There is a hidden bitcoin miner running that I can't seem to remove (please help)

[NickDiaz209]

I noticed this when my GPU began crashing while playing games, as well as my CPU performance was getting hogged.

Can someone please help me out?

[Maniac]

Hello NickDiaz209 and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
  

Please follow the instructions here and post your log files:

http://forums.malwarebytes.org/index.php?showtopic=9573

[NickDiaz209]

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2

Run by Roman at 6:27:54 on 2013-06-02

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8143.4523 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Windows\system32\IProsetMonitor.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.EXE

D:\Programs\Origin\Origin.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe

C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe

C:\Users\Roman\Downloads\RogueKillerX64.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\PnkBstrB.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Users\Roman\Downloads\mbam-setup-1.75.0.1300 (1).exe

C:\Users\Roman\AppData\Local\Temp\is-CA506.tmp\mbam-setup-1.75.0.1300 (1).tmp

C:\Users\Roman\Downloads\mbam-setup-1.75.0.1300 (1).exe

C:\Users\Roman\AppData\Local\Temp\is-FI8P6.tmp\mbam-setup-1.75.0.1300 (1).tmp

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com/?ctid=CT3289075&octid=CT3289075&SearchSource=61&CUI=UN14241543831393717&UM=2&UP=SPD2803DFE-A446-4E8A-A048-F6C9CF02657D

mWinlogon: Userinit = userinit.exe

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>

TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [searchProtect] C:\Users\Roman\AppData\Roaming\SearchProtect\bin\cltmng.exe

uRun: [{1A4FFB6D-4BDD-5CE7-E30D-51DDBE546F76}] C:\Users\Roman\AppData\Roaming\Aspah\raufo.exe

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [searchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

dRun: [searchProtect] \SearchProtect\bin\cltmng.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{41A13EF4-47C8-4E6E-935B-F60F4A593D9F} : DHCPNameServer = 192.168.1.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-3-10 16152]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]

R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-4-27 45856]

R2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-4-11 93984]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-3-10 13592]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-3-10 178344]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-3-10 161560]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]

R2 NovacomD;Palm Novacom;C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-6-24 72192]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]

R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-4-2 3560288]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-3-10 363800]

R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-5-21 1015984]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-3-10 355096]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-3-10 786200]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-4-22 49152]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-10 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-11 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-11 1255736]

.

=============== Created Last 30 ================

.

2013-06-02 10:27:09 -------- d-----w- C:\Users\Roman\AppData\Roaming\Malwarebytes

2013-06-02 10:26:55 -------- d-----w- C:\ProgramData\Malwarebytes

2013-06-02 10:26:54 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-06-02 10:26:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-06-02 07:53:31 -------- d-----w- C:\Program Files (x86)\VS Revo Group

2013-06-02 07:43:56 -------- d-----w- C:\Windows\SysWow64\spool

2013-06-02 07:43:56 -------- d-----w- C:\Users\Roman\AppData\Local\Sony

2013-06-02 07:09:12 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E5C7C901-7B08-4F71-AD13-1FBC3FBA8CE6}\offreg.dll

2013-06-02 06:43:38 964552 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BCDB775F-F05B-491B-84E6-E03606DC02A0}\gapaengine.dll

2013-06-02 06:43:36 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E5C7C901-7B08-4F71-AD13-1FBC3FBA8CE6}\mpengine.dll

2013-06-02 06:42:36 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2013-06-02 06:42:35 -------- d-----w- C:\Program Files\Microsoft Security Client

2013-06-02 06:39:30 -------- d-----w- C:\Users\Roman\AppData\Roaming\tor

2013-06-02 06:39:30 -------- d-----w- C:\Users\Roman\AppData\Roaming\Oqto

2013-06-02 06:39:30 -------- d-----w- C:\Users\Roman\AppData\Roaming\Aspah

2013-05-31 06:48:58 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{415F202C-A0EA-4FD0-B9F8-2DE1AEAADEE8}\mpengine.dll

2013-05-30 16:40:56 -------- d-----w- C:\Users\Roman\AppData\Roaming\JasonRobitaille

2013-05-30 16:39:00 -------- d-----w- C:\Windows\System32\appmgmt

2013-05-30 16:09:44 -------- d-----w- C:\Program Files\Palm, Inc

2013-05-29 01:02:54 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2013-05-29 01:02:54 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2013-05-29 01:02:54 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2013-05-29 01:02:54 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2013-05-29 01:02:54 -------- d-----w- C:\Program Files (x86)\OpenAL

2013-05-28 22:57:50 -------- d-----w- C:\Users\Roman\AppData\Roaming\NVIDIA

2013-05-27 14:53:53 -------- d-----w- C:\Windows\pss

2013-05-26 23:19:10 80896 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPP86.DLL

