another Trojan.Zaccess

[PBrennan]

im totaly new to this trojan stuff and have no idea what most of the stuff people where saying in other topics but i get the idea that each individual needs there own help ? so im here to ask for said help ^^ iv noticed these 2 trojans on my pc these last few days and my anti virus program just couldnt dlt them saying i needed a restart to get rid of them but they never went away so i tried malwarebytes today and the list of viruses / trojans where dlted down to 2 and these 2 wont go away reading wat other posts have said this seems to be a hard trojan to remove and i dont wonna risk anything messing up my pc doing it alone i understand that i need to show a list of data of some sorts but i dont no what/where to get it to copy/paste it to here both are called trojan.zaccess but 1 is registry value and other registry key ofc that means nothing to me so i dont no if it makes any difference typing it here

 

would realy appreciate any help to get rid of these 2 trojans ^^

[MrCharlie]

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[PBrennan]

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by patrick at 18:31:31 on 2013-08-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4095.2887 [GMT 1:00]
.
AV: Virgin Media Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Virgin Media Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Firewall Booster *Enabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\SysWOW64\ASGT.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Virgin Media\Virgin Media Security\10.0.38.58308\RpsSecurityAwareR.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\patrick\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\patrick\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe
C:\Program Files (x86)\Virgin Media\Virgin Media Security\10.0.38.58308\Rps.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Internet Explorer, optimized for Bing and MSN
uProxyOverride = 127.0.0.1:9421;<local>
uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>
uURLSearchHooks: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - <orphaned>
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Akamai NetSession Interface] "C:\Users\patrick\AppData\Local\Akamai\netsession_win.exe"
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [serviceManager.exe] "C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN
mRun: [Virgin Media Security] "C:\Program Files (x86)\Virgin Media\Virgin Media Security\10.0.38.58308\RPS.exe" -set Silent "1" SplashURL ""
mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer
dRunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com






TCP: NameServer = 192.168.1.1
TCP: Interfaces\{815AA922-ACFE-45A3-A5DD-533E6EBB49F1} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{AD96D940-55B5-4016-9ADC-191FACC43868} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll
x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\patrick\AppData\Roaming\Mozilla\Firefox\Profiles\yuw4jvma.default\
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\patrick\AppData\LocalLow\Square Enix\nprun3d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\System32\drivers\tmlwf.sys [2012-2-1 194640]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 27136]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-2-1 267480]
R2 ASGT;ASGT;C:\Windows\SysWOW64\ASGT.exe [2012-1-17 55296]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 Radialpoint Security Services;Virgin Media Security;C:\Program Files (x86)\Virgin Media\Virgin Media Security\10.0.38.58308\RpsSecurityAwareR.exe [2012-2-1 154632]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 ServicepointService;ServicepointService;C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe [2012-2-1 10310968]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2012-2-1 67664]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-9-24 233472]
R4 IOMap;IOMap;C:\Windows\System32\drivers\IOMap64.sys [2013-8-14 23680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
S2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\System32\drivers\tmwfp.sys [2012-2-1 339536]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-14 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-14 1255736]
S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem --> C:\Windows\System32\xsherlock.xem [?]
.
=============== Created Last 30 ================
.
2013-08-27 14:02:20    --------    d-----w-    C:\Users\patrick\AppData\Roaming\Malwarebytes
2013-08-27 14:01:57    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-08-27 14:01:54    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-08-27 14:01:54    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-25 20:35:59    12800    ----a-w-    C:\Windows\DCEBoot64.exe
2013-08-25 16:34:19    225280    ----a-w-    C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
2013-08-25 16:34:03    --------    d-----w-    C:\Program Files (x86)\x264 Video Codec
2013-08-21 19:05:25    --------    d-----w-    C:\Users\patrick\AppData\Roaming\NVIDIA
2013-08-16 10:43:05    --------    d-----w-    C:\Program Files (x86)\Stunlock Studios
2013-08-15 15:59:31    --------    d-----w-    C:\Users\patrick\AppData\Local\NVIDIA
2013-08-15 15:47:11    31520    ----a-w-    C:\Windows\System32\nvhdap64.dll
2013-08-15 15:47:11    194848    ----a-w-    C:\Windows\System32\drivers\nvhda64v.sys
2013-08-15 15:47:07    925648    ----a-w-    C:\Windows\SysWow64\nvumdshim.dll
2013-08-15 15:47:06    7641832    ----a-w-    C:\Windows\System32\nvopencl.dll
2013-08-15 15:47:06    6324360    ----a-w-    C:\Windows\SysWow64\nvopencl.dll
2013-08-15 15:47:04    27781920    ----a-w-    C:\Windows\System32\nvoglv64.dll
2013-08-15 15:47:03    21102368    ----a-w-    C:\Windows\SysWow64\nvoglv32.dll
2013-08-15 15:47:02    218592    ----a-w-    C:\Windows\System32\nvoglshim64.dll
2013-08-15 15:47:02    181488    ----a-w-    C:\Windows\SysWow64\nvoglshim32.dll
2013-08-15 15:47:00    266448    ----a-w-    C:\Windows\System32\nvinitx.dll
2013-08-15 15:47:00    214448    ----a-w-    C:\Windows\SysWow64\nvinit.dll
2013-08-15 15:47:00    11235104    ----a-w-    C:\Windows\System32\drivers\nvlddmkm.sys
2013-08-15 15:44:29    --------    d-----w-    C:\NVIDIA
2013-08-15 09:51:23    224256    ----a-w-    C:\Windows\System32\wintrust.dll
2013-08-15 09:51:23    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-08-15 09:51:23    1472512    ----a-w-    C:\Windows\System32\crypt32.dll
2013-08-15 09:51:23    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-08-15 09:51:23    1166848    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-08-15 09:51:22    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-08-15 09:51:22    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-08-15 09:51:22    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-08-15 09:42:33    15168    ----a-w-    C:\Windows\System32\drivers\nvflash.sys
2013-08-14 16:27:23    23680    ----a-w-    C:\Windows\System32\drivers\IOMap64.sys
2013-08-14 16:25:38    --------    d-----w-    C:\Program Files (x86)\ASUS
2013-08-14 16:24:28    --------    d-----w-    C:\Windows\Downloaded Installations
2013-08-14 16:19:29    12427240    ----a-w-    C:\Windows\SysWow64\nvd3dum.dll
2013-08-14 16:19:23    13411896    ----a-w-    C:\Windows\SysWow64\nvwgf2um.dll
2013-08-14 16:19:01    2597856    ----a-w-    C:\Windows\SysWow64\nvapi.dll
2013-08-14 15:32:51    884512    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-08-14 15:32:51    6496544    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-08-14 15:32:51    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-08-14 15:32:51    3514656    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-08-14 15:32:51    3253909    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-08-14 15:32:51    2557800    ----a-w-    C:\Windows\System32\nvsvcr.dll
2013-08-14 15:32:51    237856    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-08-14 15:32:17    61216    ----a-w-    C:\Windows\System32\OpenCL.dll
2013-08-14 15:32:17    53024    ----a-w-    C:\Windows\SysWow64\OpenCL.dll
2013-08-14 15:31:20    --------    d-----w-    C:\ProgramData\NVIDIA Corporation
2013-08-14 15:29:56    --------    d-----w-    C:\Program Files\NVIDIA Corporation
2013-08-09 10:32:32    --------    d-----w-    C:\Program Files (x86)\Common Files\Steam
2013-08-05 13:41:34    --------    d-----w-    C:\Users\patrick\AppData\Roaming\TS3Client
2013-08-05 13:40:52    --------    d-----w-    C:\Users\patrick\AppData\Local\TeamSpeak 3 Client
.
==================== Find3M  ====================
.
2013-07-26 05:13:37    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-07-26 05:12:08    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-24 11:23:06    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-24 11:23:06    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-19 01:58:42    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-07-19 01:41:01    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-07-09 06:03:30    5550528    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-07-09 05:51:16    1217024    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-07-09 05:03:34    3968960    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34    3913664    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33    663552    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-07-09 04:45:07    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-07-06 06:03:53    1910208    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-23 22:48:30    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-23 22:48:27    867240    ----a-w-    C:\Windows\SysWow64\npdeployJava1.dll
2013-06-23 22:48:27    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-06-21 04:16:02    566048    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2013-06-15 04:32:16    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
2013-06-05 03:34:27    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-06-04 06:00:13    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-04 04:53:07    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
.
============= FINISH: 18:35:52.65 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/03/2011 15:35:43
System Uptime: 27/08/2013 18:29:21 (0 hours ago)
.
Motherboard: FOXCONN |  | ETON
Processor: Pentium® Dual-Core  CPU      E5300  @ 2.60GHz | CPU 1 | 1197/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 110.078 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.202 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Trend Micro WFP Callout Driver
Device ID: ROOT\LEGACY_TMWFP\0000
Manufacturer:
Name: Trend Micro WFP Callout Driver
PNP Device ID: ROOT\LEGACY_TMWFP\0000
Service: tmwfp
.
==== System Restore Points ===================
.
RP451: 18/08/2013 19:00:09 - Windows Backup
RP452: 25/08/2013 19:00:07 - Windows Backup
RP453: 27/08/2013 17:53:04 - Removed Vegas Pro 9.0 (64-bit)
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.6
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Software Update
ASUS GPU Tweak
Bandisoft MPEG-1 Decoder
CCleaner
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
D3DX10
DirectX for Managed Code Update (Summer 2004)
DivX Setup
Dragon Nest Europe
Dragon Nest SEA
Fiesta
FormatFactory 2.60
Hardware Diagnostic Tools
Hewlett-Packard ACLM.NET v1.2.1.1
HP Advisor
HP Customer Experience Enhancements
HP Games
HP Odometer
HP Product Detection
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
Intel® Graphics Media Accelerator Driver
Java 7 Update 25
Java Auto Updater
Junk Mail filter update
LabelPrint
LightScribe System Software
LockHunter version 1.0 beta 3, 64 bit edition
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft XNA Framework Redistributable 3.1
Movie Maker
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
NewBlue 3D Transformations for Windows
NewBlue Art Effects for Windows
NewBlue Film Effects for Windows
NewBlue Motion Effects for Windows
NVIDIA 3D Vision Controller Driver 320.49
NVIDIA 3D Vision Driver 320.49
NVIDIA Control Panel 320.49
NVIDIA GeForce Experience 1.5
NVIDIA Graphics Driver 320.49
NVIDIA HD Audio Driver 1.3.24.2
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 4.11.9
NVIDIA Update Components
Pando Media Booster
Photo Common
Photo Gallery
Power2Go
PowerDirector
PowerRecover
Premiumplay Codec-C
PunkBuster Services
QuickTime
REACTOR
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
RPS CRT
S4 League_EU
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype™ 6.5
Square Enix Secure Launcher
swMSM
TeamSpeak 3 Client
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VC80CRTRedist - 8.0.50727.6195
Viewpoint Media Player
Virgin Media Security
Virgin Media Service Manager 4.1.16
VLC media player 2.0.7
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.00 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
27/08/2013 18:31:22, Error: Service Control Manager [7000]  - The Trend Micro WFP Callout Driver service failed to start due to the following error:  The system cannot find the file specified.
27/08/2013 18:30:14, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891
27/08/2013 18:30:14, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:  %%-2147024891
27/08/2013 18:29:53, Error: Service Control Manager [7000]  - The Trend Micro WFP Callout Driver service failed to start due to the following error:  There are no more endpoints available from the endpoint mapper.
27/08/2013 18:29:49, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
27/08/2013 18:29:49, Error: Service Control Manager [7003]  - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
27/08/2013 18:29:46, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
27/08/2013 16:34:21, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.
27/08/2013 16:34:21, Error: Service Control Manager [7000]  - The HP Support Assistant Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 

