opacupa

Ok mate, thanks. I'll give it a go! Cheers!

As I've described in my first post, it has something to do when I don't touch the mouse or keyboard and for example I'm playing a game with a joystick for few minutes, pc starts stuttering and fans become wild and noisy (I know that they are supposed to do that, but this behaviour started few weeks ago, until then everything worked like a butter). So when that happenes I either move my mouse, or touch any key on the keyboard, and everything returns to normal, even during the game! It is like PC wakes up when I do that. Funny thing is that when I play a movie it doesn't happen, maybe because codecs are preventing the PC from being idle so the movie will run smoothly, I don't know, just guessing..

I let it run for about 5mins until screensaver showed up... If I need to let it run longer let me know! Cheers System Idle Process.txt

Oh ok, sorry mate! Here you go! MyTasks.txt

MyTasks Image Name PID Session Name Session# Mem Usage ========================= ======== ================ =========== ============ System Idle Process 0 Services 0 24 K System 4 Services 0 1,192 K smss.exe 372 Services 0 1,196 K csrss.exe 576 Services 0 4,920 K wininit.exe 648 Services 0 4,660 K csrss.exe 668 Console 1 27,052 K services.exe 704 Services 0 12,700 K lsass.exe 720 Services 0 10,696 K lsm.exe 732 Services 0 4,560 K winlogon.exe 776 Console 1 8,012 K svchost.exe 900 Services 0 9,912 K svchost.exe 980 Services 0 7,988 K atiesrxx.exe 352 Services 0 4,316 K svchost.exe 556 Services 0 22,004 K svchost.exe 840 Services 0 229,736 K svchost.exe 1028 Services 0 20,472 K svchost.exe 1068 Services 0 34,824 K audiodg.exe 1152 Services 0 24,644 K svchost.exe 1200 Services 0 7,056 K svchost.exe 1324 Services 0 16,536 K atieclxx.exe 1368 Console 1 7,872 K spoolsv.exe 1524 Services 0 11,164 K svchost.exe 1564 Services 0 12,112 K avp.exe 1644 Services 0 61,504 K svchost.exe 1772 Services 0 6,400 K svchost.exe 1832 Services 0 18,988 K taskhost.exe 1960 Console 1 13,504 K dwm.exe 2172 Console 1 6,716 K explorer.exe 2200 Console 1 54,124 K vsnpstd3.exe 2304 Console 1 6,108 K SVPMgr.exe 2328 Console 1 30,996 K svchost.exe 2772 Services 0 5,528 K VCDDaemon.exe 2884 Console 1 5,320 K jusched.exe 2896 Console 1 4,680 K avp.exe 2280 Console 1 5,640 K MOM.exe 2476 Console 1 4,580 K svchost.exe 1628 Services 0 8,928 K CCC.exe 3432 Console 1 24,840 K waterfox.exe 2728 Console 1 606,068 K plugin-container.exe 2120 Console 1 91,496 K explorer.exe 4540 Console 1 36,332 K thunderbird.exe 4560 Console 1 96,496 K cmd.exe 4720 Console 1 3,024 K conhost.exe 4708 Console 1 6,072 K tasklist.exe 3748 Console 1 5,692 K WmiPrvSE.exe 2688 Services 0 6,376 K

Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit BETA 1.07.0.1008 www.malwarebytes.org Database version: v2014.01.21.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16750 Gosa :: GOSA-PC [administrator] 1/21/2014 5:44:32 PM mbar-log-2014-01-21 (17-44-32).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 221612 Time elapsed: 11 minute(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.0 (01.07.2014:1) OS: Windows 7 Ultimate x64 Ran by Gosa on Tue 01/21/2014 at 17:59:37.13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 01/21/2014 at 18:04:07.36 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner # AdwCleaner v3.017 - Report created 21/01/2014 at 18:11:18 # Updated 12/01/2014 by Xplode # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) # Username : Gosa - GOSA-PC # Running from : C:\Users\Gosa\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v0.0.0.0 -\\ Mozilla Firefox v [ File : C:\Users\Gosa\AppData\Roaming\Mozilla\Firefox\Profiles\xzxfr6lf.default\prefs.js ] ************************* AdwCleaner[R0].txt - [743 octets] - [21/01/2014 18:08:06] AdwCleaner[s0].txt - [665 octets] - [21/01/2014 18:11:18] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [724 octets] ########## MBAM Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.21.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16750 Gosa :: GOSA-PC [administrator] Protection: Disabled 1/21/2014 6:19:11 PM mbam-log-2014-01-21 (18-19-11).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 207852 Time elapsed: 2 minute(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ESET C:\Mark of ninja\bin\steam_api.dll a variant of Win32/Packed.VMProtect.ABD trojan C:\Program Files (x86)\Assassins Creed IV Black Flag\steam_api.dll a variant of Win32/HackTool.Crack.BL application C:\Program Files (x86)\Assassins Creed IV Black Flag\uplay_r1.dll Win32/HackTool.Crack.BT application C:\Program Files (x86)\Mortal Kombat Komplete Edition\DiscContentPC\steam_api.dll Win32/HackTool.Crack.BQ application FARBAR - FRST Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014 Ran by Gosa (administrator) on GOSA-PC on 21-01-2014 19:02:01 Running from C:\Users\Gosa\Downloads Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe () C:\Windows\vsnpstd3.exe () C:\Program Files (x86)\SVP\SVPMgr.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Mozilla Corporation) C:\Program Files\Waterfox\waterfox.exe (Mozilla Corporation) C:\Program Files\Waterfox\plugin-container.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\wmi64.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [snpstd3] - C:\Windows\vsnpstd3.exe [827392 2006-09-19] () HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [218880 2012-05-31] (Kaspersky Lab ZAO) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKCU\...\Run: [sVPMgr] - C:\Program Files (x86)\SVP\SVPMgr.exe [942080 2013-07-15] () HKU\Default\...\Run: [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\Default User\...\Run: [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x03F9AE7AFF78CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Tcpip\Parameters: [DhcpNameServer] 89.216.1.40 89.216.1.50 FireFox: ======== FF ProfilePath: C:\Users\Gosa\AppData\Roaming\Mozilla\Firefox\Profiles\xzxfr6lf.default FF DefaultSearchEngine: Google FF SelectedSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\Gosa\AppData\Roaming\Mozilla\Firefox\Profiles\xzxfr6lf.default\Extensions\donottrackplus@abine.com [2014-01-03] FF Extension: LastPass - C:\Users\Gosa\AppData\Roaming\Mozilla\Firefox\Profiles\xzxfr6lf.default\Extensions\support@lastpass.com [2013-07-05] FF Extension: Magic Actions for YouTube™ - C:\Users\Gosa\AppData\Roaming\Mozilla\Firefox\Profiles\xzxfr6lf.default\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2013-07-30] FF Extension: Referrer Control - C:\Users\Gosa\AppData\Roaming\Mozilla\Firefox\Profiles\xzxfr6lf.default\Extensions\referrercontrol@qixinglu.com.xpi [2013-12-25] FF Extension: Google Translator for Firefox - C:\Users\Gosa\AppData\Roaming\Mozilla\Firefox\Profiles\xzxfr6lf.default\Extensions\translator@zoli.bod.xpi [2013-09-11] FF Extension: Adblock Plus - C:\Users\Gosa\AppData\Roaming\Mozilla\Firefox\Profiles\xzxfr6lf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-05] FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基网址顾问 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-12-24] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF Extension: 安全键盘 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-12-24] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF Extension: 反广告 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-12-24] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF Extension: 安全支付 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-12-24] ==================== Services (Whitelisted) ================= R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [218880 2012-05-31] (Kaspersky Lab ZAO) ==================== Drivers (Whitelisted) ==================== R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458544 2012-04-13] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [640344 2012-05-29] (Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30000 2012-03-27] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-05-25] (Kaspersky Lab) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [27992 2012-05-25] (Kaspersky Lab) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54064 2012-05-12] (Kaspersky Lab) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [172888 2012-05-24] (Kaspersky Lab) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [85336 2012-05-29] (Kaspersky Lab) S3 MSICDSetup; \??\D:\CDriver64.