2013-05-26 23:19:10 27136 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPD86.DLL

2013-05-26 23:19:09 234496 ----a-w- C:\Windows\System32\CNMLM86.DLL

2013-05-26 22:51:10 -------- d-----w- C:\Users\Roman\AppData\Local\ElevatedDiagnostics

2013-05-26 22:46:02 -------- d-----r- C:\Users\Roman\AppData\Roaming\Brother

2013-05-26 22:45:22 -------- d-----w- C:\Users\Roman\AppData\Roaming\PC-FAX TX

2013-05-26 22:41:43 -------- d-----w- C:\ProgramData\Brother

2013-05-24 07:00:57 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-23 23:24:09 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare

2013-05-13 15:32:05 -------- d-----w- C:\SearchProtect

2013-05-08 07:47:49 -------- d-----w- C:\Users\Roman\AppData\Roaming\LoneSurvivor

2013-05-04 20:20:42 -------- d-----w- C:\Users\Roman\AppData\Local\Ubisoft Game Launcher

.

==================== Find3M ====================

.

2013-06-02 08:37:55 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-06-02 08:37:55 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-06-02 08:37:29 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-05-24 07:00:57 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-21 05:55:03 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2013-05-15 05:48:20 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-15 05:48:20 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-05-01 02:44:16 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2013-04-18 08:51:02 127384 ----a-w- C:\Windows\System32\drivers\scdemu.sys

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll

2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-04-04 09:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-22 10:31:19 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-03-22 10:31:19 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

2013-03-15 04:16:18 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll

2013-03-15 04:16:17 6398240 ----a-w- C:\Windows\System32\nvcpl.dll

2013-03-15 04:16:10 877856 ----a-w- C:\Windows\System32\nvvsvc.exe

2013-03-15 04:16:10 63776 ----a-w- C:\Windows\System32\nvshext.dll

2013-03-15 04:16:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll

2013-03-15 02:07:52 559904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2013-03-13 16:24:01 3065455 ----a-w- C:\Windows\System32\nvcoproc.bin

2013-03-13 04:15:22 175616 ----a-w- C:\Windows\System32\msclmd.dll

2013-03-13 04:15:22 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

.

============= FINISH: 6:28:01.19 ===============

[NickDiaz209]

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume2

Install Date: 3/10/2013 2:20:18 AM

System Uptime: 5/29/2013 3:06:09 PM (87 hours ago)

.

Motherboard: ASUSTeK COMPUTER INC. | | SABERTOOTH Z77

Processor: Intel® Core i5-3570K CPU @ 3.40GHz | LGA1155 | 3401/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 119 GiB total, 12.333 GiB free.

D: is FIXED (NTFS) - 224 GiB total, 65.828 GiB free.

E: is CDROM ()

F: is CDROM ()

H: is CDROM ()

I: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP66: 5/26/2013 6:42:33 PM - Installed MFL-Pro Suite

RP67: 5/26/2013 6:42:46 PM - Device Driver Package Install: Brother Imaging devices

RP68: 5/26/2013 6:42:58 PM - Device Driver Package Install: Brother Printers

RP69: 5/28/2013 1:41:24 PM - Windows Update

RP70: 5/30/2013 12:09:33 PM - Installed Novacomd

RP71: 5/30/2013 12:38:56 PM - Removed Novacomd

RP72: 5/30/2013 12:40:49 PM - Installed Novacomd

RP73: 6/2/2013 1:10:25 AM - Installed Java 7 Update 21

RP74: 6/2/2013 2:43:28 AM - Windows Update

RP75: 6/2/2013 3:53:50 AM - Revo Uninstaller's restore point - Vegas Pro 11.0

RP76: 6/2/2013 3:53:56 AM - Removed Vegas Pro 11.0

RP77: 6/2/2013 4:24:47 AM - Revo Uninstaller's restore point - SABnzbd 0.7.11

RP78: 6/2/2013 4:26:52 AM - Revo Uninstaller's restore point - µTorrent

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Reader XI (11.0.03)

Air Playit 2.0.0

Arma 2

Arma 2: British Armed Forces

ARMA 2: British Armed Forces - Data cache removal

Arma 2: DayZ Mod

Arma 2: Operation Arrowhead

Arma 2: Operation Arrowhead Beta

Arma 2: Private Military Company

ARMA 2: Private Military Company - Data cache removal

Asmedia ASM104x USB 3.0 Host Controller Driver

Asmedia ASM106x SATA Host Controller Driver

AVG SafeGuard toolbar

Bastion

Battlefield 3™

Battlelog Web Plugins

BattlEye for OA Uninstall

BattlEye Uninstall

BioShock 2

BioShock Infinite

Bonjour

Brother MFL-Pro Suite MFC-685CW

Company of Heroes (New Steam Version)