[MrCharlie]

I need to see the log from RogueKiller....MrC

[PBrennan]

RogueKiller V8.6.6 _x64_ [Aug 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : patrick [Admin rights]
Mode : Scan -- Date : 08/27/2013 18:47:19
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[ZeroAccess][sERVICE] ???etadpug -- "C:\Program Files (x86)\Google\Desktop\Install\{1c8ab970-e51f-83fd-cbc1-15dd08805ff5}\   \...\???ﯹ๛\{1c8ab970-e51f-83fd-cbc1-15dd08805ff5}\GoogleUpdate.exe" < [x] -> STOPPED

¤¤¤ Registry Entries : 11 ¤¤¤
[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\patrick\AppData\Local\Google\Desktop\Install\{1c8ab970-e51f-83fd-cbc1-15dd08805ff5}\?��?��?��\?��?��?��\???ﯹ๛\{1c8ab970-e51f-83fd-cbc1-15dd08805ff5}\GoogleUpdate.exe" >) -> FOUND
[RUN][ZeroAccess] HKUS\S-1-5-21-3333678210-4272229022-2186303503-1000\[...]\Run : Google Update ("C:\Users\patrick\AppData\Local\Google\Desktop\Install\{1c8ab970-e51f-83fd-cbc1-15dd08805ff5}\?��?��?��\?��?��?��\???ﯹ๛\{1c8ab970-e51f-83fd-cbc1-15dd08805ff5}\GoogleUpdate.exe" >) -> FOUND
[sERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{1c8ab970-e51f-83fd-cbc1-15dd08805ff5}\   \...\???ﯹ๛\{1c8ab970-e51f-83fd-cbc1-15dd08805ff5}\GoogleUpdate.exe" < [x]) -> FOUND
[sERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{1c8ab970-e51f-83fd-cbc1-15dd08805ff5}\   \...\???ﯹ๛\{1c8ab970-e51f-83fd-cbc1-15dd08805ff5}\GoogleUpdate.exe" < [x]) -> FOUND
[sERVICE][ZeroAccess] HKLM\[...]\CS002\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{1c8ab970-e51f-83fd-cbc1-15dd08805ff5}\   \...\???ﯹ๛\{1c8ab970-e51f-83fd-cbc1-15dd08805ff5}\GoogleUpdate.exe" < [x]) -> FOUND
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HID SVC][Hidden from API] HKLM\[...]\CCSet\[...]\Services : . e () -> FOUND
[HID SVC][Hidden from API] HKLM\[...]\CS001\[...]\Services : . e () -> FOUND
[HID SVC][Hidden from API] HKLM\[...]\CS002\[...]\Services : . e () -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][sUSP PATH] SymInstallStub.job : C:\Users\patrick\AppData\Local\Temp\SymInstallStub.exe - /partnerid=realnw /productlist=nss /staging=false /delay=0 /affid=RPLR /desktopshortcut=1 /startmenushortcut=1 /task [x] -> FOUND
[V2][sUSP PATH] SymInstallStub : C:\Users\patrick\AppData\Local\Temp\SymInstallStub.exe - /partnerid=realnw /productlist=nss /staging=false /delay=0 /affid=RPLR /desktopshortcut=1 /startmenushortcut=1 /task [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_32\Desktop.ini [-] --> FOUND
[ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_64\Desktop.ini [-] --> FOUND
[ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Folder] Install : C:\Users\patrick\AppData\Local\Google\Desktop\Install [-] --> FOUND

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAJS-60M0A0 ATA Device +++++
--- User ---

 

 

 

sorry i forgot to add it

[MrCharlie]

Please read the following information first.

 

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system)

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

[PBrennan]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-08-2013 03
Ran by patrick (administrator) on 27-08-2013 19:11:46
Running from C:\Users\patrick\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Windows\SysWOW64\ASGT.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Virgin Media) C:\Program Files (x86)\Virgin Media\Virgin Media Security\10.0.38.58308\RpsSecurityAwareR.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Radialpoint SafeCare Inc.) C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\patrick\AppData\Local\Akamai\netsession_win.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Akamai Technologies, Inc.) C:\Users\patrick\AppData\Local\Akamai\netsession_win.exe
(Virgin Media) C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Virgin Media) C:\Program Files (x86)\Virgin Media\Virgin Media Security\10.0.38.58308\Rps.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM-x32\...\RunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer [194912 2013-05-06] (DivX, LLC)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\patrick\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-22] ()
HKCU\...\Run: [Google Update*] -  [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
MountPoints2: G - G:\SETUP.EXE
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [serviceManager.exe] - C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe [10200376 2011-11-16] (Virgin Media)
HKLM-x32\...\Run: [Virgin Media Security] - C:\Program Files (x86)\Virgin Media\Virgin Media Security\10.0.38.58308\RPS.exe [269480 2011-12-09] (Virgin Media)
HKLM-x32\...\Run: [ROC_ROC_NT] - "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT [x]
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [TkBellExe] - c:\program files (x86)\real\realplayer\Update\realsched.exe [295072 2013-01-05] (RealNetworks, Inc.)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
AppInit_DLLs:    [0 ] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
URLSearchHook: (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -  No File
URLSearchHook: (No Name) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} -  No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {55761E70-F99E-4BA0-AAA9-A824C3D2FEC8} URL = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {9E49F4F0-D0CA-4245-8C3E-3D8AF0BE50ED} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb
SearchScopes: HKLM - {C4F61C0E-1D2D-4B14-A33B-B22A023F1D22} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {55761E70-F99E-4BA0-AAA9-A824C3D2FEC8} URL = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9E49F4F0-D0CA-4245-8C3E-3D8AF0BE50ED} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb
SearchScopes: HKLM-x32 - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
SearchScopes: HKLM-x32 - {C4F61C0E-1D2D-4B14-A33B-B22A023F1D22} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&AF=100789&babsrc=SP_ss&mntrId=ece9c8db0000000000000026553c3b97
SearchScopes: HKCU - {2DAF1984-4644-4F04-A7D5-195BBDCFB3EB} URL = http://start.funmoods.com/results.php?f=4&a=bf4&q={searchTerms}
SearchScopes: HKCU - {55761E70-F99E-4BA0-AAA9-A824C3D2FEC8} URL = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {9E49F4F0-D0CA-4245-8C3E-3D8AF0BE50ED} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
SearchScopes: HKCU - {C4F61C0E-1D2D-4B14-A33B-B22A023F1D22} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
BHO: No Name - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -  No File
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
Toolbar: HKCU - No Name - {CD90BF73-20F6-44EF-993D-BB920303BD2E} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: HKLM-x32 {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/it/uno1/GAME_UNO1.cab
DPF: HKLM-x32 {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.110.0.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\patrick\AppData\Roaming\Mozilla\Firefox\Profiles\yuw4jvma.default
FF user.js: detected! => C:\Users\patrick\AppData\Roaming\Mozilla\Firefox\Profiles\yuw4jvma.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @radialpoint.com/SPA,version=1 - C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll ()
FF Plugin-x32: @radialpoint.com/SPA,version=1 - C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @viewpoint.com/VMP - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin HKCU: @coreonline.com/run3d,version=1.0 - C:\Users\patrick\AppData\LocalLow\Square Enix\nprun3d.dll (Square Enix)
FF Extension: translator - C:\Users\patrick\AppData\Roaming\Mozilla\Firefox\Profiles\yuw4jvma.default\Extensions\translator@zoli.bod.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKCU\...\Firefox\Extensions: [{4340308e-3e37-4dd7-9192-8cf05ce9c9f2}] C:\Program Files (x86)\LyriXeeker\130.xpi

