markuk

whoops i've deleted it! Nothing seems unstable tho! fingers crossed it stays this way! Yup can close thread :-) Thanks again

hello again. C - programs - windows - system32 - drivers - still had a file called fixzeroaccess.sys I've just deleted it and rebooted. it hasnt come back and everything seems to be working fine. Thanks again for your help

Okie Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013 Ran by mark at 2013-10-10 13:15:52 Run:2 Running from C:\Users\mark\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Start DeleteQuarantine: End ***************** C:\FRST\Quarantine => Removed successfully. ==== End of Fixlog ==== I guess thats me all done. is it ok to remove that zeroaccess file now? thanks for your help !

Forgot to ask. Can i just delete that fixzeroaccess.sys file?

Hmm i thought the zero access was long gone. Is that a problem? One of you guys helped me remove it a few months ago. Would it of reinstalled itself or something? FIXLOG: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013 Ran by mark at 2013-10-10 11:27:51 Run:1 Running from C:\Users\mark\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Start C:\Program Files (x86)\Google\Desktop\Install End ***************** C:\Program Files (x86)\Google\Desktop\Install => Moved successfully. ==== End of Fixlog ==== malwarebyte log: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.10.10.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 mark :: MARK-PC [administrator] 10/10/2013 11:28:42 mbam-log-2013-10-10 (11-28-42).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 222766 Time elapsed: 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ESET Found nothing.

