FrankJaeger

Thank Christ! Cheers

Just updated MB after it had been nagging me for days. I updated it and then got a dialog box saying my PC would be restarting, no questions asked, in 10 minutes. How dare you. I will decide when my PC restarts, I was in the middle of watching a live event and had a document I was writing. I closed MB in task manager to circumvent this but you have coded that the PC restarts as soon as MB is closed. For shame on you. This is not acceptable. This needs to be changed. What do you think you're playing at?

Wonderful, it seems that program got 'em all first time. Again, your help is much appreciated and I'll be definitely giving that Preventive Maintenance topic a viewing! All the best

Results of screen317's Security Check version 0.99.81 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Kaspersky Anti-Virus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Java 7 Update 51 Adobe Flash Player 12.0.0.77 Adobe Reader XI Mozilla Firefox (28.0) ````````Process Check: objlist.exe by Laurent```````` Kaspersky Lab Kaspersky Anti-Virus 2013 avp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````

Thank you ever so much for your help. It's very rare to be granted such methodical guidance, and with such clarity. The scan returned 0 threats and I think I'm malware free : ) My PC is running a little slower than usual, but I think this is attributed to another issue. Do you reccomend any programs that I can get to keep my PC well maintained and protected? I have CCleaner already. Furthermore, should I keep any of the programs you gave me? Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2014.04.06.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16798 Win :: JDTJTRALGW [administrator] Protection: Disabled 06/04/2014 22:07:05 mbam-log-2014-04-06 (22-07-05).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 235141 Time elapsed: 2 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

