Jump to content

FrankJaeger

Members
  • Posts

    20
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Just updated MB after it had been nagging me for days. I updated it and then got a dialog box saying my PC would be restarting, no questions asked, in 10 minutes. How dare you. I will decide when my PC restarts, I was in the middle of watching a live event and had a document I was writing. I closed MB in task manager to circumvent this but you have coded that the PC restarts as soon as MB is closed. For shame on you. This is not acceptable. This needs to be changed. What do you think you're playing at?
  2. Wonderful, it seems that program got 'em all first time. Again, your help is much appreciated and I'll be definitely giving that Preventive Maintenance topic a viewing! All the best
  3. Results of screen317's Security Check version 0.99.81 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Kaspersky Anti-Virus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Java 7 Update 51 Adobe Flash Player 12.0.0.77 Adobe Reader XI Mozilla Firefox (28.0) ````````Process Check: objlist.exe by Laurent```````` Kaspersky Lab Kaspersky Anti-Virus 2013 avp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````
  4. Thank you ever so much for your help. It's very rare to be granted such methodical guidance, and with such clarity. The scan returned 0 threats and I think I'm malware free : ) My PC is running a little slower than usual, but I think this is attributed to another issue. Do you reccomend any programs that I can get to keep my PC well maintained and protected? I have CCleaner already. Furthermore, should I keep any of the programs you gave me? Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2014.04.06.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16798 Win :: JDTJTRALGW [administrator] Protection: Disabled 06/04/2014 22:07:05 mbam-log-2014-04-06 (22-07-05).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 235141 Time elapsed: 2 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  5. ComboFix 14-04-03.01 - Win 05/04/2014 0:20.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.16268.14276 [GMT 1:00] Running from: c:\users\Win\Desktop\ComboFix.exe AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Win\AppData\Roaming\Origin c:\users\Win\AppData\Roaming\Origin\local.xml c:\users\Win\AppData\Roaming\Origin\local_051627926fef6a7f4307b541bf94d733.xml . . ((((((((((((((((((((((((( Files Created from 2014-03-04 to 2014-04-04 ))))))))))))))))))))))))))))))) . . 2014-04-04 23:26 . 2014-04-04 23:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-04-04 17:36 . 2014-04-04 17:36 -------- d-----w- c:\programdata\boost_interprocess 2014-04-04 13:11 . 2014-04-04 14:25 -------- d-----w- C:\FRST 2014-04-04 11:23 . 2014-04-04 13:01 -------- d-----w- C:\AdwCleaner 2014-03-31 21:58 . 2014-03-31 21:58 -------- d-----w- c:\program files (x86)\Elaborate Bytes 2014-03-17 20:27 . 2014-03-17 20:27 -------- d-----w- c:\users\Win\AppData\Roaming\Sony Corporation 2014-03-17 20:27 . 2014-03-17 20:27 -------- d-----w- c:\program files (x86)\Common Files\Sony Shared 2014-03-14 13:40 . 2014-03-14 13:40 -------- d-----w- c:\users\Win\AppData\Local\VS Revo Group 2014-03-14 13:40 . 2014-03-14 13:40 -------- d-----w- c:\programdata\VS Revo Group 2014-03-14 13:40 . 2009-12-30 10:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys 2014-03-14 13:40 . 2014-03-14 13:40 -------- d-----w- c:\program files\VS Revo Group 2014-03-12 18:33 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll 2014-03-12 18:33 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll 2014-03-12 18:33 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys 2014-03-12 18:33 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll 2014-03-12 18:33 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2014-03-12 18:33 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll 2014-03-12 18:32 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-03-12 18:32 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-18 21:23 . 2013-06-12 17:33 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-18 21:23 . 2013-06-12 17:33 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-03-12 18:35 . 2013-06-22 22:30 90015360 ----a-w- c:\windows\system32\MRT.exe 2014-02-25 01:49 . 2012-07-17 14:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2014-02-18 22:47 . 2014-02-18 22:47 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-02-01 09:20 . 