Haiku

Worked perfectly. The virus is gone. Thank you so much for your help and support, I really appreciate it.

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Shaun [Admin rights] Mode : Scan -- Date : 05/05/2013 13:09:58 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [sVCHOST] svchost.exe -- C:\Users\Shaun\AppData\Local\Temp\svchost.exe [x] -> KILLED [TermProc] ¤¤¤ Registry Entries : 4 ¤¤¤ [RUN][bLACKLISTDLL] HKLM\[...]\Run : Cmaudio8788 (C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd) -> FOUND [RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : Adobe (C:\Users\Shaun\AppData\Roaming\Adobe\color.vbe) [-] -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ATA WDC WD5000AAKX-0 SCSI Disk Device +++++ --- User --- [MBR] 91395f95f0625d961c0e9084196c49cd [bSP] 0ae39f651a7f454127601df4ebd3cc45 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_05052013_02d1309.txt >> RKreport[1]_S_05052013_02d1309.txt

attatch.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 03/12/2012 11:30:08 AM System Uptime: 04/05/2013 11:05:25 PM (0 hours ago) . Motherboard: MSI | | Z77A-G45 (MS-7752) Processor: Intel® Core i5-3570K CPU @ 3.40GHz | SOCKET 0 | 4301/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 53.648 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP106: 01/05/2013 3:00:11 AM - Windows Update RP107: 04/05/2013 12:25:45 AM - Installed DirectX RP108: 04/05/2013 9:54:01 PM - Installed NetLimiter 3 RP109: 04/05/2013 11:17:07 PM - Removed AVG 2013 RP110: 04/05/2013 11:18:13 PM - Removed AVG 2013 . ==== Installed Programs ====================== . 3DMark 11 Adobe After Effects CS6 Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Help Manager Adobe Photoshop CS5.1 Adobe Premiere Pro CS6 Adobe Reader XI (11.0.02) Antichamber Apple Application Support Apple Mobile Device Support Apple Software Update ARMA 2 Arma 2: DayZ Mod ARMA 2: Operation Arrowhead Assassin's Creed ® III ASUS PCE-N15 WLAN Card Utilities & Driver µTorrent Audacity 2.0.2 Autodesk SketchBookPro 2011 Bamboo Bastion Battlefield 3™ Battlelog Web Plugins BattlEye for OA Uninstall BioShock Infinite bl Blender Bonjour Borderlands 2 Call of Duty: Black Ops II Call of Duty: Black Ops II - Multiplayer Call of Duty: Black Ops II - Zombies Castle Crashers CCleaner Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Core Temp 1.0 RC4 Counter-Strike: Global Offensive Counter-Strike: Source CPUID CPU-Z 1.62 CPUID HWMonitor 1.21 DayZ Commander Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DisplayFusion 3.3.1 Dropbox ESN Sonar Far Cry 3 FileZilla Client 3.6.0.2 Fraps (remove only) Futuremark SystemInfo Garry's Mod GitHub Google Chrome Google Update Helper Grand Theft Auto IV Guild Wars 2 Inky Intel® Control Center Intel® Management Engine Components Intel® Rapid Storage Technology Intel® USB 3.0 eXtensible Host Controller Driver Intel® Trusted Connect Service Client iTunes Java 7 Update 9 Java 7 Update 9 (64-bit) Java Auto Updater join.me Jungle Timer League of Legends LOLReplay Magicka Mailbird Malwarebytes Anti-Malware version 1.75.0.1300 Mathematica Extras 9.0 (3942197) MetroTwit Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft Games for Windows - LIVE Microsoft Games for Windows - LIVE Redistributable Microsoft Help Viewer 1.0 Microsoft Mathematics (64-bit) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Compact 3.5 SP2 x64 ENU Microsoft SQL Server System CLR Types Microsoft Visual C# 2010 Express - ENU Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU Microsoft Xbox 360 Accessories 1.2 Microsoft XNA Framework Redistributable 3.1 Microsoft_VC80_ATL_x86_x64 Microsoft_VC80_CRT_x86 Microsoft_VC80_CRT_x86_x64 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFC_x86_x64 Microsoft_VC80_MFCLOC_x86 Microsoft_VC80_MFCLOC_x86_x64 Microsoft_VC90_ATL_x86 Microsoft_VC90_ATL_x86_x64 Microsoft_VC90_CRT_x86 Microsoft_VC90_CRT_x86_x64 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFC_x86_x64 Microsoft_VC90_MFCLOC_x86 Microsoft_VC90_MFCLOC_x86_x64 Mozilla Maintenance Service MSI Afterburner 2.3.0 MSVCRT Redists My Game Long Name Neverwinter Norton 360 Notepad++ NovaBench 3.0.4 NVIDIA 3D Vision Controller Driver 310.90 NVIDIA 3D Vision Driver 311.06 NVIDIA Control Panel 311.06 NVIDIA Graphics Driver 311.06 NVIDIA HD Audio Driver 1.3.18.0 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.1031 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.11.3 NVIDIA Update Components Open Broadcaster Software OpenAL OpenVPN 2.2.2 Origin Pando Media Booster Pandora PDF Settings CS5 ph Portal 2 PunkBuster Services puush Razer Comms Razer Core Razer Synapse 2.0 Realtek Ethernet Controller Driver Realtek High Definition Audio Driver RescueTime 2.8.0 Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489) SimCity™ Skype™ 6.3 Steam Super-Charger Super Meat Boy Team Fortress 2 TeamSpeak 3 Client TechPowerUp GPU-Z Tweaking.com - Windows Repair (All in One) TweetDeck UNi Xonar Audio Driver Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Uplay USB PnP Sound Device Vegas Pro 12.0 (64-bit) VirtualCloneDrive Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU Visual Studio 2010 x64 Redistributables VLC media player 2.0.5 WampServer 2.2 WebTablet FB Plugin 32 bit WebTablet FB Plugin 64 bit WebTablet IE Plugin WebTablet Netscape Plugin Windows Live ID Sign-in Assistant WinRAR 4.20 (64-bit) Wolfram CDF Player (M-WIN-D 9.0.0 3942419) XSplit . ==== Event Viewer Messages From Past Week ======== . 04/05/2013 6:25:39 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file. 04/05/2013 6:25:39 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000101 (0x0000000000000031, 0x0000000000000000, 0xfffff880009ed180, 0x0000000000000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: . 04/05/2013 11:08:16 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 04/05/2013 11:08:16 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. 04/05/2013 11:07:26 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 04/05/2013 11:05:57 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. 04/05/2013 10:09:49 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. . ==== End Of File ===========================