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-21 19:02 - 2014-01-21 19:02 - 00010690 _____ C:\Users\Gosa\Downloads\FRST.txt 2014-01-21 19:01 - 2014-01-21 19:01 - 00000000 ____D C:\FRST 2014-01-21 19:00 - 2014-01-21 19:00 - 00000422 _____ C:\Users\Gosa\Desktop\eset.txt 2014-01-21 18:49 - 2014-01-21 18:49 - 02077184 _____ (Farbar) C:\Users\Gosa\Downloads\FRST64.exe 2014-01-21 18:23 - 2014-01-21 18:23 - 02347384 _____ (ESET) C:\Users\Gosa\Downloads\esetsmartinstaller_enu.exe 2014-01-21 18:23 - 2014-01-21 18:23 - 00000000 ____D C:\Program Files (x86)\ESET 2014-01-21 18:17 - 2014-01-21 18:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gosa\Downloads\mbam-setup-1.75.0.1300.exe 2014-01-21 18:17 - 2014-01-21 18:17 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-01-21 18:17 - 2014-01-21 18:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-21 18:17 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-01-21 18:15 - 2014-01-21 18:15 - 00000803 _____ C:\Users\Gosa\Desktop\AdwCleaner[s0].txt 2014-01-21 18:09 - 2014-01-21 18:09 - 00000743 _____ C:\Users\Gosa\Desktop\AdwCleaner[R0].txt 2014-01-21 18:07 - 2014-01-21 18:11 - 00000000 ____D C:\AdwCleaner 2014-01-21 18:07 - 2014-01-21 18:07 - 01236282 _____ C:\Users\Gosa\Desktop\AdwCleaner.exe 2014-01-21 18:04 - 2014-01-21 18:11 - 00000838 _____ C:\Users\Gosa\Desktop\JRT.txt 2014-01-21 17:59 - 2014-01-21 17:59 - 00000000 ____D C:\Windows\ERUNT 2014-01-21 17:58 - 2014-01-21 17:58 - 01037068 _____ (Thisisu) C:\Users\Gosa\Downloads\JRT.exe 2014-01-21 17:43 - 2014-01-21 17:43 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Gosa\Downloads\mbar-1.07.0.1008.exe 2014-01-21 17:43 - 2014-01-21 17:43 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-01-21 17:43 - 2014-01-21 17:43 - 00000000 ____D C:\Users\Gosa\Desktop\mbar 2014-01-20 22:25 - 2014-01-20 22:25 - 00013267 _____ C:\ComboFix.txt 2014-01-20 22:19 - 2014-01-20 22:25 - 00000000 ____D C:\Qoobox 2014-01-20 22:19 - 2014-01-20 22:24 - 00000000 ____D C:\Windows\erdnt 2014-01-20 22:19 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe 2014-01-20 22:19 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe 2014-01-20 22:19 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-01-20 22:19 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-01-20 22:19 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-01-20 22:19 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe 2014-01-20 22:19 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe 2014-01-20 22:19 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe 2014-01-20 22:18 - 2014-01-20 22:18 - 05167985 ____R (Swearware) C:\Users\Gosa\Desktop\ComboFix.exe 2014-01-20 19:53 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-01-20 19:53 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-01-20 19:53 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-01-20 19:53 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-01-20 19:52 - 2014-01-20 19:53 - 00005146 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-01-19 21:32 - 2014-01-19 22:26 - 00000000 ____D C:\Users\Gosa\Downloads\Life.As.A.House.2001.DVDRip.DivX.AC3 2014-01-19 21:29 - 2014-01-19 21:35 - 00000000 ____D C:\Users\Gosa\Downloads\Midsummer Night's Dream, A (1999) 2014-01-19 18:03 - 2014-01-19 18:03 - 00000000 ____D C:\Users\Gosa\Downloads\The.Hunger.Games.Catching.Fire.2013.IMAX.EDITION.1080p.BluRay.x264-PublicHD 2014-01-17 16:39 - 2014-01-17 16:39 - 00023388 _____ C:\Users\Gosa\Documents\cc_20140117_163920.reg 2014-01-16 22:34 - 2014-01-16 22:42 - 00000000 ____D C:\Users\Gosa\Downloads\The.Secrets.of.Da.Vinci.The.Forbidden.Manuscript.+Crack 2014-01-16 22:23 - 2014-01-16 22:37 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2014-01-16 22:23 - 2014-01-16 22:37 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2014-01-15 21:40 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-15 16:59 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-15 16:59 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-15 16:59 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-15 16:59 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-15 16:59 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-15 16:59 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-15 16:59 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-15 16:59 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-14 19:17 - 2014-01-14 19:17 - 00000000 ____D C:\Users\Gosa\Downloads\Against Me! - Transgender Dysphoria Blues [2014] 2014-01-14 19:16 - 2014-01-15 18:18 - 00000000 ____D C:\Users\Gosa\Downloads\Against Me! 2014-01-13 22:13 - 2014-01-13 22:19 - 00000000 ____D C:\Users\Gosa\Downloads\Lord.of.War.2005.DVD5.720p.BluRay.x264-REVEiLLE 2014-01-13 18:48 - 2014-01-21 17:58 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-01-13 18:44 - 2014-01-13 18:46 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit 2014-01-13 18:44 - 2013-07-16 03:41 - 01858896 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100d.dll 2014-01-13 18:44 - 2013-07-16 03:41 - 01498960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100d.dll 2014-01-13 18:44 - 2013-07-16 03:41 - 01014096 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100d.dll 2014-01-13 18:44 - 2013-07-16 03:41 - 00743248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100d.dll 2014-01-11 14:56 - 2014-01-11 14:56 - 00000000 ____D C:\Users\Gosa\AppData\Roaming\Logitech 2014-01-11 14:56 - 2014-01-11 14:56 - 00000000 ____D C:\Users\Gosa\AppData\Roaming\Logishrd 2014-01-11 13:08 - 2014-01-11 13:08 - 00000000 ____D C:\Program Files (x86)\Intel 2014-01-11 13:08 - 2013-08-05 11:50 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll 2014-01-11 13:07 - 2014-01-11 13:07 - 00000000 ____D C:\Intel 2014-01-09 17:27 - 2014-01-10 17:16 - 00000000 ____D C:\Users\Gosa\Downloads\Captain.Phillips.2013.1080p.BluRay.X264-AMIABLE 2014-01-07 00:08 - 2014-01-07 00:11 - 00000000 ____D C:\Users\Gosa\Downloads\The.Raid.Redemption.2011.1080p.MKV.AC3.DTS.HQ.Eng.NL.Subs 2014-01-06 12:40 - 2014-01-06 21:08 - 2746389422 _____ C:\Users\Gosa\Downloads\the.spectacular.now.2013-sparks.mkv 2014-01-03 22:43 - 2014-01-03 22:43 - 00000000 ____D C:\Users\Gosa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter 2014-01-03 22:43 - 2014-01-03 22:43 - 00000000 ____D C:\Users\Gosa\AppData\Roaming\Media Player Classic 2014-01-03 22:43 - 2014-01-03 22:43 - 00000000 ____D C:\Program Files (x86)\Haali 2014-01-03 22:42 - 2014-01-03 22:43 - 00000000 ____D C:\ProgramData\SVP 3.1 2014-01-03 22:15 - 2013-06-12 22:00 - 00047616 _____ C:\Windows\SysWOW64\ff_acm.acm 2013-12-30 21:07 - 2013-12-30 22:23 - 00000000 ____D C:\Users\Gosa\AppData\Local\Myst V End of Ages 2013-12-30 21:00 - 2013-12-30 23:26 - 00000000 _____ C:\Windows\vpd.properties 2013-12-24 20:32 - 2014-01-21 18:13 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-12-24 20:32 - 2013-12-24 20:32 - 00000000 ____D C:\Program Files\Windows Sidebar 2013-12-24 20:32 - 2013-12-24 20:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar 2013-12-24 20:32 - 2013-12-24 20:32 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2013-12-24 20:31 - 2012-05-29 15:55 - 00640344 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys 2013-12-24 20:31 - 2012-05-29 15:55 - 00085336 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys 2013-12-24 18:27 - 2013-12-24 18:34 - 00000000 ____D C:\ProgramData\HitmanPro 2013-12-24 17:58 - 2014-01-21 18:12 - 00422758 _____ C:\Windows\PFRO.log 2013-12-24 17:50 - 2013-12-24 17:50 - 00000000 ____D C:\Users\Gosa\AppData\Local\Secunia PSI ==================== One Month Modified Files and Folders ======= 2014-01-21 19:02 - 2014-01-21 19:02 - 00010690 _____ C:\Users\Gosa\Downloads\FRST.txt 2014-01-21 19:01 - 2014-01-21 19:01 - 00000000 ____D C:\FRST 2014-01-21 19:00 - 2014-01-21 19:00 - 00000422 _____ C:\Users\Gosa\Desktop\eset.txt 2014-01-21 18:49 - 2014-01-21 18:49 - 02077184 _____ (Farbar) C:\Users\Gosa\Downloads\FRST64.exe 2014-01-21 18:23 - 2014-01-21 18:23 - 02347384 _____ (ESET) C:\Users\Gosa\Downloads\esetsmartinstaller_enu.exe 2014-01-21 18:23 - 2014-01-21 18:23 - 00000000 ____D C:\Program Files (x86)\ESET 2014-01-21 18:20 - 2009-07-14 05:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-21 18:20 - 2009-07-14 05:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-21 18:18 - 2009-07-14 06:13 - 00752568 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-21 18:17 - 2014-01-21 18:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gosa\Downloads\mbam-setup-1.75.0.1300.exe 2014-01-21 18:17 - 2014-01-21 18:17 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-01-21 18:17 - 2014-01-21 18:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-21 18:17 - 2013-07-05 07:32 - 01458097 _____ C:\Windows\WindowsUpdate.log 2014-01-21 18:15 - 2014-01-21 18:15 - 00000803 _____ C:\Users\Gosa\Desktop\AdwCleaner[s0].txt 2014-01-21 18:13 - 2013-12-24 20:32 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2014-01-21 18:12 - 2013-12-24 17:58 - 00422758 _____ C:\Windows\PFRO.log 2014-01-21 18:12 - 2013-12-11 03:20 - 00005354 _____ C:\Windows\setupact.log 2014-01-21 18:12 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-21 18:11 - 2014-01-21 18:07 - 00000000 ____D C:\AdwCleaner 2014-01-21 18:11 - 2014-01-21 18:04 - 00000838 _____ C:\Users\Gosa\Desktop\JRT.txt 2014-01-21 18:10 - 2013-07-17 21:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-21 18:09 - 2014-01-21 18:09 - 00000743 _____ C:\Users\Gosa\Desktop\AdwCleaner[R0].txt 2014-01-21 18:07 - 2014-01-21 18:07 - 01236282 _____ C:\Users\Gosa\Desktop\AdwCleaner.exe 2014-01-21 17:59 - 2014-01-21 17:59 - 00000000 ____D C:\Windows\ERUNT 2014-01-21 17:58 - 2014-01-21 17:58 - 01037068 _____ (Thisisu) C:\Users\Gosa\Downloads\JRT.exe 2014-01-21 17:58 - 2014-01-13 18:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-01-21 17:43 - 2014-01-21 17:43 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Gosa\Downloads\mbar-1.07.0.1008.exe 2014-01-21 17:43 - 2014-01-21 17:43 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-01-21 17:43 - 2014-01-21 17:43 - 00000000 ____D C:\Users\Gosa\Desktop\mbar 2014-01-20 22:25 - 2014-01-20 22:25 - 00013267 _____ C:\ComboFix.txt 2014-01-20 22:25 - 2014-01-20 22:19 - 00000000 ____D C:\Qoobox 2014-01-20 22:25 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default 2014-01-20 22:24 - 2014-01-20 22:19 - 00000000 ____D C:\Windows\erdnt 2014-01-20 22:24 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini 2014-01-20 22:18 - 2014-01-20 22:18 - 05167985 ____R (Swearware) C:\Users\Gosa\Desktop\ComboFix.exe 2014-01-20 22:17 - 2013-07-04 23:09 - 00000000 ____D C:\Users\Gosa\AppData\Roaming\uTorrent 2014-01-20 19:53 - 2014-01-20 19:52 - 00005146 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-01-20 19:53 - 2013-10-24 18:42 - 00000000 ____D C:\Program Files (x86)\Java 2014-01-20 19:53 - 2013-09-26 18:01 - 00000000 ____D C:\ProgramData\Oracle 2014-01-19 22:26 - 2014-01-19 21:32 - 00000000 ____D C:\Users\Gosa\Downloads\Life.As.A.House.2001.DVDRip.DivX.AC3 2014-01-19 22:13 - 2013-07-11 20:01 - 00000000 ____D C:\Program Files (x86)\CS-Source 2014-01-19 21:35 - 2014-01-19 21:29 - 00000000 ____D C:\Users\Gosa\Downloads\Midsummer Night's Dream, A (1999) 2014-01-19 18:03 - 2014-01-19 18:03 - 00000000 ____D C:\Users\Gosa\Downloads\The.Hunger.Games.Catching.Fire.2013.IMAX.EDITION.1080p.BluRay.x264-PublicHD 2014-01-17 16:39 - 2014-01-17 16:39 - 00023388 _____ C:\Users\Gosa\Documents\cc_20140117_163920.reg 2014-01-16 22:42 - 2014-01-16 22:34 - 00000000 ____D C:\Users\Gosa\Downloads\The.Secrets.of.Da.Vinci.The.Forbidden.Manuscript.+Crack 2014-01-16 22:37 - 2014-01-16 22:23 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2014-01-16 22:37 - 2014-01-16 22:23 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2014-01-16 16:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2014-01-16 16:51 - 2009-07-14 05:45 - 00267240 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-15 21:42 - 2013-08-14 02:01 - 00000000 ____D C:\Windows\system32\MRT 2014-01-15 21:40 - 2013-07-04 22:37 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-15 18:18 - 2014-01-14 19:16 - 00000000 ____D C:\Users\Gosa\Downloads\Against Me! 2014-01-14 19:17 - 2014-01-14 19:17 - 00000000 ____D C:\Users\Gosa\Downloads\Against Me! - Transgender Dysphoria Blues [2014] 2014-01-13 22:19 - 2014-01-13 22:13 - 00000000 ____D C:\Users\Gosa\Downloads\Lord.of.War.2005.DVD5.720p.BluRay.x264-REVEiLLE 2014-01-13 18:46 - 2014-01-13 18:44 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit 2014-01-11 16:20 - 2013-07-04 22:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2014-01-11 14:56 - 2014-01-11 14:56 - 00000000 ____D C:\Users\Gosa\AppData\Roaming\Logitech 2014-01-11 14:56 - 2014-01-11 14:56 - 00000000 ____D