ComboFix 14-04-03.01 - Win 05/04/2014 0:20.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.16268.14276 [GMT 1:00] Running from: c:\users\Win\Desktop\ComboFix.exe AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Win\AppData\Roaming\Origin c:\users\Win\AppData\Roaming\Origin\local.xml c:\users\Win\AppData\Roaming\Origin\local_051627926fef6a7f4307b541bf94d733.xml . . ((((((((((((((((((((((((( Files Created from 2014-03-04 to 2014-04-04 ))))))))))))))))))))))))))))))) . . 2014-04-04 23:26 . 2014-04-04 23:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-04-04 17:36 . 2014-04-04 17:36 -------- d-----w- c:\programdata\boost_interprocess 2014-04-04 13:11 . 2014-04-04 14:25 -------- d-----w- C:\FRST 2014-04-04 11:23 . 2014-04-04 13:01 -------- d-----w- C:\AdwCleaner 2014-03-31 21:58 . 2014-03-31 21:58 -------- d-----w- c:\program files (x86)\Elaborate Bytes 2014-03-17 20:27 . 2014-03-17 20:27 -------- d-----w- c:\users\Win\AppData\Roaming\Sony Corporation 2014-03-17 20:27 . 2014-03-17 20:27 -------- d-----w- c:\program files (x86)\Common Files\Sony Shared 2014-03-14 13:40 . 2014-03-14 13:40 -------- d-----w- c:\users\Win\AppData\Local\VS Revo Group 2014-03-14 13:40 . 2014-03-14 13:40 -------- d-----w- c:\programdata\VS Revo Group 2014-03-14 13:40 . 2009-12-30 10:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys 2014-03-14 13:40 . 2014-03-14 13:40 -------- d-----w- c:\program files\VS Revo Group 2014-03-12 18:33 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll 2014-03-12 18:33 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll 2014-03-12 18:33 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys 2014-03-12 18:33 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll 2014-03-12 18:33 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2014-03-12 18:33 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll 2014-03-12 18:32 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-03-12 18:32 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-18 21:23 . 2013-06-12 17:33 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-18 21:23 . 2013-06-12 17:33 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-03-12 18:35 . 2013-06-22 22:30 90015360 ----a-w- c:\windows\system32\MRT.exe 2014-02-25 01:49 . 2012-07-17 14:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2014-02-18 22:47 . 2014-02-18 22:47 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-02-01 09:20 . 2014-02-13 14:29 51712 ----a-w- c:\windows\system32\ie4uinit.exe 2014-02-01 09:19 . 2014-02-13 14:29 2241536 ----a-w- c:\windows\system32\wininet.dll 2014-02-01 09:19 . 2014-02-13 14:29 1365504 ----a-w- c:\windows\system32\urlmon.dll 2014-02-01 09:18 . 2014-02-13 14:29 197120 ----a-w- c:\windows\system32\msrating.dll 2014-02-01 09:18 . 2014-02-13 14:29 19274240 ----a-w- c:\windows\system32\mshtml.dll 2014-02-01 09:18 . 2014-02-13 14:29 603136 ----a-w- c:\windows\system32\msfeeds.dll 2014-02-01 09:18 . 2014-02-13 14:29 855552 ----a-w- c:\windows\system32\jscript.dll 2014-02-01 09:18 . 2014-02-13 14:29 3960320 ----a-w- c:\windows\system32\jscript9.dll 2014-02-01 09:18 . 2014-02-13 14:29 53760 ----a-w- c:\windows\system32\jsproxy.dll 2014-02-01 09:18 . 2014-02-13 14:29 67072 ----a-w- c:\windows\system32\iesetup.dll 2014-02-01 09:18 . 2014-02-13 14:29 526336 ----a-w- c:\windows\system32\ieui.dll 2014-02-01 09:18 . 2014-02-13 14:29 136704 ----a-w- c:\windows\system32\iesysprep.dll 2014-02-01 09:18 . 2014-02-13 14:29 2648576 ----a-w- c:\windows\system32\iertutil.dll 2014-02-01 09:18 . 2014-02-13 14:29 39936 ----a-w- c:\windows\system32\iernonce.dll 2014-02-01 09:18 . 2014-02-13 14:29 15403520 ----a-w- c:\windows\system32\ieframe.dll 2014-02-01 07:58 . 2014-02-13 14:29 1767936 ----a-w- c:\windows\SysWow64\wininet.dll 2014-02-01 07:57 . 2014-02-13 14:29 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll 2014-02-01 07:57 . 2014-02-13 14:29 61440 ----a-w- c:\windows\SysWow64\iesetup.dll 2014-02-01 07:57 . 2014-02-13 14:29 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll 2014-02-01 07:40 . 2014-02-13 14:29 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2014-02-01 07:34 . 2014-02-13 14:29 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb 2014-01-25 22:21 . 2014-01-25 22:21 367200 ----a-w- c:\windows\system32\drivers\afcdp.sys 2014-01-25 22:21 . 2014-01-25 22:21 1464096 ----a-w- c:\windows\system32\drivers\tdrpman.sys 2014-01-25 22:21 . 2014-01-25 22:21 183224 ----a-w- c:\windows\system32\drivers\tib_mounter.sys 2014-01-25 22:21 . 2014-01-25 22:21 1120032 ----a-w- c:\windows\system32\drivers\tib.sys 2014-01-25 22:21 . 2014-01-25 22:21 161568 ----a-w- c:\windows\system32\drivers\vididr.sys 2014-01-25 22:21 . 2014-01-25 22:21 269600 ----a-w- c:\windows\system32\drivers\snapman.sys 2014-01-25 22:21 . 2014-01-25 22:21 117024 ----a-w- c:\windows\system32\drivers\vidsflt.sys 2014-01-25 22:21 . 2014-01-25 22:21 116000 ----a-w- c:\windows\system32\drivers\fltsrv.sys 2014-01-09 02:22 . 2014-02-27 18:33 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440] "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2013-10-10 356128] "AdobeCEPServiceManager"="c:\program files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" [2013-03-13 1039248] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "ContentTransferWMDetector.exe"="c:\program files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\appinit_dll.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x] R3 cpuz136;cpuz136;c:\users\Win\AppData\Local\Temp\cpuz136_x64.sys;c:\users\Win\AppData\Local\Temp\cpuz136_x64.sys [x] R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS;c:\windows\SYSNATIVE\drivers\FNETTBOH_305.SYS [x] R3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x] R3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x] R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x] R4 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x] S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x] S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys;c:\windows\SYSNATIVE\DRIVERS\AsrRamDisk.sys [x] S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x] S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x] S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x] S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x] S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x] S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x] S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS;c:\windows\SYSNATIVE\drivers\FNETURPX.SYS [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x] S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x] S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x] S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys;c:\windows\SYSNATIVE\DRIVERS\VirtuWDDM.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 67170306 *Deregistered* - 67170306 . Contents of the 'Scheduled Tasks' folder . 2014-04-04 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job - c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 12:41] . 2014-04-04 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job - c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 12:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError] @="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}" [HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}] 2013-08-07 16:58 2820056 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress] @="{00F848DC-B1D4-4892-9C25-CAADC86A215D}" [HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}] 2013-08-07 16:58 2820056 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk] @="{71573297-552E-46fc-BE3D-3DFAF88D47B7}" [HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}] 2013-08-07 16:58 2820056 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-29 13513288] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992] "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2013-07-18 518424] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\appinit_dll.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 194.168.4.100 194.168.8.100 FF - ProfilePath - c:\users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe SafeBoot-67170306.sys . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2087283677-3193892326-494846436-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2087283677-3193892326-494846436-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-04-05 00:27:36 ComboFix-quarantined-files.txt 2014-04-04 23:27 . Pre-Run: 168,242,470,912 bytes free Post-Run: 173,554,434,048 bytes free . - - End Of File - - 9C1FA1BEB6B0A410A8E8CA1621F5EC39 A36C5E4F47E84449FF07ED3517B43A31 COMBOFIX Log

Thanks for the help, this is wonderful I've attached my KSST log for your review Unsigned file Service: Intel ® capability licensing service interface Service start: Auto (0x2) Files: Program File/Intel/iCLS Cleint/HeciServer.exe Locked file Service: sptd Service Type: Kernal Driver (0x1) Service Start: Boot (0x0) File: Windows System 32/drivers/sptd.sys These files flagged us as suspicious in KSST and I was unsure so I posted them here. An adobe switchboard.exe also flagged up. I clicked skip Thanks TDSSKiller.3.0.0.28_04.04.2014_23.58.24_log.txt