2014-02-13 14:29 51712 ----a-w- c:\windows\system32\ie4uinit.exe 2014-02-01 09:19 . 2014-02-13 14:29 2241536 ----a-w- c:\windows\system32\wininet.dll 2014-02-01 09:19 . 2014-02-13 14:29 1365504 ----a-w- c:\windows\system32\urlmon.dll 2014-02-01 09:18 . 2014-02-13 14:29 197120 ----a-w- c:\windows\system32\msrating.dll 2014-02-01 09:18 . 2014-02-13 14:29 19274240 ----a-w- c:\windows\system32\mshtml.dll 2014-02-01 09:18 . 2014-02-13 14:29 603136 ----a-w- c:\windows\system32\msfeeds.dll 2014-02-01 09:18 . 2014-02-13 14:29 855552 ----a-w- c:\windows\system32\jscript.dll 2014-02-01 09:18 . 2014-02-13 14:29 3960320 ----a-w- c:\windows\system32\jscript9.dll 2014-02-01 09:18 . 2014-02-13 14:29 53760 ----a-w- c:\windows\system32\jsproxy.dll 2014-02-01 09:18 . 2014-02-13 14:29 67072 ----a-w- c:\windows\system32\iesetup.dll 2014-02-01 09:18 . 2014-02-13 14:29 526336 ----a-w- c:\windows\system32\ieui.dll 2014-02-01 09:18 . 2014-02-13 14:29 136704 ----a-w- c:\windows\system32\iesysprep.dll 2014-02-01 09:18 . 2014-02-13 14:29 2648576 ----a-w- c:\windows\system32\iertutil.dll 2014-02-01 09:18 . 2014-02-13 14:29 39936 ----a-w- c:\windows\system32\iernonce.dll 2014-02-01 09:18 . 2014-02-13 14:29 15403520 ----a-w- c:\windows\system32\ieframe.dll 2014-02-01 07:58 . 2014-02-13 14:29 1767936 ----a-w- c:\windows\SysWow64\wininet.dll 2014-02-01 07:57 . 2014-02-13 14:29 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll 2014-02-01 07:57 . 2014-02-13 14:29 61440 ----a-w- c:\windows\SysWow64\iesetup.dll 2014-02-01 07:57 . 2014-02-13 14:29 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll 2014-02-01 07:40 . 2014-02-13 14:29 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2014-02-01 07:34 . 2014-02-13 14:29 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb 2014-01-25 22:21 . 2014-01-25 22:21 367200 ----a-w- c:\windows\system32\drivers\afcdp.sys 2014-01-25 22:21 . 2014-01-25 22:21 1464096 ----a-w- c:\windows\system32\drivers\tdrpman.sys 2014-01-25 22:21 . 2014-01-25 22:21 183224 ----a-w- c:\windows\system32\drivers\tib_mounter.sys 2014-01-25 22:21 . 2014-01-25 22:21 1120032 ----a-w- c:\windows\system32\drivers\tib.sys 2014-01-25 22:21 . 2014-01-25 22:21 161568 ----a-w- c:\windows\system32\drivers\vididr.sys 2014-01-25 22:21 . 2014-01-25 22:21 269600 ----a-w- c:\windows\system32\drivers\snapman.sys 2014-01-25 22:21 . 2014-01-25 22:21 117024 ----a-w- c:\windows\system32\drivers\vidsflt.sys 2014-01-25 22:21 . 2014-01-25 22:21 116000 ----a-w- c:\windows\system32\drivers\fltsrv.sys 2014-01-09 02:22 . 2014-02-27 18:33 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440] "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2013-10-10 356128] "AdobeCEPServiceManager"="c:\program files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" [2013-03-13 1039248] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "ContentTransferWMDetector.exe"="c:\program files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\appinit_dll.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x] R3 cpuz136;cpuz136;c:\users\Win\AppData\Local\Temp\cpuz136_x64.sys;c:\users\Win\AppData\Local\Temp\cpuz136_x64.sys [x] R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS;c:\windows\SYSNATIVE\drivers\FNETTBOH_305.SYS [x] R3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x] R3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x] R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x] R4 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x] S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x] S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys;c:\windows\SYSNATIVE\DRIVERS\AsrRamDisk.sys [x] S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x] S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x] S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x] S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x] S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x] S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x] S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS;c:\windows\SYSNATIVE\drivers\FNETURPX.SYS [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x] S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x] S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x] S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys;c:\windows\SYSNATIVE\DRIVERS\VirtuWDDM.