C:\Users\Gosa\AppData\Roaming\Logishrd 2014-01-11 13:08 - 2014-01-11 13:08 - 00000000 ____D C:\Program Files (x86)\Intel 2014-01-11 13:07 - 2014-01-11 13:07 - 00000000 ____D C:\Intel 2014-01-10 17:16 - 2014-01-09 17:27 - 00000000 ____D C:\Users\Gosa\Downloads\Captain.Phillips.2013.1080p.BluRay.X264-AMIABLE 2014-01-07 00:11 - 2014-01-07 00:08 - 00000000 ____D C:\Users\Gosa\Downloads\The.Raid.Redemption.2011.1080p.MKV.AC3.DTS.HQ.Eng.NL.Subs 2014-01-06 21:08 - 2014-01-06 12:40 - 2746389422 _____ C:\Users\Gosa\Downloads\the.spectacular.now.2013-sparks.mkv 2014-01-03 22:43 - 2014-01-03 22:43 - 00000000 ____D C:\Users\Gosa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter 2014-01-03 22:43 - 2014-01-03 22:43 - 00000000 ____D C:\Users\Gosa\AppData\Roaming\Media Player Classic 2014-01-03 22:43 - 2014-01-03 22:43 - 00000000 ____D C:\Program Files (x86)\Haali 2014-01-03 22:43 - 2014-01-03 22:42 - 00000000 ____D C:\ProgramData\SVP 3.1 2014-01-03 22:43 - 2013-07-04 23:31 - 00000000 ____D C:\Program Files (x86)\SVP 2014-01-03 22:15 - 2013-07-04 23:33 - 00000000 ____D C:\Program Files (x86)\ffdshow 2013-12-30 23:26 - 2013-12-30 21:00 - 00000000 _____ C:\Windows\vpd.properties 2013-12-30 23:26 - 2013-08-04 10:22 - 00000000 ____D C:\Program Files (x86)\Ubisoft 2013-12-30 22:23 - 2013-12-30 21:07 - 00000000 ____D C:\Users\Gosa\AppData\Local\Myst V End of Ages 2013-12-30 21:06 - 2013-12-17 17:54 - 00001163 _____ C:\Windows\DirectX.log 2013-12-30 21:06 - 2013-11-15 21:51 - 00000000 ____D C:\Users\Gosa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2013-12-27 16:22 - 2013-12-09 17:44 - 00000010 _____ C:\Windows\popcinfo.dat 2013-12-24 20:32 - 2013-12-24 20:32 - 00000000 ____D C:\Program Files\Windows Sidebar 2013-12-24 20:32 - 2013-12-24 20:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar 2013-12-24 20:32 - 2013-12-24 20:32 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2013-12-24 20:26 - 2013-07-04 22:51 - 00000000 ____D C:\ProgramData\AVAST Software 2013-12-24 18:34 - 2013-12-24 18:27 - 00000000 ____D C:\ProgramData\HitmanPro 2013-12-24 18:14 - 2013-07-05 17:38 - 00000000 ____D C:\Program Files\Waterfox 2013-12-24 17:50 - 2013-12-24 17:50 - 00000000 ____D C:\Users\Gosa\AppData\Local\Secunia PSI 2013-12-23 21:42 - 2013-07-07 13:48 - 00000000 ____D C:\Users\Gosa\AppData\Local\SKIDROW Some content of TEMP: ==================== C:\Users\Gosa\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-20 20:22 ==================== End Of Log ============================ FARBAR - ADDITION Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-01-2014 Ran by Gosa at 2014-01-21 19:02:30 Running from C:\Users\Gosa\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} ==================== Installed Programs ====================== 7stacks 1.5 beta 2 (x32 Version: 1.4.24 - Alastria Software) 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated) AMD Accelerated Video Transcoding (Version: 13.15.100.31008 - Advanced Micro Devices, Inc.) Hidden AMD Catalyst Control Center (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden AMD Catalyst Install Manager (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.81008.0920 - Advanced Micro Devices, Inc.) Hidden Assassins Creed IV Black Flag (x32 Version: 1 - ) AviSynth 2.5 (x32 Version: - ) Broken Sword 5 (x32 Version: - Release Date: 4 Dec 2013) Castle Crashers (x32 Version: - ) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden CS-Source.v80 (x32 Version: v.80 - Valve Corporation) ffdshow v1.3.4515 [2013-06-12] (x32 Version: 1.3.4515.0 - ) Foxit Reader (x32 Version: 6.0.5.618 - Foxit Corporation) Haali Media Splitter (x32 Version: - ) Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle) Java 7 Update 51 (x32 Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Kaspersky Internet Security 2013 (x32 Version: 13.0.0.3370 - Kaspersky Lab) Kaspersky Internet Security 2013 (x32 Version: 13.0.0.3370 - Kaspersky Lab) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Mortal Kombat Komplete Edition (x32 Version: - Warner Bros) Mozilla Maintenance Service (x32 Version: 24.2.0 - Mozilla) Mozilla Thunderbird 24.2.0 (x86 en-US) (x32 Version: 24.2.0 - Mozilla) NBA 2K14 (x32 Version: 1.0.0 - 2K Sports) NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) OpenAL (x32 Version: - ) Realtek Ethernet Controller Driver (x32 Version: 7.46.610.2011 - Realtek) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6438 - Realtek Semiconductor Corp.) Sherlock Holmes The Awakened - Remastered Edition (x32 Version: - ) SmoothVideo Project version 3.1.5 (x32 Version: 3.1.5 - SVP) Ubisoft Game Launcher (x32 Version: 1.0.0.0 - UBISOFT) Uplay (x32 Version: 4.0 - Ubisoft) VirtualCloneDrive (x32 Version: - Elaborate Bytes) Waterfox 24.0 (x64 en-US) (Version: 24.0 - Mozilla) ==================== Restore Points ========================= 15-01-2014 20:40:17 Windows Update 20-01-2014 18:52:00 Installed Java 7 Update 51 21-01-2014 16:50:50 Windows Update ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {7BD934C1-6A18-4910-8C8F-D5B9E5BD8BAE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2013-12-10 17:47 - 2013-12-10 17:47 - 22332808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll 2012-05-31 18:58 - 2012-05-31 18:58 - 00072632 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\vulnerability_status_provider.dll 2012-05-31 18:57 - 2012-05-31 18:57 - 01305016 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/21/2014 06:23:26 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/21/2014 06:14:29 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Microsoft Office Sessions: ========================= Error: (01/21/2014 06:23:26 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Gosa\Downloads\esetsmartinstaller_enu.exe Error: (01/21/2014 06:14:29 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 26% Total physical RAM: 8173.95 MB Available physical RAM: 5990.91 MB Total Pagefile: 16346.08 MB Available Pagefile: 13906.45 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:193.7 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 13D08EC0) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================