Darksiders

DarksidersInstaller

DayZ Commander

Dead Island

ESN Sonar

Far Cry 3 Blood Dragon

Fraps

Google Chrome

Google Update Helper

Hotline Miami

ImgBurn

Intel® Control Center

Intel® Management Engine Components

Intel® Network Connections 16.6.126.0

Intel® Rapid Storage Technology

Intel® USB 3.0 eXtensible Host Controller Driver

Intel® Trusted Connect Service Client

Java 7 Update 21

Java Auto Updater

League of Legends

Lone Survivor

Malwarebytes Anti-Malware version 1.75.0.1300

Mass Effect

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

MSVCRT Redists

Novacomd

NVIDIA 3D Vision Controller Driver 314.22

NVIDIA 3D Vision Driver 314.22

NVIDIA Control Panel 314.22

NVIDIA Graphics Driver 314.22

NVIDIA HD Audio Driver 1.3.23.1

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.12.12

NVIDIA Update Components

OpenAL

Origin

Portal

Portal 2

PowerISO

Proteus

PS3 Media Server

PunkBuster Services

Realtek High Definition Audio Driver

Revo Uninstaller 1.94

Search Protect by conduit

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Sleeping Dogs™

Steam

TeamSpeak 3 Client

TeamViewer 8

Terraria

The Walking Dead

Tomb Raider

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Uplay

VLC media player 2.0.6

Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)

Windows Live ID Sign-in Assistant

XSplit

.

==== Event Viewer Messages From Past Week ========

.

5/26/2013 6:46:38 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

5/26/2013 6:46:38 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

.

==== End Of File ===========================

[Maniac]

Step 1

Please uninstall this application: AVG SafeGuard toolbar

Step 2

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
  
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  
• The tool will open and start scanning your system.
  
• Please be patient as this can take a while to complete depending on your system's specifications.
  
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  
• Post the contents of JRT.txt into your next message.
  

Step 3

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 4

Please download AdwCleaner from here and save it on your Desktop.

1. Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
   
2. Now click on the Search tab.
   
3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Step 5

• Download on the desktop RogueKiller
  
• Quit all programs
  
• Start RogueKiller.exe
  
• Wait until Prescan has finished ...
  
• Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

In your next reply, post the following log files:

• Junkware Removal Tool log
  
• Malwarebytes' Anti-Malware log
  
• AdwCleaner log
  
• RogueKiller log
  
• a new fresh DDS log

[NickDiaz209]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows 7 Ultimate x64

Ran by Roman on Mon 06/03/2013 at 2:23:29.38

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [service] cltmngsvc

Successfully deleted: [service] cltmngsvc

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotect

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotectall

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2318815334-1083360927-2397050128-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3289075

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4C125AC9-077D-4DF6-A034-55B6F9F908D4}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Roman\AppData\Roaming\searchprotect"

Successfully deleted: [Folder] "C:\Users\Roman\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\Roman\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 06/03/2013 at 2:25:01.63

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.06.03.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16576

Roman :: ROMAN-PC [administrator]

6/3/2013 2:44:14 AM

mbam-log-2013-06-03 (02-44-14).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 233971

Time elapsed: 1 minute(s), 19 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{1A4FFB6D-4BDD-5CE7-E30D-51DDBE546F76} (Trojan.Kryptik) -> Data: C:\Users\Roman\AppData\Roaming\Aspah\raufo.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Roman\AppData\Roaming\Aspah\raufo.exe (Trojan.Kryptik) -> Quarantined and deleted successfully.

(end)

# AdwCleaner v2.301 - Logfile created 06/03/2013 at 02:58:01

# Updated 16/05/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : Roman - ROMAN-PC

# Boot Mode : Normal

# Running from : C:\Users\Roman\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Users\Roman\AppData\Local\Temp\Uninstall.exe

Folder Found : C:\Users\Roman\AppData\Local\PackageAware

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\SearchProtect

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\Software\SearchProtect

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1921 octets] - [03/06/2013 02:58:01]

########## EOF - C:\AdwCleaner[R1].txt - [1981 octets] ##########

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Roman [Admin rights]

Mode : Scan -- Date : 06/03/2013 03:00:49

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SanDisk SDSSDX240GG25 +++++

--- User ---

[MBR] ff524bc80346d33f06aeab07ed379bf5

[bSP] 10f38be670bf446d8b09bae76765bd0c : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 228934 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: M4-CT128M4SSD2 +++++