Hey again! Heres the FRST log Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013 Ran by mark (administrator) on MARK-PC on 10-10-2013 09:14:47 Running from C:\Users\mark\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Apple Inc.) E:\Itunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Malwarebytes Corporation) E:\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) E:\Malwarebytes' Anti-Malware\mbamservice.exe () C:\Windows\SysWOW64\PnkBstrA.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Malwarebytes Corporation) E:\Malwarebytes' Anti-Malware\mbamgui.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [VIAxHCUtl] - C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated) HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - E:\Itunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\UpdatusUser\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100 Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.63\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.63\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.63\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Java Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (Raidcall plugin) - C:\Users\mark\AppData\Roaming\RCKR\plugins\nprcplugin.dll (Raidcall) CHR Plugin: (Raidcall plugin) - C:\Users\mark\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall) CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (iTunes Application Detector) - E:\Itunes\Mozilla Plugins\npitunes.dll () CHR Extension: (Google Docs) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Gmail) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM-x32\...\Chrome\Extension: [cdjbnddbclciabnckgeahmneohjlahdm] - C:\Users\mark\AppData\Local\9be01176-e57d-4497-b1db-706a712aeb5f.crx ==================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-07] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation) R2 MBAMScheduler; E:\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; E:\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-07-07] () R2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [1643184 2013-08-14] (AVG Secure Search) ==================== Drivers (Whitelisted) ==================== R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] () R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-14] (AVG Technologies) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-20] (VIA Technologies, Inc.) R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-20] (VIA Technologies, Inc.) S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [x] U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 gdrv; \??\C:\Windows\gdrv.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-10 09:14 - 2013-10-10 09:14 - 00891167 _____ C:\Users\mark\Desktop\SecurityCheck.exe 2013-10-10 09:14 - 2013-10-10 09:14 - 00000000 ____D C:\FRST 2013-10-10 09:13 - 2013-10-10 09:13 - 01954124 _____ (Farbar) C:\Users\mark\Desktop\FRST64.exe 2013-10-10 09:01 - 2013-10-10 09:01 - 00007784 _____ C:\Users\mark\Desktop\attach.txt 2013-10-10 09:01 - 2013-10-10 09:00 - 00011652 _____ C:\Users\mark\Desktop\dds.txt 2013-10-10 08:51 - 2013-10-10 08:51 - 00688992 ____R (Swearware) C:\Users\mark\Desktop\dds.scr 2013-10-10 00:22 - 2013-10-10 00:22 - 93853456 _____ (Microsoft Corporation) C:\Users\mark\Desktop\msert.exe 2013-10-09 20:14 - 2013-10-10 07:59 - 00000224 _____ C:\Windows\setupact.log 2013-10-09 20:14 - 2013-10-09 20:14 - 00000000 _____ C:\Windows\setuperr.log 2013-10-09 20:08 - 2013-10-09 20:08 - 12907592 _____ (Malwarebytes Corp.) C:\Users\mark\Desktop\mbar-1.07.0.1005.exe 2013-10-09 18:48 - 2013-10-09 21:01 - 00000000 ____D C:\Users\mark\AppData\Roaming\Adobe64x 2013-10-09 17:53 - 2013-10-09 17:53 - 00675988 _____ C:\Users\mark\Desktop\Minecraft1.exe 2013-10-07 00:38 - 2013-10-07 01:15 - 00000000 ____D C:\Users\mark\AppData\Local\My Games 2013-09-28 00:48 - 2013-09-28 00:48 - 00000000 ____D C:\Users\mark\Downloads\Clubland 90s [Explicit] [+digital booklet] 2013-09-23 22:29 - 2013-09-23 22:29 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-09-23 22:29 - 2013-09-23 22:29 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-09-23 22:29 - 2013-09-23 22:29 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-09-23 22:29 - 2013-09-23 22:29 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-09-23 22:29 - 2013-09-23 22:29 - 00000000 ____D C:\ProgramData\Oracle 2013-09-23 22:29 - 2013-09-23 22:29 - 00000000 ____D C:\Program Files (x86)\Java 2013-09-18 19:53 - 2013-09-18 19:53 - 00001450 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-09-18 19:53 - 2013-09-18 19:53 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-18 19:53 - 2013-09-18 19:53 - 00000000 ____D C:\Program Files\iTunes 2013-09-18 19:53 - 2013-09-18 19:53 - 00000000 ____D C:\Program Files\iPod 2013-09-18 19:51 - 2013-09-18 20:05 - 00000000 ____D C:\Users\mark\Desktop\m ipho 2013-09-12 21:24 - 2013-09-12 21:24 - 00003498 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-mark-PC-mark 2013-09-12 20:51 - 2013-09-12 20:51 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2013-09-12 20:50 - 2013-09-12 20:50 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-09-12 20:50 - 2012-08-10 03:01 - 00056336 ____N (Corel Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys 2013-09-12 20:50 - 2012-04-24 03:01 - 00011376 ____N (Corel Corporation) C:\Windows\system32\Drivers\cdralw2k.sys 2013-09-12 20:50 - 2012-04-24 03:01 - 00010864 ____N (Corel Corporation) C:\Windows\system32\Drivers\cdr4_xp.sys 2013-09-12 20:47 - 2013-09-12 20:47 - 00000000 ____D C:\Users\mark\mps 2013-09-12 20:46 - 2013-09-12 20:46 - 00000748 _____ C:\Users\Public\Desktop\Adobe Download Assistant.lnk 2013-09-12 20:46 - 2013-09-12 20:46 - 00000000 ____D C:\Users\mark\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 2013-09-12 20:46 - 2013-09-12 20:46 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia 2013-09-12 20:46 - 2013-09-12 20:46 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia 2013-09-11 13:10 - 2013-09-11 13:10 - 00000000 ____D C:\Users\mark\AppData\Local\Blizzard Entertainment ==================== One Month Modified Files and Folders ======= 2013-10-10 09:14 - 2013-10-10 09:14 - 00891167 _____ C:\Users\mark\Desktop\SecurityCheck.exe 2013-10-10 09:14 - 2013-10-10 09:14 - 00000000 ____D C:\FRST 2013-10-10 09:13 - 2013-10-10 09:13 - 01954124 _____ (Farbar) C:\Users\mark\Desktop\FRST64.exe 2013-10-10 09:06 - 2012-09-25 11:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-10 09:01 - 2013-10-10 09:01 - 00007784 _____ C:\Users\mark\Desktop\attach.txt 2013-10-10 09:00 - 2013-10-10 09:01 - 00011652 _____ C:\Users\mark\Desktop\dds.txt 2013-10-10 08:51 - 2013-10-10 08:51 - 00688992 ____R (Swearware) C:\Users\mark\Desktop\dds.scr 2013-10-10 08:24 - 2012-09-25 16:21 - 00000000 ____D C:\Users\mark\Documents\my games 2013-10-10 08:16 - 2013-07-23 00:11 - 02002910 _____ C:\Windows\WindowsUpdate.log 2013-10-10 08:06 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-10 08:06 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-10 08:04 - 2012-11-13 19:18 - 00000000 ____D C:\Users\mark\AppData\Roaming\BitTorrent 2013-10-10 08:03 - 2009-07-14 06:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-10 07:59 - 2013-10-09 20:14 - 00000224 _____ C:\Windows\setupact.log 2013-10-10 07:59 - 2012-09-22 00:43 - 00000000 ____D C:\ProgramData\NVIDIA 2013-10-10 07:59 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-10 00:22 - 2013-10-10 00:22 - 93853456 _____ (Microsoft Corporation) C:\Users\mark\Desktop\msert.exe 2013-10-09 21:07 - 2013-08-16 23:12 - 00000000 ____D C:\Users\mark\Desktop\mbar 2013-10-09 21:07 - 2013-08-16 23:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-10-09 21:01 - 2013-10-09 18:48 - 00000000 ____D C:\Users\mark\AppData\Roaming\Adobe64x 2013-10-09 20:14 - 2013-10-09 20:14 - 00000000 _____ C:\Windows\setuperr.log 2013-10-09 20:08 - 2013-10-09 20:08 - 12907592 _____ (Malwarebytes Corp.) C:\Users\mark\Desktop\mbar-1.07.0.1005.exe 2013-10-09 20:06 - 2012-09-25 11:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-10-09 20:06 - 2012-09-25 11:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-10-09 20:06 - 2012-09-25 11:26 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-10-09 17:58 - 2012-11-07 20:21 - 00000000 ____D C:\Users\mark\AppData\Roaming\.minecraft 2013-10-09 17:53 - 2013-10-09 17:53 - 00675988 _____ C:\Users\mark\Desktop\Minecraft1.exe 2013-10-07 01:15 - 2013-10-07 00:38 - 00000000 ____D C:\Users\mark\AppData\Local\My Games 2013-10-01 21:03 - 2012-11-06 15:34 - 00000000 ____D C:\Users\mark\Desktop\iphoto 2013-09-28 23:56 - 2012-09-28 17:18 - 00000000 ____D C:\Users\mark\AppData\Local\Origin 2013-09-28 00:48 - 2013-09-28 00:48 - 00000000 ____D C:\Users\mark\Downloads\Clubland 90s [Explicit] [+digital booklet] 2013-09-25 21:18 - 2012-09-25 12:21 - 00000000 ____D C:\World of Warcraft 2013-09-23 22:29 - 2013-09-23 22:29 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-09-23 22:29 - 2013-09-23 22:29 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-09-23 22:29 - 2013-09-23 22:29 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-09-23 22:29 - 2013-09-23 22:29 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-09-23 22:29 - 2013-09-23 22:29 - 00000000 ____D C:\ProgramData\Oracle 2013-09-23 22:29 - 2013-09-23 22:29 - 00000000 ____D C:\Program Files (x86)\Java 2013-09-23 22:29 - 2012-09-25 20:28 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-09-23 22:29 - 2012-09-25 20:28 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-09-23 22:27 - 2012-11-11 11:24 - 00000000 ____D C:\Users\mark\AppData\Local\Adobe 2013-09-23 20:57 - 2012-10-22 18:12 - 00000000 ____D C:\Users\mark\AppData\Roaming\TS3Client 2013-09-18 20:05 - 2013-09-18 19:51 - 00000000 ____D C:\Users\mark\Desktop\m ipho 2013-09-18 19:53 - 2013-09-18 19:53 - 00001450 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-09-18 19:53 - 2013-09-18 19:53 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-18 19:53 - 2013-09-18 19:53 - 00000000 ____D C:\Program Files\iTunes 2013-09-18 19:53 - 2013-09-18 19:53 - 00000000 ____D C:\Program Files\iPod 2013-09-13 17:39 - 2012-11-11 11:23 - 00000000 ____D C:\ProgramData\Adobe 2013-09-13 17:29 - 2009-07-14 05:45 - 01928240 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-12 21:24 - 2013-09-12 21:24 - 00003498 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-mark-PC-mark 2013-09-12 20:57 - 2012-09-25 11:26 - 00000000 ____D C:\Users\mark\AppData\Roaming\Adobe 2013-09-12 20:51 - 2013-09-12 20:51 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2013-09-12 20:51 - 2012-09-25 11:37 - 00059088 _____ C:\Users\mark\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-12 20:50 - 2013-09-12 20:50 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-09-12 20:50 - 2012-11-11 11:23 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-09-12 20:47 - 2013-09-12 20:47 - 00000000 ____D C:\Users\mark\mps 2013-09-12 20:47 - 2012-09-25 19:19 - 00000000 ____D C:\Users\mark 2013-09-12 20:46 - 2013-09-12 20:46 - 00000748 _____ C:\Users\Public\Desktop\Adobe Download Assistant.lnk 2013-09-12 20:46 - 2013-09-12 20:46 - 00000000 ____D C:\Users\mark\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 2013-09-12 20:46 - 2013-09-12 20:46 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia 2013-09-12 20:46 - 2013-09-12 20:46 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia 2013-09-11 13:10 - 2013-09-11 13:10 - 00000000 ____D C:\Users\mark\AppData\Local\Blizzard Entertainment Files to move or delete: ==================== ZeroAccess: C:\Program Files (x86)\Google\Desktop\Install ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-02 21:08 ==================== End Of Log ============================ Heres the security report: Results of screen317's Security Check version 0.99.74 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 40 Adobe Flash Player 11.9.900.117 Adobe Reader XI ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 12% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` And the attachment you asked for: Addition.txt

