Solved Hi, I have a couple trojans and can't get rid of them

Status
Not open for further replies.
CyberNerd

CyberNerd

Posts: 16   +0
Hey guys, I've had some problems for a few days now, rarely ever had any viruses before and was always able to dig them out with AVG and MBAM but this time, no dice.. After a few google searches I've realised it's one of these ones with no generic cure-all solution and was wondering if any of you could help me please?

The suspected source: I think it probably came from an odd codec pack I had to download to watch a movie which never even worked anyway.

Signs: Nothings hugely bad that I know of has happened to me yet in terms of card details, but I keep on getting tabs open automatically on Chrome and going to various adware websites. And of course constant popups from AVG telling me I have a problem, but that it cannot fix it.

What I've tried: Ran AVG quick and full scans, it always finds a virus but isn't able to remove it because it's connected to essential system files. It often wants to restart after attempting to remove any viruses, trojans or rootkits it finds, but to no avail.
I have also tried running AVG in safe mode, it didn't do anything.
Also used MBAM repeatedly on quick or short scans, it's been fully updated.and each time finds 3 infections and asks to restart the computer which I allow but when I scan again afterwards the infections remain untouched.

The most common AVG popup names the virus as "Win64/Patched.A" but and I can't remember which of the two programs it was that informed me of the other infections, but they are at "C:\Windows\assembly\GAC_32 [also another with GAC_64] \Desktop.ini"

I had a look instructions to other people and saw that each time the solution was unique to their computer, but I've followed all the preliminary steps found at https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/ and will post my logs below.

Thank you so very much to anyone who can help me
- Brendan
 
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.12.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Brendan :: STEAMSERVER-X [administrator]

12/12/2012 08:13:43
mbam-log-2012-12-12 (08-21-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207475
Time elapsed: 5 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.
C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839}\U\000000cb.@ (Rootkit.0Access) -> No action taken.
C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839}\U\80000032.@ (Rootkit.0Access) -> No action taken.