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] ()
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4004328 2011-04-05] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-08-11] ()
R2 Radialpoint Security Services; C:\Program Files (x86)\Virgin Media\Virgin Media Security\10.0.38.58308\RpsSecurityAwareR.exe [154632 2011-12-09] (Virgin Media)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 ServicepointService; C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe [10310968 2011-11-16] (Radialpoint SafeCare Inc.)
S3 xsherlock; C:\Windows\SysWow64\xsherlock.xem [675936 2012-08-29] (Wellbia.com Co., Ltd.)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{1c8ab970-e51f-83fd-cbc1-15dd08805ff5}\   \...\???\{1c8ab970-e51f-83fd-cbc1-15dd08805ff5}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 1394hub; C:\Windows\SysWow64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-23] (ASUSTeK Computer Inc.)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-23] (ASUSTeK Computer Inc.)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4774 2012-02-01] (INCA Internet Co., Ltd.)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [194640 2010-09-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
S2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [339536 2010-09-17] (Trend Micro Inc.)
S3 dump_wmimmc; \??\C:\Program Files (x86)\EA Sports\Fifa Online 2\GameGuard\dump_wmimmc.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S3 rak; \??\C:\Game\SoftnyxGame\RakionIS\Bin\rakion64.sys [x]
S3 wanatw; system32\DRIVERS\wanatw64.sys [x]
S3 X6va003; \??\C:\Users\patrick\AppData\Local\Temp\0035026.tmp [x]
S3 X6va005; \??\C:\Users\patrick\AppData\Local\Temp\0058B82.tmp [x]
S3 X6va006; \??\C:\Users\patrick\AppData\Local\Temp\006F881.tmp [x]
S3 X6va008; \??\C:\Users\patrick\AppData\Local\Temp\0083B2B.tmp [x]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [x]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-27 19:10 - 2013-08-27 19:10 - 01579024 _____ (Farbar) C:\Users\patrick\Desktop\FRST64.exe
2013-08-27 18:47 - 2013-08-27 18:47 - 00005749 _____ C:\Users\patrick\Desktop\RKreport[0]_S_08272013_184719.txt
2013-08-27 18:44 - 2013-08-27 18:48 - 00000000 ____D C:\Users\patrick\Desktop\RK_Quarantine
2013-08-27 18:44 - 2013-08-27 18:44 - 03814400 _____ C:\Users\patrick\Desktop\RogueKillerX64.exe
2013-08-27 18:36 - 2013-08-27 18:36 - 00021441 _____ C:\Users\patrick\Desktop\DDS1.txt
2013-08-27 18:36 - 2013-08-27 18:36 - 00009405 _____ C:\Users\patrick\Desktop\Attach1.txt
2013-08-27 18:36 - 2013-08-27 18:36 - 00009405 _____ C:\Users\patrick\Desktop\attach.txt
2013-08-27 18:36 - 2013-08-27 18:35 - 00021441 _____ C:\Users\patrick\Desktop\dds.txt
2013-08-27 18:02 - 2013-08-27 18:02 - 00688992 ____R (Swearware) C:\Users\patrick\Desktop\dds.com
2013-08-27 15:02 - 2013-08-27 15:02 - 00001119 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-27 15:02 - 2013-08-27 15:02 - 00000000 ____D C:\Users\patrick\AppData\Roaming\Malwarebytes
2013-08-27 15:01 - 2013-08-27 15:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-27 15:01 - 2013-08-27 15:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-27 15:01 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-26 13:08 - 2013-08-26 13:16 - 630364010 _____ C:\Users\patrick\Downloads\[Commie] Hotarubi no Mori e [bD 1080p AAC] [52244604].mkv
2013-08-25 21:37 - 2013-08-27 15:19 - 00000000 _____ C:\Windows\DCEBOOT.LOG
2013-08-25 21:35 - 2013-08-27 14:34 - 00012800 _____ C:\Windows\DCEBoot64.exe
2013-08-25 21:35 - 2013-08-27 14:34 - 00002388 _____ C:\Windows\DCEBOOT.CFG
2013-08-25 17:34 - 2013-08-25 17:34 - 00000000 ____D C:\Users\patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec
2013-08-25 17:34 - 2013-08-25 17:34 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
2013-08-25 11:40 - 2013-08-27 18:29 - 00003348 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3333678210-4272229022-2186303503-1000
2013-08-25 11:40 - 2013-08-27 18:29 - 00003218 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3333678210-4272229022-2186303503-1000
2013-08-21 20:05 - 2013-08-21 20:05 - 00000000 ____D C:\Users\patrick\AppData\Roaming\NVIDIA
2013-08-17 12:25 - 2013-08-17 12:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 11:43 - 2013-08-16 11:43 - 00000000 ____D C:\Program Files (x86)\Stunlock Studios
2013-08-15 23:19 - 2013-07-26 06:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 23:19 - 2013-07-26 06:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 23:19 - 2013-07-26 06:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 23:19 - 2013-07-26 06:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 23:19 - 2013-07-26 06:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 23:19 - 2013-07-26 06:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 23:19 - 2013-07-26 06:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 23:19 - 2013-07-26 06:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 23:19 - 2013-07-26 06:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 23:19 - 2013-07-26 06:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 23:19 - 2013-07-26 06:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 23:19 - 2013-07-26 06:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 23:19 - 2013-07-26 06:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 23:19 - 2013-07-26 06:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 23:19 - 2013-07-26 04:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 23:19 - 2013-07-26 04:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 23:19 - 2013-07-26 04:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 23:19 - 2013-07-26 04:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 23:19 - 2013-07-26 04:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 23:19 - 2013-07-26 04:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 23:19 - 2013-07-26 04:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 23:19 - 2013-07-26 04:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 23:19 - 2013-07-26 04:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 23:19 - 2013-07-26 04:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 23:19 - 2013-07-26 04:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 23:19 - 2013-07-26 04:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 23:19 - 2013-07-26 04:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 23:19 - 2013-07-26 04:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 23:19 - 2013-07-26 03:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 23:19 - 2013-07-26 03:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 23:19 - 2013-07-26 02:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 16:59 - 2013-08-15 16:59 - 00000000 ____D C:\Users\patrick\AppData\Local\NVIDIA
2013-08-15 16:52 - 2013-08-15 16:52 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-08-15 16:47 - 2013-06-21 13:06 - 27781920 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-08-15 16:47 - 2013-06-21 13:06 - 21102368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-08-15 16:47 - 2013-06-21 13:06 - 11235104 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-08-15 16:47 - 2013-06-21 13:06 - 07641832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-08-15 16:47 - 2013-06-21 13:06 - 06324360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-08-15 16:47 - 2013-06-21 13:06 - 00925648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-08-15 16:47 - 2013-06-21 13:06 - 00266448 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-08-15 16:47 - 2013-06-21 13:06 - 00218592 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-08-15 16:47 - 2013-06-21 13:06 - 00214448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-08-15 16:47 - 2013-06-21 13:06 - 00181488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-08-15 16:47 - 2013-06-21 13:06 - 00021578 _____ C:\Windows\system32\nvinfo.pb
2013-08-15 16:47 - 2013-02-25 06:27 - 00194848 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2013-08-15 16:47 - 2013-02-25 06:27 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2013-08-15 16:46 - 2013-06-21 13:06 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-08-15 16:46 - 2013-06-21 13:06 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-08-15 16:46 - 2013-06-21 13:06 - 15144928 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-08-15 16:46 - 2013-06-21 13:06 - 09239344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-08-15 16:46 - 2013-06-21 13:06 - 07687592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-08-15 16:46 - 2013-06-21 13:06 - 02953504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-08-15 16:46 - 2013-06-21 13:06 - 02777888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-08-15 16:46 - 2013-06-21 13:06 - 02363680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-08-15 16:46 - 2013-06-21 13:06 - 02002720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-08-15 16:46 - 2013-06-21 13:06 - 01832224 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432049.dll
2013-08-15 16:46 - 2013-06-21 13:06 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432049.dll
2013-08-15 16:46 - 2013-06-21 13:06 - 00572704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-08-15 16:46 - 2013-06-21 13:06 - 00570656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-08-15 16:46 - 2013-06-21 13:06 - 00467232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-08-15 16:46 - 2013-06-21 13:06 - 00465184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-08-15 16:44 - 2013-08-15 16:44 - 00000000 ____D C:\NVIDIA
2013-08-15 10:51 - 2013-07-09 06:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 10:51 - 2013-07-09 06:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 10:51 - 2013-07-09 06:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 10:51 - 2013-07-09 06:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 10:51 - 2013-07-09 05:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 10:51 - 2013-07-09 05:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 10:51 - 2013-07-09 05:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 10:51 - 2013-07-09 05:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 10:50 - 2013-07-25 10:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 10:50 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 10:50 - 2013-07-19 02:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 10:50 - 2013-07-19 02:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 10:50 - 2013-07-09 07:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 10:50 - 2013-07-09 06:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 10:50 - 2013-07-09 06:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 10:50 - 2013-07-09 06:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 10:50 - 2013-07-09 06:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 10:50 - 2013-07-09 06:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 10:50 - 2013-07-09 05:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 10:50 - 2013-07-09 05:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 10:50 - 2013-07-09 05:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 10:50 - 2013-07-09 03:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 10:50 - 2013-07-09 03:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 10:50 - 2013-07-09 03:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 10:50 - 2013-07-09 03:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 10:50 - 2013-07-06 07:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 10:50 - 2013-06-15 05:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-15 10:42 - 2012-03-10 09:58 - 00015168 _____ C:\Windows\system32\Drivers\nvflash.sys
2013-08-14 17:27 - 2010-02-23 07:46 - 00023680 _____ (ASUSTeK Computer Inc.) C:\Windows\system32\Drivers\IOMap64.sys
2013-08-14 17:25 - 2013-08-14 17:25 - 00001049 _____ C:\Users\Public\Desktop\ASUS GPU Tweak.lnk
2013-08-14 17:25 - 2013-08-14 17:25 - 00000032 _____ C:\setup.log
2013-08-14 17:25 - 2013-08-14 17:25 - 00000000 ____D C:\Users\patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS
2013-08-14 17:25 - 2013-08-14 17:25 - 00000000 ____D C:\Program Files (x86)\ASUS
2013-08-14 17:24 - 2013-08-14 17:24 - 00000000 ____D C:\Windows\Downloaded Installations
2013-08-14 17:19 - 2013-06-21 13:06 - 13411896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-08-14 17:19 - 2013-06-21 13:06 - 12427240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-08-14 17:19 - 2013-06-21 13:06 - 02597856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-08-14 16:33 - 2013-08-27 18:29 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-14 16:33 - 2013-08-14 16:33 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-08-14 16:32 - 2013-06-21 13:06 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2013-08-14 16:32 - 2013-06-21 13:06 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2013-08-14 16:32 - 2013-06-21 11:23 - 06496544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-08-14 16:32 - 2013-06-21 11:23 - 03514656 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-08-14 16:32 - 2013-06-21 11:23 - 00884512 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-08-14 16:32 - 2013-06-21 11:23 - 00237856 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-08-14 16:32 - 2013-06-21 11:23 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-08-14 16:32 - 2013-06-20 05:17 - 03253909 _____ C:\Windows\system32\nvcoproc.bin
2013-08-14 16:32 - 2012-08-30 17:18 - 02557800 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-08-14 16:31 - 2013-08-15 16:57 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-08-14 16:29 - 2013-08-15 16:48 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-08-09 11:56 - 2013-08-12 20:12 - 00037060 _____ C:\Windows\DirectX.log
2013-08-07 11:52 - 2013-08-07 11:52 - 00002137 _____ C:\Users\patrick\Desktop\Dragon Nest Europe.lnk
2013-08-05 14:41 - 2013-08-21 14:07 - 00000000 ____D C:\Users\patrick\AppData\Roaming\TS3Client
2013-08-05 14:41 - 2013-08-05 14:41 - 00000000 ____D C:\Users\patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2013-08-05 14:40 - 2013-08-07 11:09 - 00000000 ____D C:\Users\patrick\AppData\Local\TeamSpeak 3 Client