Hello all! I noticed yesterday after scanning with malwarebyte i was getting the following: Registry Keys Detected: 1 HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AdobeUpdate (Trojan.Agent) -> Data: wscript "C:\Users\mark\AppData\Roaming\Adobe64x\invis.vbs" "C:\Users\mark\AppData\Roaming\Adobe64x\bat.exe" -> Quarantined and deleted successfully. Files Detected: 1 C:\Users\mark\AppData\Roaming\Adobe64x\invis.vbs (Trojan.Agent) -> Quarantined and deleted successfully. After "removing" and several restarts it just kept coming back. I checked in task manager and saw "WUDHOST". I killed the process and was then able to remove them 3 items. Scanning again and it showed no problem. (i also used malware rootkit scanner, which found SrvID and removed it) I then used ESET online scanner. I wish i copied what it found but i cant bloody remember now! Something about bit miner coin .h ? also something named "MSIL" (not 100% sure on this one!) anyways everything was removed and several scans have reported no problems. But i'd like the experts to have a look. I did read a lot about SrvID, and it usually creates another file which logs passwords. Which i could not find. Since my reports show nothing is wrong, i have changed all my passwords. But would like it if someone could have a re-look and offer any advice. Heres the logs from DDS: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.40.2 Run by mark at 9:00:52 on 2013-10-10 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16344.13991 [GMT 1:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\VIA_XHCI\usb3Monitor.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe E:\Itunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe E:\Malwarebytes' Anti-Malware\mbamscheduler.exe E:\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE E:\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "E:\Itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 TCP: NameServer = 194.168.4.100 194.168.8.100 TCP: Interfaces\{4BDDE909-497E-466E-94E5-59D0D335FCC0} : DHCPNameServer = 194.168.4.100 194.168.8.100 SSODL: WebCheck - <orphaned> x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [VIAxHCUtl] C:\VIA_XHCI\usb3Monitor.exe x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-SSODL: WebCheck - <orphaned> x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe . ============= SERVICES / DRIVERS =============== . R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-9-22 16152] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-9-12 56336] R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-9-22 21616] R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-12-15 45856] R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-23 171600] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-9 607456] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-9-22 161560] R2 MBAMScheduler;MBAMScheduler;E:\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-26 418376] R2 MBAMService;MBAMService;E:\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-26 701512] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-22 363800] R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [2013-8-14 1643184] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-9-22 356120] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-9-22 787736] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-2-10 104560] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-26 25928] R3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2012-8-17 110592] R3 VUSB3HUB;VIA USB 3 Root Hub Service;C:\Windows\System32\drivers\ViaHub3.sys [2012-9-22 205312] R3 xhcdrv;VIA USB eXtensible Host Controller Service;C:\Windows\System32\drivers\xhcdrv.sys [2012-9-22 254464] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-25 1255736] . =============== Created Last 30 ================ . 2013-10-09 17:48:17 -------- d-----w- C:\Users\mark\AppData\Roaming\Adobe64x 2013-10-06 23:38:43 -------- d-----w- C:\Users\mark\AppData\Local\My Games 2013-09-23 21:29:40 -------- d-----w- C:\ProgramData\Oracle 2013-09-23 21:29:36 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-09-18 18:53:04 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-18 18:53:04 -------- d-----w- C:\Program Files\iTunes 2013-09-18 18:53:04 -------- d-----w- C:\Program Files\iPod 2013-09-12 19:51:51 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe 2013-09-12 19:50:24 56336 ------w- C:\Windows\System32\drivers\PxHlpa64.sys 2013-09-12 19:50:24 11376 ------w- C:\Windows\System32\drivers\cdralw2k.sys 2013-09-12 19:50:24 10864 ------w- C:\Windows\System32\drivers\cdr4_xp.sys 2013-09-12 19:50:18 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared 2013-09-12 19:50:18 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine 2013-09-12 19:47:12 -------- d-----w- C:\Users\mark\mps 2013-09-12 19:46:28 -------- d-----w- C:\Users\mark\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 2013-09-11 12:10:20 -------- d-----w- C:\Users\mark\AppData\Local\Blizzard Entertainment . ==================== Find3M ==================== . 2013-10-09 19:06:19 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-09 19:06:19 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-09-23 21:29:34 868264 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-09-23 21:29:34 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-08-16 23:29:02 240 ----a-w- C:\Windows\DeleteOnReboot.bat 2013-08-16 10:14:38 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys 2013-08-15 11:38:34 82816 ----a-w- C:\Users\mark\AppData\Roaming\pcouffin.sys 2013-08-14 15:50:21 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys 2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll . ============= FINISH: 9:00:57.01 =============== and Attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 25/09/2012 19:19:21 System Uptime: 10/10/2013 07:59:12 (2 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | Z77X-D3H Processor: Intel® Core i5-3570K CPU @ 3.40GHz | Intel® Core i5-3570K CPU @ 3.40GHz | 3801/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 112 GiB total, 17.848 GiB free. D: is CDROM () E: is FIXED (NTFS) - 931 GiB total, 819.947 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP180: 20/09/2013 07:35:14 - Scheduled Checkpoint RP181: 22/09/2013 10:12:53 - Removed Assassin's Creed ® III RP182: 23/09/2013 22:29:22 - Installed Java 7 Update 40 RP183: 02/10/2013 21:15:43 - Scheduled Checkpoint RP184: 07/10/2013 00:38:18 - Installed DirectX RP185: 07/10/2013 01:14:31 - Installed DirectX RP186: 09/10/2013 20:12:13 - Malwarebytes Anti-Rootkit Restore Point . ==== Installed Programs ====================== . Adobe AIR Adobe Download Assistant Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop Elements 11 Adobe Reader XI (11.0.04) Age of Empires II: HD Edition Apple Application Support Apple Mobile Device Support Apple Software Update Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Batman: Arkham Asylum GOTY Edition Batman: Arkham City GOTY BitTorrent Bonjour Borderlands Borderlands 2 CCleaner Company of Heroes Company of Heroes (New Steam Version) CPUID CPU-Z 1.64.0 CPUID HWMonitor 1.20 Dual-Core Optimizer Elements 11 Organizer ESET Online Scanner v3 Football Manager 2013 Football Manager 2013 Editor Intel® Management Engine Components Intel® USB 3.0 eXtensible Host Controller Driver Intel® Trusted Connect Service Client iTunes Java 7 Update 25 (64-bit) Java 7 Update 40 Java Auto Updater Malwarebytes Anti-Malware version 1.75.0.1300 marvell 91xx driver Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 Microsoft WSE 3.0 Runtime MSI Afterburner 2.2.4 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero Audio Pack 1 Nero Blu-ray Player Nero Blu-ray Player Help (CHM) Nero ControlCenter Nero ControlCenter Help (CHM) Nero Core Components Nero Disc Menus Basic Nero Effects Basic Nero Kwik Media Nero Kwik Media Help (CHM) Nero Kwik Themes Basic Nero PiP Effects Basic Nero SharedVideoCodecs Nero Update Nero Video Nero Video 12 Nero Video Help (CHM) neroxml NVIDIA 3D Vision Controller Driver 306.97 NVIDIA 3D Vision Driver 311.06 NVIDIA Control Panel 311.06 NVIDIA Graphics Driver 311.06 NVIDIA HD Audio Driver 1.3.18.0 NVIDIA Install Application NVIDIA PhysX NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.11.3 NVIDIA Update Components ON_OFF Charge B11.1102.1 OpenAL Origin Platform Prerequisite installer PSE11 STI Installer RaidCall Razer Synapse 2.0 Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Sid Meier's Civilization V Steam System Requirements Lab CYRI System Requirements Lab Detection Team Fortress Classic TeamSpeak 3 Client The Sims™ 3 The Sims™ 3 High-End Loft Stuff The Sims™ 3 Master Suite Stuff The Sims™ 3 Showtime The Sims™ 3 University Life Tropico 4 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Uplay VIA Platform Device Manager WhoCrashed 3.06 Windows Live ID Sign-in Assistant WinRAR 4.20 (32-bit) World of Warcraft . ==== Event Viewer Messages From Past Week ======== . 10/10/2013 08:01:21, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 10/10/2013 08:01:21, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. 09/10/2013 20:13:20, Error: mbamchameleon [61703] - 08/10/2013 09:09:37, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. 08/10/2013 09:09:07, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 08/10/2013 09:09:07, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 07/10/2013 23:15:04, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. 07/10/2013 23:15:04, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File =========================== Thanks in advance! (i do have to pop out so i may not reply for a few hours)

