Trojan after every reboot, windows update after every removal

[kemped]

Hi. Everytime I start my computer malwarebytes detected 2 trojans, after I deleted all temp files with TFC and rebooted there is one trojan currently found called Trojan.MSIL.GenX found in Appdata\Roaming\Microsoft\Windows\Startup, dont remember the rest if it is necessary I will post the location next time I reboot and see it.

Everytime I delete the trojans the exact same windows updates that I installed before reappear and I have to install them again and the process repeats. they are both updates for Microsoft .NET Framework 4.

Could anyone help me please?

[kemped]

I appears to be fixed, after doing one more full scan it found a new trojan and deleted it. after a reboot it did not find any new trojans nor did it download windows updates, i will run a full scan and see if it is still happening

 

If someone appears to have the same problem the only thing I did was run Temp File Cleaner by OldTimer, reboot, delete the found trojan, run a full malwarebytes scan, delete the other found trojan, and reboot.

 

will update here if my malwarebytes does not find any more trojans

[kemped]

Nevermind a trojan was found again, still need help!

[AdvancedSetup]

Hi there.

 

Please run the following and post back the logs and we'll see what we can find.

 

 

STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

• Please download ERUNT from one of the following links: Link1 | Link2 | Link3
• ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
• Double click on erunt-setup.exe to Install ERUNT by following the prompts.
• Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
• Choose a location for the backup.
  
  • Note: the default location is C:\Windows\ERDNT which is acceptable.
    

  [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder.
  

Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02

Please download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
  

STEP 03

Please download Junkware Removal Tool to your desktop.

• Shutdown your antivirus to avoid any conflicts.
• Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next reply message
• When completed make sure to re-enable your antivirus

STEP 04

Please download AdwCleaner by Xplode to your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• If prompted by the User Account Control click Yes to allow it to run.
• Under Actions click on the Delete button.
• Click OK on all prompts.
• You will be prompted to restart your computer. A text file will open after the restart.
• Please post the entire contents of that logfile to your next reply.
• You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.

STEP 05



Please go here to run the online antivirus scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
    

  [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.
  

 

Thanks

[kemped]

I currently have two trojans in the Quarantaine in Malware Bytes so i dont know if that will affect the finds for these other programs, but will do them immediately thanks.

[kemped]

The logs from Malwarebytes Anti-Rootkit:

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.08.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Patrick :: PATRICK-PC [administrator]

8-7-2013 16:34:13
mbar-log-2013-07-08 (16-34-13).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 286659
Time elapsed: 7 minute(s), 53 second(s)

Memory Processes Detected: 1
c:\Users\Patrick\AppData\Local\Temp\UcF.exe (IPH.Trojan.MSIL.GenX) -> 3140 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|46a4592f94e71cda83f773bc2496b652 (IPH.Trojan.MSIL.GenX) -> Data: "C:\Users\Patrick\AppData\Local\Temp\UcF.exe" .. -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|46a4592f94e71cda83f773bc2496b652 (IPH.Trojan.MSIL.GenX) -> Data: "C:\Users\Patrick\AppData\Local\Temp\UcF.exe" .. -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
c:\Users\Patrick\AppData\Local\Temp\UcF.exe (IPH.Trojan.MSIL.GenX) -> Delete on reboot.
c:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\46a4592f94e71cda83f773bc2496b652.exe (Trojan.MSIL.GenX) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

 

 

SECOND LOG:

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.08.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Patrick :: PATRICK-PC [administrator]

8-7-2013 16:49:50
mbar-log-2013-07-08 (16-49-50).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 286706
Time elapsed: 8 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

[kemped]