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Win [Admin rights] Mode : Scan -- Date : 04/04/2014 15:36:23 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤ [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD10EZEX-00RKKA0 ATA Device +++++ --- User --- [MBR] eba20bc4d564437cd03bb5f2b56b3776 [bSP] eb2e8076916d27ee3b936b36be8a24dd : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_04042014_153623.txt >> RKreport[0]_S_04032014_132014.txt;RKreport[0]_S_04032014_132421.txt

# AdwCleaner v3.023 - Report created 04/04/2014 at 14:01:57 # Updated 01/04/2014 by Xplode # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) # Username : Win - JDTJTRALGW # Running from : C:\Users\Win\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\ProgramData\DeviceVM Folder Deleted : C:\Users\Win\AppData\Local\CrashRpt Folder Deleted : C:\Users\Win\AppData\Roaming\DeviceVM File Deleted : C:\Users\Win\AppData\Local\Temp\Uninstall.exe ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} ***** [ Browsers ] ***** -\\ Internet Explorer v0.0.0.0 -\\ Mozilla Firefox v28.0 (en-US) [ File : C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\prefs.js ] ************************* AdwCleaner[R0].txt - [1435 octets] - [04/04/2014 12:23:12] AdwCleaner[s0].txt - [1376 octets] - [04/04/2014 14:01:57] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1436 octets] ########## -------------------------------------------------- ------------------------------------------------ ------------------------------------------------------- ---------------------------------------------------------- Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Win (administrator) on JDTJTRALGW on 04-04-2014 14:11:45 Running from C:\Users\Win\Ileum Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sony Corporation) C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.) HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated) HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis) HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation) HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [AdobeCEPServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [ContentTransferWMDetector.exe] - C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [583016 2009-11-19] (Sony Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\.DEFAULT\...\RunOnce: [sPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-06-11] (Microsoft Corporation) HKU\S-1-5-21-2087283677-3193892326-494846436-1000\...\Run: [ASRockXTU] - [X] HKU\S-1-5-21-2087283677-3193892326-494846436-1000\...\Run: [zASRockInstantBoot] - [X] HKU\S-1-5-21-2087283677-3193892326-494846436-1000\...\Run: [AdobeBridge] - [X] HKU\S-1-5-21-2087283677-3193892326-494846436-1000\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-2087283677-3193892326-494846436-1000\...\Run: [ASRockRuefi] - [X] HKU\S-1-5-21-2087283677-3193892326-494846436-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-2087283677-3193892326-494846436-1000\...\MountPoints2: {17a2e9d3-d1b3-11e2-ae8d-806e6f6e6963} - D:\ASRSetup.exe AppInit_DLLs: C:\Windows\system32\appinit_dll.dll => C:\Windows\system32\appinit_dll.dll [464200 2012-06-17] (Lucidlogix Inc.) AppInit_DLLs-x32: C:\Windows\SysWOW64\appinit_dll.dll => C:\Windows\SysWOW64\appinit_dll.dll [419144 2012-06-17] (Lucidlogix Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yahoo.com?type=714647&fr=spigot-yhp-ie HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x95C2AADC8E67CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK SearchScopes: HKCU - {CF0B2B5D-7A14-447e-80B2-267D11F956D5} URL = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms} SearchScopes: HKCU - {FC93E44B-4D0D-4337-8189-959D44DADCC7} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms} BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100 FireFox: ======== FF ProfilePath: C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Win\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\searchplugins\youtube-video-search.xml FF Extension: Roomy Bookmarks Toolbar - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\ALone-live@ya.ru [2014-03-19] FF Extension: British English Dictionary (Updated) - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\en-gb@flyingtophat.co.uk [2013-11-25] FF Extension: anonymoX - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\client@anonymox.net.xpi [2014-01-24] FF Extension: QuickMark - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\jid0-QT2VXewB9xzbRlyapSJjA4ebwoU@jetpack.xpi [2014-03-19] FF Extension: YouTube Center - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2014-03-19] FF Extension: English (GB) Language Pack - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2013-11-25] FF Extension: No Name - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\noverflow@sdrocking.com.xpi [2013-07-15] FF Extension: OmniSidebar - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\osb@quicksaver.xpi [2014-03-19] FF Extension: Multi Dictionary Lookup - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\tfdlookup@nohup.in.xpi [2014-01-31] FF Extension: All-in-One Sidebar - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2014-03-19] FF Extension: Quick Translator - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2014-01-31] FF Extension: YouTube High Definition - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-02-08] FF Extension: Adblock Plus - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-12] FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013-08-11] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013-08-11] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013-08-11] ==================== Services (Whitelisted) ================= R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO) S4 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH) S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation) R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-15] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-15] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-28] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) ==================== Drivers (Whitelisted) ==================== R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology) R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.) R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.) R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.) S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-09-25] (FNet Co., Ltd.) R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-06-10] (FNet Co., Ltd.) S3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] () S3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] () R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] () R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-08-11] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-10] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-08-11] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-08-11] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) S3 s125bus; C:\Windows\System32\DRIVERS\s125bus.sys [108296 2007-04-24] (MCCI Corporation) S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [19720 2007-04-24] (MCCI Corporation) S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [144648 2007-04-24] (MCCI Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-09-25] () R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-01-25] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-01-25] (Acronis) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-01-25] (Acronis International GmbH) U3 atxxmha0; No ImagePath S3 cpuz136; \??\C:\Users\Win\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-04 14:11 - 2014-04-04 14:11 - 00000000 ____D () C:\FRST 2014-04-04 12:23 - 2014-04-04 14:01 - 00000000 ____D () C:\AdwCleaner 2014-04-04 02:31 - 2014-04-04 02:31 - 01426178 _____ () C:\Users\Win\Desktop\adwcleaner.exe 2014-04-03 13:24 - 2014-04-03 13:24 - 00002269 _____ () C:\Users\Win\Desktop\RKreport[0]_S_04032014_132421.txt 2014-04-03 13:20 - 2014-04-03 13:20 - 00002236 _____ () C:\Users\Win\Desktop\RKreport[0]_S_04032014_132014.txt 2014-04-03 13:17 - 2014-04-03 13:24 - 00000000 ____D () C:\Users\Win\Desktop\RK_Quarantine 2014-04-03 11:35 - 2014-04-03 11:35 - 04527616 _____ () C:\Users\Win\Desktop\RogueKillerX64.exe 2014-04-03 02:10 - 2014-04-03 02:10 - 00019532 _____ () C:\Users\Win\Desktop\dds.txt 2014-04-03 02:10 - 2014-04-03 02:10 - 00009924 _____ () C:\Users\Win\Desktop\attach.txt 2014-04-03 02:07 - 2014-04-03 02:07 - 00688992 ____R (Swearware) C:\Users\Win\Desktop\dds.scr 2014-03-31 22:58 - 2014-03-31 22:58 - 00001250 _____ () C:\Users\Public\Desktop\Virtual CloneDrive.lnk 2014-03-31 22:58 - 2014-03-31 22:58 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes 2014-03-29 15:06 - 2014-03-29 15:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-17 21:27 - 2014-03-17 21:27 - 00001035 _____ () C:\Users\Public\Desktop\Content Transfer.lnk 2014-03-17 21:27 - 2014-03-17 21:27 - 00000000 ____D () C:\Users\Win\AppData\Roaming\Sony Corporation 2014-03-14 14:40 - 2014-03-14 14:40 - 00001077 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk 2014-03-14 14:40 - 2014-03-14 14:40 - 00000000 ____D () C:\Users\Win\AppData\Local\VS Revo Group 2014-03-14 14:40 - 2014-03-14 14:40 - 00000000 ____D () C:\ProgramData\VS Revo Group 2014-03-14 14:40 - 2014-03-14 14:40 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-03-14 14:40 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys 2014-03-14 02:24 - 2014-03-14 02:24 - 00003502 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-JDTJTRALGW-Win 2014-03-12 19:33 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-12 19:33 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-12 19:33 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-12 19:33 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-12 19:33 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-12 19:33 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-12 19:32 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-12 19:32 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll ==================== One Month Modified Files and Folders ======= 2014-04-04 14:11 - 2014-04-04 14:11 - 00000000 ____D () C:\FRST 2014-04-04 14:11 - 2013-06-12 20:28 - 00000000 ___RD () C:\Users\Win\Ileum 2014-04-04 14:10 - 2009-07-14 05:45 - 00014544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-04 14:10 - 2009-07-14 05:45 - 00014544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-04 14:09 - 2009-07-14 06:13 - 00795794 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-04 14:07 - 2013-06-10 13:40 - 01908844 _____ () C:\Windows\WindowsUpdate.log 2014-04-04 14:05 - 2013-11-20 20:30 - 00000000 ____D () C:\Users\Win\AppData\Roaming\foobar2000 2014-04-04 14:04 - 2013-08-11 22:38 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-04-04 14:03 - 2013-06-10 14:48 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2014-04-04 14:03 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-04 14:03 - 2009-07-14 05:51 - 00095586 _____ () C:\Windows\setupact.log 2014-04-04 14:01 - 2014-04-04 12:23 - 00000000 ____D () C:\AdwCleaner 