==================== One Month Modified Files and Folders =======

2013-08-27 19:11 - 2013-08-27 19:11 - 00000000 ____D C:\FRST
2013-08-27 19:10 - 2013-08-27 19:10 - 01579024 _____ (Farbar) C:\Users\patrick\Desktop\FRST64.exe
2013-08-27 19:06 - 2012-05-08 13:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-27 19:05 - 2011-12-07 02:01 - 00000000 ____D C:\Users\patrick\AppData\Roaming\Skype
2013-08-27 19:00 - 2013-02-22 15:12 - 00000000 ____D C:\Users\patrick\AppData\Local\PMB Files
2013-08-27 18:57 - 2011-03-12 16:58 - 00000000 ____D C:\ProgramData\Radialpoint
2013-08-27 18:48 - 2013-08-27 18:44 - 00000000 ____D C:\Users\patrick\Desktop\RK_Quarantine
2013-08-27 18:47 - 2013-08-27 18:47 - 00005749 _____ C:\Users\patrick\Desktop\RKreport[0]_S_08272013_184719.txt
2013-08-27 18:44 - 2013-08-27 18:44 - 03814400 _____ C:\Users\patrick\Desktop\RogueKillerX64.exe
2013-08-27 18:41 - 2012-01-22 14:49 - 00000000 ____D C:\Users\patrick\AppData\Roaming\Radialpoint
2013-08-27 18:39 - 2009-07-14 05:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-27 18:39 - 2009-07-14 05:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-27 18:36 - 2013-08-27 18:36 - 00021441 _____ C:\Users\patrick\Desktop\DDS1.txt
2013-08-27 18:36 - 2013-08-27 18:36 - 00009405 _____ C:\Users\patrick\Desktop\Attach1.txt
2013-08-27 18:36 - 2013-08-27 18:36 - 00009405 _____ C:\Users\patrick\Desktop\attach.txt
2013-08-27 18:35 - 2013-08-27 18:36 - 00021441 _____ C:\Users\patrick\Desktop\dds.txt
2013-08-27 18:29 - 2013-08-25 11:40 - 00003348 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3333678210-4272229022-2186303503-1000
2013-08-27 18:29 - 2013-08-25 11:40 - 00003218 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3333678210-4272229022-2186303503-1000
2013-08-27 18:29 - 2013-08-14 16:33 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-27 18:29 - 2012-10-23 12:11 - 00050731 _____ C:\Windows\setupact.log
2013-08-27 18:29 - 2012-10-23 12:10 - 01755490 _____ C:\Windows\PFRO.log
2013-08-27 18:29 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-27 18:16 - 2011-03-14 10:33 - 00005449 _____ C:\Users\patrick\Desktop\ANIMES WATCHED.txt
2013-08-27 18:05 - 2011-03-12 16:52 - 00000000 ____D C:\Users\patrick\AppData\Roaming\Adobe
2013-08-27 18:02 - 2013-08-27 18:02 - 00688992 ____R (Swearware) C:\Users\patrick\Desktop\dds.com
2013-08-27 17:58 - 2011-03-12 18:32 - 00000000 ____D C:\Users\patrick\AppData\Roaming\BitTorrent
2013-08-27 15:19 - 2013-08-25 21:37 - 00000000 _____ C:\Windows\DCEBOOT.LOG
2013-08-27 15:18 - 2012-01-29 19:44 - 00000000 ____D C:\Users\patrick\AppData\Local\TempDIR
2013-08-27 15:02 - 2013-08-27 15:02 - 00001119 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-27 15:02 - 2013-08-27 15:02 - 00000000 ____D C:\Users\patrick\AppData\Roaming\Malwarebytes
2013-08-27 15:02 - 2013-08-27 15:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-27 15:01 - 2013-08-27 15:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-27 14:34 - 2013-08-25 21:35 - 00012800 _____ C:\Windows\DCEBoot64.exe
2013-08-27 14:34 - 2013-08-25 21:35 - 00002388 _____ C:\Windows\DCEBOOT.CFG
2013-08-27 01:15 - 2011-03-12 19:00 - 00000000 ____D C:\Users\patrick\Documents\Any Video Converter Professional
2013-08-26 13:25 - 2011-05-16 15:33 - 00000000 ____D C:\Users\patrick\AppData\Roaming\vlc
2013-08-26 13:16 - 2013-08-26 13:08 - 630364010 _____ C:\Users\patrick\Downloads\[Commie] Hotarubi no Mori e [bD 1080p AAC] [52244604].mkv
2013-08-26 00:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-08-25 21:35 - 2011-03-12 17:26 - 00000000 ____D C:\Users\patrick\AppData\Local\Google
2013-08-25 21:35 - 2011-03-12 17:26 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-25 17:34 - 2013-08-25 17:34 - 00000000 ____D C:\Users\patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec
2013-08-25 17:34 - 2013-08-25 17:34 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
2013-08-25 17:34 - 2012-10-23 11:25 - 01343436 _____ C:\Windows\WindowsUpdate.log
2013-08-24 21:51 - 2012-09-05 09:49 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForpatrick
2013-08-24 21:51 - 2012-09-05 09:49 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForpatrick.job
2013-08-21 20:05 - 2013-08-21 20:05 - 00000000 ____D C:\Users\patrick\AppData\Roaming\NVIDIA
2013-08-21 14:07 - 2013-08-05 14:41 - 00000000 ____D C:\Users\patrick\AppData\Roaming\TS3Client
2013-08-20 21:50 - 2011-11-22 19:45 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-08-20 21:50 - 2011-03-13 17:01 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-08-20 21:49 - 2011-03-13 16:58 - 00000000 ____D C:\Users\patrick\AppData\Roaming\HpUpdate
2013-08-20 21:49 - 2011-03-13 16:58 - 00000000 ____D C:\Users\patrick\AppData\Roaming\HP Support Assistant
2013-08-18 10:27 - 2012-10-23 12:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-18 00:09 - 2011-12-04 20:30 - 00780358 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-08-18 00:09 - 2009-07-14 06:13 - 00780358 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-17 12:26 - 2013-08-17 12:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 11:43 - 2013-08-16 11:43 - 00000000 ____D C:\Program Files (x86)\Stunlock Studios
2013-08-15 23:14 - 2013-07-24 12:17 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 23:09 - 2011-04-14 10:57 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 16:59 - 2013-08-15 16:59 - 00000000 ____D C:\Users\patrick\AppData\Local\NVIDIA
2013-08-15 16:57 - 2013-08-14 16:31 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-08-15 16:56 - 2012-08-11 18:06 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-08-15 16:52 - 2013-08-15 16:52 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-08-15 16:48 - 2013-08-14 16:29 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-08-15 16:44 - 2013-08-15 16:44 - 00000000 ____D C:\NVIDIA
2013-08-15 12:33 - 2012-01-04 14:10 - 00000000 ____D C:\Users\patrick\Desktop\JSZWBHKUCX
2013-08-15 11:43 - 2012-09-11 14:34 - 00000000 ____D C:\Users\patrick\AppData\Roaming\Awesomium
2013-08-14 17:25 - 2013-08-14 17:25 - 00001049 _____ C:\Users\Public\Desktop\ASUS GPU Tweak.lnk
2013-08-14 17:25 - 2013-08-14 17:25 - 00000032 _____ C:\setup.log
2013-08-14 17:25 - 2013-08-14 17:25 - 00000000 ____D C:\Users\patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS
2013-08-14 17:25 - 2013-08-14 17:25 - 00000000 ____D C:\Program Files (x86)\ASUS
2013-08-14 17:25 - 2009-09-23 22:04 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-14 17:24 - 2013-08-14 17:24 - 00000000 ____D C:\Windows\Downloaded Installations
2013-08-14 16:33 - 2013-08-14 16:33 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-08-14 16:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2013-08-14 15:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Resources
2013-08-13 16:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-12 20:12 - 2013-08-09 11:56 - 00037060 _____ C:\Windows\DirectX.log
2013-08-09 14:40 - 2011-03-12 16:35 - 00000000 ____D C:\Users\patrick
2013-08-07 11:52 - 2013-08-07 11:52 - 00002137 _____ C:\Users\patrick\Desktop\Dragon Nest Europe.lnk
2013-08-07 11:52 - 2013-02-22 16:16 - 00000000 ____D C:\Users\patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eFusion
2013-08-07 11:47 - 2013-02-22 16:03 - 00000000 ____D C:\Program Files (x86)\eFusion
2013-08-07 11:32 - 2013-02-22 15:12 - 00000000 ____D C:\ProgramData\PMB Files
2013-08-07 11:09 - 2013-08-05 14:40 - 00000000 ____D C:\Users\patrick\AppData\Local\TeamSpeak 3 Client
2013-08-05 14:41 - 2013-08-05 14:41 - 00000000 ____D C:\Users\patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2013-08-01 10:05 - 2009-07-14 06:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-31 10:29 - 2011-03-12 16:51 - 00000552 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Files to move or delete:
====================
ZeroAccess:
C:\Users\patrick\AppData\Local\Google\Desktop\Install\{1c8ab970-e51f-83fd-cbc1-15dd08805ff5}
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install\{1c8ab970-e51f-83fd-cbc1-15dd08805ff5}
C:\Users\patrick\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\patrick\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\patrick\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\patrick\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\patrick\AppData\Local\Temp\nvStInst.exe
C:\Users\patrick\AppData\Local\Temp\{594179c1-8e7b-44cd-bef4-36e19f62fcf5}\SteamWrapper.dll
C:\Users\patrick\AppData\Local\Temp\scoped_dir29096\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj\1.0_0\nprpspa.dll
C:\Users\patrick\AppData\Local\Temp\scoped_dir29096\Default\Extensions\kolgnaidildmdbfgdnoapjdianbpajne\1.0.5_0\chromeNPAPI.dll
C:\Users\patrick\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\Setup.exe
C:\Users\patrick\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupEngine.dll
C:\Users\patrick\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUi.dll
C:\Users\patrick\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUtility.exe
C:\Users\patrick\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\sqmapi.dll
C:\Users\patrick\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3082\SetupResources.dll
C:\Users\patrick\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3076\SetupResources.dll
C:\Users\patrick\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2070\SetupResources.dll
C:\Users\patrick\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2052\SetupResources.dll
C:\Users\patrick\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1055\SetupResources.dll
C:\Users\patrick\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1053\SetupResources.dll
C:\Users\patrick\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1049\SetupResources.dll
C:\Users\patrick\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1046\SetupResources.dll
C:\Users\patrick\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1045\SetupResources.dll
C:\Users\patrick\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1044\SetupResources.dll
C:\Users\patrick\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1043\SetupResources.dll
C:\Users\patrick\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1042\SetupResources.dll
C:\Users\patrick\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1041\SetupResources.dll
C:\Users\patrick\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1040\SetupResources.dll
C:\Users\patrick\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1038\SetupResources.dll
C:\Users\patrick\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1037\SetupResources.dll
C:\Users\patrick\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1036\SetupResources.dll
C:\Users\patrick\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1035\SetupResources.dll
C:\Users\patrick\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1033\SetupResources.dll
C:\Users\patrick\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1032\SetupResources.dll
C:\Users\patrick\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1031\SetupResources.dll
C:\Users\patrick\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1030\SetupResources.dll
C:\Users\patrick\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1029\SetupResources.dll
C:\Users\patrick\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1028\SetupResources.dll
C:\Users\patrick\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1025\SetupResources.dll
C:\Users\patrick\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-08-22 15:23