--- User ---

[MBR] b3d93e08254cf8842e4cd0f2304eaf91

[bSP] df7cc0dd3b599420f2b770746b4c8ad7 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 122102 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_S_06032013_02d0300.txt >>

RKreport[1]_S_06022013_02d0401.txt ; RKreport[2]_S_06032013_02d0300.txt

[NickDiaz209]

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2

Run by Roman at 3:04:45 on 2013-06-03

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8143.6442 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Windows\system32\IProsetMonitor.exe

C:\Windows\system32\PrintIsolationHost.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\notepad.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

mWinlogon: Userinit = userinit.exe,

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

dRun: [searchProtect] \SearchProtect\bin\cltmng.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{41A13EF4-47C8-4E6E-935B-F60F4A593D9F} : DHCPNameServer = 192.168.1.1

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-3-10 16152]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-3-10 13592]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-3-10 178344]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-3-10 161560]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]

R2 NovacomD;Palm Novacom;C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-6-24 72192]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]

R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-4-2 3560288]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-3-10 363800]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-3-10 355096]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-3-10 786200]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-4-22 49152]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-10 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-11 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-11 1255736]

.

=============== Created Last 30 ================

.

2013-06-03 06:57:06 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{61B690A9-F6C0-4038-B34C-E7E6FD36534A}\mpengine.dll

2013-06-03 06:23:28 -------- d-----w- C:\Windows\ERUNT

2013-06-03 06:18:31 -------- d-----w- C:\JRT

2013-06-02 10:27:09 -------- d-----w- C:\Users\Roman\AppData\Roaming\Malwarebytes

2013-06-02 10:26:55 -------- d-----w- C:\ProgramData\Malwarebytes

2013-06-02 10:26:54 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-06-02 10:26:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-06-02 07:53:31 -------- d-----w- C:\Program Files (x86)\VS Revo Group

2013-06-02 07:43:56 -------- d-----w- C:\Windows\SysWow64\spool

2013-06-02 07:43:56 -------- d-----w- C:\Users\Roman\AppData\Local\Sony

2013-06-02 06:43:38 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BCDB775F-F05B-491B-84E6-E03606DC02A0}\gapaengine.dll

2013-06-02 06:43:36 9460464 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-06-02 06:42:36 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2013-06-02 06:42:35 -------- d-----w- C:\Program Files\Microsoft Security Client

2013-06-02 06:39:30 -------- d-----w- C:\Users\Roman\AppData\Roaming\tor

2013-06-02 06:39:30 -------- d-----w- C:\Users\Roman\AppData\Roaming\Oqto

2013-06-02 06:39:30 -------- d-----w- C:\Users\Roman\AppData\Roaming\Aspah

2013-05-31 06:48:58 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{415F202C-A0EA-4FD0-B9F8-2DE1AEAADEE8}\mpengine.dll

2013-05-30 16:40:56 -------- d-----w- C:\Users\Roman\AppData\Roaming\JasonRobitaille

2013-05-30 16:39:00 -------- d-----w- C:\Windows\System32\appmgmt

2013-05-30 16:09:44 -------- d-----w- C:\Program Files\Palm, Inc

2013-05-29 01:02:54 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2013-05-29 01:02:54 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2013-05-29 01:02:54 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2013-05-29 01:02:54 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2013-05-29 01:02:54 -------- d-----w- C:\Program Files (x86)\OpenAL

2013-05-28 22:57:50 -------- d-----w- C:\Users\Roman\AppData\Roaming\NVIDIA

2013-05-27 14:53:53 -------- d-----w- C:\Windows\pss

2013-05-26 23:19:10 80896 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPP86.DLL

2013-05-26 23:19:10 27136 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPD86.DLL

2013-05-26 23:19:09 234496 ----a-w- C:\Windows\System32\CNMLM86.DLL

2013-05-26 22:51:10 -------- d-----w- C:\Users\Roman\AppData\Local\ElevatedDiagnostics

2013-05-26 22:46:02 -------- d-----r- C:\Users\Roman\AppData\Roaming\Brother

2013-05-26 22:45:22 -------- d-----w- C:\Users\Roman\AppData\Roaming\PC-FAX TX

2013-05-26 22:41:43 -------- d-----w- C:\ProgramData\Brother

2013-05-24 07:00:57 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-23 23:24:09 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare

2013-05-13 15:32:05 -------- d-----w- C:\SearchProtect

2013-05-08 07:47:49 -------- d-----w- C:\Users\Roman\AppData\Roaming\LoneSurvivor

2013-05-04 20:20:42 -------- d-----w- C:\Users\Roman\AppData\Local\Ubisoft Game Launcher

.

==================== Find3M ====================

.