2014-04-04 12:16 - 2013-06-10 14:57 - 00633052 _____ () C:\Windows\PFRO.log 2014-04-04 05:56 - 2013-06-17 23:43 - 00000000 ____D () C:\Users\Win\AppData\Roaming\uTorrent 2014-04-04 05:37 - 2013-11-29 02:10 - 00000000 ____D () C:\Users\Win\AppData\Roaming\TS3Client 2014-04-04 05:33 - 2013-06-23 15:00 - 00000000 ____D () C:\Program Files (x86)\CCleaner 2014-04-04 03:13 - 2013-09-04 02:23 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-04 02:34 - 2013-06-12 18:33 - 00000000 ____D () C:\Users\Win\AppData\Local\Adobe 2014-04-04 02:31 - 2014-04-04 02:31 - 01426178 _____ () C:\Users\Win\Desktop\adwcleaner.exe 2014-04-04 02:22 - 2013-08-14 12:54 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3F87E8E1-200E-407F-A5D7-29B290E3424A} 2014-04-04 02:13 - 2013-06-10 14:48 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2014-04-03 13:24 - 2014-04-03 13:24 - 00002269 _____ () C:\Users\Win\Desktop\RKreport[0]_S_04032014_132421.txt 2014-04-03 13:24 - 2014-04-03 13:17 - 00000000 ____D () C:\Users\Win\Desktop\RK_Quarantine 2014-04-03 13:20 - 2014-04-03 13:20 - 00002236 _____ () C:\Users\Win\Desktop\RKreport[0]_S_04032014_132014.txt 2014-04-03 11:35 - 2014-04-03 11:35 - 04527616 _____ () C:\Users\Win\Desktop\RogueKillerX64.exe 2014-04-03 02:10 - 2014-04-03 02:10 - 00019532 _____ () C:\Users\Win\Desktop\dds.txt 2014-04-03 02:10 - 2014-04-03 02:10 - 00009924 _____ () C:\Users\Win\Desktop\attach.txt 2014-04-03 02:07 - 2014-04-03 02:07 - 00688992 ____R (Swearware) C:\Users\Win\Desktop\dds.scr 2014-04-02 17:23 - 2013-06-10 15:04 - 00000000 ____D () C:\Users\Win\AppData\Local\CrashDumps 2014-03-31 22:58 - 2014-03-31 22:58 - 00001250 _____ () C:\Users\Public\Desktop\Virtual CloneDrive.lnk 2014-03-31 22:58 - 2014-03-31 22:58 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes 2014-03-30 21:11 - 2013-06-12 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-29 15:06 - 2014-03-29 15:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-27 23:51 - 2013-06-10 13:42 - 00000000 ____D () C:\Users\Win 2014-03-26 23:29 - 2014-02-13 13:54 - 00000000 ____D () C:\Users\Win\Documents\UserTesting 2014-03-26 23:29 - 2014-02-13 13:53 - 00000000 ____D () C:\Users\Win\AppData\Local\UserTestingPlugin 2014-03-23 22:55 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-18 22:23 - 2013-06-12 18:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-18 22:23 - 2013-06-12 18:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-18 11:36 - 2014-01-25 23:57 - 00000000 ____D () C:\Users\Win\AppData\Roaming\tigerplayer 2014-03-17 21:27 - 2014-03-17 21:27 - 00001035 _____ () C:\Users\Public\Desktop\Content Transfer.lnk 2014-03-17 21:27 - 2014-03-17 21:27 - 00000000 ____D () C:\Users\Win\AppData\Roaming\Sony Corporation 2014-03-17 21:27 - 2014-02-20 19:21 - 00000000 ____D () C:\ProgramData\Sony Corporation 2014-03-17 21:27 - 2014-02-20 19:21 - 00000000 ____D () C:\Program Files (x86)\Sony 2014-03-17 21:26 - 2014-02-20 19:22 - 00000000 ____D () C:\Users\Win\AppData\Local\Downloaded Installations 2014-03-14 14:40 - 2014-03-14 14:40 - 00001077 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk 2014-03-14 14:40 - 2014-03-14 14:40 - 00000000 ____D () C:\Users\Win\AppData\Local\VS Revo Group 2014-03-14 14:40 - 2014-03-14 14:40 - 00000000 ____D () C:\ProgramData\VS Revo Group 2014-03-14 14:40 - 2014-03-14 14:40 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-03-14 03:00 - 2013-06-10 14:59 - 00000000 ____D () C:\ProgramData\Adobe 2014-03-14 02:24 - 2014-03-14 02:24 - 00003502 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-JDTJTRALGW-Win 2014-03-12 19:44 - 2009-07-14 05:45 - 05065240 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-12 19:43 - 2013-07-20 23:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-12 19:43 - 2013-07-20 23:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-12 19:38 - 2013-08-14 12:53 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-12 19:35 - 2013-06-22 23:30 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-12 19:20 - 2013-09-18 17:40 - 00000000 ____D () C:\Users\Win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-03-07 02:32 - 2013-11-20 20:30 - 00001031 _____ () C:\Users\Public\Desktop\foobar2000.lnk 2014-03-07 02:32 - 2013-11-20 20:30 - 00000000 ____D () C:\Program Files (x86)\foobar2000 Some content of TEMP: ==================== C:\Users\Win\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe C:\Users\Win\AppData\Local\Temp\Lucidlogix VIRTU MVP_2.1.114.22585 Setup_64Bit.exe C:\Users\Win\AppData\Local\Temp\ntdll_dump.dll C:\Users\Win\AppData\Local\Temp\powarc1300b2.exe C:\Users\Win\AppData\Local\Temp\Quarantine.exe C:\Users\Win\AppData\Local\Temp\sfamcc00001.dll C:\Users\Win\AppData\Local\Temp\sfamcc00002.dll C:\Users\Win\AppData\Local\Temp\sfareca00001.dll C:\Users\Win\AppData\Local\Temp\sfextra.dll C:\Users\Win\AppData\Local\Temp\som_fs.exe C:\Users\Win\AppData\Local\Temp\som_mp4_encoder_2.exe C:\Users\Win\AppData\Local\Temp\vlc-2.0.8-win32.exe C:\Users\Win\AppData\Local\Temp\vlc-2.1.2-win32.exe C:\Users\Win\AppData\Local\Temp\{380C5AAD-B874-4DC8-B9E4-9DA7FC637C34}.exe C:\Users\Win\AppData\Local\Temp\{43EE48BB-3BA1-483E-804C-4E47752894AF}.exe C:\Users\Win\AppData\Local\Temp\{8AF35F8A-AF6E-494B-91D5-0C26E1D5A57F}.exe C:\Users\Win\AppData\Local\Temp\{8D1EC27A-13BF-4BDB-B19B-B7A0E9E496C0}.exe C:\Users\Win\AppData\Local\Temp\{98DA6B24-F985-487C-996B-B358F30F40A4}.exe C:\Users\Win\AppData\Local\Temp\{DE54D523-02B3-47B9-A23E-DB23012100D3}.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-31 04:02 ==================== End Of Log ============================ Addition.txt

