.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Completion time: 2012-07-18 18:14:04 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-18 17:14 . Pre-Run: 888,517,419,008 bytes free Post-Run: 900,188,180,480 bytes free . - - End Of File - - 0FE379BFC1C74F56529A52F4D21AF52D

I think I sent the wrong report. I'm sorry. Here is the fixlog.txt report. Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 01 Ran by SYSTEM at 2012-07-18 17:33:28 Run:1 Running from F:\ ============================================== C:\Windows\Installer\{2d9a0716-c166-2392-4342-693a616bbada} moved successfully. C:\Windows\Installer\{2d9a0716-c166-2392-4342-693a616bbada}\@ not found. C:\Windows\Installer\{2d9a0716-c166-2392-4342-693a616bbada}\L not found. C:\Windows\Installer\{2d9a0716-c166-2392-4342-693a616bbada}\n not found. C:\Windows\Installer\{2d9a0716-c166-2392-4342-693a616bbada}\U not found. C:\Windows\Installer\{2d9a0716-c166-2392-4342-693a616bbada}\L\00000004.@ not found. C:\Windows\Installer\{2d9a0716-c166-2392-4342-693a616bbada}\L\1afb2d56 not found. C:\Windows\Installer\{2d9a0716-c166-2392-4342-693a616bbada}\L\201d3dde not found. C:\Windows\Installer\{2d9a0716-c166-2392-4342-693a616bbada}\U\80000032.@ not found. C:\Users\Gilly\AppData\Local\{2d9a0716-c166-2392-4342-693a616bbada} moved successfully. C:\Users\Gilly\AppData\Local\{2d9a0716-c166-2392-4342-693a616bbada}\@ not found. C:\Users\Gilly\AppData\Local\{2d9a0716-c166-2392-4342-693a616bbada}\L not found. C:\Users\Gilly\AppData\Local\{2d9a0716-c166-2392-4342-693a616bbada}\n not found. C:\Users\Gilly\AppData\Local\{2d9a0716-c166-2392-4342-693a616bbada}\U not found. C:\Windows\assembly\GAC\Desktop.ini moved successfully. C:\Windows\System32\services.exe moved successfully. C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe ==== End of Fixlog ====

Here's the report. Farbar Recovery Scan Tool Version: 16-07-2012 01 Ran by SYSTEM at 2012-07-18 17:13:16 Running from F:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 C:\Windows\System32\services.exe [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9 === End Of Search ===

Yeah I did read the warnings I was just asking if not being in safe mode was a problem and if you would suggest I go in safe mode. Anyway, thanks for the help so far... Here's the report. Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 16-07-2012 01 Ran by SYSTEM at 18-07-2012 16:52:19 Running from F:\ Windows 7 Home Premium (X86) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" [311296 2010-05-04] (Advanced Micro Devices, Inc.) HKLM\...\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.) HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated) HKLM\...\Run: [uSB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController [81920 2006-11-06] (Pinnacle Systems) HKLM\...\Run: [WTClient] WTClient.exe [x] HKLM\...\Run: [TQ566808] "D:\Setup.exe" [x] HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-29] (Adobe Systems Incorporated) HKLM\...\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-11] (Adobe Systems Incorporated) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10967656 2012-03-27] (Realtek Semiconductor) HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.) HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-26] (Apple Inc.) HKLM\...\Run: [MouseDriver] TiltWheelMouse.exe [x] HKLM\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-06-27] (LogMeIn Inc.) HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation) HKLM\...\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" [2587008 2012-04-04] (AVG Technologies CZ, s.r.o.) HKU\Gilly\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [1305408 2011-01-05] (DT Soft Ltd) HKU\Gilly\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [x] HKU\Gilly\...\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent [x] HKU\Gilly\...\Run: [AdobeBridge] [x] HKU\Gilly\...\Run: [Facebook Update] "C:\Users\Gilly\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.) HKU\Gilly\...\Run: [spotify] "C:\Users\Gilly\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [x] HKU\Gilly\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation) HKU\Gilly\...