Jump to content

Trojan.FakeMS.PGen User32.dll Alert!


Recommended Posts

Greetings,

 

My MBAM flagged user32.dll as a threat but I didn't want to delete it since it seems like an integral system file

 

Cheers, Frank

 

Logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:   BrowserJavaVersion: 10.51.2
Run by Win at 2:10:13 on 2014-04-03
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.16268.11911 [GMT 1:00]
.
AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\ASRock\XFast LAN\spd.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\CPUID\HWMonitor\HWMonitor.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Users\Win\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mWinlogon: Userinit = userinit.exe,
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [ASRockXTU] <no file>
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
mRun: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{EEC8F26E-177A-47FC-A71A-1AC89A558E61} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{EEC8F26E-177A-47FC-A71A-1AC89A558E61}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{EEC8F26E-177A-47FC-A71A-1AC89A558E61}\244575966496D277964786D264F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{EEC8F26E-177A-47FC-A71A-1AC89A558E61}\4514C4B44514C4B4D2231324133303 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{EEC8F26E-177A-47FC-A71A-1AC89A558E61}\6796277696E6D65646961633235363236373 : DHCPNameServer = 194.168.4.100 194.168.8.100
AppInit_DLLs= C:\Windows\SysWOW64\appinit_dll.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 validation.sls.microsoft.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\


FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Users\Win\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-9-21 49760]
R0 AsrRamDisk;AsrRamDisk;C:\Windows\System32\drivers\AsrRamDisk.sys [2013-6-10 31016]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2014-1-25 116000]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-6-10 16152]
R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2014-1-25 1120032]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2014-1-25 183224]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2014-1-25 161568]
R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2014-1-25 117024]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2013-6-10 17192]
R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2013-6-10 15936]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 29792]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-1-14 54368]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-29 241152]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-6-10 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-6-10 131544]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-6-10 169432]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-11 418376]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2014-1-25 367200]
R3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2013-6-12 1918976]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-6-10 59392]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2013-6-10 84608]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-6-10 331264]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-1-19 46568]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-6-10 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-6-10 787736]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-9 425000]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-1-14 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-1-14 29280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-11 25928]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-9-16 32344]
R3 VirtuWDDM;VirtuWDDM;C:\Windows\System32\drivers\VirtuWDDM.sys [2014-2-5 75592]
R4 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2014-1-25 3873784]
R4 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2013-8-21 9735112]
S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [2013-1-14 356128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-11 701512]
S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\System32\drivers\FNETTBOH_305.SYS [2013-6-12 32320]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536]
S3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-10-14 121416]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-22 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-3-14 31800]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-13 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-10 1255736]
.
=============== Created Last 30 ================
.
2014-03-31 21:58:06    --------    d-----w-    C:\Program Files (x86)\Elaborate Bytes
2014-03-17 20:27:21    --------    d-----w-    C:\Program Files (x86)\Common Files\Sony Shared
2014-03-14 13:40:35    --------    d-----w-    C:\Users\Win\AppData\Local\VS Revo Group
2014-03-14 13:40:31    31800    ----a-w-    C:\Windows\System32\drivers\revoflt.sys
2014-03-14 13:40:31    --------    d-----w-    C:\ProgramData\VS Revo Group
2014-03-14 13:40:30    --------    d-----w-    C:\Program Files\VS Revo Group
2014-03-12 18:33:18    484864    ----a-w-    C:\Windows\System32\wer.dll
2014-03-12 18:33:18    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-03-12 18:33:17    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-03-12 18:33:17    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-03-12 18:33:17    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-03-12 18:33:17    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2014-03-12 18:32:54    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-03-12 18:32:54    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
.
==================== Find3M  ====================
.
2014-03-18 21:23:00    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-18 21:23:00    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-18 22:47:41    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-01 09:19:49    2241536    ----a-w-    C:\Windows\System32\wininet.dll
2014-02-01 09:18:25    3960320    ----a-w-    C:\Windows\System32\jscript9.dll
2014-02-01 09:18:21    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2014-02-01 09:18:21    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2014-02-01 07:58:31    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-02-01 07:57:20    2877952    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-02-01 07:57:16    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-02-01 07:57:16    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2014-02-01 07:40:43    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-02-01 07:34:53    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-01-25 22:21:44    367200    ----a-w-    C:\Windows\System32\drivers\afcdp.sys
2014-01-25 22:21:42    1464096    ----a-w-    C:\Windows\System32\drivers\tdrpman.sys
2014-01-25 22:21:41    183224    ----a-w-    C:\Windows\System32\drivers\tib_mounter.sys
2014-01-25 22:21:41    1120032    ----a-w-    C:\Windows\System32\drivers\tib.sys
2014-01-25 22:21:38    161568    ----a-w-    C:\Windows\System32\drivers\vididr.sys
2014-01-25 22:21:36    269600    ----a-w-    C:\Windows\System32\drivers\snapman.sys
2014-01-25 22:21:36    117024    ----a-w-    C:\Windows\System32\drivers\vidsflt.sys
2014-01-25 22:21:35    116000    ----a-w-    C:\Windows\System32\drivers\fltsrv.sys
2014-01-09 02:22:42    5694464    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2014-01-03 22:44:58    6574592    ----a-w-    C:\Windows\System32\mstscax.dll
.
============= FINISH:  2:10:28.72 ===============