# AdwCleaner v3.023 - Report created 04/04/2014 at 12:23:12 # Updated 01/04/2014 by Xplode # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) # Username : Win - JDTJTRALGW # Running from : C:\Users\Win\Desktop\adwcleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Users\Win\AppData\Local\Temp\Uninstall.exe Folder Found C:\ProgramData\boost_interprocess Folder Found C:\ProgramData\DeviceVM Folder Found C:\Users\Win\AppData\Local\CrashRpt Folder Found C:\Users\Win\AppData\Roaming\DeviceVM ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} ***** [ Browsers ] ***** -\\ Internet Explorer v0.0.0.0 -\\ Mozilla Firefox v28.0 (en-US) [ File : C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\prefs.js ] ************************* AdwCleaner[R0].txt - [1287 octets] - [04/04/2014 12:23:12] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1347 octets] ########## Ad log. Are these files safe to delete? They seem important but If they are in fact adware I will delete them

Oh dear, I must say this is a shared PC atm and was belonging to another someone else. Here is my new roguekiller log RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Win [Admin rights] Mode : Scan -- Date : 04/03/2014 14:25:29 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤ [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD10EZEX-00RKKA0 ATA Device +++++ --- User --- [MBR] eba20bc4d564437cd03bb5f2b56b3776 [bSP] eb2e8076916d27ee3b936b36be8a24dd : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_04032014_132421.txt >> RKreport[0]_S_04032014_132014.txt

I don't know. They look like old softwares. I had Alcohol 120% for a while. Should they not be in my host file?

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Win [Admin rights] Mode : Scan -- Date : 04/03/2014 13:24:21 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤ [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 validation.sls.microsoft.com 127.0.0.1 serial.alcohol-soft.com 127.0.0.1 www.alcohol-soft.com 127.0.0.1 images.alcohol-soft.com 127.0.0.1 trial.alcohol-soft.com 127.0.0.1 alcohol-soft.com 127.0.0.1 activation.acronis.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD10EZEX-00RKKA0 ATA Device +++++ --- User --- [MBR] eba20bc4d564437cd03bb5f2b56b3776 [bSP] eb2e8076916d27ee3b936b36be8a24dd : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_04032014_132421.txt >> RKreport[0]_S_04032014_132014.txt

Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2014.03.31.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16798 Win :: JDTJTRALGW [administrator] Protection: Disabled 02/04/2014 21:31:39 MBAM-log-2014-04-02 (22-31-15).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 495420 Time elapsed: 59 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\System32\Microsoft\Dll\user32.dll (Trojan.FakeMS.PGen) -> No action taken. (end) I'll run rouge killer now

And is deleted user32.dll a safe option? Even via MBAM?

Thanks for all your kind guidance. When I ran a quick scan It revealed no virus, should I run a full scan instead?