(end)
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455
Run by Brendan at 8:29:34 on 2012-12-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.4094.1435 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\Explorer.EXE
C:\Windows\vsnpstd3.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Games\Steam\Steam.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Users\Brendan\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Brendan\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar64.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
uRun: [Google Update] "C:\Users\Brendan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Games\Steam\steam.exe" -silent
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Facebook Update] "C:\Users\Brendan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [tsnpstd3] C:\Windows\tsnpstd3.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
StartupFolder: C:\Users\Brendan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Brendan\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Brendan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Brendan\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{C7D145B4-9CC4-4157-88EB-FA808DE6BE17} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{CC3ADE3A-3396-4628-BFBC-95FC5155CD3F} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{CE0766CF-E08B-4B02-BDD1-814310B9DD39} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{CE0766CF-E08B-4B02-BDD1-814310B9DD39}\3497265627E4562746F513333373 : DHCPNameServer = 192.168.33.1
TCP: Interfaces\{CE0766CF-E08B-4B02-BDD1-814310B9DD39}\3497265627E4562746F593838353 : DHCPNameServer = 192.168.33.1
TCP: Interfaces\{CE0766CF-E08B-4B02-BDD1-814310B9DD39}\6796277696E6D65646961673535323831373 : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{CE0766CF-E08B-4B02-BDD1-814310B9DD39}\6796277696E6D65646961683731353237313 : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [snpstd3] C:\Windows\vsnpstd3.exe
x64-Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
x64-Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2012-9-16 26624]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-28 239616]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 193288]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-11-15 7329648]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-11-15 719216]
R2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe [2012-9-16 167936]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 DKRtWrt;DKRtWrt;C:\Windows\System32\drivers\DKRtWrt.sys [2012-7-9 44624]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-7-10 180224]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2012-9-16 1924096]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\NETGEAR\WNDA3200\jswpsapi.exe [2012-9-16 954368]
S3 SaiK0CEA;SaiK0CEA;C:\Windows\System32\drivers\SaiK0CEA.sys [2008-4-4 129024]
S3 SaiU0CEA;SaiU0CEA;C:\Windows\System32\drivers\SaiU0CEA.sys [2008-4-4 34432]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-2-14 59392]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2012-11-15 18288]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-19 1255736]
.
=============== Created Last 30 ================
.
2012-12-09 16:03:30--------d-sh--w-C:\Windows\SysWow64\%APPDATA%
2012-12-09 16:00:26--------d-----w-C:\Program Files (x86)\Combined Community Codec Pack
2012-12-09 15:58:44--------d-----w-C:\Program Files\MPC-HC
2012-12-09 15:57:25220160----a-w-C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
2012-12-09 15:57:11--------d-----w-C:\Program Files (x86)\Mega Codec Pack
2012-11-23 01:23:14--------d-----w-C:\Users\Brendan\AppData\Local\BeamDog
2012-11-21 22:53:40--------d-----w-C:\Program Files (x86)\NVIDIA Corporation
2012-11-19 18:39:58--------d-----w-C:\Users\Brendan\AppData\Roaming\e-academy Inc
2012-11-19 18:39:58--------d-----w-C:\Users\Brendan\AppData\Local\e-academy Inc
2012-11-16 15:45:47--------d-----w-C:\Users\Brendan\AppData\Roaming\com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1
2012-11-16 15:30:59--------d-----w-C:\Users\Brendan\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
2012-11-16 15:30:51--------d-----w-C:\Users\Brendan\AppData\Roaming\Wacom
2012-11-16 15:30:42--------d-----w-C:\ProgramData\Wacom
2012-11-15 12:48:46--------d-----w-C:\Program Files (x86)\Bamboo Dock
2012-11-15 12:46:52--------d-----w-C:\Users\Brendan\AppData\Roaming\WTablet
2012-11-15 12:46:51648560------w-C:\Windows\SysWow64\Pen_Touch_Tablet.dll
2012-11-15 12:46:50755568------w-C:\Windows\System32\Pen_Touch_Tablet.dll
2012-11-15 12:46:38--------d-----w-C:\Program Files (x86)\TabletPlugins
2012-11-15 12:45:5912848----a-w-C:\Windows\System32\drivers\wacommousefilter.sys
2012-11-15 12:45:5016168----a-w-C:\Windows\System32\drivers\wacomvhid.sys
2012-11-15 12:45:4818288----a-w-C:\Windows\System32\drivers\wacmoumonitor.sys
2012-11-15 12:45:44495616------w-C:\Windows\SysWow64\Wintab32.dll
2012-11-15 12:45:43588800------w-C:\Windows\System32\Wintab32.dll
2012-11-15 12:45:42656240------w-C:\Windows\SysWow64\Pen_Tablet.dll
2012-11-15 12:45:41762224------w-C:\Windows\System32\Pen_Tablet.dll
2012-11-15 12:45:25--------d-----w-C:\Program Files\Tablet
2012-11-14 20:38:519728----a-w-C:\Windows\System32\Wdfres.dll
2012-11-14 20:38:51785512----a-w-C:\Windows\System32\drivers\Wdf01000.sys
2012-11-14 20:38:5154376----a-w-C:\Windows\System32\drivers\WdfLdr.sys
2012-11-14 20:38:512560----a-w-C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-14 20:32:4287040----a-w-C:\Windows\System32\drivers\WUDFPf.sys
2012-11-14 20:32:4284992----a-w-C:\Windows\System32\WUDFSvc.dll
2012-11-14 20:32:42198656----a-w-C:\Windows\System32\drivers\WUDFRd.sys
2012-11-14 20:32:42194048----a-w-C:\Windows\System32\WUDFPlatform.dll
2012-11-14 20:32:41744448----a-w-C:\Windows\System32\WUDFx.dll
2012-11-14 20:32:4145056----a-w-C:\Windows\System32\WUDFCoinstaller.dll
2012-11-14 20:32:41229888----a-w-C:\Windows\System32\WUDFHost.exe
2012-11-13 09:25:07--------d-----w-C:\Users\Brendan\AppData\Local\{028DC8E2-CD18-47E0-BDF5-65486B833E21}
2012-11-12 21:24:27--------d-----w-C:\Users\Brendan\AppData\Local\{142AB9C3-AC76-4323-ACBB-BDDAF033CD34}
.
==================== Find3M ====================
.
2012-11-23 01:23:09466456----a-w-C:\Windows\System32\wrap_oal.dll
2012-11-23 01:23:09444952----a-w-C:\Windows\SysWow64\wrap_oal.dll
2012-11-23 01:23:09122904----a-w-C:\Windows\System32\OpenAL32.dll
2012-11-23 01:23:08109080----a-w-C:\Windows\SysWow64\OpenAL32.dll
2012-11-09 11:27:1873656----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-09 11:27:18697272----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-18 18:25:583149824----a-w-C:\Windows\System32\win32k.sys
2012-10-16 08:38:37135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52561664----a-w-C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:1355296----a-w-C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13226816----a-w-C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:3144032----a-w-C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31193536----a-w-C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:032312704----a-w-C:\Windows\System32\jscript9.dll
2012-10-08 11:23:521392128----a-w-C:\Windows\System32\wininet.dll
2012-10-08 11:22:551494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35599040----a-w-C:\Windows\System32\vbscript.dll
2012-10-08 11:13:332382848----a-w-C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:241800704----a-w-C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:031129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:441427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21420864----a-w-C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:562382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:541914248----a-w-C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:2170656----a-w-C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21303104----a-w-C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17246272----a-w-C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:1718944----a-w-C:\Windows\System32\netevent.dll
2012-10-03 17:44:16216576----a-w-C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16569344----a-w-C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:2418944----a-w-C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24175104----a-w-C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23156672----a-w-C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:2645568----a-w-C:\Windows\System32\drivers\tcpipreg.sys
2012-09-29 19:54:2625928----a-w-C:\Windows\System32\drivers\mbam.sys
2012-09-28 15:37:02221696----a-w-C:\Windows\System32\clinfo.exe
2012-09-28 15:36:4475776----a-w-C:\Windows\System32\OpenVideo64.dll
2012-09-28 15:36:4065536----a-w-C:\Windows\SysWow64\OpenVideo.dll
2012-09-28 15:36:3663488----a-w-C:\Windows\System32\OVDecode64.dll
2012-09-28 15:36:3456320----a-w-C:\Windows\SysWow64\OVDecode.dll
2012-09-28 15:36:2432635904----a-w-C:\Windows\System32\amdocl64.dll
2012-09-28 15:32:1627341824----a-w-C:\Windows\SysWow64\amdocl.dll
2012-09-28 02:23:005557928----a-w-C:\Windows\SysWow64\atiumdag.dll
2012-09-28 02:21:2010697216----a-w-C:\Windows\System32\drivers\atikmdag.sys
2012-09-28 02:05:3870144----a-w-C:\Windows\System32\coinst_9.002.dll
2012-09-28 02:03:52163840----a-w-C:\Windows\System32\atiapfxx.exe
2012-09-28 02:02:3051200----a-w-C:\Windows\System32\aticalrt64.dll
2012-09-28 02:02:2846080----a-w-C:\Windows\SysWow64\aticalrt.dll
2012-09-28 02:02:2244544----a-w-C:\Windows\System32\aticalcl64.dll
2012-09-28 02:02:2044032----a-w-C:\Windows\SysWow64\aticalcl.dll
2012-09-28 02:02:0816082432----a-w-C:\Windows\System32\aticaldd64.dll
2012-09-28 01:59:5623825920----a-w-C:\Windows\System32\atio6axx.dll
2012-09-28 01:57:2013703168----a-w-C:\Windows\SysWow64\aticaldd.dll
2012-09-28 01:43:28935424----a-w-C:\Windows\SysWow64\aticfx32.dll
2012-09-28 01:41:401120768----a-w-C:\Windows\System32\aticfx64.dll
2012-09-28 01:41:1419624960----a-w-C:\Windows\SysWow64\atioglxx.dll
2012-09-28 01:39:366536192----a-w-C:\Windows\SysWow64\atidxx32.dll
2012-09-28 01:39:14442368----a-w-C:\Windows\System32\atidemgy.dll
2012-09-28 01:39:08538112----a-w-C:\Windows\System32\atieclxx.exe
2012-09-28 01:38:16239616----a-w-C:\Windows\System32\atiesrxx.exe
2012-09-28 01:36:50120320----a-w-C:\Windows\System32\atitmm64.dll
2012-09-28 01:36:3621504----a-w-C:\Windows\System32\atimuixx.dll
2012-09-28 01:36:3059392----a-w-C:\Windows\System32\atiedu64.dll
2012-09-28 01:36:2643520----a-w-C:\Windows\SysWow64\ati2edxx.dll
2012-09-28 01:31:263127296----a-w-C:\Windows\System32\atiumd6a.dll
2012-09-28 01:25:246704640----a-w-C:\Windows\System32\atiumd64.dll
2012-09-28 01:22:427167488----a-w-C:\Windows\System32\atidxx64.dll
2012-09-28 01:22:302691584----a-w-C:\Windows\SysWow64\atiumdva.dll
2012-09-28 01:13:40595456----a-w-C:\Windows\System32\atiadlxx.dll
2012-09-28 01:13:30405504----a-w-C:\Windows\SysWow64\atiadlxy.dll
2012-09-28 01:13:1617920----a-w-C:\Windows\System32\atig6pxx.dll
2012-09-28 01:13:1214848----a-w-C:\Windows\SysWow64\atiglpxx.dll
2012-09-28 01:13:1214848----a-w-C:\Windows\System32\atiglpxx.dll
2012-09-28 01:13:0841984----a-w-C:\Windows\System32\atig6txx.dll
2012-09-28 01:13:0033280----a-w-C:\Windows\SysWow64\atigktxx.dll
2012-09-28 01:12:5856320----a-w-C:\Windows\System32\atimpc64.dll
2012-09-28 01:12:5856320----a-w-C:\Windows\System32\amdpcom64.dll
2012-09-28 01:12:52460288----a-w-C:\Windows\System32\drivers\atikmpag.sys
2012-09-28 01:12:4856832----a-w-C:\Windows\SysWow64\atimpc32.dll
2012-09-28 01:12:4856832----a-w-C:\Windows\SysWow64\amdpcom32.dll
2012-09-28 01:11:22129536----a-w-C:\Windows\System32\atiuxp64.dll
2012-09-28 01:11:16109568----a-w-C:\Windows\SysWow64\atiuxpag.dll
2012-09-28 01:11:08103424----a-w-C:\Windows\System32\atiu9p64.dll
2012-09-28 01:10:5882944----a-w-C:\Windows\SysWow64\atiu9pag.dll
2012-09-28 01:09:4853248----a-w-C:\Windows\System32\drivers\ati2erec.dll
2012-09-25 22:47:4378336----a-w-C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:1795744----a-w-C:\Windows\System32\synceng.dll
2012-09-24 14:32:24477168----a-w-C:\Windows\SysWow64\npdeployJava1.dll
2012-09-24 14:32:20473072----a-w-C:\Windows\SysWow64\deployJava1.dll
2012-09-14 19:19:292048----a-w-C:\Windows\System32\tzres.dll
2012-09-14 18:28:532048----a-w-C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 8:31:01.81 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 13/02/2012 15:08:29
System Uptime: 12/12/2012 08:24:09 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P7P55D-E
Processor: Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz | LGA1156 | 2660/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 932 GiB total, 266.54 GiB free.
D: is CDROM (UDF)
K: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Age of Empires Online
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Amnesia: The Dark Descent
Assassin's Creed II
µTorrent
AVG 2012
Babel Rising
Baldur's Gate Enhanced Edition
Bamboo
Bamboo Dock
Bastion
Beat Hazard
BioWare Premium Module: Neverwinter Nights(TM) Kingmaker
BIT.TRIP BEAT
BIT.TRIP RUNNER
Blocks That Matter
Boggle
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chantelise
Chime
Combined Community Codec Pack 2011-11-11
Costume Quest
Cubemen
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Deus Ex: Human Revolution
Diskeeper
Diskeeper 2011
DivX Setup
Dreamkiller
Dropbox
Dungeon Defenders
E.Y.E: Divine Cybermancy
Elven Legacy
Facebook Messenger 2.1.4651.0
Facebook Video Calling 1.2.0.287
FINAL FANTASY VII
GIMP 2.6.11
Google Chrome
Guardians of Graxia
Heroes of Might and Magic 3 Complete
HOARD
Java Auto Updater
Java(TM) 6 Update 37
Java(TM) 7 Update 5 (64-bit)
Legend of Grimrock
Livebrush Mini
Lumines Demo
Magic: The Gathering - Duels of the Planeswalkers 2013
Magic: The Gathering — Duels of the Planeswalkers 2012
MagicDisc 2.7.106
Magicka
Majesty Gold HD
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Might and Magic: Clash of Heroes
MPC-HC 1.6.4.6052 (64-bit)
MSVCRT
NEC Electronics USB 3.0 Host Controller Driver
NETGEAR WNDA3200 wireless adapter Setup
Neverwinter Nights
Neverwinter Nights 2: Platinum
Nexus Mod Manager
Notepad++
Nuclear Dawn
NVIDIA PhysX
Of Orcs And Men
OnLive
OpenAL
Orcs Must Die!
Patrician IV: Steam Special Edition
Pharaoh
Portal
Portal 2
Portal 2 - The Final Hours
Project64 1.6
RCRN 3.0.1 - Steam Workshop Optimized
Recettear: An Item Shop's Tale
Sacred Gold
Scrolls
Secure Download Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Smart Technology Programming Software 7.0.2.7
Solar 2
Stacking
Steam
Super Hexagon
Supreme Commander 2
Terraria
The Binding of Isaac
The Elder Scrolls V: Skyrim
Torchlight
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
USB PC Camera Plus
uTorrentControl2 Toolbar
VC80CRTRedist - 8.0.50727.6195
Visual Studio 2008 x64 Redistributables
Warhammer 40,000 Space Marine
Warhammer 40,000: Dawn of War Gold Edition
Warhammer® 40,000™: Dawn of War® II – Retribution™
Waves
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Mobile Device Updater Component
WinRAR 4.10 (64-bit)
Zeno Clash
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
12/12/2012 08:25:28, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
12/12/2012 08:25:28, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/12/2012 08:25:09, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
12/12/2012 08:25:09, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
12/12/2012 08:24:31, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
12/12/2012 08:24:31, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
12/12/2012 08:24:31, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
11/12/2012 22:13:29, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
10/12/2012 14:15:51, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/12/2012 14:15:51, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/12/2012 14:15:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/12/2012 14:15:49, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/12/2012 14:15:49, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/12/2012 14:15:47, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/12/2012 14:15:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/12/2012 14:15:24, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia CSC DfsC discache JSWPSLWF NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
10/12/2012 14:15:24, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/12/2012 14:15:24, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/12/2012 14:15:24, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/12/2012 14:15:24, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/12/2012 14:15:24, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/12/2012 14:15:24, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/12/2012 14:15:24, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/12/2012 14:15:24, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/12/2012 14:15:24, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/12/2012 14:15:24, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/12/2012 12:05:27, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/12/2012 11:50:56, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
09/12/2012 15:44:16, Error: bowser [8003] - The master browser has received a server announcement from the computer ALI-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CC3ADE3A-3396-4628-BFBC-95FC5155CD3F}. The master browser is stopping or an election is being forced.
09/12/2012 14:11:37, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847
07/12/2012 16:30:08, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
07/12/2012 08:22:00, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
.
==== End Of File ===========================
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Farbar Recovery Scan Tool x64

