BitCoinMiner

[Nyarla]

Hello guys from Malwarebytes, and greetings from Finland.

Couple of days ago my computer got finally infected for good. Malicious file called TR/BitCoinMinerAL.A.11 has infected my laptop.

I did some research and found out that you guys have been helping to remove this manually.

I have avira and avast but they can't get rid of it, they just keep spamming warnings/blocks etc.. also my comp has turned to be fast as a snail nowdays sigh..  I downloaded your malwarebytes anti-malware program but it didin't work either, so i figured i just ask from you guys can you help me out? Help me Mal-ware-bytes, you are my only hope..

[Maniac]

Hello Nyarla and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here and post your log files:

http://forums.malwarebytes.org/index.php?showtopic=9573

[Nyarla]

Ok here i go!

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 10.21.2

Run by Nyarlathotep at 16:06:12 on 2013-06-25

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.358.1035.18.7658.5363 [GMT 3:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\Hpservice.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\ezSharedSvcHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\ProgramData\MobileBrServ\mbbservice.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Windows\system32\msiexec.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe

C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Program Files (x86)\CyberLink\Shared files\brs.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Users\Nyarlathotep\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Nyarlathotep\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Nyarlathotep\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe

BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [Google Update] "C:\Users\Nyarlathotep\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray

uRun: [tsiVideo] C:\Windows\SysWOW64\rundll32.exe C:\Users\NYARLA~1\AppData\Local\Temp\\tsiVi032.dll,start

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"

mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey

mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

StartupFolder: C:\Users\Nyarlathotep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: EnableShellExecuteHooks = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: HideFastUserSwitching = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{56B4AD0C-9678-431F-8FFA-DDD47520808D} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{58C3FA92-9264-47DE-B6F5-EBB26D3C74EF} : DHCPNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{EB6E0000-A6F1-4E89-8221-90062433E38A} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{EB6E0000-A6F1-4E89-8221-90062433E38A}\140707C65602E4564777F627B602631683030373 : DHCPNameServer = 62.241.198.245 62.241.198.246

TCP: Interfaces\{EB6E0000-A6F1-4E89-8221-90062433E38A}\25570757D225549435B414030373 : DHCPNameServer = 62.241.198.245 62.241.198.246

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll

mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe

x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll

x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Nyarlathotep\AppData\Roaming\Mozilla\Firefox\Profiles\dk9nvjhk.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll

FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll

FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Nyarlathotep\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

FF - ExtSQL: 2013-06-24 16:35; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-4-16 79488]

R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-4-16 40064]

R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-6-24 65336]

R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-6-24 189936]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-6-24 1025808]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-6-24 378432]

R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-30 28600]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-5-28 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-29 204288]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-28 361984]

R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-11-1 86752]

R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-11-1 110816]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-6-24 33400]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-6-24 80816]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-6-24 46808]

R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-30 100712]

R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]

R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-8-26 260424]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]

R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-1-28 2413056]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-25 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-25 701512]

R2 Mobile Broadband HL Service;Mobile Broadband HL Service;C:\ProgramData\MobileBrServ\mbbService.exe [2012-7-18 230240]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]

R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-7-16 96896]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-1-28 46136]

R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-7-16 214144]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-25 25928]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-1-28 338536]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-28 428136]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-1-28 1145448]

S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/01/27 20:43:41;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-2-25 241648]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windowsin aktivointitekniikoiden palvelu;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-24 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]

.

=============== Created Last 30 ================

.