\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4777856 2012-07-09] (SUPERAntiSpyware.com) HKU\Gilly\...\Winlogon: [shell] EXPLORER.EXE [x] HKLM\...\Runonce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue [x] Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X] Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3200 Smart Wizard.lnk ShortcutTarget: NETGEAR WNDA3200 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe (NETGEAR) Startup: C:\Users\Gilly\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk ShortcutTarget: BBC iPlayer Desktop.lnk -> C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe (No File) Startup: C:\Users\Gilly\Start Menu\Programs\Startup\Delta AutoLoad.lnk ShortcutTarget: Delta AutoLoad.lnk -> C:\Program Files\Delta\delta.exe (No File) Startup: C:\Users\Gilly\Start Menu\Programs\Startup\Facebook Messenger.lnk ShortcutTarget: Facebook Messenger.lnk -> (No File) ================================ Services (Whitelisted) ================== 2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [116608 2011-08-11] (SUPERAntiSpyware.com) 2 avgfws; "C:\Program Files\AVG\AVG2012\avgfws.exe" [2321560 2012-06-12] (AVG Technologies CZ, s.r.o.) 2 AVGIDSAgent; "C:\Program Files\AVG\AVG2012\avgidsagent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.) 2 avgwd; "C:\Program Files\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-13] (AVG Technologies CZ, s.r.o.) 2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation) 2 Hamachi2Svc; "C:\Program Files\LogMeIn Hamachi\hamachi-2.exe" -s [1385896 2012-06-27] (LogMeIn Inc.) 3 jswpsapi; C:\Program Files\NETGEAR\WNDA3200\jswpsapi.exe [954368 2009-11-05] (Atheros Communications, Inc.) 2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation) 2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-17] (Logitech Inc.) 2 WDCS_WNDA3200; C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe [167936 2010-06-23] () 2 WinTabService; "C:\Windows\System32\Drivers\WTSRV.EXE" [69632 2009-03-04] (Tablet Driver) 2 MSSQL$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x] 4 MSSQLServerADHelper100; "c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [x] 4 SQLAgent$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [x] 4 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x] 2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x] ========================== Drivers (Whitelisted) ============= 3 athrusb6; C:\Windows\System32\DRIVERS\athru6.sys [873472 2007-07-04] (Atheros Communications, Inc.) 3 athur; C:\Windows\System32\DRIVERS\athur.sys [1564160 2010-10-11] (Atheros Communications, Inc.) 1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47968 2011-05-22] (AVG Technologies CZ, s.r.o.) 3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [139856 2011-12-23] (AVG Technologies CZ, s.r.o. ) 3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. ) 0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-18] (AVG Technologies CZ, s.r.o. ) 3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. ) 1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [235216 2012-02-21] (AVG Technologies CZ, s.r.o.) 1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.) 0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-30] (AVG Technologies CZ, s.r.o.) 1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [301248 2012-03-18] (AVG Technologies CZ, s.r.o.) 3 DCamUSBEMPIA; C:\Windows\System32\DRIVERS\emDevice.sys [100957 2005-12-21] (eMPIA Technology, Inc.) 1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218176 2011-05-06] (DT Soft Ltd) 3 emAudio; C:\Windows\System32\drivers\emAudio.sys [22528 2006-12-12] (Pinnacle Systems GmbH) 3 FiltUSBEMPIA; C:\Windows\System32\DRIVERS\emFilter.sys [5245 2005-12-21] (eMPIA Technology, Inc.) 3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation) 3 PTSimBus; C:\Windows\System32\DRIVERS\PTSimBus.sys [18944 2007-06-07] (PenTablet Driver) 3 PTSimHid; C:\Windows\System32\DRIVERS\PTSimHid.sys [10752 2007-04-23] (PenTablet Driver) 4 RsFx0103; C:\Windows\System32\DRIVERS\RsFx0103.sys [239336 2009-03-29] (Microsoft