Junkware Removal Tool log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.7 (07.08.2013:2)
OS: Windows 7 Home Premium x64
Ran by Patrick on ma 08-07-2013 at 17:06:09,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\dnu.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\yontooieclient.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ConduitInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ConduitInstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2737658
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Patrick\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Patrick\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Patrick\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\software update utility"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Patrick\appdata\local\{9CF79CC5-6FF1-4F1A-BC6A-7A39B699F589}
Successfully deleted: [Empty Folder] C:\Users\Patrick\appdata\local\{CAA04157-F1AB-4E58-B2CD-8DDEB4F46F93}
Successfully deleted: [Empty Folder] C:\Users\Patrick\appdata\local\{F2CC0DCF-954D-4C47-9FB9-7DA62BDA9FC1}



~~~ FireFox

Successfully deleted: [File] C:\Users\Patrick\AppData\Roaming\mozilla\firefox\profiles\uh0a2ezk.default\user.js
Successfully deleted: [File] "C:\Users\Patrick\AppData\Roaming\mozilla\firefox\profiles\uh0a2ezk.default\extensions\DivXWebPlayer@divx.com.xpi"
Successfully deleted: [Folder] C:\Users\Patrick\AppData\Roaming\mozilla\firefox\profiles\uh0a2ezk.default\smartbar
Successfully deleted the following from C:\Users\Patrick\AppData\Roaming\mozilla\firefox\profiles\uh0a2ezk.default\prefs.js

user_pref("CT2737658.1000082.isPlayDisplay", "true");


user_pref("CT2737658.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2737658.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2737658.FirstTime", "true");
user_pref("CT2737658.FirstTimeFF3", "true");

user_pref("CT2737658.RSSapp2737658a129531115111807042000000ReadItemsArr", "%7B%22hxxp%3A%2F%2Fwww.nytimes.com%2F2012%2F10%2F05%2Fus%2Fpolitics%2Fobama-team-tries-to-change-cou
user_pref("CT2737658.RSSapp2737658a129531115111807042000000cat0", "%5B%7B%22type%22%3A%22rss%22%2C%22version%22%3A%222.0%22%2C%22title%22%3A%22NYT%20%3E%20Home%20Page%22%2C%22
user_pref("CT2737658.RSSapp2737658a129531115111807042000000cat1", "%5B%7B%22type%22%3A%22rss%22%2C%22version%22%3A%222.0%22%2C%22title%22%3A%22Yahoo!%20Eurosport%20-%20All%20S
user_pref("CT2737658.RSSapp2737658a129531115111807042000000cat2", "%5B%7B%22type%22%3A%22rss%22%2C%22version%22%3A%222.0%22%2C%22title%22%3A%22People.com%20Latest%20News%22%2C
user_pref("CT2737658.RSSapp2737658a129531115111807042000000cat3", "%5B%7B%22type%22%3A%22rss%22%2C%22version%22%3A%222.0%22%2C%22title%22%3A%22TechCrunch%22%2C%22link%22%3A%22
user_pref("CT2737658.RSSapp2737658a129531115111807042000000embeddedVersion", "2.5.0");
user_pref("CT2737658.RSSapp2737658a129531115111807042000000feedsObj", "%7B%22channels%22%3A%7B%22id%22%3A%22channels%22%2C%22type%22%3A%22rss%22%2C%22data%22%3A%7B%22categorie
user_pref("CT2737658.RSSapp2737658a129531115111807042000000lastReportTime", "1349380895742 ");
user_pref("CT2737658.RSSapp2737658a129531115111807042000000newFeeds", "newFeeds");
user_pref("CT2737658.UserID", "UN58414346555411910");
user_pref("CT2737658.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT2737658.autoDisableScopes", -1);
user_pref("CT2737658.defaultSearch", "false");
user_pref("CT2737658.embeddedsData", "[{\"appId\":\"129258407936791975\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT2737658.enableAlerts", "always");
user_pref("CT2737658.enableSearchFromAddressBar", "true");
user_pref("CT2737658.firstTimeDialogOpened", "true");
user_pref("CT2737658.fixPageNotFoundError", "true");
user_pref("CT2737658.fixPageNotFoundErrorInHidden", "true");
user_pref("CT2737658.fixUrls", true);
user_pref("CT2737658.installId", "ConduitInstaller.exe");
user_pref("CT2737658.installType", "ConduitNSISIntegration");
user_pref("CT2737658.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2737658.isNewTabEnabled", true);
user_pref("CT2737658.isPerformedSmartBarTransition", "true");
user_pref("CT2737658.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT2737658.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp:/
user_pref("CT2737658.openThankYouPage", "false");
user_pref("CT2737658.openUninstallPage", "true");
user_pref("CT2737658.search.searchAppId", "129258407936791975");
user_pref("CT2737658.search.searchCount", "0");
user_pref("CT2737658.searchInNewTabEnabledInHidden", "true");
user_pref("CT2737658.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2737658.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2737658.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT2737658.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2737658\"}");

user_pref("CT2737658.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"FreeOnlineRadioPlayerRecorder\"}");
user_pref("CT2737658.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2737658.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"1\"}");
user_pref("CT2737658.serviceLayer_services_app.twitter.user-cnet_lastUpdate", "1349380792453");
user_pref("CT2737658.serviceLayer_services_app.twitter.user-cnnbrk_lastUpdate", "1349380792523");
user_pref("CT2737658.serviceLayer_services_app.twitter.user-computeractive_lastUpdate", "1349380792498");
user_pref("CT2737658.serviceLayer_services_app.twitter.user-dailymirror_lastUpdate", "1349380792511");
user_pref("CT2737658.serviceLayer_services_app.twitter.user-google_lastUpdate", "1349380792471");
user_pref("CT2737658.serviceLayer_services_app.twitter.user-techcrunch_lastUpdate", "1349380792434");
user_pref("CT2737658.serviceLayer_services_app.twitter.user-time_lastUpdate", "1349380792661");
user_pref("CT2737658.serviceLayer_services_app.twitter.user-wired_lastUpdate", "1349380792672");
user_pref("CT2737658.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1349380790514");
user_pref("CT2737658.serviceLayer_services_appsMetadata_lastUpdate", "1349380790396");
user_pref("CT2737658.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1349380791000");
user_pref("CT2737658.serviceLayer_services_login_10.10.27.6_lastUpdate", "1349380799925");
user_pref("CT2737658.serviceLayer_services_optimizer_lastUpdate", "1349380790891");
user_pref("CT2737658.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1349380790978");
user_pref("CT2737658.serviceLayer_services_searchAPI_lastUpdate", "1349380790056");
user_pref("CT2737658.serviceLayer_services_serviceMap_lastUpdate", "1349380789806");
user_pref("CT2737658.serviceLayer_services_toolbarContextMenu_lastUpdate", "1349380790954");
user_pref("CT2737658.serviceLayer_services_toolbarSettings_lastUpdate", "1349380790014");
user_pref("CT2737658.serviceLayer_services_translation_lastUpdate", "1349380790443");
user_pref("CT2737658.settingsINI", true);
user_pref("CT2737658.shouldFirstTimeDialog", "true");
user_pref("CT2737658.smartbar.CTID", "CT2737658");
user_pref("CT2737658.smartbar.Uninstall", "0");
user_pref("CT2737658.smartbar.toolbarName", "FreeOnlineRadioPlayerRecorder ");
user_pref("CT2737658.startPage", "false");
user_pref("CT2737658.toolbarBornServerTime", "4-10-2012");
user_pref("CT2737658.toolbarCurrentServerTime", "4-10-2012");
Emptied folder: C:\Users\Patrick\AppData\Roaming\mozilla\firefox\profiles\uh0a2ezk.default\minidumps [832 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ma 08-07-2013 at 17:08:33,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

[kemped]

Adwcleaner

(it's in dutch I apologize, ''verwijderd'' means deleted)

 

# AdwCleaner v2.304 - Verslag gemaakt op 08/07/2013 om 17:14:21
# Geactualiseerd op 03/07/2013 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruiker : Patrick - PATRICK-PC
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\Patrick\Desktop\AdwCleaner.exe
# Optie [Verwijderen]


***** [Diensten] *****


***** [Files / Mappen] *****

Map Verwijderd : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com

***** [Register] *****

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Sleutel Verwijderd : HKCU\Software\46a4592f94e71cda83f773bc2496b652
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Sleutel Verwijderd : HKLM\SOFTWARE\Tarma Installer

