Is it malware? What happened?

[Deeter]

I still can't bring myself to do the eset thing, but here is the Farbar Scanner log.

Farbar Service Scanner Version: 03-03-2013

Ran by n (administrator) on 16-03-2013 at 15:54:23

Running from "C:\Users\h\Downloads"

Windows 7 Ultimate Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

There is no connection to network.

Attempt to access Google IP returned error. Google IP is unreachable

Attempt to access Google.com returned error: Other errors

Attempt to access Yahoo IP returned error. Yahoo IP is offline

Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:

=============

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\ipnathlp.dll => MD5 is legit

C:\Windows\System32\iphlpsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

[Maurice Naggar]

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Deeter only. If you are a casual viewer, do NOT try this on your system!

If you are not Deeter and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Task 1

Start NOTEPAD

Start NOTEPAD. Check and make sure "word wrap" is off.

From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.

IF it -is- checkmarked, click that one time so that it is un-checked.

Please copy/paste the lines in bold below to Notepad:

@Echo on

pushd\windows\system32\drivers\etc

attrib -h -s -r hosts

echo 127.0.0.1 localhost>HOSTS

attrib +r +h +s hosts

popd

ipconfig /release

ipconfig /renew

ipconfig /flushdns

netsh winsock reset all

netsh int ip reset resetlog.log

shutdown -r -t 1

del %0

Save as flush.bat to your desktop.

Double-click flush.bat file to run it. Your computer will reboot.

Task 2

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

• A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
  When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
  

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh

Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

[Deeter]

Even with all of my antiviruses off (I forgot to turn off Malwarebytes now that I think of it... crap) Kaspersky still gave me a few pop ups

creg.dat c:\combofix\

regt.3xe c:\combofix\

handle.3xe c:\32788r22fwjw\

Those were the things it didn't like

Here's the log.

I had to do a hard shutdown as my computer was at least slow to shut down after I clicked the off button. I may have been too impatient.

ComboFix 13-03-16.02 - n 03/16/2013 18:40:01.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8173.6494 [GMT -5:00]

Running from: c:\users\h\Desktop\ComboFix.exe

AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\ntuser.dat

.

.

((((((((((((((((((((((((( Files Created from 2013-02-16 to 2013-03-16 )))))))))))))))))))))))))))))))

.

.

2013-03-16 23:44 . 2013-03-16 23:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-03-16 23:44 . 2013-03-16 23:44 -------- d-----w- c:\users\n\AppData\Local\temp

2013-03-13 18:21 . 2013-03-13 18:43 -------- d-----w- c:\users\n\Doctor Web

2013-03-12 18:33 . 2013-03-12 18:33 -------- d-----w- c:\program files (x86)\ERUNT

2013-03-09 23:44 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BF4CC09-7A2F-4C2B-8E79-56B25D19E8D6}\mpengine.dll

2013-03-09 03:22 . 2012-07-11 23:09 64856 ----a-w- c:\windows\system32\klfphc.dll

2013-03-09 03:22 . 2013-03-09 03:22 -------- dc----w- c:\windows\system32\DRVSTORE

2013-03-09 03:22 . 2011-06-02 20:39 84536 ----a-w- c:\windows\system32\drivers\CSCrySec.sys

2013-03-09 03:22 . 2011-06-02 20:39 66616 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys

2013-03-09 03:22 . 2013-03-16 23:33 -------- d-----w- c:\programdata\Kaspersky Lab

2013-03-09 03:22 . 2013-03-09 03:22 -------- d-----w- c:\program files (x86)\Kaspersky Lab

2013-03-09 03:22 . 2013-03-09 03:22 -------- d-----w- c:\program files (x86)\Common Files\InfoWatch

2013-03-09 03:21 . 2012-11-02 21:48 89944 ----a-w- c:\windows\system32\drivers\klflt.sys

2013-03-09 03:21 . 2012-11-02 21:48 613720 ----a-w- c:\windows\system32\drivers\klif.sys

2013-03-09 02:51 . 2013-03-09 02:51 -------- d-----w- C:\kleaner.tmp

2013-03-08 01:40 . 2013-03-08 01:40 -------- d-----w- c:\users\n\AppData\Local\lptmp245130699