2013-06-24 21:53:20 -------- d-----w- C:\Users\Nyarlathotep\AppData\Roaming\Malwarebytes

2013-06-24 21:53:06 -------- d-----w- C:\ProgramData\Malwarebytes

2013-06-24 21:53:05 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-06-24 21:53:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-06-24 21:52:55 -------- d-----w- C:\Users\Nyarlathotep\AppData\Local\Programs

2013-06-24 16:23:44 -------- d-----w- C:\Users\Nyarlathotep\AppData\Roaming\DriverCure

2013-06-24 16:23:43 -------- d-----w- C:\Users\Nyarlathotep\AppData\Roaming\ParetoLogic

2013-06-24 16:23:30 -------- d-----w- C:\ProgramData\ParetoLogic

2013-06-24 14:04:36 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C7A0E20E-42DD-4951-9D55-BABD10FEFB51}\offreg.dll

2013-06-24 13:53:33 -------- d-----w- C:\Program Files\Enigma Software Group

2013-06-24 13:52:48 -------- d-----w- C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP

2013-06-24 13:36:08 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2013-06-24 13:36:04 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2013-06-24 13:36:04 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2013-06-24 13:36:03 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2013-06-24 13:36:02 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2013-06-24 13:35:36 41664 ----a-w- C:\Windows\avastSS.scr

2013-06-24 13:35:19 -------- d-----w- C:\Program Files\AVAST Software

2013-06-24 13:33:58 -------- d-----w- C:\ProgramData\AVAST Software

2013-06-23 19:09:21 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C7A0E20E-42DD-4951-9D55-BABD10FEFB51}\mpengine.dll

2013-06-12 15:35:22 701952 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll

2013-06-12 11:27:34 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-06-04 12:23:33 -------- d-----w- C:\Program Files (x86)\Common Files\Nokia

2013-06-04 12:22:12 26112 ----a-w- C:\Windows\System32\drivers\pccsmcfdx64.sys

2013-06-04 12:22:03 -------- d-----w- C:\Program Files (x86)\PC Connectivity Solution

2013-05-28 12:49:26 535552 ----a-w- C:\Windows\System32\drivers\stwrt64.sys

2013-05-28 12:49:21 654336 ------w- C:\Windows\System32\stapi64.dll

2013-05-28 12:49:21 448512 ----a-w- C:\Windows\System32\stcplx64.dll

2013-05-28 12:49:21 1987072 ----a-w- C:\Windows\System32\stapo64.dll

2013-05-28 12:49:06 -------- d-----w- C:\Program Files\IDT

.

==================== Find3M  ====================

.

2013-06-12 18:40:30 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-12 18:40:30 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-05-23 20:21:42 719360 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll

2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll

2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe

2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe

2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll

2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll

2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll

2013-05-07 11:17:14 83160 ----a-w- C:\Windows\System32\drivers\avnetflt.sys

2013-05-01 23:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll

2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-10 05:24:10 983912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-04-10 05:24:10 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-04-04 02:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-31 22:52:16 1887232 ----a-w- C:\Windows\System32\d3d11.dll

2013-03-29 21:48:36 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys

2013-03-29 21:48:36 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

.

============= FINISH: 16:07:49,60 ===============

[Maniac]

What about the content of Attach.txt?

[Nyarla]

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume1

Install Date: 19.3.2012 21:08:30

System Uptime: 25.6.2013 15:01:12 (1 hours ago)

.

Motherboard: Hewlett-Packard |  | 1807

Processor: AMD A8-3530MX APU with Radeon HD Graphics | Socket FS1 | 1900/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 436 GiB total, 48,656 GiB free.

D: is FIXED (NTFS) - 26 GiB total, 2,655 GiB free.

E: is FIXED (FAT32) - 4 GiB total, 1,08 GiB free.

F: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP209: 23.6.2013 22:08:19 - Windows Update

RP210: 24.6.2013 15:18:52 - Removed James Cameron's AVATAR: THE GAME

RP211: 24.6.2013 16:35:09 - avast! Free Antivirus Asennus

RP212: 24.6.2013 16:52:53 - Installed SpyHunter

RP213: 24.6.2013 18:49:29 - Removed SpyHunter

RP214: 24.6.2013 18:53:33 - Removed Google Drive

.

==== Installed Programs ======================

.