***** [browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Het register bevat geen enkele ongeoorloofde invoer.

-\\ Mozilla Firefox v22.0 (nl)

File : C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\uh0a2ezk.default\prefs.js

Verwijderd : user_pref("CT2737658.1000082.state", "{\"state\":\"stopped\",\"text\":\"Classic R...\",\"description[...]
Verwijderd : user_pref("CT2737658.2737658a129531115111807042000000paramsGK0", "{\"updateReqTime\":1349380792120,\[...]
Verwijderd : user_pref("CT2737658.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Verwijderd : user_pref("CT2737658.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Verwijderd : user_pref("CT2737658.embeddedsData", "[{\"appId\":\"129258407936791975\",\"apiPermissions\":{\"cross[...]
Verwijderd : user_pref("CT2737658.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Verwijderd : user_pref("CT2737658.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Verwijderd : user_pref("CT2737658.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Verwijderd : user_pref("CT2737658.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Verwijderd : user_pref("CT2737658.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Verwijderd : user_pref("CT2737658.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Verwijderd : user_pref("CT2737658.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Verwijderd : user_pref("CT2737658.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Verwijderd : user_pref("CT2737658.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Verwijderd : user_pref("CT2737658.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Verwijderd : user_pref("CT2737658.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Verwijderd : user_pref("extentions.y2layers.defaultEnableAppsList", "Buzzdock,Buzzdock,");
Verwijderd : user_pref("extentions.y2layers.installId", "b7c6ae70-a7ab-4a4e-b7d9-4994e425c6df");

File : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\ruhroa3l.default\prefs.js

[OK] De file bevat geen enkele ongeoorloofde invoer.

*************************

AdwCleaner[R1].txt - [6994 octets] - [08/07/2013 17:13:31]
AdwCleaner[s1].txt - [366 octets] - [08/07/2013 17:13:45]
AdwCleaner[s2].txt - [7123 octets] - [08/07/2013 17:14:21]

########## EOF - C:\AdwCleaner[s2].txt - [7183 octets] ##########
 

[kemped]

ESET found threats:

 

C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe    a variant of Win32/Bundled.Toolbar.Ask.A application
C:\Users\Patrick\Downloads\AIM_Install.exe    Win32/OpenCandy application
C:\Users\Patrick\Downloads\cbsidlm-tr1_7-Free_MP3WMAOGG_Converter-10793572.exe    Win32/DownloadAdmin.D application
C:\Users\Patrick\Downloads\xfire_setup.exe    a variant of Win32/OpenInstall application
 

[kemped]

After all these steps I have 5 trojans in my malwarebytes quarantaine.

What do I do now?

Thanks.

[kemped]

Everytime I used to delete the trojans the exact same windows updates would appear and when rebooting the same trojans would be found after the updates so I don't know if that will still happen if I delete them

[kemped]

EVERYTHING APPEARS TO BE FIXED THANK YOU SIR.

[kemped]

I have one last question before you close this thread, what was the ESET scan for? you told me not to delete the threats and there were 4 threats found.

all other trojans are deleted and aren't appearing after i reboot

[AdvancedSetup]

Those are not so much threats as they are Possible Unwanted Programs.  Myself I would delete them.

 

I would recommend that we run another antivirus scan though to double check for any other possible left over threats.

 

Please run the following scanner and post back the log.  If needed print this out because once the scanner starts you will not be able to run any other programs until it has completed.

 

 

 

• Please download Dr.Web CureIt! antivirus and save it to your computer. The file size is in excess of 100MB
• NOTE: Free usage of Dr.Web CureIt! for business purposes is illegal.
• Internet Explorer may show a warning when downloading - the file is safe to download from the provided link.
• Shutdown your antivirus to avoid any conflicts while scanning.
• Once the scans have completed please re-enable your antivirus.
• If using Malwarebytes Anti-Malware PRO you can right click over the tray icon and disable the Protection Modules
• If needed you can also temporarily disable it from starting with Windows
• Temporarily turn off any other security add-ons or applications you may also have.
• Once you have downloaded Dr.Web CureIt! you should right click over it and choose Properties and verify it has a Digital Signature.
• If it does not have a Digital Signature then do not run it.
• Close all open programs including all Web browsers and then double-click on drweb-cureit.exe to start the installer.
• You should have your User Account Control (UAC) enabled for improved security and which should then produce a dialog box asking for approval to run the installer.
• Click on the Yes button to start the installer.
• Click OK to scan your computer in the Enhanced Protection Mode
• Click on the check box to agree to participate in their software improvement program.
• Then if needed choose your Language by clicking on the small globe like icon in the upper right corner by the wrench.
• Then click on the Continue button and then click on the Select objects for scanning link just below the "Start scanning" button.
• Place a check mark on all the items except for Temporary files and System restore points - those items should not have a check mark on them.
• Then click on the Start scanning button.
• If a threat is found you can click on the Action column in the program.
• Your options will be Cure or Ignore
• If you see an item that you are absolutely sure is OK, then un-check the check box for that item, otherwise keep it on Cure.
• Then click on the Neutralize button.
• Once completed click on the green Open Report link. It will open the report in NOTEPAD
• Save the report to your desktop. The report will be called Cureit.log
• Close Dr.Web Cureit!
• Reboot your computer to allow files that were in use to be moved/deleted during reboot.
• After reboot, attach the log Cureit.log you saved previously in your next reply.
• Re-Enable your antivirus and other security programs when all done.

 

 

[kemped]

is there any way to retrieve the log after closing it? I somehow skipped over saving the report.

one thread was found and was neutralized

[AdvancedSetup]

It may be in the same folder where you ran Dr Web from or from C:\Program Files (x86)\Dr Web

 

Cureit.log

 

Please run the following for me which can detect some odd behaviors that some infections create.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

 

[kemped]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2013 01
Ran by Patrick (administrator) on 10-07-2013 16:51:08
Running from C:\Users\Patrick\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Dutch Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Plantronics\GameCom780\GameCom780.exe
(Akamai Technologies, Inc.) C:\Users\Patrick\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Akamai Technologies, Inc.) C:\Users\Patrick\AppData\Local\Akamai\netsession_win.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.171\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.31\deploy\LolClient.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11580520 2010-11-11] (Realtek Semiconductor)
HKLM\...\Run: [MSC] - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [GamecomSound] - C:\Program Files\Plantronics\GameCom780\GameCom780.exe [777448 2011-12-01] ()
HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,
HKCU\...\Run: [Akamai NetSession Interface] - "C:\Users\Patrick\AppData\Local\Akamai\netsession_win.exe" [4440896 2012-08-10] (Akamai Technologies, Inc.)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [x]
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-11-21] ()
HKCU\...\Run: [GomHack_Loader-USF.exe] - "C:\Users\Patrick\AppData\Local\Temp\GomHack_Loader-USF.exe" [x] <===== ATTENTION
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
MountPoints2: {94c89b52-511a-11e1-a331-806e6f6e6963} - E:\setup.exe