2013-03-07 03:13 . 2013-03-08 01:40 9842040 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe

2013-03-07 03:13 . 2013-03-07 03:13 -------- d-----w- c:\users\h\AppData\Local\lptmp21079239

2013-02-21 20:56 . 2013-02-21 20:56 -------- d-----w- c:\programdata\EA Core

2013-02-21 20:55 . 2013-02-21 23:53 -------- d-----w- c:\programdata\EA Logs

2013-02-21 20:32 . 2013-02-21 20:32 -------- d-----w- c:\windows\SysWow64\%Report%

2013-02-21 19:13 . 2013-02-21 19:13 -------- d-----w- c:\program files (x86)\AMD AVT

2013-02-21 19:12 . 2013-02-21 19:12 -------- d-----w- c:\programdata\ATI

2013-02-21 18:14 . 2013-02-21 18:14 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller

2013-02-21 18:14 . 2013-02-21 18:14 -------- d-----w- c:\program files (x86)\NVIDIA Corporation

2013-02-21 17:08 . 2013-02-21 17:42 -------- d-----w- c:\program files (x86)\Origin Games

2013-02-21 17:08 . 2013-02-28 01:22 -------- d-----w- c:\users\n\AppData\Local\Origin

2013-02-21 17:08 . 2013-02-21 20:58 -------- d-----w- c:\programdata\Electronic Arts

2013-02-21 17:07 . 2013-02-21 17:19 -------- d-----w- c:\program files (x86)\Origin

2013-02-21 16:43 . 2013-02-27 19:52 -------- d-----w- c:\users\h\AppData\Roaming\Origin

2013-02-21 16:43 . 2013-02-21 16:43 -------- d-----w- c:\users\h\AppData\Local\Origin

2013-02-21 16:38 . 2013-02-21 17:23 -------- d-----w- c:\users\n\AppData\Roaming\Origin

2013-02-21 16:36 . 2013-02-21 17:42 -------- d-----w- c:\programdata\Origin

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-12 19:17 . 2012-11-11 18:41 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-12 19:17 . 2012-11-11 18:41 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-02-13 17:20 . 2012-11-11 02:12 70004024 ----a-w- c:\windows\system32\MRT.exe

2013-01-17 07:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe

2013-01-09 01:48 . 2013-02-13 17:17 17812992 ----a-w- c:\windows\system32\mshtml.dll

2013-01-09 01:22 . 2013-02-13 17:17 10925568 ----a-w- c:\windows\system32\ieframe.dll

2013-01-09 01:19 . 2013-02-13 17:17 2312704 ----a-w- c:\windows\system32\jscript9.dll

2013-01-09 01:12 . 2013-02-13 17:17 1346048 ----a-w- c:\windows\system32\urlmon.dll

2013-01-09 01:12 . 2013-02-13 17:17 1392128 ----a-w- c:\windows\system32\wininet.dll

2013-01-09 01:11 . 2013-02-13 17:17 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2013-01-09 01:10 . 2013-02-13 17:17 237056 ----a-w- c:\windows\system32\url.dll

2013-01-09 01:09 . 2013-02-13 17:17 85504 ----a-w- c:\windows\system32\jsproxy.dll

2013-01-09 01:07 . 2013-02-13 17:17 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2013-01-09 01:07 . 2013-02-13 17:17 816640 ----a-w- c:\windows\system32\jscript.dll

2013-01-09 01:07 . 2013-02-13 17:17 599040 ----a-w- c:\windows\system32\vbscript.dll

2013-01-09 01:06 . 2013-02-13 17:17 729088 ----a-w- c:\windows\system32\msfeeds.dll

2013-01-09 01:05 . 2013-02-13 17:17 2147840 ----a-w- c:\windows\system32\iertutil.dll

2013-01-09 01:04 . 2013-02-13 17:17 96768 ----a-w- c:\windows\system32\mshtmled.dll

2013-01-09 01:04 . 2013-02-13 17:17 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-01-09 01:00 . 2013-02-13 17:17 248320 ----a-w- c:\windows\system32\ieui.dll