Thank you so much for your help and time !!

Results of screen317's Security Check version 0.99.72 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner (remove only) Java 7 Update 25 Adobe Flash Player 11.8.800.94 Adobe Reader XI ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 10% ````````````````````End of Log``````````````````````

I know you said without formatting it isnt 100% safe. Is it still wise to use bank details/email accounts on this computer? I'd like to donate :-) ! Any advice/tips on good programs to stop this in the furture? I know i dont use any type of virus guard, all i have is malwarebyte + windows firewall

everything seems fine, like i said at the start. I didnt notice any major problems.. only my scan results was showing up a trojan

# AdwCleaner v2.306 - Logfile created 08/17/2013 at 00:28:54 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : mark - MARK-PC # Boot Mode : Normal # Running from : C:\Users\mark\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search Deleted on reboot : C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf Folder Deleted : C:\Program Files (x86)\AVG Secure Search Folder Deleted : C:\Program Files (x86)\BitTorrentControl_v12 Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\AVG Secure Search Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\SweetIM Folder Deleted : C:\Users\mark\AppData\Local\AVG Secure Search Folder Deleted : C:\Users\mark\AppData\Local\Bundled software uninstaller Folder Deleted : C:\Users\mark\AppData\Local\Conduit Folder Deleted : C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf Folder Deleted : C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Folder Deleted : C:\Users\mark\AppData\Local\SwvUpdater Folder Deleted : C:\Users\mark\AppData\LocalLow\AVG Secure Search Folder Deleted : C:\Users\mark\AppData\LocalLow\BitTorrentControl_v12 Folder Deleted : C:\Users\mark\AppData\LocalLow\Conduit Folder Deleted : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4} ***** [Registry] ***** Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentControl_v12 Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\BabylonToolbar Key Deleted : HKCU\Software\BI Key Deleted : HKCU\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} Key Deleted : HKCU\Software\a2d9dce06db948 Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\BitTorrentControl_v12 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Deleted : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B Key Deleted : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B Key Deleted : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B Key Deleted : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\sim-packages Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3225826 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82D7EA16-8D9C-4363-9837-8EDF79690CF3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9BD0F58-33D0-4E0B-BCE8-8E328AF8904B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{96E2E493-C484-43E3-9B95-D62EE7D40D3A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentControl_v12 Toolbar Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16450 [OK] Registry is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Preferences ************************* AdwCleaner[R1].txt - [13010 octets] - [17/08/2013 00:18:06] AdwCleaner[R2].txt - [13071 octets] - [17/08/2013 00:28:28] AdwCleaner[R3].txt - [13191 octets] - [17/08/2013 00:28:48] AdwCleaner[s1].txt - [315 octets] - [17/08/2013 00:28:34] AdwCleaner[s2].txt - [12783 octets] - [17/08/2013 00:28:54] ########## EOF - C:\AdwCleaner[s2].txt - [12844 octets] ########## ---------------------------- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.4.6 (08.15.2013:1) OS: Windows 7 Home Premium x64 Ran by mark on 17/08/2013 at 0:32:19.92 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricspal Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Lyrics_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Lyrics_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Lyrics_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Lyrics_RASMANCS Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B6A5BA29-DE27-47AA-A52F-DD9D46AA2852} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\mark\appdata\local\cre" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 17/08/2013 at 0:34:34.90 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ----------------- Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.16.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 mark :: MARK-PC [administrator] 17/08/2013 00:36:11 mbam-log-2013-08-17 (00-36-11).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 240728 Time elapsed: 52 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