HKLM-x32\...\Run: [suiteTray] - "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [408432 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [202608 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-11] ()
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [x]
HKLM-x32\...\Run: [sunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [GomHack_Loader-USF.exe] - "C:\Users\Patrick\AppData\Local\Temp\GomHack_Loader-USF.exe" [x]
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\Default\...\RunOnce: [scrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [scrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\UpdatusUser\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\UpdatusUser\...\RunOnce: [scrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
URLSearchHook: (No Name) - {f999a48b-1950-4d81-9971-79018f807b4b} -  No File
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {F999A48B-1950-4D81-9971-79018F807B4B} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\uh0a2ezk.default
FF Homepage: https://www.youtube.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\Patrick\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Extension: Battlefield Heroes Updater - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\uh0a2ezk.default\Extensions\battlefieldheroespatcher@ea.com
FF Extension: No Name - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\uh0a2ezk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==================== Services (Whitelisted) =================

S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
S4 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-04-12] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4390376 2011-07-17] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-03-29] ()

==================== Drivers (Whitelisted) ====================

R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46280 2013-04-12] (AnchorFree Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2004-12-31] (INCA Internet Co., Ltd.)
R3 PlantronicsGC; C:\Windows\System32\drivers\PLTGC.sys [1327104 2011-11-05] (C-Media Electronics Inc)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [x]
S3 dump_wmimmc; \??\C:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S3 sf; \??\C:\AeriaGames\SoldierFront\avital\soldierf64.sys [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
S3 XFDriver64; \??\C:\Program Files (x86)\Xfire2\XFDriver64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-10 16:50 - 2013-07-10 16:50 - 01776221 ____A (Farbar) C:\Users\Patrick\Downloads\FRST64.exe
2013-07-10 16:50 - 2013-07-10 16:50 - 00000000 ____D C:\FRST
2013-07-10 16:25 - 2013-06-12 01:43 - 14329856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 16:25 - 2013-06-12 01:43 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 16:25 - 2013-06-12 01:43 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 16:25 - 2013-06-12 01:43 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 16:25 - 2013-06-12 01:43 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 16:25 - 2013-06-12 01:43 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 16:25 - 2013-06-12 01:43 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 16:25 - 2013-06-12 01:42 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 16:25 - 2013-06-12 01:42 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 16:25 - 2013-06-12 01:42 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 16:25 - 2013-06-12 01:42 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 16:25 - 2013-06-12 01:42 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 16:25 - 2013-06-12 01:42 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 16:25 - 2013-06-12 01:26 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-10 16:25 - 2013-06-12 01:26 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-10 16:25 - 2013-06-12 01:26 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-10 16:25 - 2013-06-12 01:25 - 19238912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-10 16:25 - 2013-06-12 01:25 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-10 16:25 - 2013-06-12 01:25 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-10 16:25 - 2013-06-12 01:25 - 02648576 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-10 16:25 - 2013-06-12 01:25 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-10 16:25 - 2013-06-12 01:25 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-10 16:25 - 2013-06-12 01:25 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-10 16:25 - 2013-06-12 01:25 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-10 16:25 - 2013-06-12 01:25 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-10 16:25 - 2013-06-12 01:25 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-10 16:25 - 2013-06-12 01:25 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-10 16:25 - 2013-06-12 00:51 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 16:25 - 2013-06-12 00:50 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-10 16:25 - 2013-06-07 05:22 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-10 16:25 - 2013-06-07 04:37 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 16:16 - 2013-06-05 05:34 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-10 16:16 - 2013-06-04 08:00 - 00624128 ____A (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-10 16:16 - 2013-06-04 06:53 - 00509440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 16:16 - 2013-05-06 08:03 - 01887744 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-10 16:16 - 2013-05-06 06:56 - 01620480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 16:14 - 2013-04-10 01:34 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 16:14 - 2013-04-03 00:51 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-10 06:53 - 2013-07-10 16:26 - 00000000 ____D C:\Windows\System32\MRT
2013-07-09 18:18 - 2013-07-09 18:18 - 00000000 ____D C:\Users\Patrick\AppData\Local\CrashRpt
2013-07-09 16:55 - 2013-07-09 18:03 - 00000000 ____D C:\Users\Patrick\Doctor Web
2013-07-09 16:25 - 2013-07-09 16:26 - 00000000 ____D C:\Users\Patrick\AppData\Local\Skyrim
2013-07-08 17:14 - 2013-07-08 17:14 - 00007234 ____A C:\AdwCleaner[s2].txt
2013-07-08 17:13 - 2013-07-08 17:13 - 00006994 ____A C:\AdwCleaner[R1].txt
2013-07-08 17:13 - 2013-07-08 17:13 - 00000366 ____A C:\AdwCleaner[s1].txt
2013-07-08 17:06 - 2013-07-08 17:06 - 00000000 ____D C:\Windows\ERUNT
2013-07-08 17:05 - 2013-07-08 17:05 - 00000000 ____D C:\JRT
2013-07-08 16:27 - 2013-07-08 16:27 - 00000000 ____D C:\Windows\ERDNT
2013-07-08 16:26 - 2013-07-08 16:26 - 00791393 ____A (Lars Hederer                                                ) C:\Users\Patrick\Downloads\erunt-setup.exe
2013-07-08 03:42 - 2013-07-08 03:42 - 00448512 ____A (OldTimer Tools) C:\Users\Patrick\Downloads\TFC.exe
2013-07-07 12:39 - 2013-07-07 12:39 - 20896392 ____A (Microsoft Corporation) C:\Users\Patrick\Downloads\Windows-KB890830-x64-V5.1.exe
2013-07-07 05:09 - 2013-07-07 05:09 - 00000000 ____D C:\ProgramData\SystemRequirementsLab
2013-07-07 03:47 - 2013-07-07 03:47 - 00000000 ____D C:\Users\Patrick\AppData\Local\THQ
2013-07-07 02:46 - 2013-07-07 02:46 - 00000220 ____A C:\Users\Patrick\Desktop\Killing Floor.url
2013-07-05 22:47 - 2013-07-05 22:48 - 00000000 ____D C:\Program Files\CyberGhost VPN
2013-07-05 22:47 - 2013-07-05 22:47 - 00000868 ____A C:\Users\Public\Desktop\CyberGhost VPN.lnk
2013-07-05 22:47 - 2011-12-15 20:29 - 00031232 ____A (The OpenVPN Project) C:\Windows\System32\Drivers\tap0901.sys
2013-07-05 22:46 - 2013-07-05 22:46 - 12792888 ____A (CyberGhost S.R.L.                                           ) C:\Users\Patrick\Downloads\CGWebInstall-en.exe
2013-07-05 18:05 - 2013-07-05 18:29 - 00000000 ____D C:\Users\Patrick\jagexcache
2013-07-03 04:19 - 2013-07-03 04:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-03 03:09 - 2013-07-03 03:09 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-07-03 03:08 - 2013-07-03 19:13 - 00000000 ____D C:\Users\Patrick\AppData\Local\AOL
2013-07-03 03:07 - 2013-07-03 03:08 - 19098856 ____A (AOL Inc.) C:\Users\Patrick\Downloads\AIM_Install.exe