Corporation) 1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) 1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) 3 ScanUSBEMPIA; C:\Windows\System32\DRIVERS\emScan.sys [4493 2005-12-21] (eMPIA Technology, Inc.) 3 TClass2k; C:\Windows\System32\DRIVERS\TClass2k.sys [18432 2007-04-23] (Tablet Driver) 3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [20480 2009-04-16] () 3 UCTblHid; C:\Windows\System32\DRIVERS\UCTblHid.sys [14848 2008-09-08] (Tablet Driver) 3 UsbFltr; C:\Windows\System32\Drivers\UsbFltr.sys [9600 2007-04-09] (Waytech Development, Inc.) 3 XG762V32; C:\Windows\System32\DRIVERS\WlanUZG.sys [873472 2008-03-27] (Atheros Communications, Inc.) 3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [60160 2009-08-13] (Microsoft Corporation) 3 ZDCNDIS5; \??\C:\Windows\system32\ZDCNDIS5.SYS [20736 2008-03-27] (ZDC., Inc. (ZDC)) 3 RTL8192su; C:\Windows\System32\DRIVERS\RTL8192su.sys [x] 3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [x] 2 WZCSVC; [x] 3 ZDPSp50; C:\Windows\System32\Drivers\ZDPSp50.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-07-18 07:21 - 2012-07-18 07:21 - 00002556 ____A C:\Users\Gilly\Desktop\RKreport[1].txt 2012-07-18 07:20 - 2012-07-18 07:21 - 00000000 ____D C:\Users\Gilly\Desktop\RK_Quarantine 2012-07-18 07:19 - 2012-07-18 07:20 - 01552384 ____A C:\Users\Gilly\Desktop\RogueKiller.exe 2012-07-18 07:17 - 2012-07-18 07:17 - 00000000 ____D C:\Users\Gilly\AppData\Roaming\AVG2012 2012-07-17 17:11 - 2012-07-17 17:11 - 460072196 ____A C:\Windows\MEMORY.DMP 2012-07-17 17:11 - 2012-07-17 17:11 - 00144520 ____A C:\Windows\Minidump\071812-41480-01.dmp 2012-07-17 17:09 - 2012-07-17 17:09 - 00000935 ____A C:\Users\Public\Desktop\AVG 2012.lnk 2012-07-17 17:08 - 2012-07-18 07:18 - 00000000 ____D C:\Users\All Users\AVG2012 2012-07-17 17:08 - 2012-07-17 17:08 - 00000000 ___HD C:\$AVG 2012-07-17 17:08 - 2012-07-17 17:08 - 00000000 ____D C:\Windows\System32\Drivers\AVG 2012-07-17 17:07 - 2012-07-17 17:07 - 00000000 ____D C:\Program Files\AVG 2012-07-17 17:04 - 2012-07-17 17:05 - 00000000 ____D C:\Users\All Users\MFAData 2012-07-17 16:45 - 2012-07-17 16:45 - 00000000 ____D C:\Windows\pss 2012-07-17 16:35 - 2012-07-18 01:51 - 00003940 ____A C:\Windows\PFRO.log 2012-07-17 16:27 - 2012-07-17 17:00 - 00000510 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0cedc5e7-b8b1-4b98-9d44-32a1326352d6.job 2012-07-17 16:27 - 2012-07-17 16:35 - 00000510 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 417177d3-e566-4cdf-9e0b-27a4e2be9648.job 2012-07-17 16:27 - 2012-07-17 16:27 - 00001957 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2012-07-17 16:27 - 2012-07-17 16:27 - 00000000 ____D C:\Users\Gilly\AppData\Roaming\SUPERAntiSpyware.com 2012-07-17 16:26 - 2012-07-17 16:27 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2012-07-17 16:26 - 2012-07-17 16:26 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com 2012-07-17 16:25 - 2012-07-17 16:25 - 00001063 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-17 16:25 - 2012-07-03 04:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-07-17 14:59 - 2012-07-17 16:25 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-07-17 14:59 - 2012-07-17 14:59 - 00000000 ____D C:\Users\Gilly\AppData\Roaming\Malwarebytes 2012-07-17 14:59 - 2012-07-17 14:59 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-07-17 11:54 - 2012-07-18 01:16 - 00000000 ____D C:\Users\Gilly\Downloads\San Andreas 2012-07-17 11:18 - 2012-07-17 11:18 - 00006742 ____A C:\Windows\System32\lvcoinst.log 2012-07-17 11:18 - 2012-07-17 11:18 - 00000000 ____D C:\Program Files\Common Files\logishrd 2012-07-17 04:30 - 2012-07-18 07:45 - 00137383 ____A C:\Windows\setupact.log 2012-07-17 04:30 - 2012-07-17 04:30 - 00000000 ____A C:\Windows\setuperr.log 2012-07-16 04:11 - 2012-07-16 04:11 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 2012-07-16 04:11 - 2012-07-16 04:11 - 00000000 ____D C:\Program Files\Common Files\DESIGNER 2012-07-14 13:15 - 2012-07-14 13:15 - 00000000 ____D C:\Users\Gilly\Documents\Nexus Mod Manager 2012-07-14 13:15 - 2012-07-14 13:15 - 00000000 ____D C:\Users\Gilly\AppData\Local\Black_Tree_Gaming 