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 67170306 *Deregistered* - 67170306 . Contents of the 'Scheduled Tasks' folder . 2014-04-04 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job - c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 12:41] . 2014-04-04 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job - c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 12:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError] @="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}" [HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}] 2013-08-07 16:58 2820056 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress] @="{00F848DC-B1D4-4892-9C25-CAADC86A215D}" [HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}] 2013-08-07 16:58 2820056 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk] @="{71573297-552E-46fc-BE3D-3DFAF88D47B7}" [HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}] 2013-08-07 16:58 2820056 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-29 13513288] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992] "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2013-07-18 518424] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\appinit_dll.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 194.168.4.100 194.168.8.100 FF - ProfilePath - c:\users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe SafeBoot-67170306.sys . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2087283677-3193892326-494846436-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2087283677-3193892326-494846436-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-04-05 00:27:36 ComboFix-quarantined-files.txt 2014-04-04 23:27 . Pre-Run: 168,242,470,912 bytes free Post-Run: 173,554,434,048 bytes free . - - End Of File - - 9C1FA1BEB6B0A410A8E8CA1621F5EC39 A36C5E4F47E84449FF07ED3517B43A31 COMBOFIX Log
  6. Thanks for the help, this is wonderful I've attached my KSST log for your review Unsigned file Service: Intel ® capability licensing service interface Service start: Auto (0x2) Files: Program File/Intel/iCLS Cleint/HeciServer.exe Locked file Service: sptd Service Type: Kernal Driver (0x1) Service Start: Boot (0x0) File: Windows System 32/drivers/sptd.sys These files flagged us as suspicious in KSST and I was unsure so I posted them here. An adobe switchboard.exe also flagged up. I clicked skip Thanks TDSSKiller.3.0.0.28_04.04.2014_23.58.24_log.txt
  7. RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Win [Admin rights] Mode : Scan -- Date : 04/04/2014 15:36:23 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤ [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD10EZEX-00RKKA0 ATA Device +++++ --- User --- [MBR] eba20bc4d564437cd03bb5f2b56b3776 [bSP] eb2e8076916d27ee3b936b36be8a24dd : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_04042014_153623.txt >> RKreport[0]_S_04032014_132014.txt;RKreport[0]_S_04032014_132421.txt
  8. # AdwCleaner v3.023 - Report created 04/04/2014 at 14:01:57 # Updated 01/04/2014 by Xplode # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) # Username : Win - JDTJTRALGW # Running from : C:\Users\Win\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\ProgramData\DeviceVM Folder Deleted : C:\Users\Win\AppData\Local\CrashRpt Folder Deleted : C:\Users\Win\AppData\Roaming\DeviceVM File Deleted : C:\Users\Win\AppData\Local\Temp\Uninstall.exe ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} ***** [ Browsers ] ***** -\\ Internet Explorer v0.0.0.0 -\\ Mozilla Firefox v28.0 (en-US) [ File : C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\prefs.js ] ************************* AdwCleaner[R0].txt - [1435 octets] - [04/04/2014 12:23:12] AdwCleaner[s0].txt - [1376 octets] - [04/04/2014 14:01:57] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1436 octets] ########## -------------------------------------------------- ------------------------------------------------ ------------------------------------------------------- ---------------------------------------------------------- Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Win (administrator) on JDTJTRALGW on 04-04-2014 14:11:45 Running from C:\Users\Win\Ileum Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sony Corporation) C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.) HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated) HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis) HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation) HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [AdobeCEPServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [ContentTransferWMDetector.exe] - C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [583016 2009-11-19] (Sony Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\.DEFAULT\...