Download Farbar Recovery Scan Tool and save it to a flash drive.


Please make sure to get the 64-bit version

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button. It will do its scan and save a log on your flash drive.
  • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
    frst2.jpg

    When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
  • Type exit in the Command Prompt window and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
 
Hi, thank you so much for responding and helping me, I'm sorry I took a couple days to reply, suddenly had a coursework deadline to meet >_<
I've borrowed a flashdrive from my girlfriend seeing as mine's missing after recently moving, and have put the frst program on there but I can't seem to get to the advanced boot options when I restart my computer. When I press F8 it just gives me a list of sources to boot from.. Trying other options on there but it's hard to see them in time to know which one to do before it keeps loading lol, pretty much fell asleep last night repeatedly restarting the computer trying to catch it.

I'm searching for my Windows disk but as with my flashdrives, it has pulled a magical disappearing act on me. Will try to be more sensible now and keep regularly updating on progress.

Again, thank you so much for helping me man :)
 
Let's see if this will function...

OTLPE + Farbar Recovery Scan Tool

  • Download OTLPENet.exe to your desktop
  • Download Farbar Recovery Scan Tool and save it to a flash drive.
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
    smiley.gif
  • Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy
  • Insert the flash drive with FRST on it
  • Locate the flash drive and run FSRT
  • The tool will start to run.
FRST2.gif

  • When the tool opens click Yes to disclaimer.
  • Press Scan button. It will do its scan and save a log on your flash drive.
  • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
    frst2.jpg

    When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
  • Type exit in the Command Prompt window and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
 
After a thorough inspection of my wardrobe and stack of "random stuff" boxes I managed to finally find the windows disk which was for some reason sitting in a slip with a DS9 DVD O_o

I've done all the instructions now and shall paste the results below, should I still try to get a CD and do this other one with the OTLPen program?

Again, thank you so much for all the help you are giving me :)

~~FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2012 (ATTENTION: FRST version is 6 days old)
Ran by SYSTEM at 17-12-2012 13:16:41
Running from E:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [snpstd3] C:\Windows\vsnpstd3.exe [843776 2006-09-18] ()
HKLM\...\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [310272 2010-07-29] (Saitek)
HKLM\...\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [158208 2010-07-29] (Saitek)
HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe [262144 2007-03-30] (SONIX)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646232 2011-09-26] ()
HKU\Brendan\...\Run: [Google Update] "C:\Users\Brendan\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-02-13] (Google Inc.)
HKU\Brendan\...\Run: [Steam] "C:\Games\Steam\steam.exe" -silent [1354736 2012-12-03] (Valve Corporation)
HKU\Brendan\...\Run: [Facebook Update] "C:\Users\Brendan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-08-23] (Facebook Inc.)
HKU\Brendan\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3200 Smart Wizard.lnk
ShortcutTarget: NETGEAR WNDA3200 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe (NETGEAR)
Startup: C:\Users\Brendan\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Brendan\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> (No File)

==================== Services (Whitelisted) ===================

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5167736 2012-08-12] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-13] (AVG Technologies CZ, s.r.o.)
2 Diskeeper; "C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe" [2645840 2011-09-12] (Diskeeper Corporation)
3 jswpsapi; C:\Program Files (x86)\NETGEAR\WNDA3200\jswpsapi.exe [954368 2009-11-05] (Atheros Communications, Inc.)
2 WDCS_WNDA3200; C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe [167936 2010-06-23] ()