2013-07-02 17:02 - 2013-07-02 17:02 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-07-02 16:58 - 2013-06-21 14:06 - 27781920 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2013-07-02 16:58 - 2013-06-21 14:06 - 25256224 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-07-02 16:58 - 2013-06-21 14:06 - 21102368 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-07-02 16:58 - 2013-06-21 14:06 - 17560352 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-07-02 16:58 - 2013-06-21 14:06 - 15144928 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2013-07-02 16:58 - 2013-06-21 14:06 - 11235104 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2013-07-02 16:58 - 2013-06-21 14:06 - 09239344 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-07-02 16:58 - 2013-06-21 14:06 - 07687592 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-07-02 16:58 - 2013-06-21 14:06 - 07641832 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2013-07-02 16:58 - 2013-06-21 14:06 - 06324360 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-07-02 16:58 - 2013-06-21 14:06 - 02953504 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-07-02 16:58 - 2013-06-21 14:06 - 02777888 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-07-02 16:58 - 2013-06-21 14:06 - 02363680 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-07-02 16:58 - 2013-06-21 14:06 - 02002720 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-07-02 16:58 - 2013-06-21 14:06 - 01832224 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco6432049.dll
2013-07-02 16:58 - 2013-06-21 14:06 - 01511712 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6432049.dll
2013-07-02 16:58 - 2013-06-21 14:06 - 00925648 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-07-02 16:58 - 2013-06-21 14:06 - 00572704 ____A (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2013-07-02 16:58 - 2013-06-21 14:06 - 00570656 ____A (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2013-07-02 16:58 - 2013-06-21 14:06 - 00467232 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-07-02 16:58 - 2013-06-21 14:06 - 00465184 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-07-02 16:58 - 2013-06-21 14:06 - 00266448 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2013-07-02 16:58 - 2013-06-21 14:06 - 00218592 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
2013-07-02 16:58 - 2013-06-21 14:06 - 00214448 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-07-02 16:58 - 2013-06-21 14:06 - 00181488 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-07-02 16:58 - 2013-02-25 07:27 - 00194848 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2013-07-02 16:58 - 2013-02-25 07:27 - 00031520 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2013-07-02 16:55 - 2013-07-02 16:57 - 229594432 ____A (NVIDIA Corporation) C:\Users\Patrick\Downloads\320.49-desktop-win8-win7-winvista-64bit-international-whql.exe
2013-06-30 16:46 - 2013-07-07 02:49 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Xfire
2013-06-30 16:46 - 2013-07-07 02:49 - 00000000 ____D C:\ProgramData\Xfire
2013-06-30 16:45 - 2013-06-30 16:45 - 00537128 ____A (Xfire) C:\Users\Patrick\Downloads\xfire_setup.exe
2013-06-27 15:11 - 2013-07-08 16:47 - 00020480 ____A C:\Windows\System32\.tmp
2013-06-21 05:16 - 2013-06-21 05:16 - 00566048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-06-21 00:45 - 2013-06-21 00:45 - 00004802 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-21 00:45 - 2013-06-12 21:47 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-21 00:45 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-21 00:45 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-21 00:45 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-20 12:45 - 2013-07-07 02:47 - 00000000 ____D C:\AeriaGames
2013-06-12 13:10 - 2013-06-12 13:10 - 00003915 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-06-12 01:27 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 01:27 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 01:27 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 01:27 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 01:22 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 01:22 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 01:22 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 01:22 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 01:22 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 01:22 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 01:22 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 01:22 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 01:22 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 01:22 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 01:22 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 01:22 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 01:09 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 01:02 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 01:02 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-11 22:49 - 2013-06-11 22:49 - 07106560 ____A C:\Users\Patrick\Downloads\PathOfExileInstaller.msi

==================== One Month Modified Files and Folders =======

2013-07-10 16:51 - 2012-11-21 01:06 - 00000000 ____D C:\Users\Patrick\AppData\Local\PMB Files
2013-07-10 16:50 - 2013-07-10 16:50 - 01776221 ____A (Farbar) C:\Users\Patrick\Downloads\FRST64.exe
2013-07-10 16:50 - 2013-07-10 16:50 - 00000000 ____D C:\FRST
2013-07-10 16:40 - 2009-07-14 06:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-10 16:40 - 2009-07-14 06:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-10 16:37 - 2012-02-07 01:21 - 02023922 ____A C:\Windows\WindowsUpdate.log
2013-07-10 16:33 - 2012-05-11 14:57 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-10 16:33 - 2012-02-07 01:22 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-10 16:33 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-10 16:33 - 2009-07-14 06:51 - 00070198 ____A C:\Windows\setupact.log
2013-07-10 16:33 - 2009-07-14 06:45 - 00271176 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-10 16:32 - 2012-05-13 01:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 16:32 - 2012-05-13 01:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 16:32 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 16:32 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 16:32 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 16:30 - 2012-02-02 18:30 - 00743320 ____A C:\Windows\System32\perfh013.dat
2013-07-10 16:30 - 2012-02-02 18:30 - 00152436 ____A C:\Windows\System32\perfc013.dat
2013-07-10 16:30 - 2009-07-14 07:13 - 01685680 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-10 16:28 - 2013-07-10 06:53 - 00000000 ____D C:\Windows\System32\MRT
2013-07-10 16:26 - 2012-05-14 12:36 - 78277128 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-10 16:16 - 2012-05-11 14:30 - 00000940 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-10 16:11 - 2012-05-11 12:50 - 00000000 ____D C:\users\Patrick
2013-07-10 16:03 - 2012-09-27 23:17 - 00000000 ____D C:\users\Gast
2013-07-10 16:03 - 2012-09-05 19:04 - 00000000 ____D C:\Users\Patrick\AppData\Local\Akamai
2013-07-10 16:03 - 2010-11-21 09:16 - 00000000 ____D C:\Windows\ShellNew
2013-07-10 16:03 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-10 16:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-10 16:01 - 2012-09-12 03:01 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Skype
2013-07-10 16:01 - 2012-08-04 14:57 - 00000000 ____D C:\Users\Patrick\Documents\My Games
2013-07-09 18:18 - 2013-07-09 18:18 - 00000000 ____D C:\Users\Patrick\AppData\Local\CrashRpt
2013-07-09 18:03 - 2013-07-09 16:55 - 00000000 ____D C:\Users\Patrick\Doctor Web
2013-07-09 16:26 - 2013-07-09 16:25 - 00000000 ____D C:\Users\Patrick\AppData\Local\Skyrim
2013-07-08 21:31 - 2012-11-21 01:06 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-08 17:14 - 2013-07-08 17:14 - 00007234 ____A C:\AdwCleaner[s2].txt
2013-07-08 17:13 - 2013-07-08 17:13 - 00006994 ____A C:\AdwCleaner[R1].txt
2013-07-08 17:13 - 2013-07-08 17:13 - 00000366 ____A C:\AdwCleaner[s1].txt
2013-07-08 17:06 - 2013-07-08 17:06 - 00000000 ____D C:\Windows\ERUNT
2013-07-08 17:05 - 2013-07-08 17:05 - 00000000 ____D C:\JRT
2013-07-08 16:47 - 2013-06-27 15:11 - 00020480 ____A C:\Windows\System32\.tmp
2013-07-08 16:27 - 2013-07-08 16:27 - 00000000 ____D C:\Windows\ERDNT
2013-07-08 16:26 - 2013-07-08 16:26 - 00791393 ____A (Lars Hederer                                                ) C:\Users\Patrick\Downloads\erunt-setup.exe