\RunOnce: [sPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-06-11] (Microsoft Corporation) HKU\S-1-5-21-2087283677-3193892326-494846436-1000\...\Run: [ASRockXTU] - [X] HKU\S-1-5-21-2087283677-3193892326-494846436-1000\...\Run: [zASRockInstantBoot] - [X] HKU\S-1-5-21-2087283677-3193892326-494846436-1000\...\Run: [AdobeBridge] - [X] HKU\S-1-5-21-2087283677-3193892326-494846436-1000\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-2087283677-3193892326-494846436-1000\...\Run: [ASRockRuefi] - [X] HKU\S-1-5-21-2087283677-3193892326-494846436-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-2087283677-3193892326-494846436-1000\...\MountPoints2: {17a2e9d3-d1b3-11e2-ae8d-806e6f6e6963} - D:\ASRSetup.exe AppInit_DLLs: C:\Windows\system32\appinit_dll.dll => C:\Windows\system32\appinit_dll.dll [464200 2012-06-17] (Lucidlogix Inc.) AppInit_DLLs-x32: C:\Windows\SysWOW64\appinit_dll.dll => C:\Windows\SysWOW64\appinit_dll.dll [419144 2012-06-17] (Lucidlogix Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yahoo.com?type=714647&fr=spigot-yhp-ie HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x95C2AADC8E67CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK SearchScopes: HKCU - {CF0B2B5D-7A14-447e-80B2-267D11F956D5} URL = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms} SearchScopes: HKCU - {FC93E44B-4D0D-4337-8189-959D44DADCC7} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms} BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100 FireFox: ======== FF ProfilePath: C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Win\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\searchplugins\youtube-video-search.xml FF Extension: Roomy Bookmarks Toolbar - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\ALone-live@ya.ru [2014-03-19] FF Extension: British English Dictionary (Updated) - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\en-gb@flyingtophat.co.uk [2013-11-25] FF Extension: anonymoX - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\client@anonymox.net.xpi [2014-01-24] FF Extension: QuickMark - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\jid0-QT2VXewB9xzbRlyapSJjA4ebwoU@jetpack.xpi [2014-03-19] FF Extension: YouTube Center - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2014-03-19] FF Extension: English (GB) Language Pack - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2013-11-25] FF Extension: No Name - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\noverflow@sdrocking.com.xpi [2013-07-15] FF Extension: OmniSidebar - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\osb@quicksaver.xpi [2014-03-19] FF Extension: Multi Dictionary Lookup - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\tfdlookup@nohup.in.xpi [2014-01-31] FF Extension: All-in-One Sidebar - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2014-03-19] FF Extension: Quick Translator - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2014-01-31] FF Extension: YouTube High Definition - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-02-08] FF Extension: Adblock Plus - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-12] FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013-08-11] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013-08-11] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013-08-11] ==================== Services (Whitelisted) ================= R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO) S4 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH) S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation) R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-15] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-15] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-28] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) ==================== Drivers (Whitelisted) ==================== R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology) R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.) R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.) R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.) S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-09-25] (FNet