ActiveX-kontroll för fjärranslutningar för Windows Live Mesh

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4) MUI

Adobe Shockwave Player 11.6

AirBuccaneers

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Fuel

AMD Steady Video Plug-In 

AMD System Monitor

AMD VISION Engine Control Center

Apple Mobile Device Support

Apple Software Update

Applen ohjelmatuki

Arma 2

Arma 2: DayZ Mod

Arma 2: Operation Arrowhead

Arma 2: Operation Arrowhead Beta

AuthenTec TrueAPI

avast! Free Antivirus

Avira Free Antivirus

Bejeweled 3

BitTorrent

Blackhawk Striker 2

Bonjour

Borderlands 2

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Chuzzle Deluxe

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Counter-Strike: Global Offensive

Counter-Strike: Global Offensive - SDK

Counter-Strike: Source

Cradle of Rome 2

Curse Client

CyberLink PowerDVD

CyberLink YouCam

D3DX10

Dawn of War - Dark Crusade

Dawn of War - Soulstorm

Deus Ex: Human Revolution

Diablo III

Dora's World Adventure

Dota 2

Dual-Core Optimizer

Empire: Total War

ESU for Microsoft Windows 7 SP1

Fallout 3 - Game of the Year Edition

Farm Frenzy

Farmscapes

FATE

Final Drive Fury

Google Chrome

Grand Theft Auto IV

Hewlett-Packard ACLM.NET v1.2.1.1

Hoyle Card Games

HP 3D DriveGuard

HP Auto

HP Client Services

HP CoolSense

HP Customer Experience Enhancements

HP Documentation

HP DVB-T TV Tuner 8.0.64.43

HP Games

HP Launch Box

HP On Screen Display

HP Power Manager

HP Quick Launch

HP QuickWeb

HP Recovery Manager

HP Security Assistant

HP Setup

HP Setup Manager

HP SimplePass 2012

HP Software Framework

HP Support Assistant

IDT Audio

iTunes

Java 7 Update 21

Java 7 Update 7 (64-bit)

Java Auto Updater

Java SE Development Kit 7 Update 7 (64-bit)

Java 6 Update 32

JavaFX 2.1.1

Jewel Match 3

Jewel Quest Mysteries: The Seventh Gate Collector's Edition

John Deere Drive Green

Junk Mail filter update

Left 4 Dead 2

Letters from Nowhere 2

Logitech SetPoint 6.32

Luxor HD

Magic Desktop

Mah Jong Medley

Malwarebytes Anti-Malware version 1.75.0.1300

McAfee Security Scan Plus

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft_VC100_CRT_SP1_x64

Microsoft_VC100_CRT_SP1_x86

Mobile Broadband HL Service

Mozilla Firefox 11.0 (x86 fi)

Mozilla Firefox 20.0.1 (x86 fi)

MSVC80_x64_v2

MSVC80_x86_v2

MSVC90_x64

MSVC90_x86

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nokia Connectivity Cable Driver

Nokia Suite

NVIDIA PhysX

OpenOffice.org 3.3

opensource

Origin

PC Connectivity Solution

Penguins!

Plants vs. Zombies - Game of the Year

Poker Superstars III

Polar Bowler

Polar Golfer

Portal 2

PunkBuster Services

QuickTime

RAY Kasino

Realtek Ethernet Controller Driver

Realtek PCIE Card Reader

REALTEK Wireless LAN Driver

RollerCoaster Tycoon 3: Platinum

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Skype Click to Call

Skype™ 6.1

Spybot - Search & Destroy

StarCraft II

Steam

swMSM

Synaptics TouchPad Driver

Team Fortress 2

The Elder Scrolls V: Skyrim

The Treasures of Mystery Island: The Ghost Ship

The Witcher 2: Assassins of Kings Enhanced Edition

The Witcher Enhanced Edition

Torchlight

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update Installer for WildTangent Games App

Uplay

Validity WBF DDK

Warcraft III

Warhammer 40,000: Dawn Of War - Gold Edition

WildTangent Games App (HP Games)

Winamp

Winamp Detector Plug-in

Windows Live Communications Platform

Windows Live Essentials

Windows Live Fotogalleri

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger

Windows Live Mesh ActiveX-objekt til fjernforbindelser

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Meshin etäyhteyksien ActiveX-komponentti

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Liven asennustyökalu

Windows Liven sähköposti

Windows Liven valokuvavalikoima

Windowsin ohjainpaketti - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)

WinRAR 4.20 (32-bit)

Virtual Villagers 4 - The Tree of Life

VLC media player 2.0.1

World of Warcraft

Xfire (remove only)

Zuma's Revenge

.