2012-07-14 13:15 - 2012-07-14 13:15 - 00000000 ____D C:\Program Files\Nexus Mod Manager 2012-07-12 09:54 - 2012-07-12 10:29 - 00000000 ____D C:\Users\Gilly\AppData\Local\Conduit 2012-07-12 09:54 - 2012-07-12 09:54 - 00000000 ____D C:\Users\Gilly\AppData\Local\CRE 2012-07-12 09:54 - 2012-07-12 09:54 - 00000000 ____D C:\Program Files\Conduit 2012-07-12 03:02 - 2012-07-12 03:02 - 00000000 ____D C:\Program Files\NETGEAR 2012-07-12 03:02 - 2010-10-11 08:09 - 01564160 ____A (Atheros Communications, Inc.) C:\Windows\System32\Drivers\athur.sys 2012-07-12 03:02 - 2008-05-14 18:28 - 00020384 ____A (Atheros Communications, Inc.) C:\Windows\System32\Drivers\jswpslwf.sys 2012-07-11 00:03 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-07-11 00:03 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-07-11 00:03 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-07-11 00:03 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-07-11 00:03 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-07-11 00:03 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-07-11 00:03 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-07-11 00:03 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-07-11 00:03 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-07-11 00:03 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-07-11 00:03 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-07-11 00:03 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-07-11 00:03 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-07-11 00:03 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-07-11 00:00 - 2012-06-11 18:40 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-10 23:49 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-07-10 23:49 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-07-10 23:49 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-07-10 23:49 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-07-10 23:49 - 2012-06-01 20:45 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-07-10 23:49 - 2012-06-01 20:45 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-07-10 23:49 - 2012-06-01 20:40 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-07-10 23:49 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-07-10 23:49 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-07-10 23:49 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2012-07-05 14:03 - 2012-07-05 17:40 - 00000000 ____D C:\Users\Gilly\Downloads\civil_war 2012-06-29 00:02 - 2012-06-29 00:02 - 00000000 ____D C:\Program Files\LogMeIn Hamachi 2012-06-23 05:25 - 2012-06-23 05:25 - 00000000 ____D C:\Users\Gilly\AppData\Local\Macromedia 2012-06-20 14:51 - 2012-06-20 14:51 - 00000000 ____D C:\Users\Gilly\Documents\AVS4YOU 2012-06-20 14:14 - 2012-06-20 14:14 - 00000000 ____D C:\Users\Gilly\Documents\Bandicam 2012-06-20 14:14 - 2012-06-20 14:14 - 00000000 ____D C:\Users\Gilly\AppData\Roaming\BANDISOFT 2012-06-20 14:14 - 2012-06-20 14:14 - 00000000 ____D C:\Program Files\BandiMPEG1 2012-06-20 14:14 - 2012-06-20 14:14 - 00000000 ____D C:\Program Files\Bandicam 2012-06-20 09:25 - 2012-06-20 09:25 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf 2012-06-19 00:38 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-19 00:38 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-19 00:38 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-19 00:38 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-19 00:37 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-19 00:37 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-19 00:37 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-19 00:37 - 2012-06-02 06:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-19 00:37 - 2012-06-02 06:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-18 16:28 - 2012-07-17 16:17 - 00000258 _RASH C:\Users\All Users\ntuser.pol ============ 3 Months Modified Files ======================== 2012-07-18 07:45 - 2012-07-17 04:30 - 00137383 ____A C:\Windows\setupact.log 2012-07-18 07:45 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-07-18 07:42 - 2011-05-06 12:43 - 01619811 ____A C:\Windows\WindowsUpdate.log 2012-07-18 07:34 - 2012-04-04 03:53 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-07-18 07:32 - 2012-04-06 13:22 - 00000926 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4972946-2827538782-2613711529-1000UA.job 2012-07-18 07:24 - 2011-05-06 12:51 - 00878982 ____A C:\Windows\System32\PerfStringBackup.INI 2012-07-18 07:24 - 2009-07-13 20:34 - 00014832 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-07-18 07:24 - 2009-07-13 20:34 - 00014832 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-07-18 07:21 - 2012-07-18 07:21 - 00002556 ____A C:\Users\Gilly\Desktop\RKreport[1].txt 2012-07-18 07:20 - 2012-07-18 07:19 - 01552384 ____A C:\Users\Gilly\Desktop\RogueKiller.exe 2012-07-18 01:51 - 2012-07-17 16:35 - 00003940 ____A C:\Windows\PFRO.log 2012-07-17 17:11 - 2012-07-17 17:11 - 460072196 ____A C:\Windows\MEMORY.DMP 2012-07-17 17:11 - 2012-07-17 17:11 - 00144520 ____A C:\Windows\Minidump\071812-41480-01.dmp 2012-07-17 17:09 - 2012-07-17 17:09 - 00000935 ____A C:\Users\Public\Desktop\AVG 2012.lnk 2012-07-17 17:00 - 2012-07-17 16:27 - 00000510 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0cedc5e7-b8b1-4b98-9d44-32a1326352d6.job 2012-07-17 16:38 - 2011-03-13 17:49 - 00001945 ____A C:\Windows\epplauncher.mif 2012-07-17 16:35 - 2012-07-17 16:27 - 00000510 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 417177d3-e566-4cdf-9e0b-27a4e2be9648.job 2012-07-17 16:27 - 2012-07-17 16:27 - 00001957 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2012-07-17 16:25 - 2012-07-17 16:25 - 00001063 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-17 16:17 - 2012-06-18 16:28 - 00000258 _RASH C:\Users\All Users\ntuser.pol 2012-07-17 13:32 - 2012-04-06 13:22 - 00000904 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4972946-2827538782-2613711529-1000Core.job 2012-07-17 11:18 - 2012-07-17 11:18 - 00006742 ____A C:\Windows\System32\lvcoinst.log 2012-07-17 04:30 - 2012-07-17 04:30 - 00000000 ____A C:\Windows\setuperr.log 2012-07-16 04:16 - 2011-05-06 12:57 - 00141488 ____A C:\Users\Gilly\AppData\Local\GDIPFONTCACHEV1.DAT 2012-07-16 04:16 - 2009-07-13 20:33 - 03837592 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-16 04:07 - 2009-07-13 18:04 - 00000510 ____A C:\Windows\win.ini 2012-07-13 03:34 - 2012-04-04 03:53 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-07-13 03:34 - 2011-06-23 00:11 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-07-11 00:00 - 2011-05-06 13:09 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-09 13:29 - 2012-05-18 04:28 - 00000528 ____A C:\Windows\System32\debug.log 2012-07-03 04:46 - 2012-07-17 16:25 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-28 02:51 - 2009-07-13 20:53 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-06-20 09:25 - 2012-06-20 09:25 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf 2012-06-11 18:40 - 2012-07-11 00:00 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-08 20:41 - 2012-07-10 23:49 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-05 21:05 - 2012-07-10 23:49 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 21:05 - 2012-07-10 23:49 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 21:03 - 2012-07-10 23:49 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-02 14:19 - 2012-06-19 00:38 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-19 00:38 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-19 00:38 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-19 00:37 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-19 00:37 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:12 - 2012-06-19 00:38 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:12 - 2012-06-19 00:37 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 06:19 - 2012-06-19 00:37 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 06:12 - 2012-06-19 00:37 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-02 01:07 - 2012-07-11 00:03 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-02 00:43 - 2012-07-11 00:03 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-02 00:33 - 2012-07-11 00:03 