Co., Ltd.) R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-06-10] (FNet Co., Ltd.) S3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] () S3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] () R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] () R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-08-11] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-10] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-08-11] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-08-11] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) S3 s125bus; C:\Windows\System32\DRIVERS\s125bus.sys [108296 2007-04-24] (MCCI Corporation) S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [19720 2007-04-24] (MCCI Corporation) S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [144648 2007-04-24] (MCCI Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-09-25] () R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-01-25] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-01-25] (Acronis) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-01-25] (Acronis International GmbH) U3 atxxmha0; No ImagePath S3 cpuz136; \??\C:\Users\Win\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-04 14:11 - 2014-04-04 14:11 - 00000000 ____D () C:\FRST 2014-04-04 12:23 - 2014-04-04 14:01 - 00000000 ____D () C:\AdwCleaner 2014-04-04 02:31 - 2014-04-04 02:31 - 01426178 _____ () C:\Users\Win\Desktop\adwcleaner.exe 2014-04-03 13:24 - 2014-04-03 13:24 - 00002269 _____ () C:\Users\Win\Desktop\RKreport[0]_S_04032014_132421.txt 2014-04-03 13:20 - 2014-04-03 13:20 - 00002236 _____ () C:\Users\Win\Desktop\RKreport[0]_S_04032014_132014.txt 2014-04-03 13:17 - 2014-04-03 13:24 - 00000000 ____D () C:\Users\Win\Desktop\RK_Quarantine 2014-04-03 11:35 - 2014-04-03 11:35 - 04527616 _____ () C:\Users\Win\Desktop\RogueKillerX64.exe 2014-04-03 02:10 - 2014-04-03 02:10 - 00019532 _____ () C:\Users\Win\Desktop\dds.txt 2014-04-03 02:10 - 2014-04-03 02:10 - 00009924 _____ () C:\Users\Win\Desktop\attach.txt 2014-04-03 02:07 - 2014-04-03 02:07 - 00688992 ____R (Swearware) C:\Users\Win\Desktop\dds.scr 2014-03-31 22:58 - 2014-03-31 22:58 - 00001250 _____ () C:\Users\Public\Desktop\Virtual CloneDrive.lnk 2014-03-31 22:58 - 2014-03-31 22:58 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes 2014-03-29 15:06 - 2014-03-29 15:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-17 21:27 - 2014-03-17 21:27 - 00001035 _____ () C:\Users\Public\Desktop\Content Transfer.lnk 2014-03-17 21:27 - 2014-03-17 21:27 - 00000000 ____D () C:\Users\Win\AppData\Roaming\Sony Corporation 2014-03-14 14:40 - 2014-03-14 14:40 - 00001077 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk 2014-03-14 14:40 - 2014-03-14 14:40 - 00000000 ____D () C:\Users\Win\AppData\Local\VS Revo Group 2014-03-14 14:40 - 2014-03-14 14:40 - 00000000 ____D () C:\ProgramData\VS Revo Group 2014-03-14 14:40 - 2014-03-14 14:40 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-03-14 14:40 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys 2014-03-14 02:24 - 2014-03-14 02:24 - 00003502 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-JDTJTRALGW-Win 2014-03-12 19:33 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-12 19:33 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-12 19:33 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-12 19:33 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-12 19:33 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-12 19:33 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-12 19:32 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-12 19:32 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll ==================== One Month Modified Files and Folders ======= 2014-04-04 14:11 - 2014-04-04 14:11 - 00000000 ____D () C:\FRST 2014-04-04 14:11 - 2013-06-12 20:28 - 00000000 ___RD () C:\Users\Win\Ileum 2014-04-04 14:10 - 2009-07-14 05:45 - 00014544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-04 14:10 - 2009-07-14 05:45 - 00014544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-04 14:09 - 2009-07-14 06:13 - 00795794 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-04 14:07 - 2013-06-10 13:40 - 01908844 _____ () C:\Windows\WindowsUpdate.log 2014-04-04 14:05 - 2013-11-20 20:30 - 00000000 ____D () C:\Users\Win\AppData\Roaming\foobar2000 2014-04-04 14:04 - 2013-08-11 22:38 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-04-04 