and heres the other report you asked for: # AdwCleaner v2.306 - Logfile created 08/17/2013 at 00:18:06 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : mark - MARK-PC # Boot Mode : Normal # Running from : C:\Users\mark\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Program Files (x86)\AVG Secure Search Folder Found : C:\Program Files (x86)\BitTorrentControl_v12 Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search Folder Found : C:\ProgramData\Ask Folder Found : C:\ProgramData\AVG Secure Search Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\SweetIM Folder Found : C:\Users\mark\AppData\Local\AVG Secure Search Folder Found : C:\Users\mark\AppData\Local\Bundled software uninstaller Folder Found : C:\Users\mark\AppData\Local\Conduit Folder Found : C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf Folder Found : C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf Folder Found : C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Folder Found : C:\Users\mark\AppData\Local\SwvUpdater Folder Found : C:\Users\mark\AppData\LocalLow\AVG Secure Search Folder Found : C:\Users\mark\AppData\LocalLow\BitTorrentControl_v12 Folder Found : C:\Users\mark\AppData\LocalLow\Conduit Folder Found : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4} ***** [Registry] ***** Key Found : HKCU\Software\APN PIP Key Found : HKCU\Software\AppDataLow\Software\BitTorrentControl_v12 Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\AVG Secure Search Key Found : HKCU\Software\BabylonToolbar Key Found : HKCU\Software\BI Key Found : HKCU\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf Key Found : HKCU\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} Key Found : HKCU\Software\a2d9dce06db948 Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Key Found : HKLM\Software\AVG Secure Search Key Found : HKLM\Software\AVG Security Toolbar Key Found : HKLM\Software\Babylon Key Found : HKLM\Software\BitTorrentControl_v12 Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Found : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B Key Found : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B Key Found : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B Key Found : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Found : HKLM\SOFTWARE\Classes\sim-packages Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3225826 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\DataMngr Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Found : HKLM\Software\PIP Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F} Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82D7EA16-8D9C-4363-9837-8EDF79690CF3} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9BD0F58-33D0-4E0B-BCE8-8E328AF8904B} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{96E2E493-C484-43E3-9B95-D62EE7D40D3A} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentControl_v12 Toolbar Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKU\S-1-5-21-3640800009-1063320712-4824981-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKU\S-1-5-21-3640800009-1063320712-4824981-1002\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKU\S-1-5-21-3640800009-1063320712-4824981-1002\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16450 [OK] Registry is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Preferences ************************* AdwCleaner[R1].txt - [12903 octets] - [17/08/2013 00:18:06] ########## EOF - C:\AdwCleaner[R1].txt - [12964 octets] ########## Im fine with deleting everything thats rubbish!

Hiya, heres the log.. im using that other program now! RogueKiller V8.6.5 _x64_ [Aug 5 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : mark [Admin rights] Mode : Scan -- Date : 08/17/2013 00:16:41 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][Folder] Install : C:\Users\mark\AppData\Local\Google\Desktop\Install [-] --> FOUND ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST1000DM003-9YN162 ATA Device +++++ --- User --- [MBR] 2e8f5d4d2260c1c9550f1ac9b306a35f [bSP] dbcd3b9bfc29eb944d029d3a5f39296c : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953766 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: ST1000DM003-9YN162 ATA Device +++++ --- User --- [MBR] 53341b5b67079eed307796b0b744d7a3 [bSP] b58ec1b99f4003f8548c0e453586011b : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 114471 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_08172013_001641.txt >>

Hey, sorry thought it was all done and dusted! heres the report you asked for: ComboFix.txt

Forgot to say.. everything seemed to work ok apart from windows firewall. Which is now repaired! thanks for your help and time! Any advice/suggestions on what could stop this type of infection? I thought the standard windows firewall would of been enough(told ya im a pc novice:p)

Hi the scan found no threats? heres the logs: system-log.txt mbar-log-2013-08-16 (23-13-01).txt