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 10/06/2013 13:42:57
System Uptime: 02/04/2014 06:29:12 (20 hours ago)
.
Motherboard: ASRock |  | Z77 Extreme6
Processor: Intel® Core i5-3570K CPU @ 3.40GHz | CPUSocket | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 156.204 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: A0NYK206 IDE Controller
Device ID: ACPI\PNPA000\4&5D18F2DF&0
Manufacturer: (Standard mass storage controllers)
Name: A0NYK206 IDE Controller
PNP Device ID: ACPI\PNPA000\4&5D18F2DF&0
Service: anewdz9q
.
==== System Restore Points ===================
.
RP164: 31/03/2014 22:58:13 - Device Driver Package Install: Elaborate Bytes AG Storage controllers
RP166: 31/03/2014 23:00:45 - Revo Uninstaller Pro's restore point - Fraps (remove only)
RP168: 02/04/2014 17:28:10 - Revo Uninstaller Pro's restore point -
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Acrobat.com
Acronis True Image 2014
Adobe AIR
Adobe Flash Player 12 Plugin
Adobe Photoshop CS6
Adobe Premiere Pro CC
Adobe Reader XI (11.0.06)
Adobe Update Management Tool
Age of Empires II: HD Edition
Age of Empires® III: Complete Collection
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Asmedia ASM106x SATA Host Controller Driver
ASRock App Charger v1.0.6
ASRock eXtreme Tuner v0.1.183
ASRock InstantBoot v1.29
ASRock Restart to UEFI v1.0.1
ASRock XFast RAM v2.0.9
µTorrent
Audacity 2.0.5
Broadcom NetLink Controller
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CloneCD
Content Transfer
CPUID HWMonitor 1.24
D3DX10
Defraggler
Empire Earth
Etron USB3.0 Host Controller
FLAC 1.2.1b (remove only)
foobar2000 v1.3.1
GameRanger
Geeks3D.com FurMark 1.9.2
HandBrake 0.9.9.1
ImgBurn
Intel® Control Center
Intel® Manageability Engine Firmware Recovery Agent
Intel® Management Engine Components
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
Java 7 Update 51
Java Auto Updater
Junk Mail filter update
Kaspersky Anti-Virus 2013
LAME v3.99.3 (for Windows)
Live 8.2.2
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.5.1
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Monkey's Audio
MotioninJoy Gamepad tool 0.7.1001
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
Mp3tag v2.57
MpcStar 5.4
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
NeoEE_Open Test
OCCT 4.4.0
Origin
PDF Settings CS6
PFPortChecker 1.0.39
Photo Common
PunkBuster Services
Realtek High Definition Audio Driver
Revo Uninstaller Pro 3.0.8
Rising Storm Beta
Rising Storm/Red Orchestra 2 Multiplayer
Rosetta Stone Version 3
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
Spotify
Steam
TeamSpeak 3 Client
The Elder Scrolls Online Beta
TigerGame Superjoy Box Series
Total War: ROME II
TP-LINK TL-WN821N_WN822N Driver
Twin USB Vibration Gamepad
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
UserTesting.com Recorder Plugin
VIRTU MVP 2.1.114
VirtualCloneDrive
Visual Studio 2010 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.3
XFast LAN v6.61
XFastUSB
.
==== Event Viewer Messages From Past Week ========
.
02/04/2014 12:21:24, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while

waiting for a transaction response from the afcdpsrv service.
01/04/2014 23:06:10, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed

to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126
01/04/2014 13:14:13, Error: Service Control Manager [7043]  - The Acronis Sync Agent Service service did not

shut down properly after receiving a preshutdown control.
.
==== End Of File ===========================
 

 

 

Link to post
Share on other sites

Welcome to the forum.

Please run a Quick Scan with Malwarebytes like this:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

If you're using Malwarebytes 2.0, please run a Threat Scan

Then.......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Thanks for all your kind guidance. When I ran a quick scan It revealed no virus, should I run a full scan instead?

 

No, can you post one of the logs from MB showing were it's flagging user32.dll

 

And is deleted user32.dll a safe option? Even via MBAM?

It depends on where it's located, please run RogueKiller.

MrC

Link to post
Share on other sites

 

No, can you post one of the logs from MB showing were it's flagging user32.dll

 

It depends on where it's located, please run RogueKiller.

MrC

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

Database version: v2014.03.31.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16798

Win :: JDTJTRALGW [administrator]

Protection: Disabled

02/04/2014 21:31:39

MBAM-log-2014-04-02 (22-31-15).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 495420

Time elapsed: 59 minute(s), 26 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\System32\Microsoft\Dll\user32.dll (Trojan.FakeMS.PGen) -> No action taken.

(end)

 

I'll run rouge killer now

Link to post
Share on other sites

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Win [Admin rights]
Mode : Scan -- Date : 04/03/2014 13:24:21
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 validation.sls.microsoft.com
127.0.0.1 serial.alcohol-soft.com
127.0.0.1 www.alcohol-soft.com
127.0.0.1 images.alcohol-soft.com
127.0.0.1 trial.alcohol-soft.com
127.0.0.1 alcohol-soft.com
127.0.0.1 activation.acronis.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD10EZEX-00RKKA0 ATA Device +++++
--- User ---
[MBR] eba20bc4d564437cd03bb5f2b56b3776
[bSP] eb2e8076916d27ee3b936b36be8a24dd : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_04032014_132421.txt >>
RKreport[0]_S_04032014_132014.txt


 

Link to post
Share on other sites

Why are these in your host file:


127.0.0.1 validation.sls.microsoft.com
127.0.0.1 serial.alcohol-soft.com
127.0.0.1 www.alcohol-soft.com
127.0.0.1 images.alcohol-soft.com
127.0.0.1 trial.alcohol-soft.com
127.0.0.1 alcohol-soft.com
127.0.0.1 activation.acronis.com

 

 

 

MrC

Link to post
Share on other sites

They are used to crack Alcohol, aka: Piracy

Here's the forum policy on it:

https://forums.malwarebytes.org/index.php?showtopic=97700

-----------------------------------------------

Please go to the link below, download and run Fixit:

http://support.microsoft.com/kb/972034 <---reset host file fixit

Rescan with RogueKiller and post the new log, MrC

Link to post
Share on other sites

Oh dear, I must say this is a shared PC atm and was belonging to another someone else. Here is my new roguekiller log

 

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Win [Admin rights]
Mode : Scan -- Date : 04/03/2014 14:25:29
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD10EZEX-00RKKA0 ATA Device +++++
--- User ---
[MBR] eba20bc4d564437cd03bb5f2b56b3776
[bSP] eb2e8076916d27ee3b936b36be8a24dd : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_04032014_132421.txt >>
RKreport[0]_S_04032014_132014.txt


 

Link to post
Share on other sites

You can have MB delete this one if found:

Files Detected: 1

C:\Windows\System32\Microsoft\Dll\user32.dll (Trojan.FakeMS.PGen) -> No action taken.