14:03 - 2013-06-10 14:48 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2014-04-04 14:03 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-04 14:03 - 2009-07-14 05:51 - 00095586 _____ () C:\Windows\setupact.log 2014-04-04 14:01 - 2014-04-04 12:23 - 00000000 ____D () C:\AdwCleaner 2014-04-04 12:16 - 2013-06-10 14:57 - 00633052 _____ () C:\Windows\PFRO.log 2014-04-04 05:56 - 2013-06-17 23:43 - 00000000 ____D () C:\Users\Win\AppData\Roaming\uTorrent 2014-04-04 05:37 - 2013-11-29 02:10 - 00000000 ____D () C:\Users\Win\AppData\Roaming\TS3Client 2014-04-04 05:33 - 2013-06-23 15:00 - 00000000 ____D () C:\Program Files (x86)\CCleaner 2014-04-04 03:13 - 2013-09-04 02:23 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-04 02:34 - 2013-06-12 18:33 - 00000000 ____D () C:\Users\Win\AppData\Local\Adobe 2014-04-04 02:31 - 2014-04-04 02:31 - 01426178 _____ () C:\Users\Win\Desktop\adwcleaner.exe 2014-04-04 02:22 - 2013-08-14 12:54 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3F87E8E1-200E-407F-A5D7-29B290E3424A} 2014-04-04 02:13 - 2013-06-10 14:48 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2014-04-03 13:24 - 2014-04-03 13:24 - 00002269 _____ () C:\Users\Win\Desktop\RKreport[0]_S_04032014_132421.txt 2014-04-03 13:24 - 2014-04-03 13:17 - 00000000 ____D () C:\Users\Win\Desktop\RK_Quarantine 2014-04-03 13:20 - 2014-04-03 13:20 - 00002236 _____ () C:\Users\Win\Desktop\RKreport[0]_S_04032014_132014.txt 2014-04-03 11:35 - 2014-04-03 11:35 - 04527616 _____ () C:\Users\Win\Desktop\RogueKillerX64.exe 2014-04-03 02:10 - 2014-04-03 02:10 - 00019532 _____ () C:\Users\Win\Desktop\dds.txt 2014-04-03 02:10 - 2014-04-03 02:10 - 00009924 _____ () C:\Users\Win\Desktop\attach.txt 2014-04-03 02:07 - 2014-04-03 02:07 - 00688992 ____R (Swearware) C:\Users\Win\Desktop\dds.scr 2014-04-02 17:23 - 2013-06-10 15:04 - 00000000 ____D () C:\Users\Win\AppData\Local\CrashDumps 2014-03-31 22:58 - 2014-03-31 22:58 - 00001250 _____ () C:\Users\Public\Desktop\Virtual CloneDrive.lnk 2014-03-31 22:58 - 2014-03-31 22:58 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes 2014-03-30 21:11 - 2013-06-12 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-29 15:06 - 2014-03-29 15:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-27 23:51 - 2013-06-10 13:42 - 00000000 ____D () C:\Users\Win 2014-03-26 23:29 - 2014-02-13 13:54 - 00000000 ____D () C:\Users\Win\Documents\UserTesting 2014-03-26 23:29 - 2014-02-13 13:53 - 00000000 ____D () C:\Users\Win\AppData\Local\UserTestingPlugin 2014-03-23 22:55 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-18 22:23 - 2013-06-12 18:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-18 22:23 - 2013-06-12 18:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-18 11:36 - 2014-01-25 23:57 - 00000000 ____D () C:\Users\Win\AppData\Roaming\tigerplayer 2014-03-17 21:27 - 2014-03-17 21:27 - 00001035 _____ () C:\Users\Public\Desktop\Content Transfer.lnk 2014-03-17 21:27 - 2014-03-17 21:27 - 00000000 ____D () C:\Users\Win\AppData\Roaming\Sony Corporation 2014-03-17 21:27 - 2014-02-20 19:21 - 00000000 ____D () C:\ProgramData\Sony Corporation 2014-03-17 21:27 - 2014-02-20 19:21 - 00000000 ____D () C:\Program Files (x86)\Sony 2014-03-17 21:26 - 2014-02-20 19:22 - 00000000 ____D () C:\Users\Win\AppData\Local\Downloaded Installations 2014-03-14 14:40 - 2014-03-14 14:40 - 00001077 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk 2014-03-14 14:40 - 2014-03-14 14:40 - 00000000 ____D () C:\Users\Win\AppData\Local\VS Revo Group 2014-03-14 14:40 - 2014-03-14 14:40 - 00000000 ____D () C:\ProgramData\VS Revo Group 2014-03-14 14:40 - 2014-03-14 14:40 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-03-14 03:00 - 2013-06-10 14:59 - 00000000 ____D () C:\ProgramData\Adobe 2014-03-14 02:24 - 2014-03-14 02:24 - 00003502 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-JDTJTRALGW-Win 2014-03-12 19:44 - 2009-07-14 05:45 - 05065240 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-12 19:43 - 2013-07-20 23:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-12 19:43 - 2013-07-20 23:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-12 19:38 - 2013-08-14 12:53 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-12 19:35 - 2013-06-22 23:30 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-12 19:20 - 2013-09-18 17:40 - 00000000 ____D () C:\Users\Win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-03-07 02:32 - 