2013-06-03 05:07:38 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-06-03 05:07:38 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-06-03 05:07:28 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-05-24 07:00:57 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-15 05:48:20 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-15 05:48:20 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-05-01 02:44:16 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2013-04-18 08:51:02 127384 ----a-w- C:\Windows\System32\drivers\scdemu.sys

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll

2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-04-04 09:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-22 10:31:19 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-03-22 10:31:19 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

2013-03-15 04:16:18 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll

2013-03-15 04:16:17 6398240 ----a-w- C:\Windows\System32\nvcpl.dll

2013-03-15 04:16:10 877856 ----a-w- C:\Windows\System32\nvvsvc.exe

2013-03-15 04:16:10 63776 ----a-w- C:\Windows\System32\nvshext.dll

2013-03-15 04:16:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll

2013-03-15 02:07:52 559904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2013-03-13 16:24:01 3065455 ----a-w- C:\Windows\System32\nvcoproc.bin

2013-03-13 04:15:22 175616 ----a-w- C:\Windows\System32\msclmd.dll

2013-03-13 04:15:22 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

.

============= FINISH: 3:04:53.47 ===============

[NickDiaz209]

appreciate the help very much btw

[NickDiaz209]

What else should i do?

[Maniac]

Please be patient with me.

Step 1

• Close all open programs and internet browsers.
  
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
  
• Please post the content of that logfile with your next answer.
  
• You can find the logfile at C:\AdwCleaner[s1].txt as well.
  

Step 2

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

In your next reply, post the following log files:

• AdwCleaner log
  
• ComboFix log

[NickDiaz209]

# AdwCleaner v2.301 - Logfile created 06/03/2013 at 05:09:53

# Updated 16/05/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : Roman - ROMAN-PC

# Boot Mode : Normal

# Running from : C:\Users\Roman\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\Roman\AppData\Local\Temp\Uninstall.exe

Folder Deleted : C:\Users\Roman\AppData\Local\PackageAware

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\SearchProtect

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\Software\SearchProtect

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2046 octets] - [03/06/2013 02:58:01]

AdwCleaner[R2].txt - [2106 octets] - [03/06/2013 02:59:35]

AdwCleaner[s1].txt - [2071 octets] - [03/06/2013 05:09:53]

########## EOF - C:\AdwCleaner[s1].txt - [2131 octets] ##########

[NickDiaz209]

ComboFix 13-06-08.02 - Roman 06/11/2013 3:52.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8143.4879 [GMT -4:00]

Running from: c:\users\Roman\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\frapsvid.dll

.

.

((((((((((((((((((((((((( Files Created from 2013-05-11 to 2013-06-11 )))))))))))))))))))))))))))))))

.

.

2013-06-11 07:54 . 2013-06-11 07:54 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-06-11 07:54 . 2013-06-11 07:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-06-11 06:56 . 2013-06-11 06:56 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2C6D754-9C62-49FA-A96E-AE47D2B9D0E3}\offreg.dll

2013-06-10 19:12 . 2013-05-13 03:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2C6D754-9C62-49FA-A96E-AE47D2B9D0E3}\mpengine.dll

2013-06-09 20:29 . 2013-06-09 20:29 -------- d-----w- c:\users\Roman\AppData\Local\Chromium

2013-06-09 20:29 . 2013-06-09 20:29 -------- d-----w- c:\programdata\Rockstar Games

2013-06-09 20:28 . 2013-06-09 20:28 -------- d-----w- c:\program files (x86)\Rockstar Games

2013-06-09 16:28 . 2013-05-13 03:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-06-07 06:04 . 2013-06-11 07:32 -------- d-----w- c:\users\Roman\AppData\Local\Spotify

2013-06-07 06:04 . 2013-06-11 06:45 -------- d-----w- c:\users\Roman\AppData\Roaming\Spotify

2013-06-03 06:23 . 2013-06-03 06:23 -------- d-----w- c:\windows\ERUNT

2013-06-03 06:18 . 2013-06-03 06:23 -------- d-----w- C:\JRT

2013-06-02 10:27 . 2013-06-02 10:27 -------- d-----w- c:\users\Roman\AppData\Roaming\Malwarebytes

2013-06-02 10:26 . 2013-06-02 10:26 -------- d-----w- c:\programdata\Malwarebytes

2013-06-02 10:26 . 2013-06-02 10:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-06-02 10:26 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-06-02 07:53 . 2013-06-02 07:53 -------- d-----w- c:\program files (x86)\VS Revo Group

2013-06-02 07:43 . 2013-06-02 07:54 -------- d-----w- c:\users\Roman\AppData\Local\Sony