-------------------------------------------------------

Use your CCleaner to clean out temp files

Next.......

Start with this: (make sure you have created a new system restore point)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then......

Please run a Quick Scan with Malwarebytes like this:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

If you're using Malwarebytes 2.0, please run a Threat Scan

Last........

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

# AdwCleaner v3.023 - Report created 04/04/2014 at 12:23:12
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Win - JDTJTRALGW
# Running from : C:\Users\Win\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Win\AppData\Local\Temp\Uninstall.exe
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\DeviceVM
Folder Found C:\Users\Win\AppData\Local\CrashRpt
Folder Found C:\Users\Win\AppData\Roaming\DeviceVM

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1287 octets] - [04/04/2014 12:23:12]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1347 octets] ##########

 Ad log. Are these files safe to delete? They seem important but If they are in fact adware I will delete them

Link to post
Share on other sites

You can have MB delete this one if found:

Files Detected: 1

C:\Windows\System32\Microsoft\Dll\user32.dll (Trojan.FakeMS.PGen) -> No action taken.

-------------------------------------------------------

Use your CCleaner to clean out temp files

Next.......

Start with this: (make sure you have created a new system restore point)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then......

Please run a Quick Scan with Malwarebytes like this:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

If you're using Malwarebytes 2.0, please run a Threat Scan

Last........

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

 

 

# AdwCleaner v3.023 - Report created 04/04/2014 at 14:01:57

# Updated 01/04/2014 by Xplode

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

# Username : Win - JDTJTRALGW

# Running from : C:\Users\Win\Desktop\adwcleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\ProgramData\DeviceVM

Folder Deleted : C:\Users\Win\AppData\Local\CrashRpt

Folder Deleted : C:\Users\Win\AppData\Roaming\DeviceVM

File Deleted : C:\Users\Win\AppData\Local\Temp\Uninstall.exe

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [1435 octets] - [04/04/2014 12:23:12]

AdwCleaner[s0].txt - [1376 octets] - [04/04/2014 14:01:57]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1436 octets] ##########

 

--------------------------------------------------

------------------------------------------------

-------------------------------------------------------

----------------------------------------------------------

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014

Ran by Win (administrator) on JDTJTRALGW on 04-04-2014 14:11:45

Running from C:\Users\Win\Ileum

Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Microsoft Corporation) C:\Windows\System32\StikyNot.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Sony Corporation) C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)

HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)

HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)

HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)

HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)

HKLM-x32\...\Run: [AdobeCEPServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [ContentTransferWMDetector.exe] - C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [583016 2009-11-19] (Sony Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\.DEFAULT\...\RunOnce: [sPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-06-11] (Microsoft Corporation)

HKU\S-1-5-21-2087283677-3193892326-494846436-1000\...\Run: [ASRockXTU] - [X]

HKU\S-1-5-21-2087283677-3193892326-494846436-1000\...\Run: [zASRockInstantBoot] - [X]

HKU\S-1-5-21-2087283677-3193892326-494846436-1000\...\Run: [AdobeBridge] - [X]

HKU\S-1-5-21-2087283677-3193892326-494846436-1000\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)

HKU\S-1-5-21-2087283677-3193892326-494846436-1000\...\Run: [ASRockRuefi] - [X]

HKU\S-1-5-21-2087283677-3193892326-494846436-1000\...\Policies\system: [DisableLockWorkstation] 0

HKU\S-1-5-21-2087283677-3193892326-494846436-1000\...\MountPoints2: {17a2e9d3-d1b3-11e2-ae8d-806e6f6e6963} - D:\ASRSetup.exe

AppInit_DLLs: C:\Windows\system32\appinit_dll.dll => C:\Windows\system32\appinit_dll.dll [464200 2012-06-17] (Lucidlogix Inc.)

AppInit_DLLs-x32: C:\Windows\SysWOW64\appinit_dll.dll => C:\Windows\SysWOW64\appinit_dll.dll [419144 2012-06-17] (Lucidlogix Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yahoo.com?type=714647&fr=spigot-yhp-ie

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x95C2AADC8E67CE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK

SearchScopes: HKCU - {CF0B2B5D-7A14-447e-80B2-267D11F956D5} URL = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}

SearchScopes: HKCU - {FC93E44B-4D0D-4337-8189-959D44DADCC7} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}

BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)

BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:

========

FF ProfilePath: C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Win\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF SearchPlugin: C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\searchplugins\youtube-video-search.xml

FF Extension: Roomy Bookmarks Toolbar - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\ALone-live@ya.ru [2014-03-19]

FF Extension: British English Dictionary (Updated) - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\en-gb@flyingtophat.co.uk [2013-11-25]

FF Extension: anonymoX - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\client@anonymox.net.xpi [2014-01-24]

FF Extension: QuickMark - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\jid0-QT2VXewB9xzbRlyapSJjA4ebwoU@jetpack.xpi [2014-03-19]

FF Extension: YouTube Center - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2014-03-19]

FF Extension: English (GB) Language Pack - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2013-11-25]

FF Extension: No Name - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\noverflow@sdrocking.com.xpi [2013-07-15]

FF Extension: OmniSidebar - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\osb@quicksaver.xpi [2014-03-19]

FF Extension: Multi Dictionary Lookup - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\tfdlookup@nohup.in.xpi [2014-01-31]

FF Extension: All-in-One Sidebar - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2014-03-19]

FF Extension: Quick Translator - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2014-01-31]

FF Extension: YouTube High Definition - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-02-08]

FF Extension: Adblock Plus - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-12]

FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com

FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013-08-11]

FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com

FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013-08-11]

FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com

FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013-08-11]

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)

S4 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH)

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-15] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-15] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-28] ()

S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)

==================== Drivers (Whitelisted) ====================

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)

R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)

R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)

R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)

S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-09-25] (FNet Co., Ltd.)