2013-11-20 20:30 - 00001031 _____ () C:\Users\Public\Desktop\foobar2000.lnk 2014-03-07 02:32 - 2013-11-20 20:30 - 00000000 ____D () C:\Program Files (x86)\foobar2000 Some content of TEMP: ==================== C:\Users\Win\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe C:\Users\Win\AppData\Local\Temp\Lucidlogix VIRTU MVP_2.1.114.22585 Setup_64Bit.exe C:\Users\Win\AppData\Local\Temp\ntdll_dump.dll C:\Users\Win\AppData\Local\Temp\powarc1300b2.exe C:\Users\Win\AppData\Local\Temp\Quarantine.exe C:\Users\Win\AppData\Local\Temp\sfamcc00001.dll C:\Users\Win\AppData\Local\Temp\sfamcc00002.dll C:\Users\Win\AppData\Local\Temp\sfareca00001.dll C:\Users\Win\AppData\Local\Temp\sfextra.dll C:\Users\Win\AppData\Local\Temp\som_fs.exe C:\Users\Win\AppData\Local\Temp\som_mp4_encoder_2.exe C:\Users\Win\AppData\Local\Temp\vlc-2.0.8-win32.exe C:\Users\Win\AppData\Local\Temp\vlc-2.1.2-win32.exe C:\Users\Win\AppData\Local\Temp\{380C5AAD-B874-4DC8-B9E4-9DA7FC637C34}.exe C:\Users\Win\AppData\Local\Temp\{43EE48BB-3BA1-483E-804C-4E47752894AF}.exe C:\Users\Win\AppData\Local\Temp\{8AF35F8A-AF6E-494B-91D5-0C26E1D5A57F}.exe C:\Users\Win\AppData\Local\Temp\{8D1EC27A-13BF-4BDB-B19B-B7A0E9E496C0}.exe C:\Users\Win\AppData\Local\Temp\{98DA6B24-F985-487C-996B-B358F30F40A4}.exe C:\Users\Win\AppData\Local\Temp\{DE54D523-02B3-47B9-A23E-DB23012100D3}.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-31 04:02 ==================== End Of Log ============================ Addition.txt
  9. # AdwCleaner v3.023 - Report created 04/04/2014 at 12:23:12 # Updated 01/04/2014 by Xplode # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) # Username : Win - JDTJTRALGW # Running from : C:\Users\Win\Desktop\adwcleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Users\Win\AppData\Local\Temp\Uninstall.exe Folder Found C:\ProgramData\boost_interprocess Folder Found C:\ProgramData\DeviceVM Folder Found C:\Users\Win\AppData\Local\CrashRpt Folder Found C:\Users\Win\AppData\Roaming\DeviceVM ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} ***** [ Browsers ] ***** -\\ Internet Explorer v0.0.0.0 -\\ Mozilla Firefox v28.0 (en-US) [ File : C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\prefs.js ] ************************* AdwCleaner[R0].txt - [1287 octets] - [04/04/2014 12:23:12] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1347 octets] ########## Ad log. Are these files safe to delete? They seem important but If they are in fact adware I will delete them
  10. Oh dear, I must say this is a shared PC atm and was belonging to another someone else. Here is my new roguekiller log RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Win [Admin rights] Mode : Scan -- Date : 04/03/2014 14:25:29 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤ [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD10EZEX-00RKKA0 ATA Device +++++ --- User --- [MBR] eba20bc4d564437cd03bb5f2b56b3776 [bSP] eb2e8076916d27ee3b936b36be8a24dd : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_04032014_132421.txt >> RKreport[0]_S_04032014_132014.txt
  11. I don't know. They look like old softwares. I had Alcohol 120% for a while. Should they not be in my host file?
  12. RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Win [Admin rights] Mode : Scan -- Date : 04/03/2014 13:24:21 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤ [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 validation.sls.microsoft.com 127.0.0.1 serial.alcohol-soft.com 127.0.0.1 www.alcohol-soft.com 127.0.0.1 images.alcohol-soft.com 127.0.0.1 trial.alcohol-soft.com 127.0.0.1 alcohol-soft.com 127.0.0.1 activation.acronis.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD10EZEX-00RKKA0 ATA Device +++++ --- User --- [MBR] eba20bc4d564437cd03bb5f2b56b3776 [bSP] eb2e8076916d27ee3b936b36be8a24dd : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_04032014_132421.txt >> RKreport[0]_S_04032014_132014.txt
  13. Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2014.03.31.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16798 Win :: JDTJTRALGW [administrator] Protection: Disabled 02/04/2014 21:31:39 MBAM-log-2014-04-02 (22-31-15).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 495420 Time elapsed: 59 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\System32\Microsoft\Dll\user32.dll (Trojan.FakeMS.PGen) -> No action taken. (end) I'll run rouge killer now
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.