2013-06-02 07:43 . 2013-06-02 07:43 -------- d-----w- c:\windows\SysWow64\spool

2013-06-02 07:43 . 2013-06-02 07:47 -------- d-----w- c:\users\Roman\AppData\Roaming\Sony

2013-06-02 07:31 . 2013-06-02 07:31 -------- d-----w- c:\users\Roman\AppData\Roaming\ImgBurn

2013-06-02 07:31 . 2013-06-02 07:31 -------- d-----w- c:\program files (x86)\ImgBurn

2013-06-02 06:43 . 2013-06-02 06:43 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BCDB775F-F05B-491B-84E6-E03606DC02A0}\gapaengine.dll

2013-06-02 06:42 . 2013-06-02 06:42 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2013-06-02 06:42 . 2013-06-02 06:42 -------- d-----w- c:\program files\Microsoft Security Client

2013-06-02 06:39 . 2013-06-03 06:45 -------- d-----w- c:\users\Roman\AppData\Roaming\Aspah

2013-06-02 06:39 . 2013-06-03 06:35 -------- d-----w- c:\users\Roman\AppData\Roaming\tor

2013-06-02 06:39 . 2013-06-02 06:40 -------- d-----w- c:\users\Roman\AppData\Roaming\Oqto

2013-06-02 05:12 . 2013-06-02 05:12 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-05-31 06:48 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{415F202C-A0EA-4FD0-B9F8-2DE1AEAADEE8}\mpengine.dll

2013-05-30 16:40 . 2013-05-30 16:40 -------- d-----w- c:\users\Roman\AppData\Roaming\JasonRobitaille

2013-05-30 16:39 . 2013-05-30 16:39 -------- d-----w- c:\windows\system32\appmgmt

2013-05-30 16:09 . 2013-05-30 16:56 -------- d-----w- c:\program files\Palm, Inc

2013-05-30 16:09 . 2013-05-30 16:09 -------- d-----w- c:\program files\DIFX

2013-05-29 01:02 . 2013-05-29 01:02 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2013-05-29 01:02 . 2013-05-29 01:02 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2013-05-29 01:02 . 2013-05-29 01:02 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2013-05-29 01:02 . 2013-05-29 01:02 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2013-05-29 01:02 . 2013-05-29 01:02 -------- d-----w- c:\program files (x86)\OpenAL

2013-05-28 22:57 . 2013-06-02 06:57 -------- d-----w- c:\users\Roman\AppData\Roaming\NVIDIA

2013-05-26 23:19 . 2013-05-26 23:19 -------- d--h--w- c:\programdata\CanonBJ

2013-05-26 23:19 . 2006-09-13 00:00 80896 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPP86.DLL

2013-05-26 23:19 . 2006-09-13 00:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPD86.DLL

2013-05-26 23:19 . 2006-09-13 00:00 234496 ----a-w- c:\windows\system32\CNMLM86.DLL

2013-05-26 22:51 . 2013-05-26 22:51 -------- d-----w- c:\users\Roman\AppData\Local\ElevatedDiagnostics

2013-05-26 22:46 . 2013-05-26 22:46 -------- d-----r- c:\users\Roman\AppData\Roaming\Brother

2013-05-26 22:45 . 2013-05-26 22:45 -------- d-----w- c:\users\Roman\AppData\Roaming\PC-FAX TX

2013-05-26 22:41 . 2013-05-26 22:41 -------- d-----w- c:\programdata\Brother

2013-05-24 07:01 . 2013-05-24 07:01 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-05-24 07:00 . 2013-05-24 07:00 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-23 23:24 . 2013-05-23 23:24 -------- d-----w- c:\program files (x86)\Common Files\BioWare

2013-05-13 15:32 . 2013-05-13 15:32 -------- d-----w- C:\SearchProtect

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-10 00:59 . 2013-05-01 02:34 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2013-06-10 00:59 . 2013-04-28 17:32 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-06-10 00:59 . 2013-04-28 17:32 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2013-05-15 07:02 . 2013-03-13 04:15 75016696 ----a-w- c:\windows\system32\MRT.exe

2013-05-15 05:48 . 2013-04-24 20:43 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-15 05:48 . 2013-04-24 20:43 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-10 22:08 . 2009-08-18 16:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2013-05-10 22:08 . 2009-08-18 15:24 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-02 15:29 . 2013-03-10 06:57 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-05-01 02:44 . 2013-04-28 17:32 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2013-04-18 08:51 . 2013-04-27 18:12 127384 ----a-w- c:\windows\system32\drivers\scdemu.sys