==================== Drivers (Whitelisted) =====================

3 Alpham1; C:\Windows\System32\DRIVERS\Alpham164.sys [52992 2007-07-22] (Ideazon Corporation)
3 Alpham2; C:\Windows\System32\DRIVERS\Alpham264.sys [21760 2007-03-19] (Ideazon Corporation)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-18] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-25] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-30] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
3 DKRtWrt; C:\Windows\System32\Drivers\DKRtWrt.sys [44624 2011-02-13] (Diskeeper Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
3 SaiK0CEA; C:\Windows\System32\Drivers\SaiK0CEA.sys [129024 2008-04-04] (Saitek)
3 SaiMini; C:\Windows\System32\Drivers\SaiMini.sys [22792 2010-08-09] (Saitek)
3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [50056 2010-08-09] (Saitek)
3 SaiU0CEA; C:\Windows\System32\Drivers\SaiU0CEA.sys [34432 2008-04-04] (Saitek)
3 SNPSTD3; C:\Windows\System32\Drivers\SNPSTD3.sys [10535424 2007-05-17] (Sonix Co. Ltd.)
3 SNPSTD3; C:\Windows\SysWow64\Drivers\SNPSTD3.sys [10246400 2007-05-17] (Sonix Co. Ltd.)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-17 13:16 - 2012-12-17 13:16 - 00000000 ____D C:\FRST
2012-12-17 04:31 - 2012-12-17 04:31 - 00002948 ____A C:\Windows\diagwrn.xml
2012-12-17 04:31 - 2012-12-17 04:31 - 00001908 ____A C:\Windows\diagerr.xml
2012-12-17 01:37 - 2012-12-17 01:37 - 00068977 ____A C:\Users\Brendan\Documents\My Timetable.htm
2012-12-14 11:24 - 2012-12-14 11:24 - 01461033 ____A (Farbar) C:\Users\Brendan\Desktop\FRST64.exe
2012-12-12 15:14 - 2012-12-12 16:01 - 00000000 ____D C:\Users\Brendan\Desktop\dfgdfg
2012-12-12 14:44 - 2012-12-12 14:44 - 00000754 ____A C:\Users\Brendan\Desktop\notes.txt
2012-12-12 11:10 - 2012-12-12 11:10 - 16363960 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-12-12 00:31 - 2012-12-12 00:31 - 00026254 ____A C:\Users\Brendan\Desktop\dds.txt
2012-12-12 00:31 - 2012-12-12 00:31 - 00015486 ____A C:\Users\Brendan\Desktop\attach.txt
2012-12-10 08:31 - 2012-12-10 08:31 - 00003399 ____A C:\Users\Brendan\.recently-used.xbel
2012-12-10 04:55 - 2012-12-11 02:36 - 00011201 ____A C:\Users\Brendan\Desktop\gameplan.xlsx
2012-12-10 02:59 - 2012-12-12 12:09 - 00001736 ____A C:\Windows\PFRO.log
2012-12-09 15:24 - 2012-12-09 15:24 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Brendan\Downloads\mbam-setup-1.65.1.1000.exe
2012-12-09 08:03 - 2012-12-09 08:03 - 00014431 ____A C:\Users\Brendan\Downloads\[isoHunt] download.torrent
2012-12-09 08:03 - 2012-12-09 08:03 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-12-09 08:00 - 2012-12-09 08:00 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack
2012-12-09 07:59 - 2012-12-09 07:59 - 09889896 ____A (CCCP Project ) C:\Users\Brendan\Downloads\Combined-Community-Codec-Pack-2011-11-11.exe
2012-12-09 07:58 - 2012-12-09 07:58 - 00001712 ____A C:\Users\Brendan\Desktop\MPC-HC x64.lnk
2012-12-09 07:58 - 2012-12-09 07:58 - 00000000 ____D C:\Program Files\MPC-HC
2012-12-09 07:57 - 2012-12-09 07:57 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
2012-12-09 07:35 - 2012-12-09 07:35 - 00030884 ____A C:\Users\Brendan\Downloads\[isoHunt] 5035527.torrent
2012-12-09 06:17 - 2012-12-09 06:17 - 00042137 ____A C:\Users\Brendan\Downloads\[isoHunt] Toy Story 3 720p TC XviD AC3-KiNGDOM (Kingdom-Release).torrent
2012-12-05 11:30 - 2012-12-05 11:30 - 01524811 ____A C:\Users\Brendan\Desktop\THOUGHT YOU COULD GET RID OF ME!.zip
2012-12-04 08:22 - 2012-12-04 08:22 - 00001843 ____A C:\Users\Public\Desktop\Heroes of Might and Magic 3 Complete.lnk
2012-12-01 15:26 - 2012-12-01 15:26 - 00000000 ____D C:\Users\Brendan\Documents\Square Enix
2012-12-01 08:21 - 2012-12-01 08:21 - 00126160 ____A (RealNetworks, Inc.) C:\Users\Brendan\Desktop\FINALFANTASYVII-dm.exe
2012-11-30 07:56 - 2012-11-30 13:25 - 00000000 ____D C:\Users\Brendan\Documents\Baldur's Gate - Enhanced Edition
2012-11-29 14:10 - 2012-11-29 14:10 - 00118583 ____A C:\Users\Brendan\Downloads\[isoHunt] South_Park_Seasons_1_-_14_Complete___Movie_(MKV)_-_YIFY.5655413.TPB.torrent
2012-11-23 18:21 - 2012-11-23 18:36 - 00000614 ____A C:\Users\Brendan\Desktop\mtgcosts.txt
2012-11-22 17:23 - 2012-11-22 17:23 - 00000842 ____A C:\Users\Brendan\Desktop\Baldur's Gate Enhanced Edition.lnk
2012-11-22 17:23 - 2012-11-22 17:23 - 00000000 ____D C:\Users\Brendan\AppData\Local\BeamDog
2012-11-22 17:22 - 2012-11-22 17:22 - 02464480 ____A (Overhaul Games™) C:\Users\Brendan\Desktop\BGEEInstaller.exe
2012-11-21 14:53 - 2012-11-21 14:53 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-11-19 16:56 - 2012-11-19 16:56 - 00581489 ____A C:\Users\Brendan\Downloads\#gamemp3s Archive 2011.torrent
2012-11-19 16:54 - 2012-11-19 16:54 - 00066449 ____A C:\Users\Brendan\Downloads\2011-10-28.torrent
2012-11-19 16:54 - 2012-11-19 16:54 - 00039706 ____A C:\Users\Brendan\Downloads\2011-11-06.torrent
2012-11-19 16:53 - 2012-11-19 16:53 - 00067808 ____A C:\Users\Brendan\Downloads\2011-12-10.torrent
2012-11-19 16:48 - 2012-11-19 16:48 - 00083633 ____A C:\Users\Brendan\Downloads\2012-02-09.torrent
2012-11-19 16:47 - 2012-11-19 16:47 - 00085525 ____A C:\Users\Brendan\Downloads\2012-02-28.torrent
2012-11-19 16:47 - 2012-11-19 16:47 - 00051137 ____A C:\Users\Brendan\Downloads\2012-03-10.torrent
2012-11-19 16:46 - 2012-11-19 16:46 - 00088162 ____A C:\Users\Brendan\Downloads\2012-04-15.torrent
2012-11-19 16:45 - 2012-11-19 16:45 - 00068834 ____A C:\Users\Brendan\Downloads\2012-06-13.torrent
2012-11-19 16:40 - 2012-11-19 16:40 - 00041789 ____A C:\Users\Brendan\Downloads\2012-09-02.torrent
2012-11-19 16:34 - 2012-11-19 16:34 - 00052174 ____A C:\Users\Brendan\Downloads\2012-09-09.torrent
2012-11-19 16:28 - 2012-11-19 16:28 - 00043889 ____A C:\Users\Brendan\Downloads\2012-09-29.torrent
2012-11-19 16:23 - 2012-11-19 16:23 - 00062286 ____A C:\Users\Brendan\Downloads\2012-11-11.torrent
2012-11-19 10:51 - 2012-11-19 10:51 - 00000183 ____A C:\Users\Brendan\Downloads\100137352182.sdx
2012-11-19 10:39 - 2012-11-19 10:39 - 00772608 ____A C:\Users\Brendan\Downloads\SDM_EN.msi
2012-11-19 10:39 - 2012-11-19 10:39 - 00003153 ____A C:\Users\Brendan\Desktop\Shortcut to SecureDownloadManager.exe.lnk
2012-11-19 10:39 - 2012-11-19 10:39 - 00000000 ____D C:\Users\Brendan\AppData\Roaming\e-academy Inc
2012-11-19 10:39 - 2012-11-19 10:39 - 00000000 ____D C:\Users\Brendan\AppData\Local\e-academy Inc
2012-11-17 05:18 - 2012-11-18 15:24 - 00014911 ____A C:\Users\Brendan\Desktop\BudgetAccounting.xlsx