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-08-2013 03
Ran by patrick at 2013-08-27 19:13:53
Running from C:\Users\patrick\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638)
Akamai NetSession Interface (HKCU)
Akamai NetSession Interface Service (x32)
Apple Application Support (x32 Version: 2.1.5)
Apple Software Update (x32 Version: 2.1.3.127)
ASUS GPU Tweak (x32 Version: 2.2.8.1)
Bandisoft MPEG-1 Decoder (x32)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
CyberLink DVD Suite Deluxe (x32 Version: 6.0.3101)
D3DX10 (x32 Version: 15.4.2368.0902)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904)
DivX Setup (x32 Version: 2.6.1.44)
Dragon Nest Europe (x32)
Dragon Nest SEA (x32 Version: 1.25.0000)
eaner (Version: 3.16)
Fiesta (x32 Version: 10.0.0349)
FormatFactory 2.60 (x32 Version: 2.60)
Hardware Diagnostic Tools (Version: 6.0.5205.31)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP Advisor (x32 Version: 3.2.8946.3086)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Games (x32 Version: 1.0.0.71)
HP Odometer (x32 Version: 2.10.0000)
HP Product Detection (x32 Version: 11.14.0001)
HP Remote Solution (x32 Version: 1.1.9.0)
HP Setup (x32 Version: 1.2.3220.3079)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Support Information (x32 Version: 10.1.0002)
HP Update (x32 Version: 5.001.000.014)
Intel® Graphics Media Accelerator Driver
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Junk Mail filter update (x32 Version: 16.4.3505.0912)
LabelPrint (x32 Version: 2.5.1901)
LightScribe System Software (x32 Version: 1.18.5.1)
LockHunter version 1.0 beta 3, 64 bit edition
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 9.7.0621)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)
Movie Maker (x32 Version: 16.4.3505.0912)
Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
NewBlue 3D Transformations for Windows (x32 Version: 1.4)
NewBlue Art Effects for Windows (x32 Version: 2.4)
NewBlue Film Effects for Windows (x32 Version: 1.4)
NewBlue Motion Effects for Windows (x32 Version: 2.4)
NVIDIA 3D Vision Controller Driver 320.49 (Version: 320.49)
NVIDIA 3D Vision Driver 320.49 (Version: 320.49)
NVIDIA Control Panel 320.49 (Version: 320.49)
NVIDIA GeForce Experience 1.5 (Version: 1.5)
NVIDIA Graphics Driver 320.49 (Version: 320.49)
NVIDIA HD Audio Driver 1.3.24.2 (Version: 1.3.24.2)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA PhysX (x32 Version: 9.13.0604)
NVIDIA PhysX System Software 9.13.0604 (Version: 9.13.0604)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049)
NVIDIA Update 4.11.9 (Version: 4.11.9)
NVIDIA Update Components (Version: 4.11.9)
Pando Media Booster (x32 Version: 2.6.0.8)
Photo Gallery (x32 Version: 16.4.3505.0912)
Power2Go (x32 Version: 6.0.3101)
PowerDirector (x32 Version: 7.0.3101)
PowerRecover (x32 Version: 5.5.1923)
Premiumplay Codec-C (x32 Version: 1.6.146.147)
PunkBuster Services (x32 Version: 0.993)
QuickTime (x32 Version: 7.71.80.42)
REACTOR (x32 Version: 1.00.0000)
RealDownloader (x32 Version: 1.3.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0)
RealPlayer (x32 Version: 16.0.0)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5882)
RealUpgrade 1.1 (x32 Version: 1.1.0)
RPS CRT (x32 Version: 9.0.34)
S4 League_EU (x32 Version: 1.00.0000)
Skype™ 6.5 (x32 Version: 6.5.158)
Square Enix Secure Launcher (HKCU Version: 1.0.0.108)
swMSM (x32 Version: 12.0.0.1)
TeamSpeak 3 Client (HKCU Version: 3.0.11.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Viewpoint Media Player (x32)
Virgin Media Security (Version: 3.0)
Virgin Media Security (Version: 3.00)
Virgin Media Security (x32 Version: 10.0.38)
Virgin Media Service Manager 4.1.16 (x32 Version: 4.1.16)
VLC media player 2.0.7 (x32 Version: 2.0.7)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Mail (x32 Version: 16.4.3505.0912)
Windows Live Messenger (x32 Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
Windows Live Writer (x32 Version: 16.4.3505.0912)
Windows Live Writer Resources (x32 Version: 16.4.3505.0912)
WinRAR 4.00 (64-bit) (Version: 4.00.0)