2013-04-13 05:49 . 2013-05-15 03:40 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-15 03:40 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-15 03:40 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-15 03:40 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-15 03:40 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-15 03:40 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-24 08:27 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-04 09:35 . 2013-03-22 10:31 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-22 10:31 . 2013-03-22 10:31 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-03-22 10:31 . 2013-03-22 10:31 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-03-19 06:04 . 2013-04-11 03:26 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-11 03:26 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-11 03:26 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-11 03:26 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-11 03:26 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-11 03:26 112640 ----a-w- c:\windows\system32\smss.exe

2013-03-15 05:53 . 2013-04-06 23:43 968408 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2013-03-15 05:53 . 2013-04-06 23:43 9414456 ----a-w- c:\windows\system32\nvcuda.dll

2013-03-15 05:53 . 2013-04-06 23:43 7959000 ----a-w- c:\windows\SysWow64\nvcuda.dll

2013-03-15 05:53 . 2013-04-06 23:43 7573816 ----a-w- c:\windows\system32\nvopencl.dll

2013-03-15 05:53 . 2013-04-06 23:43 6271872 ----a-w- c:\windows\SysWow64\nvopencl.dll

2013-03-15 05:53 . 2013-04-06 23:43 420128 ----a-w- c:\windows\system32\nvEncodeAPI64.dll

2013-03-15 05:53 . 2013-04-06 23:43 364832 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll

2013-03-15 05:53 . 2013-04-06 23:43 2913056 ----a-w- c:\windows\system32\nvcuvid.dll

2013-03-15 05:53 . 2013-04-06 23:43 2728736 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2013-03-15 05:53 . 2013-04-06 23:43 26956576 ----a-w- c:\windows\system32\nvoglv64.dll

2013-03-15 05:53 . 2013-04-06 23:43 25256736 ----a-w- c:\windows\system32\nvcompiler.dll

2013-03-15 05:53 . 2013-04-06 23:43 250504 ----a-w- c:\windows\system32\nvinitx.dll

2013-03-15 05:53 . 2013-04-06 23:43 2355488 ----a-w- c:\windows\system32\nvcuvenc.dll

2013-03-15 05:53 . 2013-04-06 23:43 20542752 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2013-03-15 05:53 . 2013-04-06 23:43 205184 ----a-w- c:\windows\SysWow64\nvinit.dll

2013-03-15 05:53 . 2013-04-06 23:43 1995552 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2013-03-15 05:53 . 2013-04-06 23:43 1807136 ----a-w- c:\windows\system32\nvdispco6431422.dll

2013-03-15 05:53 . 2013-04-06 23:43 17990800 ----a-w- c:\windows\system32\nvd3dumx.dll

2013-03-15 05:53 . 2013-04-06 23:43 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2013-03-15 05:53 . 2013-04-06 23:43 1510176 ----a-w- c:\windows\system32\nvdispgenco6431422.dll

2013-03-15 05:53 . 2013-04-06 23:43 13088000 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2013-03-15 05:53 . 2013-04-06 23:43 11048736 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2013-03-15 05:53 . 2012-10-11 01:23 2864144 ----a-w- c:\windows\system32\nvapi64.dll

2013-03-15 05:53 . 2012-10-11 01:23 1118776 ----a-w- c:\windows\system32\nvumdshimx.dll

2013-03-15 05:53 . 2012-10-11 01:23 15508512 ----a-w- c:\windows\system32\nvwgf2umx.dll

2013-03-15 05:53 . 2012-10-11 01:22 2539128 ----a-w- c:\windows\SysWow64\nvapi.dll

2013-03-15 05:53 . 2012-10-11 01:22 15042928 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2013-03-15 04:16 . 2013-03-10 06:38 3477280 ----a-w- c:\windows\system32\nvsvc64.dll

2013-03-15 04:16 . 2013-03-10 06:38 6398240 ----a-w- c:\windows\system32\nvcpl.dll

2013-03-15 04:16 . 2013-03-10 06:38 877856 ----a-w- c:\windows\system32\nvvsvc.exe

2013-03-15 04:16 . 2013-03-10 06:38 63776 ----a-w- c:\windows\system32\nvshext.dll

2013-03-15 04:16 . 2013-03-10 06:38 237856 ----a-w- c:\windows\system32\nvmctray.dll

2013-03-15 02:07 . 2013-03-15 02:07 559904 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2013-03-13 16:24 . 2013-03-10 06:38 3065455 ----a-w- c:\windows\system32\nvcoproc.bin

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Spotify"="c:\users\Roman\AppData\Roaming\Spotify\Spotify.exe" [2013-06-07 4573184]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]

S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-06-06 23:12 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-24 05:48]

.

2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-10 06:23]

.