Thank you

Greetings, My MBAM flagged user32.dll as a threat but I didn't want to delete it since it seems like an integral system file Cheers, Frank Logs: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: BrowserJavaVersion: 10.51.2 Run by Win at 2:10:13 on 2014-04-03 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.16268.11911 [GMT 1:00] . AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe C:\Program Files\ASRock\XFast LAN\spd.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxpers.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\StikyNot.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Program Files\CPUID\HWMonitor\HWMonitor.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Users\Win\AppData\Roaming\uTorrent\uTorrent.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe C:\Windows\system32\notepad.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\mobsync.exe C:\Windows\SysWOW64\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll uRun: [ASRockXTU] <no file> mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" mRun: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll TCP: NameServer = 194.168.4.100 194.168.8.100 TCP: Interfaces\{EEC8F26E-177A-47FC-A71A-1AC89A558E61} : DHCPNameServer = 194.168.4.100 194.168.8.100 TCP: Interfaces\{EEC8F26E-177A-47FC-A71A-1AC89A558E61}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23 TCP: Interfaces\{EEC8F26E-177A-47FC-A71A-1AC89A558E61}\244575966496D277964786D264F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23 TCP: Interfaces\{EEC8F26E-177A-47FC-A71A-1AC89A558E61}\4514C4B44514C4B4D2231324133303 : DHCPNameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{EEC8F26E-177A-47FC-A71A-1AC89A558E61}\6796277696E6D65646961633235363236373 : DHCPNameServer = 194.168.4.100 194.168.8.100 AppInit_DLLs= C:\Windows\SysWOW64\appinit_dll.dll SSODL: WebCheck - <orphaned> x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> Hosts: 127.0.0.1 validation.sls.microsoft.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll FF - plugin: C:\Users\Win\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll . ============= SERVICES / DRIVERS =============== . R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-9-21 49760] R0 AsrRamDisk;AsrRamDisk;C:\Windows\System32\drivers\AsrRamDisk.sys [2013-6-10 31016] R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2014-1-25 116000] R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-6-10 16152] R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2014-1-25 1120032] R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2014-1-25 183224] R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2014-1-25 161568] R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2014-1-25 117024] R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2013-6-10 17192] R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2013-6-10 15936] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 29792] R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-1-14 54368] R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-29 241152] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-6-10 13592] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648] R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-6-10 131544] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-6-10 169432] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-11 418376] R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2014-1-25 367200] R3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2013-6-12 1918976] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768] R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-6-10 59392] R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2013-6-10 84608] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-6-10 331264] R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-1-19 46568] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-6-10 356120] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-6-10 787736] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-9 425000] R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-1-14 29280] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-1-14 29280] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-11 25928] R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-9-16 32344] R3 VirtuWDDM;VirtuWDDM;C:\Windows\System32\drivers\VirtuWDDM.sys [2014-2-5 75592] R4 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2014-1-25 3873784] R4 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2013-8-21 9735112] S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [2013-1-14 356128] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-11 701512] S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\System32\drivers\FNETTBOH_305.SYS [2013-6-12 32320] S3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536] S3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536] S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184] S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-10-14 121416] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-22 19456] S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-3-14 31800] S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-13 56832] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-10 1255736] . =============== Created Last 30 ================ . 2014-03-31 21:58:06 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes 2014-03-17 20:27:21 -------- d-----w- C:\Program Files (x86)\Common Files\Sony Shared 2014-03-14 13:40:35 -------- d-----w- C:\Users\Win\AppData\Local\VS Revo Group 2014-03-14 13:40:31 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys 2014-03-14 13:40:31 -------- d-----w- C:\ProgramData\VS Revo Group 2014-03-14 13:40:30 -------- d-----w- C:\Program Files\VS Revo Group 2014-03-12 18:33:18 484864 ----a-w- C:\Windows\System32\wer.dll 2014-03-12 18:33:18 381440 ----a-w- C:\Windows\SysWow64\wer.dll 2014-03-12 18:33:17 624128 ----a-w- C:\Windows\System32\qedit.dll 2014-03-12 18:33:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2014-03-12 18:33:17 3156480 ----a-w- C:\Windows\System32\win32k.sys 2014-03-12 18:33:17 228864 ----a-w- C:\Windows\System32\wwansvc.dll 2014-03-12 18:32:54 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2014-03-12 18:32:54 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll . ==================== Find3M ==================== . 