R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-06-10] (FNet Co., Ltd.)

S3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()

S3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()

R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)

U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-08-11] (Kaspersky Lab ZAO)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-10] (Kaspersky Lab ZAO)

R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)

R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)

R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)

R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-08-11] (Kaspersky Lab ZAO)

R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-08-11] (Kaspersky Lab ZAO)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)

S3 s125bus; C:\Windows\System32\DRIVERS\s125bus.sys [108296 2007-04-24] (MCCI Corporation)

S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [19720 2007-04-24] (MCCI Corporation)

S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [144648 2007-04-24] (MCCI Corporation)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-09-25] ()

R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-01-25] (Acronis International GmbH)

R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-01-25] (Acronis)

R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-01-25] (Acronis International GmbH)

U3 atxxmha0; No ImagePath

S3 cpuz136; \??\C:\Users\Win\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-04 14:11 - 2014-04-04 14:11 - 00000000 ____D () C:\FRST

2014-04-04 12:23 - 2014-04-04 14:01 - 00000000 ____D () C:\AdwCleaner

2014-04-04 02:31 - 2014-04-04 02:31 - 01426178 _____ () C:\Users\Win\Desktop\adwcleaner.exe

2014-04-03 13:24 - 2014-04-03 13:24 - 00002269 _____ () C:\Users\Win\Desktop\RKreport[0]_S_04032014_132421.txt

2014-04-03 13:20 - 2014-04-03 13:20 - 00002236 _____ () C:\Users\Win\Desktop\RKreport[0]_S_04032014_132014.txt

2014-04-03 13:17 - 2014-04-03 13:24 - 00000000 ____D () C:\Users\Win\Desktop\RK_Quarantine

2014-04-03 11:35 - 2014-04-03 11:35 - 04527616 _____ () C:\Users\Win\Desktop\RogueKillerX64.exe

2014-04-03 02:10 - 2014-04-03 02:10 - 00019532 _____ () C:\Users\Win\Desktop\dds.txt

2014-04-03 02:10 - 2014-04-03 02:10 - 00009924 _____ () C:\Users\Win\Desktop\attach.txt

2014-04-03 02:07 - 2014-04-03 02:07 - 00688992 ____R (Swearware) C:\Users\Win\Desktop\dds.scr

2014-03-31 22:58 - 2014-03-31 22:58 - 00001250 _____ () C:\Users\Public\Desktop\Virtual CloneDrive.lnk

2014-03-31 22:58 - 2014-03-31 22:58 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes

2014-03-29 15:06 - 2014-03-29 15:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-03-17 21:27 - 2014-03-17 21:27 - 00001035 _____ () C:\Users\Public\Desktop\Content Transfer.lnk

2014-03-17 21:27 - 2014-03-17 21:27 - 00000000 ____D () C:\Users\Win\AppData\Roaming\Sony Corporation

2014-03-14 14:40 - 2014-03-14 14:40 - 00001077 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

2014-03-14 14:40 - 2014-03-14 14:40 - 00000000 ____D () C:\Users\Win\AppData\Local\VS Revo Group

2014-03-14 14:40 - 2014-03-14 14:40 - 00000000 ____D () C:\ProgramData\VS Revo Group

2014-03-14 14:40 - 2014-03-14 14:40 - 00000000 ____D () C:\Program Files\VS Revo Group

2014-03-14 14:40 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys

2014-03-14 02:24 - 2014-03-14 02:24 - 00003502 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-JDTJTRALGW-Win

2014-03-12 19:33 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-03-12 19:33 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-03-12 19:33 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2014-03-12 19:33 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2014-03-12 19:33 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll

2014-03-12 19:33 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

2014-03-12 19:32 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-03-12 19:32 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

==================== One Month Modified Files and Folders =======

2014-04-04 14:11 - 2014-04-04 14:11 - 00000000 ____D () C:\FRST

2014-04-04 14:11 - 2013-06-12 20:28 - 00000000 ___RD () C:\Users\Win\Ileum

2014-04-04 14:10 - 2009-07-14 05:45 - 00014544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-04 14:10 - 2009-07-14 05:45 - 00014544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-04 14:09 - 2009-07-14 06:13 - 00795794 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-04 14:07 - 2013-06-10 13:40 - 01908844 _____ () C:\Windows\WindowsUpdate.log

2014-04-04 14:05 - 2013-11-20 20:30 - 00000000 ____D () C:\Users\Win\AppData\Roaming\foobar2000

2014-04-04 14:04 - 2013-08-11 22:38 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2014-04-04 14:03 - 2013-06-10 14:48 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job

2014-04-04 14:03 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-04 14:03 - 2009-07-14 05:51 - 00095586 _____ () C:\Windows\setupact.log

2014-04-04 14:01 - 2014-04-04 12:23 - 00000000 ____D () C:\AdwCleaner

2014-04-04 12:16 - 2013-06-10 14:57 - 00633052 _____ () C:\Windows\PFRO.log

2014-04-04 05:56 - 2013-06-17 23:43 - 00000000 ____D () C:\Users\Win\AppData\Roaming\uTorrent

2014-04-04 05:37 - 2013-11-29 02:10 - 00000000 ____D () C:\Users\Win\AppData\Roaming\TS3Client

2014-04-04 05:33 - 2013-06-23 15:00 - 00000000 ____D () C:\Program Files (x86)\CCleaner

2014-04-04 03:13 - 2013-09-04 02:23 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-04-04 02:34 - 2013-06-12 18:33 - 00000000 ____D () C:\Users\Win\AppData\Local\Adobe

2014-04-04 02:31 - 2014-04-04 02:31 - 01426178 _____ () C:\Users\Win\Desktop\adwcleaner.exe

2014-04-04 02:22 - 2013-08-14 12:54 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3F87E8E1-200E-407F-A5D7-29B290E3424A}