hello again, i did read that the trojan "The primary motivation of this threat is to make money through pay per click advertising" so fingers crossed thats all it is! i'd like to try and cleanup this mess without having to reinstall my os(total pc novice) Heres the reports! Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2013 01 Ran by mark (administrator) on 16-08-2013 22:51:00 Running from C:\Users\mark\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Malwarebytes Corporation) E:\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) E:\Malwarebytes' Anti-Malware\mbamservice.exe () C:\Windows\SysWOW64\PnkBstrA.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe (Malwarebytes Corporation) E:\Malwarebytes' Anti-Malware\mbamgui.exe () C:\Program Files (x86)\AVG Secure Search\vprot.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Valve Corporation) E:\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [VIAxHCUtl] - C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.) HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path) MountPoints2: {68efaad0-e4b9-11e2-b80f-902b3432cc24} - F:\Autorun.exe HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2314416 2013-08-14] () HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKU\UpdatusUser\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-06-05] (AVG Secure Search) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005&barid={B45C483D-617B-11E2-BF7E-902B3432CC24} SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005&barid={B45C483D-617B-11E2-BF7E-902B3432CC24} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=A475902B3432CC24 SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={0611D944-D5E6-4296-AA2B-FC16B320E5A6}&mid=56f3cef1789047d0ae0f416272d625d7-c33c55bd4d68c380edd0191cbd93846d5c2f09e8〈=en&ds=nr013&pr=sa&d=2012-12-15 08:32:51&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKCU - {B6A5BA29-DE27-47AA-A52F-DD9D46AA2852} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826 SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005&barid={B45C483D-617B-11E2-BF7E-902B3432CC24} BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search) BHO-x32: BitTorrentControl_v12 Toolbar - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll (Conduit Ltd.) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - BitTorrentControl_v12 Toolbar - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll (Conduit Ltd.) Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search) Toolbar: HKLM-x32 - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File Toolbar: HKCU - No Name - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - No File DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search) Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100 Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.63\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.63\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.63\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll (AVG Technologies) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Java Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (Raidcall plugin) - C:\Users\mark\AppData\Roaming\RCKR\plugins\nprcplugin.dll (Raidcall) CHR Plugin: (Raidcall plugin) - C:\Users\mark\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall) CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (iTunes Application Detector) - E:\Itunes\Mozilla Plugins\npitunes.dll () CHR Extension: (Google Docs) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: () - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\2.3.19.11_0 CHR Extension: (AVG Security Toolbar) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0 CHR Extension: (Gmail) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM-x32\...\Chrome\Extension: [cdjbnddbclciabnckgeahmneohjlahdm] - C:\Users\mark\AppData\Local\9be01176-e57d-4497-b1db-706a712aeb5f.crx CHR HKLM-x32\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\mark\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx ==================== Services (Whitelisted) ================= S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-07] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation) R2 MBAMScheduler; E:\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; E:\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-07-07] () R2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [1643184 2013-08-14] (AVG Secure Search) U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{0803873a-5064-0ae3-7cf9-fc61a690faa7}\ \...\???\{0803873a-5064-0ae3-7cf9-fc61a690faa7}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) ==================== Drivers (Whitelisted) ==================== R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] () R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-14] (AVG Technologies) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-20] (VIA Technologies, Inc.) R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-20] (VIA Technologies, Inc.) S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [x] S3 gdrv; \??\C:\Windows\gdrv.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-16 22:50 - 2013-08-16 22:50 - 00000000 ____D C:\FRST 2013-08-16 22:33 - 2013-08-16 22:33 - 00003804 _____ C:\Users\mark\Desktop\RKreport[0]_S_08162013_223358.txt 2013-08-16 22:32 - 2013-08-16 22:32 - 03800064 _____ C:\Users\mark\Desktop\RogueKillerX64.exe 2013-08-16 21:45 - 2013-08-16 21:45 - 00688992 ____R (Swearware) C:\Users\mark\Desktop\dds.com 2013-08-16 21:45 - 2013-08-16 21:45 - 00011726 _____ C:\Users\mark\Desktop\dds.txt 2013-08-16 21:45 - 2013-08-16 21:45 - 00007186 _____ C:\Users\mark\Desktop\attach.txt 2013-08-16 21:40 - 2013-08-16 22:33 - 00000000 ____D C:\Users\mark\Desktop\RK_Quarantine 2013-08-16 11:12 - 2013-08-16 11:14 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys 2013-08-16 11:00 - 2013-08-16 21:31 - 00000336 _____ C:\Windows\setupact.log 2013-08-16 11:00 - 2013-08-16 11:00 - 00000000 _____ C:\Windows\setuperr.log 2013-08-15 12:40 - 2013-08-15 16:49 - 00000000 ____D C:\Users\mark\Downloads\The Walking Dead - The Complete Season 3 [HDTV] 2013-08-15 12:07 - 2013-08-15 12:35 - 00000000 ____D C:\Users\mark\Documents\ConvertXtoDVD 2013-08-15 12:04 - 2013-08-15 12:38 - 00099384 _____ C:\Users\mark\AppData\Roaming\inst.exe 2013-08-15 12:04 - 2013-08-15 12:38 - 00082816 _____ (VSO Software) C:\Users\mark\AppData\Roaming\pcouffin.sys 2013-08-15 12:04 - 2013-08-15 12:38 - 00007859 _____ C:\Users\mark\AppData\Roaming\pcouffin.cat 2013-08-15 12:04 - 2013-08-15 12:38 - 00000055 _____ C:\Users\mark\AppData\Roaming\pcouffin.log 2013-08-15 12:04 - 2013-08-15 12:06 - 00000000 ____D C:\ProgramData\VSO 2013-08-15 12:04 - 2013-08-15 12:04 - 00000000 ____D C:\Users\mark\Documents\PcSetup 2013-08-11 00:02 - 2013-08-11 00:03 - 00000000 ____D C:\Users\mark\AppData\Local\PAYDAY 2 2013-08-11 00:02 - 2013-08-11 00:02 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2013-07-25 19:02 - 2013-07-25 19:24 - 00000000 ____D C:\Users\mark\AppData\Local\EsfEditor 2013-07-23 00:14 - 2013-07-23 00:18 - 00000000 ____D C:\ProgramData\HitmanPro 2013-07-23 00:11 - 2013-08-16 21:34 - 00988240 _____ C:\Windows\WindowsUpdate.log 2013-07-20 15:30 - 2013-07-20 15:30 - 00000000 ____D C:\Users\mark\Documents\Games for Windows - LIVE Demos 2013-07-20 15:23 - 2013-07-20 15:23 - 00000000 ____D C:\Program Files (x86)\AMD 2013-07-18 22:35 - 2013-07-18 22:35 - 00000000 __SHD C:\ProgramData\SecuROM 2013-07-17 20:36 - 2013-07-20 15:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE 2013-07-17 20:36 - 2013-07-17 20:36 - 00000000 ____D C:\Windows\SysWOW64\xlive 2013-07-17 20:36 - 2013-07-17 20:36 - 00000000 ____D C:\Users\mark\Documents\Square Enix ==================== One Month Modified Files and Folders ======= 2013-08-16 22:50 - 2013-08-16 22:50 - 01575798 _____ (Farbar) C:\Users\mark\Desktop\FRST64.exe 2013-08-16 22:50 - 2013-08-16 22:50 - 00000000 ____D C:\FRST 2013-08-16 22:33 - 2013-08-16 22:33 - 00003804 _____ C:\Users\mark\Desktop\RKreport[0]_S_08162013_223358.txt 2013-08-16 22:33 - 2013-08-16 21:40 - 00000000 ____D C:\Users\mark\Desktop\RK_Quarantine 2013-08-16 22:32 - 2013-08-16 22:32 - 03800064 _____ C:\Users\mark\Desktop\RogueKillerX64.exe 2013-08-16 22:06 - 2012-09-25 11:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-16 21:55 - 2012-10-22 18:23 - 00000000 ____D C:\Windows\System32\Tasks\Games 2013-08-16 21:45 - 2013-08-16 21:45 - 00688992 ____R (Swearware) C:\Users\mark\Desktop\dds.com 2013-08-16 21:45 - 2013-08-16 21:45 - 00011726 _____ C:\Users\mark\Desktop\dds.txt 2013-08-16 21:45 - 2013-08-16 21:45 - 00007186 _____ C:\Users\mark\Desktop\attach.txt 2013-08-16 21:38 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-16 21:38 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-16 21:35 - 2009-07-14 06:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-16 21:34 - 2013-07-23 00:11 - 00988240 _____ C:\Windows\WindowsUpdate.log 2013-08-16 21:31 - 2013-08-16 11:00 - 00000336 _____ C:\Windows\setupact.log 2013-08-16 21:31 - 2012-09-22 00:43 - 00000000 ____D C:\ProgramData\NVIDIA 2013-08-16 21:31 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-16 11:14 - 2013-08-16 11:12 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys 2013-08-16 11:00 - 2013-08-16 11:00 - 00000000 _____ C:\Windows\setuperr.log 2013-08-15 16:49 - 2013-08-15 12:40 - 00000000 ____D C:\Users\mark\Downloads\The Walking Dead - The Complete Season 3 [HDTV] 2013-08-15 16:48 - 2012-11-13 19:18 - 00000000 ____D C:\Users\mark\AppData\Roaming\BitTorrent 2013-08-15 12:38 - 2013-08-15 12:04 - 00099384 _____ C:\Users\mark\AppData\Roaming\inst.exe 2013-08-15 12:38 - 2013-08-15 12:04 - 00082816 _____ (VSO Software) C:\Users\mark\AppData\Roaming\pcouffin.sys 2013-08-15 12:38 - 2013-08-15 12:04 - 00007859 _____ C:\Users\mark\AppData\Roaming\pcouffin.cat 2013-08-15 12:38 - 2013-08-15 12:04 - 00000055 _____ C:\Users\mark\AppData\Roaming\pcouffin.log 2013-08-15 12:35 - 2013-08-15 12:07 - 00000000 ____D C:\Users\mark\Documents\ConvertXtoDVD 2013-08-15 12:24 - 2013-01-18 17:09 - 00000000 ____D C:\ProgramData\vsosdk 2013-08-15 12:06 - 2013-08-15 12:04 - 00000000 ____D C:\ProgramData\VSO 2013-08-15 12:04 - 2013-08-15 12:04 - 00000000 ____D C:\Users\mark\Documents\PcSetup 2013-08-14 20:03 - 2012-10-22 18:12 - 00000000 ____D C:\Users\mark\AppData\Roaming\TS3Client 2013-08-14 16:50 - 2012-12-15 09:32 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys 2013-08-14 16:50 - 2012-12-15 09:32 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search 2013-08-11 08:13 - 2012-11-11 11:24 - 00000000 ____D C:\Users\mark\AppData\Local\Adobe 2013-08-11 08:13 - 2012-09-25 11:26 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-11 08:13 - 2012-09-25 11:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-11 08:13 - 2012-09-25 11:26 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-11 00:03 - 2013-08-11 00:02 - 00000000 ____D C:\Users\mark\AppData\Local\PAYDAY 2 2013-08-11 00:02 - 2013-08-11 00:02 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2013-08-11 00:02 - 2012-09-22 00:43 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-07-30 12:04 - 2012-09-25 16:21 - 00000000 ____D C:\Users\mark\Documents\my games 2013-07-26 22:43 - 2013-03-06 01:01 - 00000000 ____D C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2013-07-25 19:24 - 2013-07-25 19:02 - 00000000 ____D C:\Users\mark\AppData\Local\EsfEditor 2013-07-23 16:35 - 2013-02-11 20:17 - 00843900 _____ C:\Users\mark\AppData\Local\census.cache 2013-07-23 16:35 - 2013-02-11 20:17 - 00093980 _____ C:\Users\mark\AppData\Local\ars.cache 2013-07-23 00:18 - 2013-07-23 00:14 - 00000000 ____D C:\ProgramData\HitmanPro 2013-07-22 23:59 - 2013-03-30 03:19 - 00000000 ____D C:\Users\mark\AppData\Local\Google 2013-07-22 23:59 - 2013-03-30 03:19 - 00000000 ____D C:\Program Files (x86)\Google 2013-07-22 20:10 - 2009-07-14 06:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-21 15:22 - 2012-12-15 09:39 - 00000000 ____D C:\Users\mark\AppData\Local\Nero 2013-07-20 15:30 - 2013-07-20 15:30 - 00000000 ____D C:\Users\mark\Documents\Games for Windows - LIVE Demos 2013-07-20 15:23 - 2013-07-20 15:23 - 00000000 ____D C:\Program Files (x86)\AMD 2013-07-20 15:23 - 2013-07-17 20:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE 2013-07-20 15:23 - 2013-07-05 00:18 - 00000000 ____D C:\Users\mark\Documents\WB Games 2013-07-18 22:35 - 2013-07-18 22:35 - 00000000 __SHD C:\ProgramData\SecuROM 2013-07-17 20:41 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-07-17 20:36 - 2013-07-17 20:36 - 00000000 ____D C:\Windows\SysWOW64\xlive 2013-07-17 20:36 - 2013-07-17 20:36 - 00000000 ____D C:\Users\mark\Documents\Square Enix Files to move or delete: ==================== ZeroAccess: C:\Users\mark\AppData\Local\Google\Desktop\Install\{0803873a-5064-0ae3-7cf9-fc61a690faa7} ZeroAccess: C:\Program Files (x86)\Google\Desktop\Install\{0803873a-5064-0ae3-7cf9-fc61a690faa7} ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-12 19:54 ==================== End Of Log ============================ Thanks again for the help! Addition.txt