==================== Restore Points  =========================

18-08-2013 18:00:09 Windows Backup
25-08-2013 18:00:07 Windows Backup
27-08-2013 16:53:04 Removed Vegas Pro 9.0 (64-bit)

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {08B6B89F-D573-446F-AB98-7BA1BAAA7A1F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {0E4580F5-1B4B-499C-A1FF-E3942F4460AB} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {17976B65-5EEE-4C0F-A987-5411395E7C9A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {1E482A0B-DA26-45BB-9E45-934DD220F3E9} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3333678210-4272229022-2186303503-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {281E1A03-235C-4AEC-B8D5-6C94CBEFDD27} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3333678210-4272229022-2186303503-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {3DB2F037-B55B-452D-92D8-3AE945E6ED89} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {517267AB-DEC6-4A98-9B1E-B07CCDDA4E40} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {55A7751B-AD5F-4383-A0E6-CEF5E36A2DBC} - System32\Tasks\RunOW => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe No File
Task: {60985371-F45F-4891-AB8A-7DE69ACA1B40} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {9B003C91-5FDF-419C-8EA0-7D04F73DD420} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-24] (Adobe Systems Incorporated)
Task: {A675865A-71AC-4E8C-93BA-FDA2B6A5A330} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3333678210-4272229022-2186303503-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {C3A43322-8F8E-42CA-8414-AB1C8FE054B0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {C96A34D7-6F4D-45D4-B975-9CFA3401750D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-07-29] (Hewlett-Packard)
Task: {CB0A4592-6CA6-41A8-B05A-A92AF58F7E03} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3333678210-4272229022-2186303503-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {CE07F991-9ECC-4AF5-95D4-55DFC055261A} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe No File
Task: {D3C94110-5798-4912-B721-9E04F963520B} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {DD90CCD9-D838-4E3D-9C4C-A8DFBBFB5786} - System32\Tasks\HPCeeScheduleForpatrick => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {DF0F4EF8-FF65-4F5F-9821-CB84073E96D2} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {F6C48C8D-8D84-48F6-83DD-428C91BEB977} - System32\Tasks\SymInstallStub => C:\Users\patrick\AppData\Local\Temp\SymInstallStub.exe No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForpatrick.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe
Task: C:\Windows\Tasks\SymInstallStub.job => C:\Users\patrick\AppData\Local\Temp\SymInstallStub.exe

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\Temp:661DFA1C
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1


==================== Faulty Device Manager Devices =============

Name: Trend Micro WFP Callout Driver
Description: Trend Micro WFP Callout Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tmwfp
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/27/2013 02:37:54 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 7fc

Start Time: 01cea31a3649b4f2

Termination Time: 16

Application Path: C:\Windows\Explorer.EXE

Report Id: b1997d7d-0f1d-11e3-aff5-0026553c3b97

Error: (08/27/2013 02:36:43 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 23.0.1.4974, time stamp: 0x520bc1d5
Faulting module name: mozalloc.dll, version: 23.0.1.4974, time stamp: 0x520ba12c
Exception code: 0x80000003
Fault offset: 0x00001988
Faulting process id: 0xd68
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (08/27/2013 02:36:42 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 23.0.1.4974 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e78

Start Time: 01cea32a552c2a0a

Termination Time: 82

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: b0a1854c-0f1d-11e3-aff5-0026553c3b97

Error: (08/27/2013 01:35:11 PM) (Source: Application Hang) (User: )
Description: The program DragonNest.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11a4

Start Time: 01cea3219f7b8bf9

Termination Time: 382

Application Path: C:\Program Files (x86)\eFusion\Dragon Nest Europe\DragonNest.exe

Report Id:

Error: (08/27/2013 06:12:40 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/26/2013 01:17:15 AM) (Source: Microsoft-Windows-Defrag) (User: )
Description: The volume COMPAQ (C:) was not defragmented because an error was encountered: This element already exists in the table. All entries in the table must be unique. (0x89000014)

Error: (08/26/2013 00:51:24 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2013 06:02:51 PM) (Source: Application Hang) (User: )
Description: The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 188c

Start Time: 01cea1b4d7dbd450

Termination Time: 50

Application Path: C:\Windows\explorer.exe

Report Id: 2b22fe05-0da8-11e3-9473-0026553c3b97

Error: (08/25/2013 06:02:12 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 7c8

Start Time: 01cea17f7f9943e4

Termination Time: 13

Application Path: C:\Windows\Explorer.EXE

Report Id: 13064e73-0da8-11e3-9473-0026553c3b97

Error: (08/23/2013 01:40:04 PM) (Source: Application Hang) (User: )
Description: The program DragonNest.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e9c

Start Time: 01ce9ffd5f3a21a3

Termination Time: 0

Application Path: C:\Program Files (x86)\eFusion\Dragon Nest Europe\DragonNest.exe

Report Id:


System errors:
=============
Error: (08/27/2013 06:31:22 PM) (Source: Service Control Manager) (User: )
Description: The Trend Micro WFP Callout Driver service failed to start due to the following error:
%%2

Error: (08/27/2013 06:30:14 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (08/27/2013 06:30:14 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/27/2013 06:29:53 PM) (Source: Service Control Manager) (User: )
Description: The Trend Micro WFP Callout Driver service failed to start due to the following error:
%%1753

Error: (08/27/2013 06:29:49 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (08/27/2013 06:29:49 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/27/2013 06:29:46 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (08/27/2013 04:34:21 PM) (Source: Service Control Manager) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%1053

Error: (08/27/2013 04:34:21 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.

Error: (08/27/2013 04:33:31 PM) (Source: Service Control Manager) (User: )
Description: The Trend Micro WFP Callout Driver service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (08/27/2013 02:37:54 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.175677fc01cea31a3649b4f216C:\Windows\Explorer.EXEb1997d7d-0f1d-11e3-aff5-0026553c3b97

Error: (08/27/2013 02:36:43 PM) (Source: Application Error)(User: )
Description: plugin-container.exe23.0.1.4974520bc1d5mozalloc.dll23.0.1.4974520ba12c8000000300001988d6801cea32a603a9541C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllb5415c53-0f1d-11e3-aff5-0026553c3b97

Error: (08/27/2013 02:36:42 PM) (Source: Application Hang)(User: )
Description: firefox.exe23.0.1.4974e7801cea32a552c2a0a82C:\Program Files (x86)\Mozilla Firefox\firefox.exeb0a1854c-0f1d-11e3-aff5-0026553c3b97

Error: (08/27/2013 01:35:11 PM) (Source: Application Hang)(User: )
Description: DragonNest.exe1.0.0.111a401cea3219f7b8bf9382C:\Program Files (x86)\eFusion\Dragon Nest Europe\DragonNest.exe

Error: (08/27/2013 06:12:40 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe

Error: (08/26/2013 01:17:15 AM) (Source: Microsoft-Windows-Defrag)(User: )
Description: COMPAQ (C:)This element already exists in the table. All entries in the table must be unique. (0x89000014)

Error: (08/26/2013 00:51:24 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe

Error: (08/25/2013 06:02:51 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.1.7601.17567188c01cea1b4d7dbd45050C:\Windows\explorer.exe2b22fe05-0da8-11e3-9473-0026553c3b97

Error: (08/25/2013 06:02:12 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.175677c801cea17f7f9943e413C:\Windows\Explorer.EXE13064e73-0da8-11e3-9473-0026553c3b97

Error: (08/23/2013 01:40:04 PM) (Source: Application Hang)(User: )
Description: DragonNest.exe1.0.0.1e9c01ce9ffd5f3a21a30C:\Program Files (x86)\eFusion\Dragon Nest Europe\DragonNest.exe


CodeIntegrity Errors:
===================================
  Date: 2012-10-16 21:28:38.485
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system.

  Date: 2012-10-16 21:28:38.423
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system.

  Date: 2012-02-02 13:00:15.155
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system.

  Date: 2012-02-02 13:00:15.124
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system.

  Date: 2012-02-02 13:00:15.093
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system.

  Date: 2012-02-02 13:00:15.062
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system.

  Date: 2012-02-02 12:59:43.534
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system.

  Date: 2012-02-02 12:59:43.503
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system.

  Date: 2012-02-02 12:59:43.472
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system.

  Date: 2012-02-02 12:59:43.425
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 4095.24 MB
Available physical RAM: 2272.8 MB
Total Pagefile: 8188.67 MB
Available Pagefile: 6191.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:285.51 GB) (Free:109.9 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.48 GB) (Free:2.2 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=286 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[MrCharlie]

Download the attached fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

[PBrennan]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-08-2013 03
Ran by patrick at 2013-08-27 20:11:20 Run:1
Running from C:\Users\patrick\Desktop\New folder
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [Google Update*] -  [x]
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{1c8ab970-e51f-83fd-cbc1-15dd08805ff5}\   \...\???\{1c8ab970-e51f-83fd-cbc1-15dd08805ff5}\GoogleUpdate.exe"
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Users\patrick\AppData\Local\Google\Desktop\Install\{1c8ab970-e51f-83fd-cbc1-15dd08805ff5}
C:\Program Files (x86)\Google\Desktop\Install\{1c8ab970-e51f-83fd-cbc1-15dd08805ff5}
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
*etadpug => Service deleted successfully.
C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.
C:\Users\patrick\AppData\Local\Google\Desktop\Install\{1c8ab970-e51f-83fd-cbc1-15dd08805ff5} => Moved successfully.
C:\Program Files (x86)\Google\Desktop\Install\{1c8ab970-e51f-83fd-cbc1-15dd08805ff5} => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

==== End of Fixlog ====

[PBrennan]

i dont get it it said there was non found so there was no need for a cleanup ? and how do i check if internet access windows update windows firewall are working normal ?

mbar-log-2013-08-27 (20-14-05).txt

system-log.txt

[MrCharlie]

Don't worry about it right now.