2013-07-08 16:19 - 2012-05-11 14:23 - 01641200 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-07-08 03:57 - 2010-11-21 05:47 - 00360982 ____A C:\Windows\PFRO.log
2013-07-08 03:42 - 2013-07-08 03:42 - 00448512 ____A (OldTimer Tools) C:\Users\Patrick\Downloads\TFC.exe
2013-07-08 03:32 - 2012-10-04 22:24 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2013-07-07 12:39 - 2013-07-07 12:39 - 20896392 ____A (Microsoft Corporation) C:\Users\Patrick\Downloads\Windows-KB890830-x64-V5.1.exe
2013-07-07 05:09 - 2013-07-07 05:09 - 00000000 ____D C:\ProgramData\SystemRequirementsLab
2013-07-07 05:09 - 2013-03-27 14:35 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2013-07-07 03:47 - 2013-07-07 03:47 - 00000000 ____D C:\Users\Patrick\AppData\Local\THQ
2013-07-07 03:47 - 2011-07-11 12:00 - 00228619 ____A C:\Windows\DirectX.log
2013-07-07 02:49 - 2013-06-30 16:46 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Xfire
2013-07-07 02:49 - 2013-06-30 16:46 - 00000000 ____D C:\ProgramData\Xfire
2013-07-07 02:47 - 2013-06-20 12:45 - 00000000 ____D C:\AeriaGames
2013-07-07 02:47 - 2013-03-19 15:17 - 00000000 ____D C:\Users\Patrick\Documents\Battlefield Heroes
2013-07-07 02:46 - 2013-07-07 02:46 - 00000220 ____A C:\Users\Patrick\Desktop\Killing Floor.url
2013-07-06 05:48 - 2013-01-20 13:14 - 00000792 ____A C:\Users\Patrick\Documents\....txt
2013-07-05 22:48 - 2013-07-05 22:47 - 00000000 ____D C:\Program Files\CyberGhost VPN
2013-07-05 22:47 - 2013-07-05 22:47 - 00000868 ____A C:\Users\Public\Desktop\CyberGhost VPN.lnk
2013-07-05 22:46 - 2013-07-05 22:46 - 12792888 ____A (CyberGhost S.R.L.                                           ) C:\Users\Patrick\Downloads\CGWebInstall-en.exe
2013-07-05 21:43 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-05 18:29 - 2013-07-05 18:05 - 00000000 ____D C:\Users\Patrick\jagexcache
2013-07-05 02:21 - 2013-03-29 04:13 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Origin
2013-07-05 02:21 - 2013-03-29 04:13 - 00000000 ____D C:\Users\Patrick\AppData\Local\Origin
2013-07-05 02:21 - 2013-03-29 04:11 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-04 14:14 - 2012-05-11 14:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-03 19:13 - 2013-07-03 03:08 - 00000000 ____D C:\Users\Patrick\AppData\Local\AOL
2013-07-03 19:13 - 2012-09-22 15:11 - 00000295 ____A C:\Windows\WinInit.Ini
2013-07-03 04:19 - 2013-07-03 04:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-03 03:09 - 2013-07-03 03:09 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-07-03 03:08 - 2013-07-03 03:07 - 19098856 ____A (AOL Inc.) C:\Users\Patrick\Downloads\AIM_Install.exe
2013-07-02 17:02 - 2013-07-02 17:02 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-07-02 17:02 - 2012-02-07 01:20 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-07-02 16:57 - 2013-07-02 16:55 - 229594432 ____A (NVIDIA Corporation) C:\Users\Patrick\Downloads\320.49-desktop-win8-win7-winvista-64bit-international-whql.exe
2013-07-01 20:57 - 2011-07-11 11:54 - 00000000 ____D C:\ProgramData\Skype
2013-07-01 20:56 - 2012-09-12 03:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-01 14:45 - 2012-05-23 06:04 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-06-30 20:20 - 2012-05-11 12:51 - 00058984 ____A C:\Users\Patrick\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-30 16:45 - 2013-06-30 16:45 - 00537128 ____A (Xfire) C:\Users\Patrick\Downloads\xfire_setup.exe
2013-06-21 14:06 - 2013-07-02 16:58 - 27781920 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2013-06-21 14:06 - 2013-07-02 16:58 - 25256224 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-06-21 14:06 - 2013-07-02 16:58 - 21102368 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-06-21 14:06 - 2013-07-02 16:58 - 17560352 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-06-21 14:06 - 2013-07-02 16:58 - 15144928 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2013-06-21 14:06 - 2013-07-02 16:58 - 11235104 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2013-06-21 14:06 - 2013-07-02 16:58 - 09239344 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-06-21 14:06 - 2013-07-02 16:58 - 07687592 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-06-21 14:06 - 2013-07-02 16:58 - 07641832 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2013-06-21 14:06 - 2013-07-02 16:58 - 06324360 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-06-21 14:06 - 2013-07-02 16:58 - 02953504 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-06-21 14:06 - 2013-07-02 16:58 - 02777888 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-06-21 14:06 - 2013-07-02 16:58 - 02363680 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-06-21 14:06 - 2013-07-02 16:58 - 02002720 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-06-21 14:06 - 2013-07-02 16:58 - 01832224 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco6432049.dll
2013-06-21 14:06 - 2013-07-02 16:58 - 01511712 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6432049.dll
2013-06-21 14:06 - 2013-07-02 16:58 - 00925648 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-06-21 14:06 - 2013-07-02 16:58 - 00572704 ____A (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2013-06-21 14:06 - 2013-07-02 16:58 - 00570656 ____A (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2013-06-21 14:06 - 2013-07-02 16:58 - 00467232 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-06-21 14:06 - 2013-07-02 16:58 - 00465184 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-06-21 14:06 - 2013-07-02 16:58 - 00266448 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2013-06-21 14:06 - 2013-07-02 16:58 - 00218592 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
2013-06-21 14:06 - 2013-07-02 16:58 - 00214448 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-06-21 14:06 - 2013-07-02 16:58 - 00181488 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-06-21 14:06 - 2013-03-25 22:56 - 13411896 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-06-21 14:06 - 2013-03-25 22:56 - 12427240 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-06-21 14:06 - 2013-03-25 22:56 - 02597856 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-06-21 14:06 - 2012-05-23 18:46 - 01059560 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2013-06-21 14:06 - 2012-02-07 01:19 - 15920536 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2013-06-21 14:06 - 2012-02-07 01:19 - 02936208 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2013-06-21 14:06 - 2012-02-07 01:19 - 00021578 ____A C:\Windows\System32\nvinfo.pb
2013-06-21 12:23 - 2012-02-07 01:19 - 06496544 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2013-06-21 12:23 - 2012-02-07 01:19 - 03514656 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2013-06-21 12:23 - 2012-02-07 01:19 - 02555680 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2013-06-21 12:23 - 2012-02-07 01:19 - 00884512 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2013-06-21 12:23 - 2012-02-07 01:19 - 00237856 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2013-06-21 12:23 - 2012-02-07 01:19 - 00063776 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2013-06-21 05:16 - 2013-06-21 05:16 - 00566048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-06-21 00:45 - 2013-06-21 00:45 - 00004802 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-21 00:45 - 2013-03-08 16:54 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-20 13:12 - 2012-10-02 16:50 - 00000000 ____D C:\ProgramData\Aeria Games
2013-06-20 06:17 - 2012-05-23 18:47 - 03253909 ____A C:\Windows\System32\nvcoproc.bin