2013-01-08 22:11 . 2013-02-13 17:17 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2013-01-08 22:03 . 2013-02-13 17:17 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2013-01-08 22:03 . 2013-02-13 17:17 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-01-08 21:59 . 2013-02-13 17:17 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-01-08 21:58 . 2013-02-13 17:17 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-01-08 21:56 . 2013-02-13 17:17 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2013-01-05 05:53 . 2013-02-13 17:14 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-05 05:00 . 2013-02-13 17:14 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:00 . 2013-02-13 17:14 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-01-04 05:46 . 2013-02-13 17:14 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-01-04 04:51 . 2013-02-13 17:14 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-01-04 04:43 . 2013-02-13 17:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-01-04 03:26 . 2013-02-13 17:14 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-01-04 02:47 . 2013-02-13 17:14 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-01-04 02:47 . 2013-02-13 17:14 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-01-04 02:47 . 2013-02-13 17:14 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-01-04 02:47 . 2013-02-13 17:14 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-01-03 06:00 . 2013-02-13 17:14 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-01-03 06:00 . 2013-02-13 17:14 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-12-25 21:32 . 2012-12-25 21:32 1409 ----a-w- c:\windows\QTFont.for

2012-12-19 20:50 . 2012-12-19 20:50 5630200 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-12-19 20:48 . 2012-12-19 20:48 11278336 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-12-19 20:29 . 2012-12-19 20:29 23461376 ----a-w- c:\windows\system32\atio6axx.dll

2012-12-19 20:22 . 2012-12-19 20:22 70144 ----a-w- c:\windows\system32\coinst_9.012.dll

2012-12-19 20:19 . 2012-12-19 20:19 163840 ----a-w- c:\windows\system32\atiapfxx.exe

2012-12-19 20:18 . 2012-12-19 20:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-12-19 20:18 . 2012-12-19 20:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-12-19 20:17 . 2012-12-19 20:17 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-12-19 20:17 . 2012-12-19 20:17 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-12-19 20:17 . 2012-12-19 20:17 16082944 ----a-w- c:\windows\system32\aticaldd64.dll

2012-12-19 20:13 . 2012-12-19 20:13 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-12-19 20:12 . 2012-12-19 20:12 18982400 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-12-19 20:09 . 2011-10-26 02:05 960512 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-12-19 20:08 . 2011-10-26 02:04 1151488 ----a-w- c:\windows\system32\aticfx64.dll

2012-12-19 20:06 . 2011-10-26 01:55 6681088 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-12-19 19:59 . 2011-10-26 01:43 5087744 ----a-w- c:\windows\system32\atiumd6a.dll

2012-12-19 19:57 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll

2012-12-19 19:56 . 2012-12-19 19:56 550912 ----a-w- c:\windows\system32\atieclxx.exe

2012-12-19 19:56 . 2012-12-19 19:56 240640 ----a-w- c:\windows\system32\atiesrxx.exe

2012-12-19 19:54 . 2012-12-19 19:54 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-12-19 19:54 . 2012-12-19 19:54 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-12-19 19:54 . 2012-12-19 19:54 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-12-19 19:54 . 2012-12-19 19:54 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-12-19 19:49 . 2011-10-26 01:46 7370752 ----a-w- c:\windows\system32\atidxx64.dll

2012-12-19 19:44 . 2012-12-19 19:44 4162048 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-12-19 19:44 . 2011-10-26 01:29 6786560 ----a-w- c:\windows\system32\atiumd64.dll

2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\atimpc64.dll

2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\amdpcom64.dll

2012-12-19 19:33 . 2011-10-26 01:22 619008 ----a-w- c:\windows\system32\atiadlxx.dll

2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-12-19 19:33 . 2012-12-19 19:33 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-12-19 19:33 . 2012-12-19 19:33 17920 ----a-w- c:\windows\system32\atig6pxx.dll

2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-12-19 19:33 . 2012-12-19 19:33 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-12-19 19:33 . 2012-12-19 19:33 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-12-19 19:32 . 2012-12-19 19:32 552960 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-12-19 19:31 . 2011-10-26 01:21 130048 ----a-w- c:\windows\system32\atiuxp64.dll

2012-12-19 19:31 . 2011-10-26 01:21 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-12-19 19:31 . 2011-10-26 01:21 104448 ----a-w- c:\windows\system32\atiu9p64.dll

2012-12-19 19:30 . 2012-09-28 01:10 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-12-19 19:30 . 2012-12-19 19:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{215BA832-75A3-426E-A4FC-7C5B58CE6A10}]

2013-03-09 03:27 2404920 ----a-w- c:\progra~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{215BA832-75A3-426E-A4FC-7C5B58CE6A10}"= "c:\progra~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll" [2013-03-09 2404920]

.