Please create a new system restore point before running ComboFix.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[PBrennan]

ComboFix 13-08-27.02 - patrick 27/08/2013  22:01:03.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4095.2388 [GMT 1:00]
Running from: c:\users\patrick\Desktop\ComboFix.exe
AV: Virgin Media Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: Trend Micro Firewall Booster *Enabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
SP: Virgin Media Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\patrick\AppData\Local\TempDIR
c:\users\patrick\Documents\MOO1A42.tmp
c:\users\patrick\Documents\MOO296D.tmp
c:\users\patrick\Documents\MOO2A94.tmp
c:\users\patrick\Documents\MOO9688.tmp
c:\users\patrick\Documents\MOOFE90.tmp
c:\windows\PFRO.log
c:\windows\SysWow64\Dump
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-27 to 2013-08-27  )))))))))))))))))))))))))))))))
.
.
2013-08-27 19:13 . 2013-08-27 19:36    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-27 18:11 . 2013-08-27 18:11    --------    d-----w-    C:\FRST
2013-08-27 14:02 . 2013-08-27 14:02    --------    d-----w-    c:\users\patrick\AppData\Roaming\Malwarebytes
2013-08-27 14:01 . 2013-08-27 14:01    --------    d-----w-    c:\programdata\Malwarebytes
2013-08-27 14:01 . 2013-08-27 14:02    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-27 14:01 . 2013-04-04 13:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-08-25 20:35 . 2013-08-27 13:34    12800    ----a-w-    c:\windows\DCEBoot64.exe
2013-08-25 16:34 . 2013-08-25 16:34    --------    d-----w-    c:\program files (x86)\x264 Video Codec
2013-08-21 19:05 . 2013-08-21 19:05    --------    d-----w-    c:\users\patrick\AppData\Roaming\NVIDIA
2013-08-16 10:43 . 2013-08-16 10:43    --------    d-----w-    c:\program files (x86)\Stunlock Studios
2013-08-15 15:59 . 2013-08-15 15:59    --------    d-----w-    c:\users\patrick\AppData\Local\NVIDIA
2013-08-15 15:52 . 2013-08-15 15:52    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2013-08-15 15:47 . 2013-02-25 05:27    31520    ----a-w-    c:\windows\system32\nvhdap64.dll
2013-08-15 15:47 . 2013-02-25 05:27    194848    ----a-w-    c:\windows\system32\drivers\nvhda64v.sys
2013-08-15 15:47 . 2013-06-21 12:06    925648    ----a-w-    c:\windows\SysWow64\nvumdshim.dll
2013-08-15 15:47 . 2013-06-21 12:06    7641832    ----a-w-    c:\windows\system32\nvopencl.dll
2013-08-15 15:47 . 2013-06-21 12:06    6324360    ----a-w-    c:\windows\SysWow64\nvopencl.dll
2013-08-15 15:47 . 2013-06-21 12:06    27781920    ----a-w-    c:\windows\system32\nvoglv64.dll
2013-08-15 15:47 . 2013-06-21 12:06    21102368    ----a-w-    c:\windows\SysWow64\nvoglv32.dll
2013-08-15 15:47 . 2013-06-21 12:06    218592    ----a-w-    c:\windows\system32\nvoglshim64.dll
2013-08-15 15:47 . 2013-06-21 12:06    181488    ----a-w-    c:\windows\SysWow64\nvoglshim32.dll
2013-08-15 15:47 . 2013-06-21 12:06    266448    ----a-w-    c:\windows\system32\nvinitx.dll
2013-08-15 15:47 . 2013-06-21 12:06    214448    ----a-w-    c:\windows\SysWow64\nvinit.dll
2013-08-15 15:47 . 2013-06-21 12:06    11235104    ----a-w-    c:\windows\system32\drivers\nvlddmkm.sys
2013-08-15 15:44 . 2013-08-15 15:44    --------    d-----w-    C:\NVIDIA
2013-08-15 09:51 . 2013-07-09 05:52    224256    ----a-w-    c:\windows\system32\wintrust.dll
2013-08-15 09:51 . 2013-07-09 05:46    1472512    ----a-w-    c:\windows\system32\crypt32.dll
2013-08-15 09:51 . 2013-07-09 04:52    175104    ----a-w-    c:\windows\SysWow64\wintrust.dll
2013-08-15 09:51 . 2013-07-09 04:46    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-08-15 09:51 . 2013-07-09 04:46    1166848    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-08-15 09:51 . 2013-07-09 05:46    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-08-15 09:51 . 2013-07-09 05:46    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-08-15 09:51 . 2013-07-09 04:46    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-08-15 09:42 . 2012-03-10 08:58    15168    ----a-w-    c:\windows\system32\drivers\nvflash.sys
2013-08-14 16:27 . 2010-02-23 06:46    23680    ----a-w-    c:\windows\system32\drivers\IOMap64.sys
2013-08-14 16:25 . 2013-08-14 16:25    --------    d-----w-    c:\program files (x86)\ASUS
2013-08-14 16:24 . 2013-08-14 16:24    --------    d-----w-    c:\windows\Downloaded Installations
2013-08-14 16:19 . 2013-06-21 12:06    12427240    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2013-08-14 16:19 . 2013-06-21 12:06    13411896    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2013-08-14 16:19 . 2013-06-21 12:06    2597856    ----a-w-    c:\windows\SysWow64\nvapi.dll
2013-08-14 15:33 . 2013-08-17 10:32    --------    d-----w-    c:\users\UpdatusUser
2013-08-14 15:33 . 2013-08-27 21:12    --------    d-----w-    c:\programdata\NVIDIA
2013-08-14 15:32 . 2013-06-21 10:23    6496544    ----a-w-    c:\windows\system32\nvcpl.dll
2013-08-14 15:32 . 2013-06-21 10:23    3514656    ----a-w-    c:\windows\system32\nvsvc64.dll
2013-08-14 15:32 . 2013-06-21 10:23    884512    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-08-14 15:32 . 2013-06-21 10:23    63776    ----a-w-    c:\windows\system32\nvshext.dll
2013-08-14 15:32 . 2013-06-21 10:23    237856    ----a-w-    c:\windows\system32\nvmctray.dll
2013-08-14 15:32 . 2013-06-20 04:17    3253909    ----a-w-    c:\windows\system32\nvcoproc.bin
2013-08-14 15:32 . 2012-08-30 16:18    2557800    ----a-w-    c:\windows\system32\nvsvcr.dll
2013-08-14 15:32 . 2013-06-21 12:06    61216    ----a-w-    c:\windows\system32\OpenCL.dll
2013-08-14 15:32 . 2013-06-21 12:06    53024    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2013-08-14 15:31 . 2013-08-15 15:57    --------    d-----w-    c:\programdata\NVIDIA Corporation
2013-08-14 15:29 . 2013-08-15 15:48    --------    d-----w-    c:\program files\NVIDIA Corporation
2013-08-09 11:00 . 2013-08-09 11:00    --------    d-----w-    c:\program files (x86)\Microsoft.NET
2013-08-09 10:32 . 2013-08-09 10:43    --------    d-----w-    c:\program files (x86)\Common Files\Steam
2013-08-05 13:41 . 2013-08-21 13:07    --------    d-----w-    c:\users\patrick\AppData\Roaming\TS3Client
2013-08-05 13:40 . 2013-08-07 10:09    --------    d-----w-    c:\users\patrick\AppData\Local\TeamSpeak 3 Client
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-25 16:34 . 2013-08-25 16:34    225280    ----a-w-    c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
2013-08-15 22:09 . 2011-04-14 09:57    78161360    ----a-w-    c:\windows\system32\MRT.exe
2013-07-24 11:23 . 2012-05-08 12:50    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-24 11:23 . 2012-05-08 12:50    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-09 04:45 . 2013-08-15 09:50    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-06-23 22:48 . 2013-06-23 22:48    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-23 22:48 . 2012-06-25 20:32    867240    ----a-w-    c:\windows\SysWow64\npdeployJava1.dll
2013-06-23 22:48 . 2011-03-13 11:04    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-06-21 12:06 . 2013-02-25 23:32    2936208    ----a-w-    c:\windows\system32\nvapi64.dll
2013-06-21 12:06 . 2013-02-25 23:32    1059560    ----a-w-    c:\windows\system32\nvumdshimx.dll
2013-06-21 12:06 . 2013-02-25 23:32    15920536    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2013-06-21 04:16 . 2013-06-21 04:16    566048    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2013-06-05 03:34 . 2013-07-10 21:14    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 21:15    624128    ----a-w-    c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 21:15    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\patrick\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-02-22 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"ServiceManager.exe"="c:\program files (x86)\Virgin Media\Service Manager\ServiceManager.exe" [2011-11-16 10200376]
"Virgin Media Security"="c:\program files (x86)\Virgin Media\Virgin Media Security\10.0.38.58308\RPS.exe" [2011-12-09 269480]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-01-05 295072]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\EA Sports\Fifa Online 2\GameGuard\dump_wmimmc.sys;c:\program files (x86)\EA Sports\Fifa Online 2\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 rak;rak;c:\game\SoftnyxGame\RakionIS\Bin\rakion64.sys;c:\game\SoftnyxGame\RakionIS\Bin\rakion64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va003;X6va003;c:\users\patrick\AppData\Local\Temp\0035026.tmp;c:\users\patrick\AppData\Local\Temp\0035026.tmp [x]
R3 X6va005;X6va005;c:\users\patrick\AppData\Local\Temp\0058B82.tmp;c:\users\patrick\AppData\Local\Temp\0058B82.tmp [x]
R3 X6va006;X6va006;c:\users\patrick\AppData\Local\Temp\006F881.tmp;c:\users\patrick\AppData\Local\Temp\006F881.tmp [x]
R3 X6va008;X6va008;c:\users\patrick\AppData\Local\Temp\0083B2B.tmp;c:\users\patrick\AppData\Local\Temp\0083B2B.tmp [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R3 X6va010;X6va010;c:\windows\SysWOW64\Drivers\X6va010;c:\windows\SysWOW64\Drivers\X6va010 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
R3 X6va013;X6va013;c:\windows\SysWOW64\Drivers\X6va013;c:\windows\SysWOW64\Drivers\X6va013 [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem;c:\windows\SYSNATIVE\xsherlock.xem [x]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys;c:\windows\SYSNATIVE\DRIVERS\tmlwf.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe;c:\windows\SysWOW64\ASGT.exe [x]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Radialpoint Security Services;Virgin Media Security;c:\program files (x86)\Virgin Media\Virgin Media Security\10.0.38.58308\RpsSecurityAwareR.exe;c:\program files (x86)\Virgin Media\Virgin Media Security\10.0.38.58308\RpsSecurityAwareR.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 ServicepointService;ServicepointService;c:\program files (x86)\Virgin Media\Service Manager\ServicepointService.exe;c:\program files (x86)\Virgin Media\Service Manager\ServicepointService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\tmwfp.sys [x]
S3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys;c:\windows\SYSNATIVE\drivers\IOMap64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai    REG_MULTI_SZ       Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 11:23]
.
2013-08-24 c:\windows\Tasks\HPCeeScheduleForpatrick.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 22:15]
.
2013-07-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-24 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-24 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-24 365592]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\patrick\AppData\Roaming\Mozilla\Firefox\Profiles\yuw4jvma.default\
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
URLSearchHooks-{cd90bf73-20f6-44ef-993d-bb920303bd2e} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-ROC_ROC_NT - c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
Toolbar-10 - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{CD90BF73-20F6-44EF-993D-BB920303BD2E} - (no file)
ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file)
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\patrick\AppData\Local\Temp\0035026.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\patrick\AppData\Local\Temp\0058B82.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\patrick\AppData\Local\Temp\006F881.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\users\patrick\AppData\Local\Temp\0083B2B.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va010]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va013]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va013"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,16,b4,f9,6b,64,6f,6c,49,bc,45,f4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,16,b4,f9,6b,64,6f,6c,49,bc,45,f4,\
.
[HKEY_USERS\S-1-5-21-3333678210-4272229022-2186303503-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3333678210-4272229022-2186303503-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2013-08-27  22:23:45 - machine was rebooted
ComboFix-quarantined-files.txt  2013-08-27 21:23
.
Pre-Run: 120,036,311,040 bytes free
Post-Run: 121,501,306,880 bytes free
.
- - End Of File - - 1674B667336EE5B97E1F31C7D4A7A0A2
286988BCF668A1B8D57B9EDECC820636
 