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-02 00:26 - 2012-07-11 00:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-02 00:25 - 2012-07-11 00:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-02 00:25 - 2012-07-11 00:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-02 00:23 - 2012-07-11 00:03 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-02 00:21 - 2012-07-11 00:03 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-02 00:20 - 2012-07-11 00:03 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-02 00:19 - 2012-07-11 00:03 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-02 00:19 - 2012-07-11 00:03 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-02 00:17 - 2012-07-11 00:03 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-02 00:16 - 2012-07-11 00:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-02 00:14 - 2012-07-11 00:03 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-01 20:45 - 2012-07-10 23:49 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-01 20:45 - 2012-07-10 23:49 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-01 20:40 - 2012-07-10 23:49 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-01 20:40 - 2012-07-10 23:49 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 20:39 - 2012-07-10 23:49 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-05-23 09:47 - 2012-05-22 11:54 - 00165372 ____A C:\Users\Gilly\AppData\Local\pwuvkuef.log 2012-05-23 09:47 - 2012-05-22 11:36 - 00000024 ____A C:\Users\Gilly\AppData\Local\njbstqwr.log 2012-05-23 09:38 - 2012-05-22 13:59 - 00000000 ____A C:\Users\Gilly\AppData\Local\lxkofnue.log 2012-05-23 09:31 - 2012-05-22 12:27 - 00109759 ____A C:\Users\Gilly\AppData\Local\cusqafji.log 2012-05-23 09:31 - 2012-05-22 12:27 - 00002784 ____A C:\Users\Gilly\AppData\Local\ayytngff.log 2012-05-22 12:27 - 2012-05-22 12:27 - 00003315 ____A C:\Users\Gilly\AppData\Local\ggigcojg.log 2012-05-22 12:08 - 2012-05-22 11:36 - 00413376 ____A C:\Users\Gilly\AppData\Local\oafgmneo.log 2012-05-22 11:54 - 2012-05-22 11:54 - 00000000 ____A C:\Users\Gilly\AppData\Local\prmcgqpd.log 2012-05-22 11:54 - 2012-05-22 11:54 - 00000000 ____A C:\Users\Gilly\AppData\Local\jjerindl.log 2012-05-22 11:39 - 2012-05-22 11:39 - 00004048 ____A C:\Users\Gilly\AppData\Local\ssvnvjnj.log 2012-05-10 10:28 - 2012-05-10 10:25 - 00916480 ____A C:\Windows\expstart.exe 2012-05-10 10:03 - 2011-05-06 13:37 - 02755072 ____A (Microsoft Corporation) C:\Windows\System32\themeui.dll 2012-05-10 10:03 - 2009-07-13 15:40 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll 2012-05-10 10:03 - 2009-07-13 15:39 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\themeservice.dll 2012-05-04 01:59 - 2012-06-13 02:03 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll 2012-04-30 20:44 - 2012-06-13 01:22 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll 2012-04-27 19:17 - 2012-06-13 01:22 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-04-25 20:45 - 2012-06-13 01:22 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll 2012-04-25 20:45 - 2012-06-13 01:22 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll 2012-04-25 20:41 - 2012-06-13 01:22 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe 2012-04-23 20:36 - 2012-06-13 01:22 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-04-23 20:36 - 2012-06-13 01:22 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-04-23 20:36 - 2012-06-13 01:22 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll ZeroAccess: C:\Windows\Installer\{2d9a0716-c166-2392-4342-693a616bbada} C:\Windows\Installer\{2d9a0716-c166-2392-4342-693a616bbada}\@ C:\Windows\Installer\{2d9a0716-c166-2392-4342-693a616bbada}\L C:\Windows\Installer\{2d9a0716-c166-2392-4342-693a616bbada}\n C:\Windows\Installer\{2d9a0716-c166-2392-4342-693a616bbada}\U C:\Windows\Installer\{2d9a0716-c166-2392-4342-693a616bbada}\L\00000004.@ C:\Windows\Installer\{2d9a0716-c166-2392-4342-693a616bbada}\L\1afb2d56 C:\Windows\Installer\{2d9a0716-c166-2392-4342-693a616bbada}\L\201d3dde C:\Windows\Installer\{2d9a0716-c166-2392-4342-693a616bbada}\U\80000032.