Wow, that is a lot of scans Thanks, I'll try to run all these scans and post back logs as soon as possible! Cheers!

Unfortunately, SVP is not causing a problem. I see from your post above that there was a leakage problem with one of the versions, but I have the latest one and it is not giving me any troubles. Are there any more scans that you could recommend me to run? Cheers Advanced!

Cheers Advanced!! I've manually disabled Kaspersky before the scan as instructed. Here is the Log: ComboFix: ComboFix 14-01-16.03 - Gosa 01/20/2014 22:20:28.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8174.6086 [GMT 1:00] Running from: c:\users\Gosa\Desktop\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-12-20 to 2014-01-20 ))))))))))))))))))))))))))))))) . . 2014-01-20 21:24 . 2014-01-20 21:24 -------- d-----w- c:\users\Gosa\AppData\Local\temp 2014-01-20 21:24 . 2014-01-20 21:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-01-20 18:53 . 2013-12-18 20:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-01-17 18:29 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C5F40925-8F7E-44EF-AC87-8BE5F70E2581}\mpengine.dll 2014-01-16 21:23 . 2014-01-16 21:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2014-01-16 21:23 . 2014-01-16 21:37 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2014-01-15 20:40 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys 2014-01-15 15:59 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2014-01-15 15:59 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2014-01-15 15:59 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys 2014-01-15 15:59 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2014-01-15 15:59 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2014-01-15 15:59 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2014-01-15 15:59 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys 2014-01-15 15:59 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys 2014-01-13 17:48 . 2014-01-13 18:01 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2014-01-13 17:48 . 2014-01-13 17:48 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-01-13 17:44 . 2014-01-13 17:46 -------- d-----w- c:\program files\Malwarebytes Anti-Exploit 2014-01-13 17:44 . 2013-07-16 02:41 743248 ----a-w- c:\windows\SysWow64\msvcp100d.dll 2014-01-13 17:44 . 2013-07-16 02:41 1858896 ----a-w- c:\windows\system32\msvcr100d.dll 2014-01-13 17:44 . 2013-07-16 02:41 1498960 ----a-w- c:\windows\SysWow64\msvcr100d.dll 2014-01-13 17:44 . 2013-07-16 02:41 1014096 ----a-w- c:\windows\system32\msvcp100d.dll 2014-01-11 13:56 . 2014-01-11 13:56 -------- d-----w- c:\users\Gosa\AppData\Roaming\Logitech 2014-01-11 13:56 . 2014-01-11 13:56 -------- d-----w- c:\users\Gosa\AppData\Roaming\Logishrd 2014-01-11 12:08 . 2014-01-11 12:08 -------- d-----w- c:\program files (x86)\Intel 2014-01-11 12:08 . 2013-08-05 10:50 53248 ----a-w- c:\windows\SysWow64\CSVer.dll 2014-01-11 12:07 . 2014-01-11 12:07 -------- d-----w- C:\Intel 2014-01-03 21:43 . 2014-01-03 21:43 -------- d-----w- c:\users\Gosa\AppData\Roaming\Media Player Classic 2014-01-03 21:43 . 2014-01-03 21:43 -------- d-----w- c:\program files (x86)\Haali 2014-01-03 21:42 . 2014-01-03 21:43 -------- d-----w- c:\programdata\SVP 3.1 2014-01-03 21:15 . 2013-06-12 21:00 47616 ----a-w- c:\windows\SysWow64\ff_acm.acm 2013-12-30 20:07 . 2013-12-30 21:23 -------- d-----w- c:\users\Gosa\AppData\Local\Myst V End of Ages 2013-12-24 19:32 . 2013-12-24 19:32 -------- d-----w- c:\program files\Windows Sidebar 2013-12-24 19:32 . 2014-01-20 21:09 -------- d-----w- c:\programdata\Kaspersky Lab 2013-12-24 19:32 . 2013-12-24 19:32 -------- d-----w- c:\program files (x86)\Windows Sidebar 2013-12-24 19:32 . 2013-12-24 19:32 -------- d-----w- c:\program files (x86)\Kaspersky Lab 2013-12-24 19:31 . 2012-05-29 14:55 85336 ----a-w- c:\windows\system32\drivers\klflt.sys 2013-12-24 19:31 . 2012-05-29 14:55 640344 ----a-w- c:\windows\system32\drivers\klif.sys 2013-12-24 19:24 . 2013-12-24 19:24 -------- d-s---w- c:\windows\SysWow64\Microsoft 2013-12-24 17:27 . 2013-12-24 17:34 -------- d-----w- c:\programdata\HitmanPro 2013-12-24 16:50 . 2013-12-24 16:50 -------- d-----w- c:\users\Gosa\AppData\Local\Secunia PSI . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-01-15 20:40 . 2013-07-04 21:37 86054176 ----a-w- c:\windows\system32\MRT.exe 2013-12-10 16:47 . 2013-07-05 13:06 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-12-10 16:47 . 