==================== One Month Modified Files and Folders =======

2012-12-17 05:10 - 2012-05-14 22:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-17 05:02 - 2009-07-13 20:45 - 00014448 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-17 05:02 - 2009-07-13 20:45 - 00014448 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-17 04:59 - 2012-05-13 12:49 - 00000000 ____D C:\Users\Brendan\AppData\Roaming\Dropbox
2012-12-17 04:58 - 2012-05-13 12:53 - 00000000 ___RD C:\Users\Brendan\Dropbox
2012-12-17 04:55 - 2012-10-16 06:32 - 00001027 ____A C:\Windows\setupact.log
2012-12-17 04:55 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-17 04:31 - 2012-12-17 04:31 - 00002948 ____A C:\Windows\diagwrn.xml
2012-12-17 04:31 - 2012-12-17 04:31 - 00001908 ____A C:\Windows\diagerr.xml
2012-12-17 04:31 - 2012-10-16 06:32 - 00000000 ____A C:\Windows\setuperr.log
2012-12-17 04:30 - 2012-06-16 12:14 - 00000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4103919597-2999294590-3050275627-1000UA.job
2012-12-17 03:53 - 2012-02-13 11:22 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4103919597-2999294590-3050275627-1000UA.job
2012-12-17 01:37 - 2012-12-17 01:37 - 00068977 ____A C:\Users\Brendan\Documents\My Timetable.htm
2012-12-17 01:37 - 2012-10-16 01:02 - 00000000 ____D C:\Users\Brendan\Documents\My Timetable_files
2012-12-17 01:30 - 2012-03-08 02:48 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-12-17 01:30 - 2012-03-07 23:38 - 00000000 ____D C:\Users\All Users\MFAData
2012-12-16 16:30 - 2012-06-16 12:14 - 00000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4103919597-2999294590-3050275627-1000Core.job
2012-12-15 06:49 - 2012-02-14 03:36 - 00000027 ____A C:\Users\Brendan\Desktop\TouhouRatings.txt
2012-12-14 11:27 - 2009-07-13 21:13 - 00779092 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-14 11:24 - 2012-12-14 11:24 - 01461033 ____A (Farbar) C:\Users\Brendan\Desktop\FRST64.exe
2012-12-14 05:53 - 2012-02-13 11:22 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4103919597-2999294590-3050275627-1000Core.job
2012-12-12 16:01 - 2012-12-12 15:14 - 00000000 ____D C:\Users\Brendan\Desktop\dfgdfg
2012-12-12 14:44 - 2012-12-12 14:44 - 00000754 ____A C:\Users\Brendan\Desktop\notes.txt
2012-12-12 12:09 - 2012-12-10 02:59 - 00001736 ____A C:\Windows\PFRO.log
2012-12-12 11:10 - 2012-12-12 11:10 - 16363960 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-12-12 11:10 - 2012-05-14 22:24 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-12-12 11:10 - 2012-02-15 04:04 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-12-12 00:31 - 2012-12-12 00:31 - 00026254 ____A C:\Users\Brendan\Desktop\dds.txt
2012-12-12 00:31 - 2012-12-12 00:31 - 00015486 ____A C:\Users\Brendan\Desktop\attach.txt
2012-12-11 06:43 - 2009-07-13 21:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-11 02:36 - 2012-12-10 04:55 - 00011201 ____A C:\Users\Brendan\Desktop\gameplan.xlsx
2012-12-10 08:42 - 2012-02-26 05:58 - 00000000 ____D C:\Users\Brendan\.gimp-2.6
2012-12-10 08:31 - 2012-12-10 08:31 - 00003399 ____A C:\Users\Brendan\.recently-used.xbel
2012-12-10 08:31 - 2012-02-26 06:16 - 00000000 ____D C:\Users\Brendan\AppData\Roaming\gtk-2.0
2012-12-10 08:31 - 2012-02-13 07:08 - 00000000 ____D C:\users\Brendan
2012-12-10 07:58 - 2012-03-08 02:48 - 00000000 ____D C:\Users\All Users\AVG2012
2012-12-10 04:51 - 2012-03-09 01:43 - 00000000 ____D C:\Users\Brendan\AppData\Local\Microsoft Help
2012-12-10 01:18 - 2012-02-13 07:08 - 01133061 ____A C:\Windows\WindowsUpdate.log
2012-12-09 15:27 - 2012-08-20 22:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-09 15:24 - 2012-12-09 15:24 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Brendan\Downloads\mbam-setup-1.65.1.1000.exe
2012-12-09 09:55 - 2012-02-14 04:51 - 00000000 ____D C:\Users\Brendan\AppData\Roaming\uTorrent
2012-12-09 08:03 - 2012-12-09 08:03 - 00014431 ____A C:\Users\Brendan\Downloads\[isoHunt] download.torrent
2012-12-09 08:03 - 2012-12-09 08:03 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-12-09 08:00 - 2012-12-09 08:00 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack
2012-12-09 08:00 - 2012-02-14 01:45 - 00000000 ____D C:\Users\Brendan\AppData\Roaming\Media Player Classic
2012-12-09 07:59 - 2012-12-09 07:59 - 09889896 ____A (CCCP Project ) C:\Users\Brendan\Downloads\Combined-Community-Codec-Pack-2011-11-11.exe
2012-12-09 07:58 - 2012-12-09 07:58 - 00001712 ____A C:\Users\Brendan\Desktop\MPC-HC x64.lnk
2012-12-09 07:58 - 2012-12-09 07:58 - 00000000 ____D C:\Program Files\MPC-HC
2012-12-09 07:57 - 2012-12-09 07:57 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
2012-12-09 07:35 - 2012-12-09 07:35 - 00030884 ____A C:\Users\Brendan\Downloads\[isoHunt] 5035527.torrent
2012-12-09 06:17 - 2012-12-09 06:17 - 00042137 ____A C:\Users\Brendan\Downloads\[isoHunt] Toy Story 3 720p TC XviD AC3-KiNGDOM (Kingdom-Release).torrent
2012-12-05 11:30 - 2012-12-05 11:30 - 01524811 ____A C:\Users\Brendan\Desktop\THOUGHT YOU COULD GET RID OF ME!.zip
2012-12-04 23:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-12-04 08:22 - 2012-12-04 08:22 - 00001843 ____A C:\Users\Public\Desktop\Heroes of Might and Magic 3 Complete.lnk
2012-12-04 08:22 - 2012-02-13 11:45 - 00000000 ____D C:\Games
2012-12-01 15:26 - 2012-12-01 15:26 - 00000000 ____D C:\Users\Brendan\Documents\Square Enix
2012-12-01 08:49 - 2012-03-10 09:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-12-01 08:47 - 2012-10-21 10:45 - 00071106 ____A C:\Windows\DirectX.log
2012-12-01 08:21 - 2012-12-01 08:21 - 00126160 ____A (RealNetworks, Inc.) C:\Users\Brendan\Desktop\FINALFANTASYVII-dm.exe
2012-11-30 13:25 - 2012-11-30 07:56 - 00000000 ____D C:\Users\Brendan\Documents\Baldur's Gate - Enhanced Edition
2012-11-30 08:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-11-29 14:10 - 2012-11-29 14:10 - 00118583 ____A C:\Users\Brendan\Downloads\[isoHunt] South_Park_Seasons_1_-_14_Complete___Movie_(MKV)_-_YIFY.5655413.TPB.torrent
2012-11-23 18:36 - 2012-11-23 18:21 - 00000614 ____A C:\Users\Brendan\Desktop\mtgcosts.txt
2012-11-22 17:23 - 2012-11-22 17:23 - 00000842 ____A C:\Users\Brendan\Desktop\Baldur's Gate Enhanced Edition.lnk
2012-11-22 17:23 - 2012-11-22 17:23 - 00000000 ____D C:\Users\Brendan\AppData\Local\BeamDog
2012-11-22 17:23 - 2012-06-19 17:42 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-11-22 17:23 - 2012-06-19 17:42 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-11-22 17:23 - 2012-06-19 17:42 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-11-22 17:23 - 2012-06-19 17:42 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-11-22 17:22 - 2012-11-22 17:22 - 02464480 ____A (Overhaul Games™) C:\Users\Brendan\Desktop\BGEEInstaller.exe
2012-11-21 14:53 - 2012-11-21 14:53 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-11-20 00:35 - 2012-02-14 04:51 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-11-19 16:56 - 2012-11-19 16:56 - 00581489 ____A C:\Users\Brendan\Downloads\#gamemp3s Archive 2011.torrent
2012-11-19 16:54 - 2012-11-19 16:54 - 00066449 ____A C:\Users\Brendan\Downloads\2011-10-28.torrent
2012-11-19 16:54 - 2012-11-19 16:54 - 00039706 ____A C:\Users\Brendan\Downloads\2011-11-06.torrent
2012-11-19 16:53 - 2012-11-19 16:53 - 00067808 ____A C:\Users\Brendan\Downloads\2011-12-10.torrent
2012-11-19 16:48 - 2012-11-19 16:48 - 00083633 ____A C:\Users\Brendan\Downloads\2012-02-09.torrent
2012-11-19 16:47 - 2012-11-19 16:47 - 00085525 ____A C:\Users\Brendan\Downloads\2012-02-28.torrent
2012-11-19 16:47 - 2012-11-19 16:47 - 00051137 ____A C:\Users\Brendan\Downloads\2012-03-10.torrent
2012-11-19 16:46 - 2012-11-19 16:46 - 00088162 ____A C:\Users\Brendan\Downloads\2012-04-15.torrent
2012-11-19 16:45 - 2012-11-19 16:45 - 00068834 ____A C:\Users\Brendan\Downloads\2012-06-13.torrent
2012-11-19 16:40 - 2012-11-19 16:40 - 00041789 ____A C:\Users\Brendan\Downloads\2012-09-02.torrent
2012-11-19 16:34 - 2012-11-19 16:34 - 00052174 ____A C:\Users\Brendan\Downloads\2012-09-09.torrent
2012-11-19 16:28 - 2012-11-19 16:28 - 00043889 ____A C:\Users\Brendan\Downloads\2012-09-29.torrent
2012-11-19 16:23 - 2012-11-19 16:23 - 00062286 ____A C:\Users\Brendan\Downloads\2012-11-11.torrent
2012-11-19 10:51 - 2012-11-19 10:51 - 00000183 ____A C:\Users\Brendan\Downloads\100137352182.sdx
2012-11-19 10:39 - 2012-11-19 10:39 - 00772608 ____A C:\Users\Brendan\Downloads\SDM_EN.msi
2012-11-19 10:39 - 2012-11-19 10:39 - 00003153 ____A C:\Users\Brendan\Desktop\Shortcut to SecureDownloadManager.exe.lnk
2012-11-19 10:39 - 2012-11-19 10:39 - 00000000 ____D C:\Users\Brendan\AppData\Roaming\e-academy Inc
2012-11-19 10:39 - 2012-11-19 10:39 - 00000000 ____D C:\Users\Brendan\AppData\Local\e-academy Inc
2012-11-18 15:24 - 2012-11-17 05:18 - 00014911 ____A C:\Users\Brendan\Desktop\BudgetAccounting.xlsx


