HKCU\...\Run: [GuwYxogb] - C:\Users\Cailum\AppData\Local\xrfmnlwk\guwyxogb.exe [147456 2013-11-17] () HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path) HKCU\...\Run: [uG8KiypNkBhQY/xbQcO+] - C:\Users\Cailum\AppData\Roaming\Microsoft\Spelling\en-GB\sxstrace.exe [372736 2009-07-14] () Startup: C:\Users\Cailum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\guwyxogb.exe () C:\Users\Cailum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\guwyxogb.exe C:\Users\Cailum\AppData\Local\xrfmnlwk\guwyxogb.exe Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{c7c6cfd6-19d2-837a-97b6-3f7756c4b347}\ \...\???\{c7c6cfd6-19d2-837a-97b6-3f7756c4b347}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) 2013-11-17 12:06 - 2013-12-03 13:05 - 00000000 _____ C:\Users\Cailum\AppData\Local\fsvnfkvk.log 2013-11-17 10:39 - 2013-12-03 08:45 - 01402649 _____ C:\Users\Cailum\AppData\Local\vmbpacno.log 2013-11-17 10:39 - 2013-12-03 08:45 - 00003581 _____ C:\Users\Cailum\AppData\Local\tqkvndjl.log 2013-11-17 10:39 - 2013-12-03 08:40 - 00003288 _____ C:\Users\Cailum\AppData\Local\axtfclnm.log 2013-11-17 10:38 - 2013-12-03 13:04 - 00101965 _____ C:\Users\Cailum\AppData\Local\jrgukril.log 2013-11-17 10:38 - 2013-12-03 08:40 - 00005370 _____ C:\Users\Cailum\AppData\Local\mkemvgrp.log 2013-11-17 10:38 - 2013-11-26 18:42 - 00000148 _____ C:\Users\Cailum\AppData\Local\dbmqfkhr.log 2013-11-17 10:38 - 2013-11-17 10:38 - 00000000 _____ C:\Users\Cailum\AppData\Local\jjxbgntj.log 2013-11-17 10:37 - 2013-12-03 13:05 - 00000028 _____ C:\Users\Cailum\AppData\Local\hbjrtnbu.log 2013-11-17 10:37 - 2013-12-02 23:19 - 00000000 ____D C:\Users\Cailum\AppData\Local\xrfmnlwk 2013-11-17 10:37 - 2013-11-17 10:38 - 00432112 _____ C:\Users\Cailum\AppData\Local\irqfmkfu.log 2013-11-17 10:37 - 2013-11-17 10:37 - 00000064 _____ C:\ProgramData\ucrprcfv.log 2013-11-24 23:43 - 2013-08-15 21:38 - 00000000 ____D C:\Program Files (x86)\DealPlyLive 2013-11-24 23:33 - 2013-08-15 21:38 - 00000000 ____D C:\Program Files (x86)\DealPly C:\Users\Cailum\AppData\Local\Google\Desktop\Install C:\Program Files (x86)\Google\Desktop\Install C:\Windows\assembly\GAC_32\Desktop.ini C:\Windows\assembly\GAC_64\Desktop.ini C:\Users\Cailum\AppData\Local\Temp\xdutdqih.exe DeleteJunctionsInDirectory: C:\Program Files\Windows Defender DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client DeleteJunctionsIndirectory: C:\Windows\system64 cmd: Dir /b /a:l "C:\Program Files" /s