2013-06-13 18:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-12 21:48 - 2012-05-11 19:14 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-12 21:48 - 2012-05-11 19:14 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-12 21:47 - 2013-06-21 00:45 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:43 - 2013-06-21 00:45 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-12 21:43 - 2013-06-21 00:45 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 21:43 - 2013-06-21 00:45 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-12 14:16 - 2012-05-11 14:30 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 14:16 - 2011-07-11 12:28 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 13:10 - 2013-06-12 13:10 - 00003915 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-06-12 01:43 - 2013-07-10 16:25 - 14329856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 01:43 - 2013-07-10 16:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 01:43 - 2013-07-10 16:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 01:43 - 2013-07-10 16:25 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 01:43 - 2013-07-10 16:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 01:43 - 2013-07-10 16:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 01:43 - 2013-07-10 16:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 01:42 - 2013-07-10 16:25 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 01:42 - 2013-07-10 16:25 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 01:42 - 2013-07-10 16:25 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 01:42 - 2013-07-10 16:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 01:42 - 2013-07-10 16:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 01:42 - 2013-07-10 16:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 01:26 - 2013-07-10 16:25 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 01:26 - 2013-07-10 16:25 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 01:26 - 2013-07-10 16:25 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 01:25 - 2013-07-10 16:25 - 19238912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 01:25 - 2013-07-10 16:25 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 01:25 - 2013-07-10 16:25 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 01:25 - 2013-07-10 16:25 - 02648576 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 01:25 - 2013-07-10 16:25 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 01:25 - 2013-07-10 16:25 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 01:25 - 2013-07-10 16:25 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 01:25 - 2013-07-10 16:25 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 01:25 - 2013-07-10 16:25 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 01:25 - 2013-07-10 16:25 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 01:25 - 2013-07-10 16:25 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 00:51 - 2013-07-10 16:25 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 00:50 - 2013-07-10 16:25 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-11 22:49 - 2013-06-11 22:49 - 07106560 ____A C:\Users\Patrick\Downloads\PathOfExileInstaller.msi
2013-06-11 04:22 - 2012-11-29 05:03 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-11 04:22 - 2012-05-11 16:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-03 04:52

==================== End Of Log ============================

[kemped]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2013 01
Ran by Patrick at 2013-07-10 16:51:43
Running from C:\Users\Patrick\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Acer eRecovery Management (x32 Version: 5.00.3505)
Acer Registration (x32 Version: 1.04.3503)
Acer ScreenSaver (x32 Version: 1.1.0609.2011)
Acer Updater (x32 Version: 1.02.3500)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7)
Akamai NetSession Interface (HKCU)
Bandisoft MPEG-1 Decoder (x32)
D3DX10 (x32 Version: 15.4.2368.0902)
erGhost VPN
Evernote v. 4.5.1 (x32 Version: 4.5.1.5451)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922)
Futuremark SystemInfo (x32 Version: 4.15.0)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Galerie foto Windows Live (x32 Version: 15.4.3502.0922)
Hotkey Utility (x32 Version: 2.05.3505)
Hotspot Shield 2.93 (x32 Version: 2.93)
Identity Card (x32 Version: 1.00.3501)
Intel® Management Engine Components (x32 Version: 7.0.0.1144)
Intel® Rapid Storage Technology (x32 Version: 10.1.0.1008)
Java 7 Update 25 (x32 Version: 7.0.250)
Java 7 Update 7 (64-bit) (Version: 7.0.70)
Java Auto Updater (x32 Version: 2.1.9.5)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Killing Floor (x32)
League of Legends (x32 Version: 1.3)
Malwarebytes Anti-Malware versie 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile NLD Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended NLD Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 nl) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyWinLocker (Version: 4.0.14.25)
MyWinLocker 4 (x32 Version: 4.0.14.25)
MyWinLocker Suite (x32 Version: 4.0.14.15)
Nero Control Center 10 (x32 Version: 10.2.11100.1.1)
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Core Components 10 (x32 Version: 2.0.18100.8.8)
Nero DiscSpeed 10 (x32 Version: 6.2.10500.2.100)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Express 10 (x32 Version: 10.2.12000.21.100)
Nero Express 10 Help (CHM) (x32 Version: 10.5.10200)
Nero Multimedia Suite 10 Essentials (x32 Version: 10.5.10300)
Nero StartSmart 10 (x32 Version: 10.2.11600.14.100)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Update (x32 Version: 1.0.0018)
Norton Online Backup (x32 Version: 2.1.17869)
NVIDIA 3D Vision controllerstuurprogramma 320.49 (Version: 320.49)
NVIDIA 3D Vision stuurprogramma 320.49 (Version: 320.49)
NVIDIA Grafisch stuurprogramma 320.49 (Version: 320.49)
NVIDIA HD Audio-stuurprogramma 1.3.24.2 (Version: 1.3.24.2)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA PhysX (x32 Version: 9.13.0604)
NVIDIA PhysX systeemsoftware 9.13.0604 (Version: 9.13.0604)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
NVIDIA-configuratiescherm 320.49 (Version: 320.49)
Origin (x32 Version: 9.1.15.109)
Pando Media Booster (x32 Version: 2.6.0.8)
Plantronics® GameCom 780 Software for Dolby® Headphone (x32 Version: 1.00.0001)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922)
Pošta Windows Live (x32 Version: 15.4.3502.0922)
PunkBuster Services (x32 Version: 0.988)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
RaidCall (x32 Version: 7.2.4-1.0.7299.14)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6242)
Shredder (Version: 2.0.8.9)
Shredder (x32 Version: 2.0.8.9)
Skype™ 6.5 (x32 Version: 6.5.158)
Steam (x32 Version: 1.0.0.0)
swMSM (x32 Version: 12.0.0.1)
System Requirements Lab CYRI (x32 Version: 6.0.3.0)
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (Version: 4.0.30320)
Taalpakket voor Microsoft .NET Framework 4 Extended - NLD (Version: 4.0.30319)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Welcome Center (x32 Version: 1.02.3504)
Windows Live Argazki Galeria (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922)
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922)
Windows Live Fotótár (x32 Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922)
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live 影像中心 (x32 Version: 15.4.3502.0922)
Windows Live 程式集 (x32 Version: 15.4.3502.0922)
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922)
Windows Liven sähköposti (x32 Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922)
Почта Windows Live (x32 Version: 15.4.3502.0922)
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922)
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922)
بريد Windows Live (x32 Version: 15.4.3502.0922)
معرض صور Windows Live (x32 Version: 15.4.3502.0922)

==================== Restore Points  =========================

09-07-2013 14:24:22 DirectX is geïnstalleerd.
09-07-2013 16:17:13 DirectX is geïnstalleerd.
10-07-2013 04:45:48 Windows Update
10-07-2013 13:57:58 Herstelbewerking
10-07-2013 14:19:37 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0FE833D6-1CC1-4D33-AD84-2DA4D5B307D0} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2013-05-10] (Adobe Systems Incorporated)
Task: {59AAC593-5E6D-4307-872D-8AAE1BB057E4} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {5C5FE30A-AAA1-4C2E-AD79-30544C05DA33} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {8654D4CD-91E8-4443-869A-EAAE47655C5C} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {8DEBD8F5-E8CC-449C-BE51-2263C43011FE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {DD1CB1AA-76A1-4395-B228-09239998A335} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/10/2013 04:34:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/10/2013 04:20:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/10/2013 04:06:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/10/2013 03:40:47 PM) (Source: MsiInstaller) (User: Patrick-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Patrick\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.