dds.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.9.2 Run by Shaun at 23:53:07 on 2013-05-04 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.16335.12441 [GMT -5:00] . AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Program Files\Tablet\Pen\WTabletServiceCon.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\Dwm.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\puush\puush.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files\Tablet\Pen\Pen_TabletUser.exe C:\Program Files\Tablet\Pen\WacomHost.exe C:\Program Files\Tablet\Pen\Pen_Tablet.exe C:\Program Files\Tablet\Pen\Pen_TouchUser.exe C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe C:\Program Files (x86)\LOLReplay\LOLRecorder.exe C:\Program Files (x86)\RescueTime\RescueTime.exe C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe C:\Users\Shaun\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe "C:\Users\Shaun\AppData\Local\Temp\svchost.exe" -o http://p.c4a68dc959943caf76d5cb46c97201f2.com -O r6:r6 -l 1 C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Windows\system32\taskmgr.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\explorer.exe C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ips\ipsbho.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coieplg.dll uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [puush] C:\Program Files (x86)\puush\puush.exe uRun: [AdobeBridge] <no file> mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60 mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe] C:\Users\Shaun\AppData\Roaming\Adobe\color.vbe StartupFolder: C:\Users\Shaun\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Shaun\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RESCUE~1.LNK - C:\Program Files (x86)\RescueTime\RescueTime.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SKETCH~1.LNK - C:\Program Files (x86)\Autodesk\SketchBookPro2011\SketchBookSnapshot.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: HideSCAHealth = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: NameServer = 192.168.1.1 TCP: Interfaces\{19673566-DA50-4180-AA45-576BAEFC2222} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{F1CCB1B4-5437-4D7E-B40D-EF2962DFED71} : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2012-11-27 647736] R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2012-11-27 28216] R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-11-26 19224] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-1-7 56208] R0 RzFilter;RzFilter;C:\Windows\System32\drivers\RzFilter.sys [2013-4-22 73944] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1403010.016\symds64.sys [2013-5-4 493656] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1403010.016\symefa64.sys [2013-5-4 1139800] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130412.001\BHDrvx64.sys [2013-4-12 1390680] R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\1403010.016\ccsetx64.sys [2013-5-4 168096] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130503.001\IDSviA64.sys [2013-5-3 513184] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1403010.016\ironx64.sys [2013-5-4 224416] R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1403010.016\symnets.sys [2013-5-4 432800] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-27 14904] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-3-7 629984] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-11-26 165144] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-4 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-4 701512] R2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2012-11-26 142904] R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccsvchst.exe [2013-5-4 144520] R2 RzOvlMon;Razer Overlay Subsystem Emergency Service;C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe [2013-4-18 31448] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-26 363800] R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2012-12-11 619904] R3 cmudaxp;ASUS Xonar DX Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2013-1-9 2733568] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-11-26 356632] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-11-26 789272] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-4 25928] R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-12-26 32344] R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2012-11-26 14136] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-11-26 676968] R3 RzDxgk;RzDxgk;C:\Windows\System32\drivers\RzDxgk.sys [2013-4-22 128728] R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2012-11-7 22016] R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2012-11-7 113664] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384] S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-11-26 135584] S3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2012-12-11 13728] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-23 19456] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192Ce.sys [2012-12-3 876136] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-23 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-23 30208] S3 USBPNPA;USB PnP Sound Device Interface;C:\Windows\System32\drivers\CM10864.sys [2012-12-26 1310720] S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2012-12-11 81312] S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2012-12-11 15776] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-4 1255736] . =============== Created Last 30 ================ . 