ZeroAccess:
C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839}
C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839}\@
C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839}\L
C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839}\U
C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839}\L\00000004.@
C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839}\L\201d3dde
C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839}\U\00000004.@
C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839}\U\00000008.@
C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839}\U\000000cb.@
C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839}\U\80000000.@
C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839}\U\80000032.@
C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4094.05 MB
Available physical RAM: 3463.76 MB
Total Pagefile: 4092.2 MB
Available Pagefile: 3454.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:931.5 GB) (Free:264.95 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (GRMCPRXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
3 Drive e: () (Removable) (Total:7.4 GB) (Free:7.4 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 8 MB
Disk 1 Online 7596 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 31 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 931 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7595 MB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E FAT32 Removable 7595 MB Healthy

=========================================================

Last Boot: 2012-12-07 00:55

==================== End Of Log =============================

~~Search.txt
Farbar Recovery Scan Tool (x64) Version: 11-12-2012
Ran by SYSTEM at 2012-12-17 13:17:54
Running from E:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======
 
If it helps save any time in finding what may be wrong, I'm suspecting the codec pack I got with a Toy Story 3 download is probably the most likely culprit..
First trying it at line: 2012-12-09 07:57 - 2012-12-09 07:57 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack

And then stupidly trying again slightly further up this list before I realised it was probably not safe.

Also everything in the Zero Access section are what have been showing up in the MBAM and AVG searches respectively, which I was unable to remove..

I had popups in the past week from AVG informing me I should upgrade to the 2013 version now (but havent yet as I remember you said not to modify anything on my pc until this is resolved)
But I also remember seeing I think elsewhere on this forum that you recommended to someone if they didn't have an AV program they should install one at least for temporary use, and AVG wasn't on the list of suggested programs. Just wondering, would you recommend any specific AV program as one which you think is best or most effective and might be a better choice over AVG?
 
Hang on for recommendations. FRST looks good, no need to do OTLPE version...

FRST Fixlist

Please download attached fixlist.txt below, and save it to your flash drive in the same location as FRST.exe. Make sure it maintains the same name, otherwise the fix will fail.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.
 

Attachments

  • fixlist.txt
    326 bytes · Views: 1
Looks like it did as was meant to, my browser certainly seems to have loaded up faster this time too.

~Fixlog.txt
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-12-2012
Ran by SYSTEM at 2012-12-17 15:18:52 Run:1
Running from E:\

==============================================

C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
c:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to c:\Windows\System32\services.exe

==== End of Fixlog ====


~~Edit:
Ran a quick scan with MBAM too, and it found no malware or infections.
 
Good! Next step:

ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
I temporarily disabled AVG and then ran the program but it still complained about AVG but I double checked and it was definitely disabled so I kept running ComboFix any way, I hope this was right.
Here is the report-