2014-04-04 02:13 - 2013-06-10 14:48 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

2014-04-03 13:24 - 2014-04-03 13:24 - 00002269 _____ () C:\Users\Win\Desktop\RKreport[0]_S_04032014_132421.txt

2014-04-03 13:24 - 2014-04-03 13:17 - 00000000 ____D () C:\Users\Win\Desktop\RK_Quarantine

2014-04-03 13:20 - 2014-04-03 13:20 - 00002236 _____ () C:\Users\Win\Desktop\RKreport[0]_S_04032014_132014.txt

2014-04-03 11:35 - 2014-04-03 11:35 - 04527616 _____ () C:\Users\Win\Desktop\RogueKillerX64.exe

2014-04-03 02:10 - 2014-04-03 02:10 - 00019532 _____ () C:\Users\Win\Desktop\dds.txt

2014-04-03 02:10 - 2014-04-03 02:10 - 00009924 _____ () C:\Users\Win\Desktop\attach.txt

2014-04-03 02:07 - 2014-04-03 02:07 - 00688992 ____R (Swearware) C:\Users\Win\Desktop\dds.scr

2014-04-02 17:23 - 2013-06-10 15:04 - 00000000 ____D () C:\Users\Win\AppData\Local\CrashDumps

2014-03-31 22:58 - 2014-03-31 22:58 - 00001250 _____ () C:\Users\Public\Desktop\Virtual CloneDrive.lnk

2014-03-31 22:58 - 2014-03-31 22:58 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes

2014-03-30 21:11 - 2013-06-12 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-03-29 15:06 - 2014-03-29 15:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-03-27 23:51 - 2013-06-10 13:42 - 00000000 ____D () C:\Users\Win

2014-03-26 23:29 - 2014-02-13 13:54 - 00000000 ____D () C:\Users\Win\Documents\UserTesting

2014-03-26 23:29 - 2014-02-13 13:53 - 00000000 ____D () C:\Users\Win\AppData\Local\UserTestingPlugin

2014-03-23 22:55 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-03-18 22:23 - 2013-06-12 18:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-03-18 22:23 - 2013-06-12 18:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-03-18 11:36 - 2014-01-25 23:57 - 00000000 ____D () C:\Users\Win\AppData\Roaming\tigerplayer

2014-03-17 21:27 - 2014-03-17 21:27 - 00001035 _____ () C:\Users\Public\Desktop\Content Transfer.lnk

2014-03-17 21:27 - 2014-03-17 21:27 - 00000000 ____D () C:\Users\Win\AppData\Roaming\Sony Corporation

2014-03-17 21:27 - 2014-02-20 19:21 - 00000000 ____D () C:\ProgramData\Sony Corporation

2014-03-17 21:27 - 2014-02-20 19:21 - 00000000 ____D () C:\Program Files (x86)\Sony

2014-03-17 21:26 - 2014-02-20 19:22 - 00000000 ____D () C:\Users\Win\AppData\Local\Downloaded Installations

2014-03-14 14:40 - 2014-03-14 14:40 - 00001077 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

2014-03-14 14:40 - 2014-03-14 14:40 - 00000000 ____D () C:\Users\Win\AppData\Local\VS Revo Group

2014-03-14 14:40 - 2014-03-14 14:40 - 00000000 ____D () C:\ProgramData\VS Revo Group

2014-03-14 14:40 - 2014-03-14 14:40 - 00000000 ____D () C:\Program Files\VS Revo Group

2014-03-14 03:00 - 2013-06-10 14:59 - 00000000 ____D () C:\ProgramData\Adobe

2014-03-14 02:24 - 2014-03-14 02:24 - 00003502 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-JDTJTRALGW-Win

2014-03-12 19:44 - 2009-07-14 05:45 - 05065240 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-12 19:43 - 2013-07-20 23:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-03-12 19:43 - 2013-07-20 23:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-03-12 19:38 - 2013-08-14 12:53 - 00000000 ____D () C:\Windows\system32\MRT

2014-03-12 19:35 - 2013-06-22 23:30 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-03-12 19:20 - 2013-09-18 17:40 - 00000000 ____D () C:\Users\Win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2014-03-07 02:32 - 2013-11-20 20:30 - 00001031 _____ () C:\Users\Public\Desktop\foobar2000.lnk

2014-03-07 02:32 - 2013-11-20 20:30 - 00000000 ____D () C:\Program Files (x86)\foobar2000

Some content of TEMP:

====================

C:\Users\Win\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe

C:\Users\Win\AppData\Local\Temp\Lucidlogix VIRTU MVP_2.1.114.22585 Setup_64Bit.exe

C:\Users\Win\AppData\Local\Temp\ntdll_dump.dll

C:\Users\Win\AppData\Local\Temp\powarc1300b2.exe

C:\Users\Win\AppData\Local\Temp\Quarantine.exe

C:\Users\Win\AppData\Local\Temp\sfamcc00001.dll

C:\Users\Win\AppData\Local\Temp\sfamcc00002.dll

C:\Users\Win\AppData\Local\Temp\sfareca00001.dll

C:\Users\Win\AppData\Local\Temp\sfextra.dll

C:\Users\Win\AppData\Local\Temp\som_fs.exe

C:\Users\Win\AppData\Local\Temp\som_mp4_encoder_2.exe

C:\Users\Win\AppData\Local\Temp\vlc-2.0.8-win32.exe

C:\Users\Win\AppData\Local\Temp\vlc-2.1.2-win32.exe

C:\Users\Win\AppData\Local\Temp\{380C5AAD-B874-4DC8-B9E4-9DA7FC637C34}.exe

C:\Users\Win\AppData\Local\Temp\{43EE48BB-3BA1-483E-804C-4E47752894AF}.exe

C:\Users\Win\AppData\Local\Temp\{8AF35F8A-AF6E-494B-91D5-0C26E1D5A57F}.exe

C:\Users\Win\AppData\Local\Temp\{8D1EC27A-13BF-4BDB-B19B-B7A0E9E496C0}.exe

C:\Users\Win\AppData\Local\Temp\{98DA6B24-F985-487C-996B-B358F30F40A4}.exe

C:\Users\Win\AppData\Local\Temp\{DE54D523-02B3-47B9-A23E-DB23012100D3}.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-31 04:02

==================== End Of Log ============================

 

Addition.txt

Link to post
Share on other sites

Use your CCleaner to clean out temp file, but first...download the latest version from the link below. You can install it right over the top of the version you have now:
http://www.piriform.com/ccleaner/download

Now run CCleaner and clean out the temp files.