2013-05-05 04:25:08 796248 ----a-w- C:\Windows\System32\drivers\N360x64\1403010.016\srtsp64.sys 2013-05-05 04:25:08 493656 ----a-w- C:\Windows\System32\drivers\N360x64\1403010.016\symds64.sys 2013-05-05 04:25:08 432800 ----a-w- C:\Windows\System32\drivers\N360x64\1403010.016\symnets.sys 2013-05-05 04:25:08 36952 ----a-w- C:\Windows\System32\drivers\N360x64\1403010.016\srtspx64.sys 2013-05-05 04:25:08 23448 ----a-r- C:\Windows\System32\drivers\N360x64\1403010.016\symelam.sys 2013-05-05 04:25:08 224416 ----a-w- C:\Windows\System32\drivers\N360x64\1403010.016\ironx64.sys 2013-05-05 04:25:08 168096 ----a-w- C:\Windows\System32\drivers\N360x64\1403010.016\ccsetx64.sys 2013-05-05 04:25:08 1139800 ----a-w- C:\Windows\System32\drivers\N360x64\1403010.016\symefa64.sys 2013-05-05 04:25:04 -------- d-----w- C:\Windows\System32\drivers\N360x64\1403010.016 2013-05-05 04:21:50 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared 2013-05-05 04:19:41 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2013-05-05 04:19:41 -------- d-----w- C:\Program Files\Symantec 2013-05-05 04:19:41 -------- d-----w- C:\Program Files\Common Files\Symantec Shared 2013-05-05 04:18:58 -------- d-----w- C:\Windows\System32\drivers\N360x64 2013-05-05 04:18:56 -------- d-----w- C:\ProgramData\Norton 2013-05-05 04:18:56 -------- d-----w- C:\Program Files (x86)\Norton 360 2013-05-05 04:17:11 -------- d-----w- C:\ProgramData\NortonInstaller 2013-05-05 04:17:11 -------- d-----w- C:\Program Files (x86)\NortonInstaller 2013-05-05 04:11:11 -------- d-----w- C:\Program Files (x86)\Tweaking.com 2013-05-05 03:05:30 -------- d-----w- C:\Users\Shaun\AppData\Local\SvchostViewer 2013-05-05 03:02:24 -------- d-----w- C:\Users\Shaun\AppData\Roaming\Malwarebytes 2013-05-05 03:02:18 -------- d-----w- C:\ProgramData\Malwarebytes 2013-05-05 03:02:17 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-05-05 03:02:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-04-30 03:39:44 -------- d-----w- C:\Users\Shaun\AppData\Local\Temporary Projects 2013-04-30 03:37:49 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server 2013-04-30 03:37:34 -------- d-----w- C:\Program Files\Microsoft Synchronization Services 2013-04-30 03:37:34 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition 2013-04-30 03:37:25 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services 2013-04-30 03:37:25 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2013-04-30 03:36:56 188128 ----a-w- C:\ProgramData\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll 2013-04-30 03:36:12 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0 2013-04-30 03:35:46 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0 2013-04-30 03:35:45 -------- d-----w- C:\Program Files\Microsoft Help Viewer 2013-04-27 16:50:51 -------- d-----w- C:\Program Files (x86)\Microsoft XNA 2013-04-25 19:09:54 -------- d-----w- C:\Program Files (x86)\DisplayFusion 2013-04-24 11:49:36 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-23 02:02:24 73944 ----a-w- C:\Windows\System32\drivers\RzFilter.sys 2013-04-23 02:02:23 128728 ----a-w- C:\Windows\System32\drivers\RzDxgk.sys 2013-04-23 02:01:55 -------- d-----w- C:\Windows\Razer Core 2013-04-13 08:02:24 2558240 ----a-w- C:\Windows\System32\nvsvcr.dll 2013-04-12 00:51:51 -------- d-----w- C:\Riot Games 2013-04-12 00:28:02 -------- d-----w- C:\Users\Shaun\league 2013-04-10 08:02:12 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-04-10 08:02:03 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys 2013-04-10 08:01:59 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-04-10 08:01:58 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-04-10 08:01:57 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-04-10 08:01:57 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-04-10 08:01:57 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-04-10 08:01:57 112640 ----a-w- C:\Windows\System32\smss.exe . ==================== Find3M ==================== . 2013-04-14 21:06:07 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2013-04-14 21:05:56 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2013-04-14 21:05:56 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2013-03-28 04:15:54 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2013-03-13 01:17:51 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-13 01:17:51 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys . ============= FINISH: 23:53:43.21 ===============

Alright, so today I found that my svchost.exe was using 25% cpu usage (remains at a constant 25%), and immediatly that gave me red flags. I know from past experience that virus' often use svchost, and the high cpu usage was a bad sign. I ran norton and it picked up nothing, then I ran MBAM and it told me that I have a PUP.BitCoinMiner and Trojan.Agent.Gen. I tried removing them using the program, but after the computer restarted they were back and svchost usage was at 25% as usual.