2014-03-18 21:23:00 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-18 21:23:00 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-02-18 22:47:41 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2014-02-01 09:19:49 2241536 ----a-w- C:\Windows\System32\wininet.dll 2014-02-01 09:18:25 3960320 ----a-w- C:\Windows\System32\jscript9.dll 2014-02-01 09:18:21 67072 ----a-w- C:\Windows\System32\iesetup.dll 2014-02-01 09:18:21 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2014-02-01 07:58:31 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2014-02-01 07:57:20 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll 2014-02-01 07:57:16 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2014-02-01 07:57:16 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2014-02-01 07:40:43 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2014-02-01 07:34:53 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-01-25 22:21:44 367200 ----a-w- C:\Windows\System32\drivers\afcdp.sys 2014-01-25 22:21:42 1464096 ----a-w- C:\Windows\System32\drivers\tdrpman.sys 2014-01-25 22:21:41 183224 ----a-w- C:\Windows\System32\drivers\tib_mounter.sys 2014-01-25 22:21:41 1120032 ----a-w- C:\Windows\System32\drivers\tib.sys 2014-01-25 22:21:38 161568 ----a-w- C:\Windows\System32\drivers\vididr.sys 2014-01-25 22:21:36 269600 ----a-w- C:\Windows\System32\drivers\snapman.sys 2014-01-25 22:21:36 117024 ----a-w- C:\Windows\System32\drivers\vidsflt.sys 2014-01-25 22:21:35 116000 ----a-w- C:\Windows\System32\drivers\fltsrv.sys 2014-01-09 02:22:42 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll 2014-01-03 22:44:58 6574592 ----a-w- C:\Windows\System32\mstscax.dll . ============= FINISH: 2:10:28.72 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 10/06/2013 13:42:57 System Uptime: 02/04/2014 06:29:12 (20 hours ago) . Motherboard: ASRock | | Z77 Extreme6 Processor: Intel® Core i5-3570K CPU @ 3.40GHz | CPUSocket | 3401/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 156.204 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318} Description: A0NYK206 IDE Controller Device ID: ACPI\PNPA000\4&5D18F2DF&0 Manufacturer: (Standard mass storage controllers) Name: A0NYK206 IDE Controller PNP Device ID: ACPI\PNPA000\4&5D18F2DF&0 Service: anewdz9q . ==== System Restore Points =================== . RP164: 31/03/2014 22:58:13 - Device Driver Package Install: Elaborate Bytes AG Storage controllers RP166: 31/03/2014 23:00:45 - Revo Uninstaller Pro's restore point - Fraps (remove only) RP168: 02/04/2014 17:28:10 - Revo Uninstaller Pro's restore point - . ==== Installed Programs ====================== . 7-Zip 9.20 (x64 edition) Acrobat.com Acronis True Image 2014 Adobe AIR Adobe Flash Player 12 Plugin Adobe Photoshop CS6 Adobe Premiere Pro CC Adobe Reader XI (11.0.06) Adobe Update Management Tool Age of Empires II: HD Edition Age of Empires® III: Complete Collection AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Media Foundation Decoders Asmedia ASM106x SATA Host Controller Driver ASRock App Charger v1.0.6 ASRock eXtreme Tuner v0.1.183 ASRock InstantBoot v1.29 ASRock Restart to UEFI v1.0.1 ASRock XFast RAM v2.0.9 µTorrent Audacity 2.0.5 Broadcom NetLink Controller Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner CloneCD Content Transfer CPUID HWMonitor 1.24 D3DX10 Defraggler Empire Earth Etron USB3.0 Host Controller FLAC 1.2.1b (remove only) foobar2000 v1.3.1 GameRanger Geeks3D.com FurMark 1.9.2 HandBrake 0.9.9.1 ImgBurn Intel® Control Center Intel® Manageability Engine Firmware Recovery Agent Intel® Management Engine Components Intel® OpenCL CPU Runtime Intel® Processor Graphics Intel® Rapid Storage Technology Intel® USB 3.0 eXtensible Host Controller Driver Intel® Trusted Connect Service Client Java 7 Update 51 Java Auto Updater Junk Mail filter update Kaspersky Anti-Virus 2013 LAME v3.99.3 (for Windows) Live 8.2.2 Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 1.1 Microsoft .NET Framework 4.5.1 Microsoft Age of Empires II Microsoft Age of Empires II: The Conquerors Expansion Microsoft Application Error Reporting Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 Microsoft Visual J# .NET Redistributable Package 1.1 Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 Monkey's Audio MotioninJoy Gamepad tool 0.7.1001 Mozilla Firefox 28.0 (x86 en-US) Mozilla Maintenance Service Mp3tag v2.57 MpcStar 5.4 MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 NeoEE_Open Test OCCT 4.4.0 Origin PDF Settings CS6 PFPortChecker 1.0.39 Photo Common PunkBuster Services Realtek High Definition Audio Driver Revo Uninstaller Pro 3.0.8 Rising Storm Beta Rising Storm/Red Orchestra 2 Multiplayer Rosetta Stone Version 3 Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition Spotify Steam TeamSpeak 3 Client The Elder Scrolls Online Beta TigerGame Superjoy Box Series Total War: ROME II TP-LINK TL-WN821N_WN822N Driver Twin USB Vibration Gamepad Unity Web Player Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) UserTesting.com Recorder Plugin VIRTU MVP 2.1.114 VirtualCloneDrive Visual Studio 2010 x64 Redistributables Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinPcap 4.1.3 XFast LAN v6.61 XFastUSB . ==== Event Viewer Messages From Past Week ======== . 02/04/2014 12:21:24, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the afcdpsrv service. 01/04/2014 23:06:10, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126 01/04/2014 13:14:13, Error: Service Control Manager [7043] - The Acronis Sync Agent Service service did not shut down properly after receiving a preshutdown control. . ==== End Of File ===========================

Greetings, Ran a full pc scan yesterday and user32.dll have been flagged as a trojan. What should I do?