-------------------------------

From the scan, your host file shows this, did you add them back:

 

2009-07-14 03:34 - 2014-01-25 23:22 - 00001064 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 validation.sls.microsoft.com
127.0.0.1 serial.alcohol-soft.com
127.0.0.1 www.alcohol-soft.com
127.0.0.1 images.alcohol-soft.com
127.0.0.1 trial.alcohol-soft.com
127.0.0.1 alcohol-soft.com
127.0.0.1 activation.acronis.com

 


------------------------------

Download the attached fixlist.txt to the same folder as FRST.
Run FRST.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

MrC

Link to post
Share on other sites

Use your CCleaner to clean out temp file, but first...download the latest version from the link below. You can install it right over the top of the version you have now:

http://uk.search.yah...r=spigot-yhp-ie

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://uk.search.yah...&type=714647&p={searchTerms}

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Extension: QuickMark - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\jid0-QT2VXewB9xzbRlyapSJjA4ebwoU@jetpack.xpi [2014-03-19]

U3 atxxmha0; No ImagePath

S3 cpuz136; \??\C:\Users\Win\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]

C:\Users\Win\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe

C:\Users\Win\AppData\Local\Temp\Lucidlogix VIRTU MVP_2.1.114.22585 Setup_64Bit.exe

C:\Users\Win\AppData\Local\Temp\ntdll_dump.dll

C:\Users\Win\AppData\Local\Temp\powarc1300b2.exe

C:\Users\Win\AppData\Local\Temp\Quarantine.exe

C:\Users\Win\AppData\Local\Temp\sfamcc00001.dll

C:\Users\Win\AppData\Local\Temp\sfamcc00002.dll

C:\Users\Win\AppData\Local\Temp\sfareca00001.dll

C:\Users\Win\AppData\Local\Temp\sfextra.dll

C:\Users\Win\AppData\Local\Temp\som_fs.exe

C:\Users\Win\AppData\Local\Temp\som_mp4_encoder_2.exe

C:\Users\Win\AppData\Local\Temp\vlc-2.0.8-win32.exe

C:\Users\Win\AppData\Local\Temp\vlc-2.1.2-win32.exe

C:\Users\Win\AppData\Local\Temp\{380C5AAD-B874-4DC8-B9E4-9DA7FC637C34}.exe

C:\Users\Win\AppData\Local\Temp\{43EE48BB-3BA1-483E-804C-4E47752894AF}.exe

C:\Users\Win\AppData\Local\Temp\{8AF35F8A-AF6E-494B-91D5-0C26E1D5A57F}.exe

C:\Users\Win\AppData\Local\Temp\{8D1EC27A-13BF-4BDB-B19B-B7A0E9E496C0}.exe

C:\Users\Win\AppData\Local\Temp\{98DA6B24-F985-487C-996B-B358F30F40A4}.exe

C:\Users\Win\AppData\Local\Temp\{DE54D523-02B3-47B9-A23E-DB23012100D3}.exe

AlternateDataStreams: C:\ProgramData\Temp:A59C99D4

Task: {24008E60-A5E0-4F05-842F-5FE4A4766943} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline No Task File

Task: {2A26D66D-1010-4A8E-BA6F-4CFEDF9BAF23} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask No Task File

*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview => Value deleted successfully.

HKU\S-1-5-21-2087283677-3193892326-494846436-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockXTU => Value deleted successfully.

HKU\S-1-5-21-2087283677-3193892326-494846436-1000\Software\Microsoft\Windows\CurrentVersion\Run\\zASRockInstantBoot => Value deleted successfully.

HKU\S-1-5-21-2087283677-3193892326-494846436-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully.

HKU\S-1-5-21-2087283677-3193892326-494846436-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockRuefi => Value deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.

HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FC93E44B-4D0D-4337-8189-959D44DADCC7} => Key deleted successfully.

HKCR\CLSID\{FC93E44B-4D0D-4337-8189-959D44DADCC7} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.

HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.

HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.

"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.

HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found.

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.

C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\Extensions\jid0-QT2VXewB9xzbRlyapSJjA4ebwoU@jetpack.xpi => Moved successfully.

atxxmha0 => Service deleted successfully.

cpuz136 => Service stopped successfully.

cpuz136 => Service deleted successfully.

C:\Users\Win\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe => Moved successfully.

C:\Users\Win\AppData\Local\Temp\Lucidlogix VIRTU MVP_2.1.114.22585 Setup_64Bit.exe => Moved successfully.

C:\Users\Win\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.

C:\Users\Win\AppData\Local\Temp\powarc1300b2.exe => Moved successfully.

C:\Users\Win\AppData\Local\Temp\Quarantine.exe => Moved successfully.

C:\Users\Win\AppData\Local\Temp\sfamcc00001.dll => Moved successfully.

C:\Users\Win\AppData\Local\Temp\sfamcc00002.dll => Moved successfully.

C:\Users\Win\AppData\Local\Temp\sfareca00001.dll => Moved successfully.

C:\Users\Win\AppData\Local\Temp\sfextra.dll => Moved successfully.

C:\Users\Win\AppData\Local\Temp\som_fs.exe => Moved successfully.

C:\Users\Win\AppData\Local\Temp\som_mp4_encoder_2.exe => Moved successfully.

C:\Users\Win\AppData\Local\Temp\vlc-2.0.8-win32.exe => Moved successfully.