2013-07-05 13:06 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-12-05 18:12 . 2013-12-05 18:12 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2013-12-05 18:12 . 2013-12-05 18:12 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2013-12-05 18:12 . 2013-12-05 18:12 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2013-12-05 18:12 . 2013-12-05 18:12 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2013-11-23 18:26 . 2013-12-14 22:51 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-11-23 17:47 . 2013-12-14 22:51 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-11-19 02:33 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe 2013-11-12 02:23 . 2013-12-10 19:59 2048 ----a-w- c:\windows\system32\tzres.dll 2013-11-12 02:07 . 2013-12-10 19:59 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2013-10-30 02:32 . 2013-12-14 22:51 335360 ----a-w- c:\windows\system32\msieftp.dll 2013-10-30 02:19 . 2013-12-14 22:51 301568 ----a-w- c:\windows\SysWow64\msieftp.dll 2013-10-25 06:19 . 2013-12-11 02:01 51712 ----a-w- c:\windows\system32\ie4uinit.exe 2013-10-25 06:19 . 2013-12-11 02:01 2241536 ----a-w- c:\windows\system32\wininet.dll 2013-10-25 06:19 . 2013-12-11 02:01 1365504 ----a-w- c:\windows\system32\urlmon.dll 2013-10-25 06:18 . 2013-12-11 02:01 19271168 ----a-w- c:\windows\system32\mshtml.dll 2013-10-25 06:18 . 2013-12-11 02:01 603136 ----a-w- c:\windows\system32\msfeeds.dll 2013-10-25 06:17 . 2013-12-11 02:01 855552 ----a-w- c:\windows\system32\jscript.dll 2013-10-25 06:17 . 2013-12-11 02:01 3959808 ----a-w- c:\windows\system32\jscript9.dll 2013-10-25 06:17 . 2013-12-11 02:01 53248 ----a-w- c:\windows\system32\jsproxy.dll 2013-10-25 06:17 . 2013-12-11 02:01 526336 ----a-w- c:\windows\system32\ieui.dll 2013-10-25 06:17 . 2013-12-11 02:01 67072 ----a-w- c:\windows\system32\iesetup.dll 2013-10-25 06:17 . 2013-12-11 02:01 39936 ----a-w- c:\windows\system32\iernonce.dll 2013-10-25 06:17 . 2013-12-11 02:01 2648576 ----a-w- c:\windows\system32\iertutil.dll 2013-10-25 06:17 . 2013-12-11 02:01 136704 ----a-w- c:\windows\system32\iesysprep.dll 2013-10-25 06:17 . 2013-12-11 02:01 15404032 ----a-w- c:\windows\system32\ieframe.dll 2013-10-25 04:45 . 2013-12-11 02:01 1767936 ----a-w- c:\windows\SysWow64\wininet.dll 2013-10-25 04:43 . 2013-12-11 02:01 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-10-25 04:43 . 2013-12-11 02:01 61440 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-10-25 04:43 . 2013-12-11 02:01 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-10-25 04:07 . 2013-12-11 02:02 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-10-25 03:41 . 2013-12-11 02:01 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-10-24 17:45 . 2013-10-24 17:45 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-10-24 17:45 . 2013-10-24 17:45 312744 ----a-w- c:\windows\system32\javaws.exe 2013-10-24 17:45 . 2013-10-24 17:45 189352 ----a-w- c:\windows\system32\javaw.exe 2013-10-24 17:45 . 2013-10-24 17:45 189352 ----a-w- c:\windows\system32\java.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SVPMgr"="c:\program files (x86)\SVP\SVPMgr.exe" [2013-07-15 942080] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-10-08 766208] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-05-31 218880] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x] S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x] S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2014-01-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-05 16:47] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mStart Page = about:blank IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm TCP: DhcpNameServer = 89.216.1.40 89.216.1.50 . - - - - ORPHANS REMOVED - - - - . SafeBoot-55313982.sys ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1293378057-3215414277-1257973524-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E2B5F58D-B1C6-217E-D5EC-CA5346EF9CA5}*] "abceejjnfehaicmpmbkbhiglgclpckgmob"=hex:6a,61,66,6e,6b,69,64,64,70,6c,6f,6e, 61,6f,65,69,61,68,6d,67,00,00 "bbieccnkbhfaojapapcdmnfbaiomnjfllmeh"=hex:6a,61,66,6e,6b,69,64,64,70,6c,6f,6e, 61,6f,65,69,61,68,6d,67,00,00 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-01-20 22:25:51 ComboFix-quarantined-files.txt 2014-01-20 21:25 . Pre-Run: 158,729,039,872 bytes free Post-Run: 158,613,725,184 bytes free . - - End Of File - - 365966DC82D8C32EB34A5AD6F23027C2 A36C5E4F47E84449FF07ED3517B43A31