hello again, thanks for the quick reply! Heres the log! ogueKiller V8.6.5 _x64_ [Aug 5 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : mark [Admin rights] Mode : Scan -- Date : 08/16/2013 22:33:58 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [ZeroAccess][sERVICE] ???etadpug -- "C:\Program Files (x86)\Google\Desktop\Install\{0803873a-5064-0ae3-7cf9-fc61a690faa7}\ \...\???ﯹ๛\{0803873a-5064-0ae3-7cf9-fc61a690faa7}\GoogleUpdate.exe" < [x] -> STOPPED ¤¤¤ Registry Entries : 12 ¤¤¤ [RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\mark\AppData\Local\Google\Desktop\Install\{0803873a-5064-0ae3-7cf9-fc61a690faa7}\?��?��?��\?��?��?��\???ﯹ๛\{0803873a-5064-0ae3-7cf9-fc61a690faa7}\GoogleUpdate.exe" >) -> FOUND [RUN][ZeroAccess] HKUS\S-1-5-21-3640800009-1063320712-4824981-1002\[...]\Run : Google Update ("C:\Users\mark\AppData\Local\Google\Desktop\Install\{0803873a-5064-0ae3-7cf9-fc61a690faa7}\?��?��?��\?��?��?��\???ﯹ๛\{0803873a-5064-0ae3-7cf9-fc61a690faa7}\GoogleUpdate.exe" >) -> FOUND [sERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{0803873a-5064-0ae3-7cf9-fc61a690faa7}\ \...\???ﯹ๛\{0803873a-5064-0ae3-7cf9-fc61a690faa7}\GoogleUpdate.exe" < [x]) -> FOUND [sERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{0803873a-5064-0ae3-7cf9-fc61a690faa7}\ \...\???ﯹ๛\{0803873a-5064-0ae3-7cf9-fc61a690faa7}\GoogleUpdate.exe" < [x]) -> FOUND [sERVICE][ZeroAccess] HKLM\[...]\CS002\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{0803873a-5064-0ae3-7cf9-fc61a690faa7}\ \...\???ﯹ๛\{0803873a-5064-0ae3-7cf9-fc61a690faa7}\GoogleUpdate.exe" < [x]) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HID SVC][Hidden from API] HKLM\[...]\CCSet\[...]\Services : . e () -> FOUND [HID SVC][Hidden from API] HKLM\[...]\CS001\[...]\Services : . e () -> FOUND [HID SVC][Hidden from API] HKLM\[...]\CS002\[...]\Services : . e () -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][Folder] Install : C:\Users\mark\AppData\Local\Google\Desktop\Install [-] --> FOUND ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST1000DM003-9YN162 ATA Device +++++ --- User --- [MBR] 2e8f5d4d2260c1c9550f1ac9b306a35f [bSP] dbcd3b9bfc29eb944d029d3a5f39296c : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953766 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: ST1000DM003-9YN162 ATA Device +++++ --- User --- [MBR] 53341b5b67079eed307796b0b744d7a3 [bSP] b58ec1b99f4003f8548c0e453586011b : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 114471 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_08162013_223358.txt >>