C:\Users\Win\AppData\Local\Temp\vlc-2.1.2-win32.exe => Moved successfully.

C:\Users\Win\AppData\Local\Temp\{380C5AAD-B874-4DC8-B9E4-9DA7FC637C34}.exe => Moved successfully.

C:\Users\Win\AppData\Local\Temp\{43EE48BB-3BA1-483E-804C-4E47752894AF}.exe => Moved successfully.

C:\Users\Win\AppData\Local\Temp\{8AF35F8A-AF6E-494B-91D5-0C26E1D5A57F}.exe => Moved successfully.

C:\Users\Win\AppData\Local\Temp\{8D1EC27A-13BF-4BDB-B19B-B7A0E9E496C0}.exe => Moved successfully.

C:\Users\Win\AppData\Local\Temp\{98DA6B24-F985-487C-996B-B358F30F40A4}.exe => Moved successfully.

C:\Users\Win\AppData\Local\Temp\{DE54D523-02B3-47B9-A23E-DB23012100D3}.exe => Moved successfully.

C:\ProgramData\Temp => ":A59C99D4" ADS removed successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24008E60-A5E0-4F05-842F-5FE4A4766943} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24008E60-A5E0-4F05-842F-5FE4A4766943} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A26D66D-1010-4A8E-BA6F-4CFEDF9BAF23} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A26D66D-1010-4A8E-BA6F-4CFEDF9BAF23} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask => Key deleted successfully.

==== End of Fixlog ====

 

Here you go :)

 

I was positive I deleted them. I've run fixit again to be sure.

Link to post
Share on other sites

Run RogueKiller again and post the log, MrC

 

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Win [Admin rights]

Mode : Scan -- Date : 04/04/2014 15:36:23

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD10EZEX-00RKKA0 ATA Device +++++

--- User ---

[MBR] eba20bc4d564437cd03bb5f2b56b3776

[bSP] eb2e8076916d27ee3b936b36be8a24dd : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[0]_S_04042014_153623.txt >>

RKreport[0]_S_04032014_132014.txt;RKreport[0]_S_04032014_132421.txt

 

Link to post
Share on other sites

Next:

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Then...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Next:

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Then...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

 

 

Thanks for the help, this is wonderful :)

 

I've attached my KSST log for your review

 

Unsigned file

Service: Intel ® capability licensing service interface

Service start: Auto (0x2)

Files: Program File/Intel/iCLS Cleint/HeciServer.exe

Locked file

Service: sptd

Service Type: Kernal Driver (0x1)

Service Start: Boot (0x0)

File: Windows System 32/drivers/sptd.sys

 

These files flagged us as suspicious in KSST and I was unsure so I posted them here. An adobe switchboard.exe also flagged up. I clicked skip

 