Nobody? :S

DDS log: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: BrowserJavaVersion: 10.45.2 Run by Gosa at 20:16:01 on 2014-01-11 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8174.6210 [GMT 1:00] . AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Windows\vsnpstd3.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\SVP\SVPMgr.exe C:\Users\Gosa\AppData\Roaming\PotPlayerMini\winlogs.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\taskhost.exe C:\Program Files\Waterfox\waterfox.exe C:\Windows\explorer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = about:blank mWinlogon: Userinit = userinit.exe, BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll uRun: [sVPMgr] C:\Program Files (x86)\SVP\SVPMgr.exe uRun: [Keyboard Inf.] C:\Users\Gosa\AppData\Roaming\PotPlayerMini\winlogs.exe mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun mRun: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\19a2c847-77c2-4547-bce2-da8e76d2a624.exe /check mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:28 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll TCP: NameServer = 89.216.1.40 89.216.1.50 TCP: Interfaces\{DE13BDCA-9A5A-4216-9064-C77EDA7FD9A4} : DHCPNameServer = 89.216.1.40 89.216.1.50 SSODL: WebCheck - <orphaned> x64-mStart Page = about:blank x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - x64-Run: [snpstd3] C:\Windows\vsnpstd3.exe x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-3-27 30000] R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-5-12 54064] R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-5-24 172888] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-10-8 239616] R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-5-31 218880] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-11 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-11 701512] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256] R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-5-25 29016] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-5-25 27992] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-11 25928] R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-7-23 32344] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-4 539240] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-15 19456] S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960] S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-3-15 29696] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-15 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-15 30208] S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-15 1255736] . =============== Created Last 30 ================ . 2014-01-11 15:06:23 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-01-11 15:06:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-11 13:56:32 -------- d-----w- C:\Users\Gosa\AppData\Roaming\Logishrd 2014-01-11 12:08:12 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll 2014-01-11 12:07:55 -------- d-----w- C:\Intel 2014-01-10 15:45:16 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{43D773D2-76E6-411D-9A4F-C9B3B2756A40}\mpengine.dll 2014-01-03 21:43:02 -------- d-----w- C:\Program Files (x86)\Haali 2014-01-03 21:42:34 -------- d-----w- C:\ProgramData\SVP 3.1 2014-01-03 21:15:40 47616 ----a-w- C:\Windows\SysWow64\ff_acm.acm 2014-01-03 17:35:44 -------- d-----w- C:\Program Files (x86)\Stick It To The Man! 2013-12-30 20:07:33 -------- d-----w- C:\Users\Gosa\AppData\Local\Myst V End of Ages 2013-12-24 19:32:27 -------- d-----w- C:\ProgramData\Kaspersky Lab 2013-12-24 19:32:27 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab 2013-12-24 19:31:53 85336 ----a-w- C:\Windows\System32\drivers\klflt.sys 2013-12-24 19:24:54 -------- d-s---w- C:\Windows\SysWow64\Microsoft 2013-12-24 17:27:01 -------- d-----w- C:\ProgramData\HitmanPro 2013-12-24 16:50:40 -------- d-----w- C:\Users\Gosa\AppData\Local\Secunia PSI 2013-12-21 12:10:52 -------- d-----w- C:\ProgramData\Stardock 2013-12-17 18:48:32 -------- d-----w- C:\Users\Gosa\AppData\Local\FANiSO 2013-12-15 15:22:43 -------- d-----w- C:\DriveKey 2013-12-14 22:51:30 465920 ----a-w- C:\Windows\System32\WMPhoto.dll 2013-12-14 22:51:30 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll 2013-12-14 22:51:29 335360 ----a-w- C:\Windows\System32\msieftp.dll 2013-12-14 22:51:29 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll . ==================== Find3M ==================== . 2013-12-10 16:47:01 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-12-10 16:47:01 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-12-05 18:12:25 466456 ----a-w- C:\Windows\System32\wrap_oal.dll 2013-12-05 18:12:25 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll 2013-12-05 18:12:25 122904 ----a-w- C:\Windows\System32\OpenAL32.dll 2013-12-05 18:12:25 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll 2013-11-19 02:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe 2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys 2013-10-25 06:19:22 2241536 ----a-w- C:\Windows\System32\wininet.dll 2013-10-25 06:17:57 3959808 ----a-w- C:\Windows\System32\jscript9.dll 2013-10-25 06:17:52 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-10-25 06:17:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-10-25 04:45:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-10-25 04:43:42 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-10-25 04:43:38 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-10-25 04:43:38 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-10-25 04:07:48 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-10-25 03:41:01 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-10-24 17:45:32 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2013-10-24 17:42:20 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll . ============= FINISH: 20:16:31.05 =============== ATTACH log: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 7/4/2013 11:38:52 PM System Uptime: 1/11/2014 7:46:48 PM (1 hours ago) . Motherboard: MSI | | H61M-P22 (MS-7680) Processor: Intel® Core i3-2100 CPU @ 3.10GHz | SOCKET 0 | 3100/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 124.327 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP126: 1/11/2014 4:17:05 PM - Installed USB Dual Vibration Joystick RP127: 1/11/2014 4:20:29 PM - Removed USB Dual Vibration Joystick . ==== Installed Programs ====================== . 7-Zip 9.20 (x64 edition) 7stacks 1.5 beta 2 Adobe Flash Player 11 Plugin AMD Accelerated Video Transcoding AMD Catalyst Control Center AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Media Foundation Decoders Assassins Creed IV Black Flag AviSynth 2.5 Broken Sword 5 Castle Crashers Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner CS-Source.v80 ffdshow v1.3.4515 [2013-06-12] Foxit Reader Haali Media Splitter Java 7 Update 45 Java 7 Update 45 (64-bit) Java Auto Updater Kaspersky Internet Security 2013 Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4.5.1 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 Mortal Kombat Komplete Edition Mozilla Maintenance Service Mozilla Thunderbird 24.2.0 (x86 en-US) NBA 2K14 NVIDIA PhysX OpenAL Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Sherlock Holmes The Awakened - Remastered Edition SmoothVideo Project version 3.1.5 Stick It To The Man! Ubisoft Game Launcher Uplay VirtualCloneDrive Waterfox 24.0 (x64 en-US) . ==== Event Viewer Messages From Past Week ======== . 1/8/2014 8:39:49 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 1/8/2014 7:06:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 1/6/2014 6:06:57 PM, Error: Service Control Manager [7031] - The Kaspersky Anti-Virus Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 1/6/2014 10:33:35 AM, Error: Service Control Manager [7031] - The Kaspersky Anti-Virus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. . ==== End Of File ===========================

Hello everyone that is willing to help Last couple of days a problem has occurred: when playing games on Windows 7 64bit (NBA, FIFA..) I have used PS2 joysticks with a convertor for gaming for over a year and they played perfectly smooth, and recently out of nowhere, no updates or nothing, game stutters have appeared until I press a button on a wireless keyboard (generic Logitech keyboard and mouse combo)... I came to this conclusion by accident, and after the key press game runs smooth again for a while, and the stutter returns... Same thing happenes even if I just leave my PC and screensaver goes on.. So far I have tried rebooting the PC and unplugging and plugging back in again both the keyboard and PS2 joystick converter from the USB slots with no results, disabling screensaver and disabling idle AV scanning and still nothing!. Anyone has any ideas what could cause this problem, and how to figure out the soultion? Cheers for any kind of help you guys! dds.txt attach.txt

Hey mate, my PC has just started BSOD-ing like crazy, browser is still crashing, so I guess it is time for a clean install of Windows! I'm even considering updating to Win8, what is your experience with it, and would you recommend that?

Whoops, just realised ESET is not free, so I'll uninstall MSE and go with Avast

Hmmm strange result: C:\IGRE\Resident. Evil 6\steam_api.dll a variant of Win32/Packed.VMProtect.ABD trojan cleaned by deleting - quarantined C:\Users\Gosa\Desktop\ll\µTorrent 3.3 Build 29420 Stable\uTorrent.exe a variant of Win32/Bunndle application cleaned by deleting - quarantined It said it found uTorrent but I've uninstalled it couple of days ago on your recommendation. And looks like RE6 was infected, I'll uninstall the game now! Looks like MSE isn't doing a good job, would you recommend AVAST or ESET as antivirus program?