Hello all. recently malwarebyte has been reporting a trojan called trojan.zaccess (registry key). i've tryed to remove it several times but after reboots it just keeps coming back! It doesnt seem to be doing too much to my system as i dont notice anything odd. I usually scan once every 3-5days. Registry Keys Detected: 1 HKLM\SYSTEM\CurrentControlSet\Services\‮etadpug (Trojan.Zaccess) -> No action taken. Eset online scanner doesnt find anything either. Heres the logs: DDS: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.25.2 Run by mark at 21:45:45 on 2013-08-16 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16344.14433 [GMT 1:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\VIA_XHCI\usb3Monitor.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe E:\Malwarebytes' Anti-Malware\mbamscheduler.exe E:\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe E:\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation E:\Steam\Steam.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve mURLSearchHooks: BitTorrentControl_v12 Toolbar: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll mWinlogon: Userinit = userinit.exe, BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll BHO: BitTorrentControl_v12 Toolbar: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: BitTorrentControl_v12 Toolbar: {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll TB: BitTorrentControl_v12 Toolbar: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 TCP: NameServer = 194.168.4.100 194.168.8.100 TCP: Interfaces\{4BDDE909-497E-466E-94E5-59D0D335FCC0} : DHCPNameServer = 194.168.4.100 194.168.8.100 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll SSODL: WebCheck - <orphaned> x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [VIAxHCUtl] C:\VIA_XHCI\usb3Monitor.exe x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe . ============= SERVICES / DRIVERS =============== . R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-9-22 16152] R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-9-22 21616] R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-12-15 45856] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-9 607456] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-9-22 161560] R2 MBAMScheduler;MBAMScheduler;E:\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-26 418376] R2 MBAMService;MBAMService;E:\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-26 701512] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-22 363800] R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [2013-8-14 1643184] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-9-22 356120] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-9-22 787736] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-2-10 104560] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-26 25928] R3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2012-8-17 110592] R3 VUSB3HUB;VIA USB 3 Root Hub Service;C:\Windows\System32\drivers\ViaHub3.sys [2012-9-22 205312] R3 xhcdrv;VIA USB eXtensible Host Controller Service;C:\Windows\System32\drivers\xhcdrv.sys [2012-9-22 254464] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-25 1255736] . =============== Created Last 30 ================ . 2013-08-16 10:12:48 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys 2013-08-15 11:04:59 99384 ----a-w- C:\Users\mark\AppData\Roaming\inst.exe 2013-08-15 11:04:59 82816 ----a-w- C:\Users\mark\AppData\Roaming\pcouffin.sys 2013-08-15 11:04:54 -------- d-----w- C:\ProgramData\VSO 2013-08-10 23:02:57 -------- d-----w- C:\Users\mark\AppData\Local\PAYDAY 2 2013-07-25 18:02:59 -------- d-----w- C:\Users\mark\AppData\Local\EsfEditor 2013-07-22 23:14:43 -------- d-----w- C:\ProgramData\HitmanPro 2013-07-20 14:23:47 -------- d-----w- C:\Program Files (x86)\AMD 2013-07-18 21:35:40 -------- d-sh--w- C:\ProgramData\SecuROM . ==================== Find3M ==================== . 2013-08-14 15:50:21 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys 2013-08-11 07:13:20 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-11 07:13:20 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-07-07 21:59:02 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2013-07-07 21:59:02 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2013-07-07 21:58:56 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2013-07-07 21:47:22 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2013-07-07 21:12:34 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-07-07 21:12:34 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-07-07 21:12:34 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-07-07 14:50:34 972712 ----a-w- C:\Windows\System32\deployJava1.dll 2013-07-07 14:50:34 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll 2013-07-07 14:50:34 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2013-06-07 15:13:27 447752 ----a-w- C:\Windows\SysWow64\vp6vfw.dll . ============= FINISH: 21:45:51.14 =============== ------------------------------------- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 25/09/2012 19:19:21 System Uptime: 16/08/2013 21:30:57 (0 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | Z77X-D3H Processor: Intel® Core i5-3570K CPU @ 3.40GHz | Intel® Core i5-3570K CPU @ 3.40GHz | 3801/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 112 GiB total, 24.73 GiB free. D: is CDROM () E: is FIXED (NTFS) - 931 GiB total, 814.853 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP173: 15/08/2013 22:19:44 - Scheduled Checkpoint . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.03) Age of Empires II: HD Edition Apple Application Support Apple Mobile Device Support Apple Software Update Assassin's Creed ® III Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver AVG Security Toolbar Batman: Arkham Asylum GOTY Edition Batman: Arkham City GOTY BitTorrent BitTorrentControl_v12 Toolbar Bonjour Borderlands Borderlands 2 CCleaner (remove only) Company of Heroes Company of Heroes (New Steam Version) CPUID CPU-Z 1.64.0 CPUID HWMonitor 1.20 Dual-Core Optimizer ESET Online Scanner v3 Intel® Management Engine Components Intel® USB 3.0 eXtensible Host Controller Driver Intel® Trusted Connect Service Client iTunes Java 7 Update 25 Java 7 Update 25 (64-bit) Java Auto Updater Malwarebytes Anti-Malware version 1.75.0.1300 marvell 91xx driver Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 Microsoft WSE 3.0 Runtime MSI Afterburner 2.2.4 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero Audio Pack 1 Nero Blu-ray Player Nero Blu-ray Player Help (CHM) Nero ControlCenter Nero ControlCenter Help (CHM) Nero Core Components Nero Disc Menus Basic Nero Effects Basic Nero Kwik Media Nero Kwik Media Help (CHM) Nero Kwik Themes Basic Nero PiP Effects Basic Nero SharedVideoCodecs Nero Update Nero Video Nero Video 12 Nero Video Help (CHM) neroxml NVIDIA 3D Vision Controller Driver 306.97 NVIDIA 3D Vision Driver 311.06 NVIDIA Control Panel 311.06 NVIDIA Graphics Driver 311.06 NVIDIA HD Audio Driver 1.3.18.0 NVIDIA Install Application NVIDIA PhysX NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.11.3 NVIDIA Update Components ON_OFF Charge B11.1102.1 OpenAL Origin PAYDAY: The Heist Platform Prerequisite installer RaidCall Razer Synapse 2.0 Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Steam SweetIM for Messenger 3.7 System Requirements Lab CYRI System Requirements Lab Detection Team Fortress Classic TeamSpeak 3 Client The Sims™ 3 The Sims™ 3 High-End Loft Stuff The Sims™ 3 Master Suite Stuff The Sims™ 3 Showtime The Sims™ 3 University Life Toolbar 4.7 by SweetPacks Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update Manager for SweetPacks 1.1 Uplay VIA Platform Device Manager WhoCrashed 3.06 Windows Live ID Sign-in Assistant WinRAR 4.20 (32-bit) World of Warcraft . ==== Event Viewer Messages From Past Week ======== . 16/08/2013 21:33:06, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 16/08/2013 21:33:06, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. 16/08/2013 21:31:08, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 16/08/2013 21:31:08, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 16/08/2013 21:31:02, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 16/08/2013 21:31:02, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 16/08/2013 21:31:01, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 15/08/2013 16:54:53, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. . ==== End Of File =========================== -------- Thanks in advance!