Thanks

TDSSKiller.3.0.0.28_04.04.2014_23.58.24_log.txt

Link to post
Share on other sites

ComboFix 14-04-03.01 - Win 05/04/2014   0:20.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.16268.14276 [GMT 1:00]
Running from: c:\users\Win\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Win\AppData\Roaming\Origin
c:\users\Win\AppData\Roaming\Origin\local.xml
c:\users\Win\AppData\Roaming\Origin\local_051627926fef6a7f4307b541bf94d733.xml
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-04 to 2014-04-04  )))))))))))))))))))))))))))))))
.
.
2014-04-04 23:26 . 2014-04-04 23:26    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-04-04 17:36 . 2014-04-04 17:36    --------    d-----w-    c:\programdata\boost_interprocess
2014-04-04 13:11 . 2014-04-04 14:25    --------    d-----w-    C:\FRST
2014-04-04 11:23 . 2014-04-04 13:01    --------    d-----w-    C:\AdwCleaner
2014-03-31 21:58 . 2014-03-31 21:58    --------    d-----w-    c:\program files (x86)\Elaborate Bytes
2014-03-17 20:27 . 2014-03-17 20:27    --------    d-----w-    c:\users\Win\AppData\Roaming\Sony Corporation
2014-03-17 20:27 . 2014-03-17 20:27    --------    d-----w-    c:\program files (x86)\Common Files\Sony Shared
2014-03-14 13:40 . 2014-03-14 13:40    --------    d-----w-    c:\users\Win\AppData\Local\VS Revo Group
2014-03-14 13:40 . 2014-03-14 13:40    --------    d-----w-    c:\programdata\VS Revo Group
2014-03-14 13:40 . 2009-12-30 10:21    31800    ----a-w-    c:\windows\system32\drivers\revoflt.sys
2014-03-14 13:40 . 2014-03-14 13:40    --------    d-----w-    c:\program files\VS Revo Group
2014-03-12 18:33 . 2014-01-29 02:32    484864    ----a-w-    c:\windows\system32\wer.dll
2014-03-12 18:33 . 2014-01-29 02:06    381440    ----a-w-    c:\windows\SysWow64\wer.dll
2014-03-12 18:33 . 2014-02-07 01:23    3156480    ----a-w-    c:\windows\system32\win32k.sys
2014-03-12 18:33 . 2014-02-04 02:32    624128    ----a-w-    c:\windows\system32\qedit.dll
2014-03-12 18:33 . 2014-02-04 02:04    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
2014-03-12 18:33 . 2014-01-28 02:32    228864    ----a-w-    c:\windows\system32\wwansvc.dll
2014-03-12 18:32 . 2014-02-04 02:32    1424384    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-03-12 18:32 . 2014-02-04 02:04    1230336    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-18 21:23 . 2013-06-12 17:33    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-18 21:23 . 2013-06-12 17:33    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 18:35 . 2013-06-22 22:30    90015360    ----a-w-    c:\windows\system32\MRT.exe
2014-02-25 01:49 . 2012-07-17 14:37    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-02-18 22:47 . 2014-02-18 22:47    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-01 09:20 . 2014-02-13 14:29    51712    ----a-w-    c:\windows\system32\ie4uinit.exe
2014-02-01 09:19 . 2014-02-13 14:29    2241536    ----a-w-    c:\windows\system32\wininet.dll
2014-02-01 09:19 . 2014-02-13 14:29    1365504    ----a-w-    c:\windows\system32\urlmon.dll
2014-02-01 09:18 . 2014-02-13 14:29    197120    ----a-w-    c:\windows\system32\msrating.dll
2014-02-01 09:18 . 2014-02-13 14:29    19274240    ----a-w-    c:\windows\system32\mshtml.dll
2014-02-01 09:18 . 2014-02-13 14:29    603136    ----a-w-    c:\windows\system32\msfeeds.dll
2014-02-01 09:18 . 2014-02-13 14:29    855552    ----a-w-    c:\windows\system32\jscript.dll
2014-02-01 09:18 . 2014-02-13 14:29    3960320    ----a-w-    c:\windows\system32\jscript9.dll
2014-02-01 09:18 . 2014-02-13 14:29    53760    ----a-w-    c:\windows\system32\jsproxy.dll
2014-02-01 09:18 . 2014-02-13 14:29    67072    ----a-w-    c:\windows\system32\iesetup.dll
2014-02-01 09:18 . 2014-02-13 14:29    526336    ----a-w-    c:\windows\system32\ieui.dll
2014-02-01 09:18 . 2014-02-13 14:29    136704    ----a-w-    c:\windows\system32\iesysprep.dll
2014-02-01 09:18 . 2014-02-13 14:29    2648576    ----a-w-    c:\windows\system32\iertutil.dll
2014-02-01 09:18 . 2014-02-13 14:29    39936    ----a-w-    c:\windows\system32\iernonce.dll
2014-02-01 09:18 . 2014-02-13 14:29    15403520    ----a-w-    c:\windows\system32\ieframe.dll
2014-02-01 07:58 . 2014-02-13 14:29    1767936    ----a-w-    c:\windows\SysWow64\wininet.dll
2014-02-01 07:57 . 2014-02-13 14:29    2877952    ----a-w-    c:\windows\SysWow64\jscript9.dll
2014-02-01 07:57 . 2014-02-13 14:29    61440    ----a-w-    c:\windows\SysWow64\iesetup.dll
2014-02-01 07:57 . 2014-02-13 14:29    109056    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2014-02-01 07:40 . 2014-02-13 14:29    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2014-02-01 07:34 . 2014-02-13 14:29    2706432    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2014-01-25 22:21 . 2014-01-25 22:21    367200    ----a-w-    c:\windows\system32\drivers\afcdp.sys
2014-01-25 22:21 . 2014-01-25 22:21    1464096    ----a-w-    c:\windows\system32\drivers\tdrpman.sys
2014-01-25 22:21 . 2014-01-25 22:21    183224    ----a-w-    c:\windows\system32\drivers\tib_mounter.sys
2014-01-25 22:21 . 2014-01-25 22:21    1120032    ----a-w-    c:\windows\system32\drivers\tib.sys
2014-01-25 22:21 . 2014-01-25 22:21    161568    ----a-w-    c:\windows\system32\drivers\vididr.sys
2014-01-25 22:21 . 2014-01-25 22:21    269600    ----a-w-    c:\windows\system32\drivers\snapman.sys
2014-01-25 22:21 . 2014-01-25 22:21    117024    ----a-w-    c:\windows\system32\drivers\vidsflt.sys
2014-01-25 22:21 . 2014-01-25 22:21    116000    ----a-w-    c:\windows\system32\drivers\fltsrv.sys
2014-01-09 02:22 . 2014-02-27 18:33    5694464    ----a-w-    c:\windows\SysWow64\mstscax.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2013-10-10 356128]
"AdobeCEPServiceManager"="c:\program files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" [2013-03-13 1039248]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"ContentTransferWMDetector.exe"="c:\program files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\appinit_dll.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
R3 cpuz136;cpuz136;c:\users\Win\AppData\Local\Temp\cpuz136_x64.sys;c:\users\Win\AppData\Local\Temp\cpuz136_x64.sys [x]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS;c:\windows\SYSNATIVE\drivers\FNETTBOH_305.SYS [x]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
R3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
R4 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys;c:\windows\SYSNATIVE\DRIVERS\AsrRamDisk.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS;c:\windows\SYSNATIVE\drivers\FNETURPX.SYS [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys;c:\windows\SYSNATIVE\DRIVERS\VirtuWDDM.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 67170306
*Deregistered* - 67170306
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-04 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 12:41]
.
2014-04-04 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 12:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2013-08-07 16:58    2820056    ----a-w-    c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2013-08-07 16:58    2820056    ----a-w-    c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2013-08-07 16:58    2820056    ----a-w-    c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-29 13513288]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2013-07-18 518424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\appinit_dll.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\


.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
SafeBoot-67170306.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2087283677-3193892326-494846436-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2087283677-3193892326-494846436-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-05  00:27:36
ComboFix-quarantined-files.txt  2014-04-04 23:27
.
Pre-Run: 168,242,470,912 bytes free
Post-Run: 173,554,434,048 bytes free
.
- - End Of File - - 9C1FA1BEB6B0A410A8E8CA1621F5EC39
A36C5E4F47E84449FF07ED3517B43A31
 

COMBOFIX Log

Link to post
Share on other sites

Looks Good.......

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Looks Good.......

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

 

Thank you ever so much for your help. It's very rare to be granted such methodical guidance, and with such clarity. The scan returned 0 threats and I think I'm malware free : )

 

My PC is running a little slower than usual, but I think this is attributed to another issue.

 

Do you reccomend any programs that I can get to keep my PC well maintained and protected? I have CCleaner already.

 

Furthermore, should I keep any of the programs you gave me?

 

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

Database version: v2014.04.06.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16798

Win :: JDTJTRALGW [administrator]

Protection: Disabled

06/04/2014 22:07:05

mbam-log-2014-04-06 (22-07-05).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 235141

Time elapsed: 2 minute(s), 38 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

 

Link to post
Share on other sites

I'll go over everything in my next post.

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.