Error: (07/10/2013 03:40:22 PM) (Source: MsiInstaller) (User: Patrick-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Patrick\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.

Error: (07/10/2013 03:40:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/10/2013 06:13:21 AM) (Source: MsiInstaller) (User: Patrick-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Patrick\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.

Error: (07/10/2013 06:12:58 AM) (Source: MsiInstaller) (User: Patrick-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Patrick\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.

Error: (07/10/2013 02:01:43 AM) (Source: MsiInstaller) (User: Patrick-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Patrick\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.

Error: (07/10/2013 02:01:06 AM) (Source: MsiInstaller) (User: Patrick-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Patrick\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.


System errors:
=============
Error: (07/10/2013 04:35:19 PM) (Source: Service Control Manager) (User: )
Description: De NVIDIA Update Service Daemon-service kan vanwege de volgende fout niet worden gestart:
%%1069

Error: (07/10/2013 04:35:19 PM) (Source: Service Control Manager) (User: )
Description: De nvUpdatusService-service kan niet als .\UpdatusUser met het huidig ingestelde wachtwoord worden aangemeld vanwege de volgende fout:
%%1330

Gebruik de module Services in de Microsoft Management Console (MMC) om te controleren of de service juist is geconfigureerd.

Error: (07/10/2013 04:20:49 PM) (Source: Service Control Manager) (User: )
Description: De NVIDIA Update Service Daemon-service kan vanwege de volgende fout niet worden gestart:
%%1069

Error: (07/10/2013 04:20:49 PM) (Source: Service Control Manager) (User: )
Description: De nvUpdatusService-service kan niet als .\UpdatusUser met het huidig ingestelde wachtwoord worden aangemeld vanwege de volgende fout:
%%1330

Gebruik de module Services in de Microsoft Management Console (MMC) om te controleren of de service juist is geconfigureerd.

Error: (07/10/2013 04:07:10 PM) (Source: Service Control Manager) (User: )
Description: De NVIDIA Update Service Daemon-service kan vanwege de volgende fout niet worden gestart:
%%1069

Error: (07/10/2013 04:07:10 PM) (Source: Service Control Manager) (User: )
Description: De nvUpdatusService-service kan niet als .\UpdatusUser met het huidig ingestelde wachtwoord worden aangemeld vanwege de volgende fout:
%%1330

Gebruik de module Services in de Microsoft Management Console (MMC) om te controleren of de service juist is geconfigureerd.

Error: (07/10/2013 04:04:57 PM) (Source: Microsoft Antimalware) (User: )
Description: %60 heeft een fout gevonden tijdens het laden van handtekeningen en wordt hersteld naar een set handtekeningen waarvan bekend is dat deze in orde zijn.

    Uitgevoerde handtekeningen: %24

    Foutcode: 0x80070002

    Foutbeschrijving: Het systeem kan het opgegeven bestand niet vinden.

    Versie handtekening: 0.0.0.0;0.0.0.0

    Versie engine: %600

Error: (07/10/2013 03:48:50 PM) (Source: Service Control Manager) (User: )
Description: De Steam Client Service-service kan vanwege de volgende fout niet worden gestart:
%%1053

Error: (07/10/2013 03:48:50 PM) (Source: Service Control Manager) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: Steam Client Service.

Error: (07/10/2013 03:41:32 PM) (Source: Service Control Manager) (User: )
Description: De NVIDIA Update Service Daemon-service kan vanwege de volgende fout niet worden gestart:
%%1069


Microsoft Office Sessions:
=========================
Error: (07/10/2013 04:34:09 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/10/2013 04:20:20 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/10/2013 04:06:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/10/2013 03:40:47 PM) (Source: MsiInstaller)(User: Patrick-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Patrick\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/10/2013 03:40:22 PM) (Source: MsiInstaller)(User: Patrick-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Patrick\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/10/2013 03:40:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/10/2013 06:13:21 AM) (Source: MsiInstaller)(User: Patrick-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Patrick\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/10/2013 06:12:58 AM) (Source: MsiInstaller)(User: Patrick-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Patrick\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/10/2013 02:01:43 AM) (Source: MsiInstaller)(User: Patrick-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Patrick\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/10/2013 02:01:06 AM) (Source: MsiInstaller)(User: Patrick-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Patrick\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)


CodeIntegrity Errors:
===================================
  Date: 2012-05-11 22:50:47.169
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume3\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

  Date: 2012-05-11 22:50:47.151
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume3\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.


==================== Memory info ===========================

Percentage of memory in use: 37%
Total physical RAM: 6126.01 MB
Available physical RAM: 3811.51 MB
Total Pagefile: 12250.2 MB
Available Pagefile: 9585.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:455.45 GB) (Free:386.37 GB) NTFS (Disk=0 Partition=3)
Drive d: (DATA) (Fixed) (Total:455.96 GB) (Free:455.86 GB) NTFS (Disk=0 Partition=4)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 30B852E5)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=456 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[AdvancedSetup]

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 
 

 

Next, download Security Check from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

How is the computer running now?  Are there still any signs of an infection?

fixlist.txt

[kemped]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-07-2013 04
Ran by Patrick at 2013-07-11 16:56:07 Run:1
Running from C:\Users\Patrick\Desktop
Boot Mode: Normal
==============================================

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GomHack_Loader-USF.exe => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\GomHack_Loader-USF.exe => Value deleted successfully.
cpuz136 => Service deleted successfully.
C:\AdwCleaner[s2].txt => Moved successfully.
C:\AdwCleaner[R1].txt => Moved successfully.
C:\AdwCleaner[s1].txt => Moved successfully.
C:\JRT => Moved successfully.

==== End of Fixlog ====

[kemped]

 Results of screen317's Security Check version 0.99.68  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 JavaFX 2.1.1    
 Java 7 Update 25  
 Adobe Flash Player 11.7.700.224  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox (22.0)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
 

[kemped]

The main problem was trojans kept appearing after I deleted them as windows updates, it was like when I deleted the trojans I deleted those important updates with them, but after your help this was fixed. the pc also seems to run quite a bit faster and doesn't get sllow at times.

[AdvancedSetup]

Great, glad everything seems to be back to normal or better than normal.

You need to start your Adobe Reader and then check for updates as the log says its not up to date.

I'll be closing your post soon but please read the following and you can go ahead now and remove any programs or logs and files we've used in this clean up process.

Best Practices for Safe Computing - Prevention of Malware Infection

[kemped]

Ok I updated it, thank you very much for all your help I really appreciate it.

[AdvancedSetup]

You're quite welcome.

 

Take care and stay safe out there.  Don't forget to do backups to an external drive for all your important data.