~~ ComboFix.txt
ComboFix 12-12-17.02 - Brendan 17/12/2012 15:56:14.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.4094.2524 [GMT 0:00]
Running from: c:\users\Brendan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((( Files Created from 2012-11-17 to 2012-12-17 )))))))))))))))))))))))))))))))
.
.
2012-12-17 21:16 . 2012-12-17 21:16--------d-----w-C:\FRST
2012-12-17 16:01 . 2012-12-17 16:01--------d-----w-c:\users\Default\AppData\Local\temp
2012-12-12 19:10 . 2012-12-12 19:1016363960----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-12-09 16:03 . 2012-12-09 16:03--------d-sh--w-c:\windows\SysWow64\%APPDATA%
2012-12-09 16:00 . 2012-12-09 16:00--------d-----w-c:\program files (x86)\Combined Community Codec Pack
2012-12-09 15:58 . 2012-12-09 15:58--------d-----w-c:\program files\MPC-HC
2012-12-09 15:57 . 2012-12-09 15:57220160----a-w-c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
2012-12-09 15:57 . 2012-12-09 15:57--------d-----w-c:\program files (x86)\Mega Codec Pack
2012-11-23 01:23 . 2012-11-23 01:23--------d-----w-c:\users\Brendan\AppData\Local\BeamDog
2012-11-21 22:53 . 2012-11-21 22:53--------d-----w-c:\program files (x86)\NVIDIA Corporation
2012-11-19 18:39 . 2012-11-19 18:39--------d-----w-c:\users\Brendan\AppData\Roaming\e-academy Inc
2012-11-19 18:39 . 2012-11-19 18:39--------d-----w-c:\users\Brendan\AppData\Local\e-academy Inc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 19:10 . 2012-05-15 06:24697272----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 19:10 . 2012-02-15 12:0473656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-23 01:23 . 2012-06-20 01:42466456----a-w-c:\windows\system32\wrap_oal.dll
2012-11-23 01:23 . 2012-06-20 01:42444952----a-w-c:\windows\SysWow64\wrap_oal.dll
2012-11-23 01:23 . 2012-06-20 01:42122904----a-w-c:\windows\system32\OpenAL32.dll
2012-11-23 01:23 . 2012-06-20 01:42109080----a-w-c:\windows\SysWow64\OpenAL32.dll
2012-11-14 20:33 . 2012-02-17 20:5166395536----a-w-c:\windows\system32\MRT.exe
2012-10-18 18:25 . 2012-11-14 10:153149824----a-w-c:\windows\system32\win32k.sys
2012-10-16 08:38 . 2012-11-28 11:15135168----a-w-c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 11:15350208----a-w-c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 11:15561664----a-w-c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-14 10:1555296----a-w-c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-14 10:15226816----a-w-c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 10:1544032----a-w-c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 10:15193536----a-w-c:\windows\SysWow64\dhcpcore6.dll
2012-10-08 12:19 . 2012-11-14 20:3417811968----a-w-c:\windows\system32\mshtml.dll
2012-10-08 11:42 . 2012-11-14 20:3410925568----a-w-c:\windows\system32\ieframe.dll
2012-10-08 11:31 . 2012-11-14 20:342312704----a-w-c:\windows\system32\jscript9.dll
2012-10-08 11:24 . 2012-11-14 20:341346048----a-w-c:\windows\system32\urlmon.dll
2012-10-08 11:23 . 2012-11-14 20:341392128----a-w-c:\windows\system32\wininet.dll
2012-10-08 11:22 . 2012-11-14 20:341494528----a-w-c:\windows\system32\inetcpl.cpl
2012-10-08 11:22 . 2012-11-14 20:34237056----a-w-c:\windows\system32\url.dll
2012-10-08 11:20 . 2012-11-14 20:3485504----a-w-c:\windows\system32\jsproxy.dll
2012-10-08 11:18 . 2012-11-14 20:34173056----a-w-c:\windows\system32\ieUnatt.exe
2012-10-08 11:17 . 2012-11-14 20:34599040----a-w-c:\windows\system32\vbscript.dll
2012-10-08 11:17 . 2012-11-14 20:34816640----a-w-c:\windows\system32\jscript.dll
2012-10-08 11:15 . 2012-11-14 20:34729088----a-w-c:\windows\system32\msfeeds.dll
2012-10-08 11:15 . 2012-11-14 20:342144768----a-w-c:\windows\system32\iertutil.dll
2012-10-08 11:13 . 2012-11-14 20:3496768----a-w-c:\windows\system32\mshtmled.dll
2012-10-08 11:13 . 2012-11-14 20:342382848----a-w-c:\windows\system32\mshtml.tlb
2012-10-08 11:09 . 2012-11-14 20:34248320----a-w-c:\windows\system32\ieui.dll
2012-10-08 07:56 . 2012-11-14 20:341800704----a-w-c:\windows\SysWow64\jscript9.dll
2012-10-08 07:48 . 2012-11-14 20:341129472----a-w-c:\windows\SysWow64\wininet.dll
2012-10-08 07:47 . 2012-11-14 20:341427968----a-w-c:\windows\SysWow64\inetcpl.cpl
2012-10-08 07:44 . 2012-11-14 20:34142848----a-w-c:\windows\SysWow64\ieUnatt.exe
2012-10-08 07:43 . 2012-11-14 20:34420864----a-w-c:\windows\SysWow64\vbscript.dll
2012-10-08 07:40 . 2012-11-14 20:342382848----a-w-c:\windows\SysWow64\mshtml.tlb
2012-10-03 17:56 . 2012-11-14 10:151914248----a-w-c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-14 10:1570656----a-w-c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-14 10:15303104----a-w-c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-14 10:15246272----a-w-c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-14 10:1518944----a-w-c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-14 10:15216576----a-w-c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-14 10:15569344----a-w-c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-14 10:1518944----a-w-c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-14 10:15175104----a-w-c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 10:15156672----a-w-c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-14 10:1545568----a-w-c:\windows\system32\drivers\tcpipreg.sys
2012-09-29 19:54 . 2012-08-21 06:2225928----a-w-c:\windows\system32\drivers\mbam.sys
2012-09-28 15:37 . 2012-09-28 15:37221696----a-w-c:\windows\system32\clinfo.exe
2012-09-28 15:36 . 2012-09-28 15:3675776----a-w-c:\windows\system32\OpenVideo64.dll
2012-09-28 15:36 . 2012-09-28 15:3665536----a-w-c:\windows\SysWow64\OpenVideo.dll
2012-09-28 15:36 . 2012-09-28 15:3663488----a-w-c:\windows\system32\OVDecode64.dll
2012-09-28 15:36 . 2012-09-28 15:3656320----a-w-c:\windows\SysWow64\OVDecode.dll
2012-09-28 15:36 . 2012-09-28 15:3632635904----a-w-c:\windows\system32\amdocl64.dll
2012-09-28 15:32 . 2012-09-28 15:3227341824----a-w-c:\windows\SysWow64\amdocl.dll
2012-09-28 02:23 . 2011-12-06 02:335557928----a-w-c:\windows\SysWow64\atiumdag.dll
2012-09-28 02:21 . 2012-09-28 02:2110697216----a-w-c:\windows\system32\drivers\atikmdag.sys
2012-09-28 02:05 . 2012-09-28 02:0570144----a-w-c:\windows\system32\coinst_9.002.dll
2012-09-28 02:03 . 2012-09-28 02:03163840----a-w-c:\windows\system32\atiapfxx.exe
2012-09-28 02:02 . 2012-09-28 02:0251200----a-w-c:\windows\system32\aticalrt64.dll
2012-09-28 02:02 . 2012-09-28 02:0246080----a-w-c:\windows\SysWow64\aticalrt.dll
2012-09-28 02:02 . 2012-09-28 02:0244544----a-w-c:\windows\system32\aticalcl64.dll
2012-09-28 02:02 . 2012-09-28 02:0244032----a-w-c:\windows\SysWow64\aticalcl.dll
2012-09-28 02:02 . 2012-09-28 02:0216082432----a-w-c:\windows\system32\aticaldd64.dll
2012-09-28 01:59 . 2012-09-28 01:5923825920----a-w-c:\windows\system32\atio6axx.dll
2012-09-28 01:57 . 2012-09-28 01:5713703168----a-w-c:\windows\SysWow64\aticaldd.dll
2012-09-28 01:43 . 2011-04-20 02:09935424----a-w-c:\windows\SysWow64\aticfx32.dll
2012-09-28 01:41 . 2011-12-06 03:161120768----a-w-c:\windows\system32\aticfx64.dll
2012-09-28 01:41 . 2012-09-28 01:4119624960----a-w-c:\windows\SysWow64\atioglxx.dll
2012-09-28 01:39 . 2011-04-20 01:596536192----a-w-c:\windows\SysWow64\atidxx32.dll
2012-09-28 01:39 . 2012-09-28 01:39442368----a-w-c:\windows\system32\atidemgy.dll
2012-09-28 01:39 . 2012-09-28 01:39538112----a-w-c:\windows\system32\atieclxx.exe
2012-09-28 01:38 . 2012-09-28 01:38239616----a-w-c:\windows\system32\atiesrxx.exe
2012-09-28 01:36 . 2012-09-28 01:36120320----a-w-c:\windows\system32\atitmm64.dll
2012-09-28 01:36 . 2012-09-28 01:3621504----a-w-c:\windows\system32\atimuixx.dll
2012-09-28 01:36 . 2012-09-28 01:3659392----a-w-c:\windows\system32\atiedu64.dll
2012-09-28 01:36 . 2012-09-28 01:3643520----a-w-c:\windows\SysWow64\ati2edxx.dll
2012-09-28 01:31 . 2012-09-28 01:313127296----a-w-c:\windows\system32\atiumd6a.dll
2012-09-28 01:25 . 2012-09-28 01:256704640----a-w-c:\windows\system32\atiumd64.dll
2012-09-28 01:22 . 2011-12-06 02:517167488----a-w-c:\windows\system32\atidxx64.dll
2012-09-28 01:22 . 2011-12-06 02:282691584----a-w-c:\windows\SysWow64\atiumdva.dll
2012-09-28 01:13 . 2012-09-28 01:13595456----a-w-c:\windows\system32\atiadlxx.dll
2012-09-28 01:13 . 2012-09-28 01:13405504----a-w-c:\windows\SysWow64\atiadlxy.dll
2012-09-28 01:13 . 2012-09-28 01:1317920----a-w-c:\windows\system32\atig6pxx.dll
2012-09-28 01:13 . 2012-09-28 01:1314848----a-w-c:\windows\SysWow64\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:1314848----a-w-c:\windows\system32\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:1341984----a-w-c:\windows\system32\atig6txx.dll
2012-09-28 01:13 . 2012-09-28 01:1333280----a-w-c:\windows\SysWow64\atigktxx.dll
2012-09-28 01:12 . 2012-09-28 01:1256320----a-w-c:\windows\system32\atimpc64.dll
2012-09-28 01:12 . 2012-09-28 01:1256320----a-w-c:\windows\system32\amdpcom64.dll
2012-09-28 01:12 . 2012-09-28 01:12460288----a-w-c:\windows\system32\drivers\atikmpag.sys
2012-09-28 01:12 . 2012-09-28 01:1256832----a-w-c:\windows\SysWow64\atimpc32.dll
2012-09-28 01:12 . 2012-09-28 01:1256832----a-w-c:\windows\SysWow64\amdpcom32.dll
2012-09-28 01:11 . 2011-12-06 02:11129536----a-w-c:\windows\system32\atiuxp64.dll
2012-09-28 01:11 . 2011-04-20 01:21109568----a-w-c:\windows\SysWow64\atiuxpag.dll
2012-09-28 01:11 . 2012-09-28 01:11103424----a-w-c:\windows\system32\atiu9p64.dll
2012-09-28 01:10 . 2011-04-20 01:2182944----a-w-c:\windows\SysWow64\atiu9pag.dll
2012-09-28 01:09 . 2012-09-28 01:0953248----a-w-c:\windows\system32\drivers\ati2erec.dll
2012-09-25 22:47 . 2012-11-14 10:1578336----a-w-c:\windows\SysWow64\synceng.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49176936----a-w-c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MediaIconsOerlay]
@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
2012-11-06 15:07220160----a-w-c:\program files (x86)\Mega Codec Pack\Filters\Haali\mmdinfo.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:3294208----a-w-c:\users\Brendan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:3294208----a-w-c:\users\Brendan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:3294208----a-w-c:\users\Brendan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\games\Steam\steam.exe" [2012-12-03 1354736]
"Facebook Update"="c:\users\Brendan\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-23 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-30 262144]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
.
c:\users\Brendan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Brendan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Facebook Messenger.lnk - c:\users\Brendan\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [2012-9-25 247728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA3200 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe [2012-9-16 565248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecuteREG_MULTI_SZ autocheck autochk *\0autocheck c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-10-11 1924096]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNDA3200\jswpsapi.exe [2009-11-05 954368]
R3 SaiK0CEA;SaiK0CEA;c:\windows\system32\DRIVERS\SaiK0CEA.sys [2008-04-04 129024]
R3 SaiU0CEA;SaiU0CEA;c:\windows\system32\DRIVERS\SaiU0CEA.sys [2008-04-04 34432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-05-19 18288]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-19 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-05-15 26624]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-07-13 7329648]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-07-13 719216]
S2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe [2010-06-23 167936]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2011-02-14 44624]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 19:10]
.
2012-12-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4103919597-2999294590-3050275627-1000Core.job
- c:\users\Brendan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 23:25]
.
2012-12-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4103919597-2999294590-3050275627-1000UA.job
- c:\users\Brendan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 23:25]
.
2012-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4103919597-2999294590-3050275627-1000Core.job
- c:\users\Brendan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 19:22]
.
2012-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4103919597-2999294590-3050275627-1000UA.job
- c:\users\Brendan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 19:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:3297792----a-w-c:\users\Brendan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:3297792----a-w-c:\users\Brendan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:3297792----a-w-c:\users\Brendan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:3297792----a-w-c:\users\Brendan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-07-29 310272]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-07-29 158208]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
AddRemove-Diskeeper2011 - c:\program files (x86)\Diskeeper\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4103919597-2999294590-3050275627-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Completion time: 2012-12-17 16:08:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-17 16:08
.
Pre-Run: 286,466,301,952 bytes free
Post-Run: 287,530,364,928 bytes free
.
- - End Of File - - 3289E7E70E350632C8C88176D6F9F6FD
 
Good job! Should be fine.

Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.
  • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
  • Shut down your protection software now to avoid potential conflicts.
  • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Copy and Paste the JRT.txt log into your next message.


Adware Cleaning

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
 
Sorry for the delayed reply, I did the first one and then had to go out.

Question, I try to remember to use things like CCleaner fairly often, would these two programs also be good things to run through my computer on a monthly basis too, or are they more just useful for specific cases?

~ JRT.txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.1.7 (12.16.2012:1)
OS: Windows 7 Professional x64
Ran by Brendan on 17/12/2012 at 17:18:08.68
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{687578b9-7132-4a7a-80e4-30ee31099e03}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{687578b9-7132-4a7a-80e4-30ee31099e03}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{687578b9-7132-4a7a-80e4-30ee31099e03}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{687578b9-7132-4a7a-80e4-30ee31099e03}

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{687578b9-7132-4a7a-80e4-30ee31099e03}

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Brendan\AppData\Roaming\iwin"
Successfully deleted: [Folder] "C:\Users\Brendan\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Brendan\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Brendan\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/12/2012 at 17:26:14.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~AdwCleaner[S1].txt
# AdwCleaner v2.101 - Logfile created 12/17/2012 at 22:55:31
# Updated 16/12/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Brendan - STEAMSERVER-X
# Boot Mode : Normal
# Running from : C:\Users\Brendan\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Program Files (x86)\uTorrentControl2
Folder Deleted : C:\Users\Brendan\AppData\LocalLow\uTorrentControl2
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\Software\uTorrentControl2
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0368E392-9BB4-4BBA-9C78-FAE2DD566DA6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4CEE9119-F2B5-4B65-B1D9-BC8F2AABAA7E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Google Chrome v23.0.1271.97
File : C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.31] : urls_to_restore_on_startup = [ "hxxp://isearch.avg.com/?cid={3687B7F6-5256-46F7-92F0-8CA7B[...]
Deleted [l.3805] : urls_to_restore_on_startup = [ "hxxp://isearch.avg.com/?cid={3687B7F6-5256-46F7-92F0-8CA7B006[...]
*************************
AdwCleaner[S1].txt - [2245 octets] - [17/12/2012 22:55:31]
########## EOF - C:\AdwCleaner[S1].txt - [2305 octets] ##########
 
If you'd like. But, as long as you don't download any toolbars or other adware programs, it should be good.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.


Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death

Note: Absence of issues does not mean that you're protected in the future.
 
What is the likelihood of the scan taking more than two hours?
I'm going to be going back to my parent's house soon and can't bring my pc with me, time isn't too much of a concern as long as I leave in the next few hours I just want to make sure this scan wouldn't take an excessively long time or that I can stop it part way through if I must?
 
Ah darn. I just checked and I think I could manage sticking around as long as 3-4 hours before I'd really have to leave.

How complex are the rest of the stages? My girlfriend is pretty computer savvy and will probably come round here and want to use my computer for gaming while I'm away so I could instruct her over facebook what to do?
 
Hey, sorry for taking ages to reply, I ended up not having a functional computer at my parent's house to use, and my girlfriend ended up coming with me there instead of to my house.
I will run the scan now and see what the end result is. I've noticed though when I turn on the computer every time there's some program called regcleanpro that comes on and does a scan of my pc. is this a legit program or something else dodgy?
 
Alrighty, Well I ran the thing once and as I last saw it 7 threats were found, but then I had to go out. When I got back my friend stepped on the plug and turned off ym computer before I could save a report or anything so I have now ran the scanner again and this time it only found and removed one threat.

This is the file it exported:

C:\$RECYCLE.BIN\S-1-5-21-4103919597-2999294590-3050275627-1000\$RR2EJC0.exea variant of Win32/Adware.Trymedia.A applicationcleaned by deleting - quarantined
 
Let's do the following please...since it's been so long:

Hitman Pro

Please download Hitman Pro

  • After the download completes please double click the program to run it.
  • Accept the terms of the license agreement and click Next
  • Let the scan run. It will not take long
  • When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
  • Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
  • Upload log.xml here for review please
 
Downloaded and ran the program, I used the 30 day free licence for it.

Here is the log:
HitmanPro 3.7.0.185
www.hitmanpro.com

Computer name . . . . : STEAMSERVER-X
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : SteamServer-X\Brendan
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (30 days left)

Scan date . . . . . . : 2012-12-31 15:47:53
Scan mode . . . . . . : Normal
Scan duration . . . . : 5m 2s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 1
Traces . . . . . . . : 104

Objects scanned . . . : 1,713,256
Files scanned . . . . : 57,651
Remnants scanned . . : 575,552 files / 1,080,053 keys

Malware _____________________________________________________________________

C:\$RECYCLE.BIN\S-1-5-21-4103919597-2999294590-3050275627-1000\$RWOVIZ1\Setup_MagicISO.exe -> Quarantined
Size . . . . . . . : 3,083,776 bytes
Age . . . . . . . : 2.0 days (2012-12-29 15:04:09)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 9447B7A609A420FCACAC265314284A26B3C1269ECAA7D0206CA2478800D6B697
Description . . . :
Version . . . . . : 0.0.0.0
Copyright . . . . :
> Ikarus . . . . . . : Trojan.Crypt!IK
Fuzzy . . . . . . : 116.0


Cookies _____________________________________________________________________

C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:112.2o7.net
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad-emea.doubleclick.net
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.directrev.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.propellerads.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yabuka.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrite.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adlegend.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ad4game.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.audience2media.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.bleepingcomputer.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.intergi.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.lanistaads.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.lzjl.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ookla.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.videohub.tv
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adreactor.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adtechus.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adviva.net
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:bmuk.burstnet.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.atdmt.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:c1.atdmt.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:checkngo.122.2o7.net
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:clickbank.net
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:cms.ad.yieldmanager.net
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:dg.specificclick.net
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas.apm.emediate.eu
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:emjcd.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:eset.122.2o7.net
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:h.atdmt.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ipcmedia.122.2o7.net
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:mm.chitika.net
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:mswmwpapolloprod.122.2o7.net
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:mtvn.112.2o7.net
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:muk.247realmedia.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:myroitracking.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:eek:asn-en1.247realmedia.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:paypal.112.2o7.net
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:rts.pgmediaserve.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ssp-csync.smartadserver.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.dealtime.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.paypal.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:studiocom.122.2o7.net
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.net
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:uk.at.atwola.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:uk.sitestat.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.burstnet.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.smartadserver.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www4.smartadserver.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldmanager.net
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
C:\Users\Brendan\AppData\Roaming\Microsoft\Windows\Cookies\3DBQK9L0.txt
C:\Users\Brendan\AppData\Roaming\Microsoft\Windows\Cookies\50HV12LL.txt
C:\Users\Brendan\AppData\Roaming\Microsoft\Windows\Cookies\LIQP7940.txt
C:\Users\Brendan\AppData\Roaming\Microsoft\Windows\Cookies\R7ILYD7L.txt
C:\Users\Brendan\AppData\Roaming\Microsoft\Windows\Cookies\VNHLD953.txt
C:\Users\Brendan\AppData\Roaming\Microsoft\Windows\Cookies\WK9WWNKS.txt
C:\Users\Brendan\AppData\Roaming\Microsoft\Windows\Cookies\YQASO8SO.txt
 
Status
Not open for further replies.

Similar threads

M
Virus warning popup
Replies
1
Views
543
Mark Fuller
M
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
480
eriksnyman1
E
midian182
Buyer of $1,600 second-hand RTX 4090 finds it has no GPU, missing VRAM chips
Replies
20
Views
472
erickmendes
erickmendes

Latest posts

Back