@ ZeroAccess: C:\Users\Gilly\AppData\Local\{2d9a0716-c166-2392-4342-693a616bbada} C:\Users\Gilly\AppData\Local\{2d9a0716-c166-2392-4342-693a616bbada}\@ C:\Users\Gilly\AppData\Local\{2d9a0716-c166-2392-4342-693a616bbada}\L C:\Users\Gilly\AppData\Local\{2d9a0716-c166-2392-4342-693a616bbada}\n C:\Users\Gilly\AppData\Local\{2d9a0716-c166-2392-4342-693a616bbada}\U ZeroAccess: C:\Windows\assembly\GAC\Desktop.ini ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 12% Total physical RAM: 4095.3 MB Available physical RAM: 3564.84 MB Total Pagefile: 4093.58 MB Available Pagefile: 3569.4 MB Total Virtual: 2047.88 MB Available Virtual: 1968.7 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:931.41 GB) (Free:827.48 GB) NTFS 3 Drive f: () (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32 4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 931 GB 0 B Disk 1 Online 3824 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 931 GB 101 MB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y System Rese NTFS Partition 100 MB Healthy ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 931 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3823 MB 20 KB ================================================================================== Disk: 1 Partition 1 Type : 0B Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F FAT32 Removable 3823 MB Healthy ================================================================================== ========================================================== Last Boot: 2012-07-09 01:26 ======================= End Of Log ==========================

I'm not running in safe mode, is that alright? Also here's the report, didn't fix anything as instructed. RogueKiller V7.6.4 [07/17/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User: Gilly [Admin rights] Mode: Scan -- Date: 07/18/2012 16:21:41 ¤¤¤ Bad processes: 1 ¤¤¤ [sUSP PATH] FacebookMessenger.exe -- C:\Users\Gilly\AppData\Local\Facebook\Messenger\2.1.4570.0\FacebookMessenger.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 3 ¤¤¤ [sUSP PATH] Facebook Messenger.lnk @Gilly : C:\Users\Gilly\AppData\Local\Facebook\Messenger\2.1.4570.0\FacebookMessenger.exe -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] n : c:\windows\installer\{2d9a0716-c166-2392-4342-693a616bbada}\n --> FOUND [ZeroAccess][FILE] @ : c:\windows\installer\{2d9a0716-c166-2392-4342-693a616bbada}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\windows\installer\{2d9a0716-c166-2392-4342-693a616bbada}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{2d9a0716-c166-2392-4342-693a616bbada}\L --> FOUND [ZeroAccess][FILE] n : c:\users\gilly\appdata\local\{2d9a0716-c166-2392-4342-693a616bbada}\n --> FOUND [ZeroAccess][FILE] @ : c:\users\gilly\appdata\local\{2d9a0716-c166-2392-4342-693a616bbada}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\users\gilly\appdata\local\{2d9a0716-c166-2392-4342-693a616bbada}\U --> FOUND [ZeroAccess][FOLDER] L : c:\users\gilly\appdata\local\{2d9a0716-c166-2392-4342-693a616bbada}\L --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac\desktop.ini --> FOUND [susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> CANNOT FIX [ZeroAccess][sig found] services.exe : c:\windows\system32\services.exe --> CANNOT FIX ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD103SJ ATA Device +++++ --- User --- [MBR] d31cea6eb9eac6ae959c91bc67257129 [bSP] 6f9a9f09ff81591fd51ab0f06b2021e1 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt

My Microsoft Security Essentials wasn't working and I scanned m computer with MalwareBytes Anti-Malware and it detected several viruses. This is what it lists: Rootkit.0Access Trojan.Dropper.BCMiner Rootkit.0Access Trojan.Sirefef Everytime I removed them with Malwarebytes Anti-Malware only to find that every time I perform a nother scan they are still present. If anyone could help me that would be amazing.

My Microsoft Security Essentials stopped working and Malwerebyte Anti-Malware detected several viruses, I removed them but ever time I boot back up and run a scan they don't seem to have been deleted and are back. I hope someone can help me with my problem as I don't know what to do.