[HKEY_CLASSES_ROOT\clsid\{215ba832-75a3-426e-a4fc-7c5b58ce6a10}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]

@="{dd230880-495a-11d1-b064-008048ec2fc5}"

[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]

2012-12-21 00:20 459784 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-10-26 393216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2012-12-21 356968]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-11 1255736]

S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2011-06-02 84536]

S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2011-06-02 66616]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]

S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-10-18 54104]

S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]

S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]

S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2012-12-21 819040]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-07-29 56960]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-07-29 79104]

S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-09-03 29016]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-09-04 29528]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-03-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-11 19:17]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]

@="{dd230880-495a-11d1-b064-008048ec2fc5}"

[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]

2012-12-21 00:22 492040 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 8.26.56.26 8.20.247.20

TCP: Interfaces\{D967BCD4-7095-4CCB-8154-F8630495EB7E}: NameServer = 8.26.56.26,8.20.247.20

FF - ProfilePath -

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3343531971-2036800499-2335478867-1000\Software\SecuROM\License information*]

"datasecu"=hex:71,69,71,c0,49,2b,d6,c3,fc,59,a8,71,5e,56,5f,69,40,16,6e,5e,53,

49,69,0e,d0,bb,a6,9d,66,9c,2e,c7,a1,fa,91,d3,6d,4d,3f,2d,f5,01,f5,d4,9e,04,\

"rkeysecu"=hex:1b,47,d8,52,0d,51,59,38,67,67,f1,1f,df,af,41,fa

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-03-16 18:47:15

ComboFix-quarantined-files.txt 2013-03-16 23:47

.

Pre-Run: 33,269,350,400 bytes free

Post-Run: 34,940,203,008 bytes free

.

- - End Of File - - CAACA4712B0BC538655044D22114EEF0

[Maurice Naggar]

See my pm to you.

I cannot go much further with you if you are unwilling to do the online scan.

Combofix did not find anything major.

[Deeter]

What has been found so far? And what did combofix find?

Is there any way to do that scan off line?

[Maurice Naggar]

One junk file was removed by Combofix.

No, the ESET scan cannot be done offline.

[Deeter]

Alright, what is a junk file?

and

I was playing a game last night and suddenly, whenever I would press my D button and spacebar, the game window would minimize and I'd be back at my desk top.

I tried switching ports for my keyboard.

After that I got a (to paraphrase) " need to reboot to save these changes" prompt. I did a hard off as I didn't like the sound of that.

Is that anything to worry about?

[Maurice Naggar]

This one -- c:\programdata\ntuser.dat

Are you going to do the ESET scan ? If not, I cannot tell about the integrity of the "virus/ no virus" status of this system.

If you are unwilling to follow my guidance, I will part ways with you.

If you will follow my guidance, once we rule out malware, we can look into your apparent failing windows update.

Windows key + D is the shortcut for desktop access.

[Deeter]

This one -- c:\programdata\ntuser.dat

Are you going to do the ESET scan ? If not, I cannot tell about the integrity of the "virus/ no virus" status of this system.

If you are unwilling to follow my guidance, I will part ways with you.

If you will follow my guidance, once we rule out malware, we can look into your apparent failing windows update.

Windows key + D is the shortcut for desktop access.

I will think about it.

I did not press the windows plus D key. I just pressed D. The same thing happened when pressing the space bar.

[Maurice Naggar]

To cleanup after the tools used,

• Download OTC to your desktop and run it
  
• Click Yes to beginning the Cleanup process and remove these components, including this application.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  

It's obvious you won't run the scan. You seem more interested in doing your leisure game playing and treat security issue as an afterthought.

I am 'outa here. I am closing this thread. I'll have nothing further to do with it.