 

 

 

 

i tried to disable virgin media security but when i started combofix it said it was still activated even tho i thought i turned it of so i dont no if iv messed it up somehow :s i didnt get any the message u highlighted in red that could have appeared

[MrCharlie]

Looks Good.....Next:

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.

  Vista/Windows 7/8 users right-click and select Run As Administrator

• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
• Copy and paste the contents of that logfile in your next reply.
• A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

If you agree with everything listed to be removed in the folders section...........

Double click on AdwCleaner.exe to run the tool again.

• Click on the Scan button.
• AdwCleaner will begin to scan your computer like it did before.
• After the scan has finished...
• This time click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[PBrennan]

# AdwCleaner v3.001 - Report created 27/08/2013 at 22:56:26
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : patrick - PATRICK-PC
# Running from : C:\Users\patrick\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\patrick\AppData\Roaming\Mozilla\Firefox\Profiles\yuw4jvma.default\user.js
Folder Found C:\Program Files (x86)\Viewpoint
Folder Found C:\Program Files (x86)\Windows iLivid Toolbar
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\InstallMate
Folder Found C:\ProgramData\Premium
Folder Found C:\ProgramData\Uniblue\DriverScanner
Folder Found C:\ProgramData\Viewpoint
Folder Found C:\Users\patrick\AppData\Local\Babylon
Folder Found C:\Users\patrick\AppData\Local\Conduit
Folder Found C:\Users\patrick\AppData\Local\Ilivid Player
Folder Found C:\Users\patrick\AppData\Local\Linkury
Folder Found C:\Users\patrick\AppData\Local\PackageAware
Folder Found C:\Users\patrick\AppData\LocalLow\BabylonToolbar
Folder Found C:\Users\patrick\AppData\LocalLow\boost_interprocess
Folder Found C:\Users\patrick\AppData\LocalLow\Conduit
Folder Found C:\Users\patrick\AppData\LocalLow\ConduitEngine
Folder Found C:\Users\patrick\AppData\LocalLow\PriceGong
Folder Found C:\Users\patrick\AppData\LocalLow\searchquband
Folder Found C:\Users\patrick\AppData\Roaming\iWin

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\lyrixeeker
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\Blabbers
Key Found : HKCU\Software\BrowserCompanion
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\SearchCore for Browsers
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Blabbers
Key Found : [x64] HKCU\Software\BrowserCompanion
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\SearchCore for Browsers
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BrowserCompanion
Key Found : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Found : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\driverscanner
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Key Found : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kolgnaidildmdbfgdnoapjdianbpajne
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_veoh_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_veoh_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-messenger[1]_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-messenger[1]_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-messenger_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-messenger_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Viewpoint
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : [x64] HKLM\SOFTWARE\SearchCore for Browsers
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\patrick\AppData\Roaming\Mozilla\Firefox\Profiles\yuw4jvma.default\prefs.js ]

Line Found : user_pref("plugin.blocklisted.npviewpoint", true);

*************************

AdwCleaner[R0].txt - [8605 octets] - [27/08/2013 22:56:26]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8665 octets] ##########
 

[MrCharlie]

That's all adware...clean it up....MrC

[PBrennan]

# AdwCleaner v3.001 - Report created 27/08/2013 at 23:00:29
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : patrick - PATRICK-PC
# Running from : C:\Users\patrick\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Uniblue\DriverScanner
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\Program Files (x86)\Windows iLivid Toolbar
Folder Deleted : C:\Users\patrick\AppData\Local\Babylon
Folder Deleted : C:\Users\patrick\AppData\Local\Conduit
Folder Deleted : C:\Users\patrick\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\patrick\AppData\Local\Linkury
Folder Deleted : C:\Users\patrick\AppData\Local\PackageAware
Folder Deleted : C:\Users\patrick\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\patrick\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\patrick\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\patrick\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\patrick\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\patrick\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\patrick\AppData\Roaming\iWin
File Deleted : C:\Users\patrick\AppData\Roaming\Mozilla\Firefox\Profiles\yuw4jvma.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kolgnaidildmdbfgdnoapjdianbpajne
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_veoh_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_veoh_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-messenger[1]_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-messenger[1]_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-messenger_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-messenger_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Blabbers
Key Deleted : HKCU\Software\BrowserCompanion
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\SearchCore for Browsers
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\lyrixeeker
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BrowserCompanion
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : [x64] HKLM\SOFTWARE\SearchCore for Browsers

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\patrick\AppData\Roaming\Mozilla\Firefox\Profiles\yuw4jvma.default\prefs.js ]

Line Deleted : user_pref("plugin.blocklisted.npviewpoint", true);

*************************

AdwCleaner[R0].txt - [8805 octets] - [27/08/2013 22:56:26]
AdwCleaner[R1].txt - [8865 octets] - [27/08/2013 22:59:47]
AdwCleaner[s0].txt - [8350 octets] - [27/08/2013 23:00:29]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8410 octets] ##########
 

[PBrennan]

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.27.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
patrick :: PATRICK-PC [administrator]

27/08/2013 23:07:32
mbam-log-2013-08-27 (23-07-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 248432
Time elapsed: 8 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

[MrCharlie]

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• If you get Unsupported operating system. Aborting now, just reboot and try again.
• A Notepad document should open automatically called checkup.txt.
• Please Post the contents of that document.
• Do Not Attach It!!!

MrC

[PBrennan]

sorry that i didnt do this laste night time was getting on for me

 

 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Virgin Media Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 25  
 Adobe Flash Player 11.8.800.94  
 Mozilla Firefox (23.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Trend Micro AMSP coreServiceShell.exe  
 Trend Micro UniClient UiFrmWrk uiWatchDog.exe
 Trend Micro AMSP coreFrameworkHost.exe  
 Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

[MrCharlie]

That looks OK.....

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used FRST:

Download the fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

That will delete the quarantine folder created by FRST.

-----------------------------

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTC to your desktop.

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.