2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-10 06:23]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-10 6463592]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exe

AddRemove-BattlEye for A2 - d:\programs\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2318815334-1083360927-2397050128-1000\Software\SecuROM\License information*]

"datasecu"=hex:51,8a,9f,d6,03,3f,48,ab,21,9f,c9,19,1d,65,29,f7,4c,23,94,d0,09,

cf,26,7b,de,2b,ee,b7,6e,c4,f1,76,00,db,79,15,db,f5,6a,97,a0,5c,f0,73,de,08,\

"rkeysecu"=hex:cf,7e,9c,ac,70,b6,e0,61,16,b9,37,7b,a8,a3,de,97

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-06-11 03:55:14

ComboFix-quarantined-files.txt 2013-06-11 07:55

.

Pre-Run: 35,470,811,136 bytes free

Post-Run: 36,452,384,768 bytes free

.

- - End Of File - - 953B846347D2FED10EB11BED945DD1C4

D41D8CD98F00B204E9800998ECF8427E

[NickDiaz209]

also whenever my PC is in sleep mode, it crashes and gets BSOD

[Maniac]

Please scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
    Save it to your Desktop.
    
  • Double click on the to download the ESET Smart Installer. icon on your Desktop.
    

  [*]Check "YES, I accept the Terms of Use."

  [*]Click the Start button.

  [*]Accept any security warnings from your browser.

  [*]Under Scan Settings, check "Scan Archives" and "Remove found threats"

  [*]Click Advanced settings and select the following:

  • Scan potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth technology

  [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

  [*]When the scan completes, click List Threats

  [*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

  [*]Click the Back button.

  [*]Click the Finish button.

[NickDiaz209]

it says no threats found

[Maniac]

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

[NickDiaz209]

<p>Kaspersky Virus removal is ongoing,</p>

<p>however I had a question regarding this error that i now get when putting my computer into sleep mode</p>

<p> </p>

<div>Problem signature:</div>

<div>  Problem Event Name:<span class="Apple-tab-span" style="white-space:pre"> </span>BlueScreen</div>

<div>  OS Version:<span class="Apple-tab-span" style="white-space:pre"> </span>6.1.7601.2.1.0.256.1</div>

<div>  Locale ID:<span class="Apple-tab-span" style="white-space:pre"> </span>1033</div>

<div> </div>

<div>Additional information about the problem:</div>

<div>  BCCode:<span class="Apple-tab-span" style="white-space:pre"> </span>9f</div>

<div>  BCP1:<span class="Apple-tab-span" style="white-space:pre"> </span>0000000000000003</div>

<div>  BCP2:<span class="Apple-tab-span" style="white-space:pre"> </span>FFFFFA800A4A6630</div>

<div>  BCP3:<span class="Apple-tab-span" style="white-space:pre"> </span>FFFFF8000444E3D8</div>

<div>  BCP4:<span class="Apple-tab-span" style="white-space:pre"> </span>FFFFFA800B77EC60</div>

<div>  OS Version:<span class="Apple-tab-span" style="white-space:pre"> </span>6_1_7601</div>

<div>  Service Pack:<span class="Apple-tab-span" style="white-space:pre"> </span>1_0</div>

<div>  Product:<span class="Apple-tab-span" style="white-space:pre"> </span>256_1</div>

<div> </div>

<div>Files that help describe the problem:</div>

<div>  C:\Windows\Minidump\061113-7191-01.dmp</div>

<div>  C:\Users\Roman\AppData\Local\Temp\WER-10374-0.sysdata.xml</div>

<div> </div>

<div>Read our privacy statement online:</div>

<div>  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409</div>

<div> </div>

<div>If the online privacy statement is not available, please read our privacy statement offline:</div>

<div>  C:\Windows\system32\en-US\erofflps.txt</div>

<div> </div>

[NickDiaz209]

Problem signature:

Problem Event Name: BlueScreen

OS Version: 6.1.7601.2.1.0.256.1

Locale ID: 1033

Additional information about the problem:

BCCode: 9f

BCP1: 0000000000000003

BCP2: FFFFFA800A4A6630

BCP3: FFFFF8000444E3D8

BCP4: FFFFFA800B77EC60

OS Version: 6_1_7601

Service Pack: 1_0

Product: 256_1

Files that help describe the problem:

C:\Windows\Minidump\061113-7191-01.dmp

C:\Users\Roman\AppData\Local\Temp\WER-10374-0.sysdata.xml

Read our privacy statement online:

http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:

C:\Windows\system32\en-US\erofflps.txt

[Maniac]

Take a look here:

http://answers.microsoft.com/en-us/windows/forum/windows_7-system/windows-7-blue-screen-error-9f/7580fa5d-3e02-4989-a3d8-ecd3177da6bb

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!