==== End Of File ===========================

[Maniac]

Step 1

I notice that you are using more than one antivirus program.

• avast! Free Antivirus
• Avira Free Antivirus

This is very dangerous, as multiple Antivirus programs can interfere with one another and actually allow more viruses to get through. It is important that only one antivirus program is running realtime protection. Please uninstall one of them.

Also, please uninstall this application: BitTorrent. Then restart your computer.

Step 2

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[Nyarla]

ComboFix 13-06-24.01 - Nyarlathotep 25.06.2013  16:50:36.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.358.1035.18.7658.5406 [GMT 3:00]

Sijainti: c:\users\Nyarlathotep\Downloads\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((   Muut poistot   ))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\users\NYARLA~1\AppData\Local\Temp\tsiVi032.dll

c:\users\Nyarlathotep\AppData\Local\Temp\tsiVi032.dll

c:\windows\wininit.ini

.

.

(((((   Tiedostot, jotka on luotu seuraavalla aikavälillä: 2013-05-25 to 2013-06-25  )))))))))))))))))

.

.

2013-06-25 14:06 . 2013-06-25 14:06 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-06-25 13:53 . 2013-06-25 13:53 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{54EC2586-2B99-413C-9770-149F89E4CD0B}\offreg.dll

2013-06-25 13:48 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{54EC2586-2B99-413C-9770-149F89E4CD0B}\mpengine.dll

2013-06-24 21:53 . 2013-06-24 21:53 -------- d-----w- c:\users\Nyarlathotep\AppData\Roaming\Malwarebytes

2013-06-24 21:53 . 2013-06-24 21:53 -------- d-----w- c:\programdata\Malwarebytes

2013-06-24 21:53 . 2013-06-24 21:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-06-24 21:53 . 2013-04-04 11:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-06-24 21:52 . 2013-06-24 21:52 -------- d-----w- c:\users\Nyarlathotep\AppData\Local\Programs

2013-06-24 16:23 . 2013-06-24 16:23 -------- d-----w- c:\users\Nyarlathotep\AppData\Roaming\DriverCure

2013-06-24 16:23 . 2013-06-24 16:23 -------- d-----w- c:\users\Nyarlathotep\AppData\Roaming\ParetoLogic

2013-06-24 16:23 . 2013-06-24 16:43 -------- d-----w- c:\programdata\ParetoLogic

2013-06-24 13:53 . 2013-06-24 13:53 -------- d-----w- c:\program files\Enigma Software Group

2013-06-24 13:52 . 2013-06-24 15:51 -------- d-----w- c:\windows\BCD5545077AC4347B24F654B1189F8D4.TMP

2013-06-24 13:36 . 2013-06-24 16:46 -------- d-----w- c:\program files (x86)\Google

2013-06-24 13:36 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe

2013-06-24 13:35 . 2013-06-24 13:35 -------- d-----w- c:\program files\AVAST Software

2013-06-24 13:33 . 2013-06-25 13:39 -------- d-----w- c:\programdata\AVAST Software

2013-06-12 15:35 . 2013-05-17 01:25 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll

2013-06-12 11:27 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-06-04 12:23 . 2013-06-04 12:23 -------- d-----w- c:\program files (x86)\Common Files\Nokia

2013-06-04 12:22 . 2012-10-17 11:53 26112 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys

2013-06-04 12:22 . 2013-06-04 12:22 -------- d-----w- c:\program files (x86)\PC Connectivity Solution

2013-05-28 12:49 . 2013-05-28 12:48 535552 ----a-w- c:\windows\system32\drivers\stwrt64.sys

2013-05-28 12:49 . 2013-05-28 12:48 654336 ------w- c:\windows\system32\stapi64.dll

2013-05-28 12:49 . 2013-05-28 12:48 448512 ----a-w- c:\windows\system32\stcplx64.dll

2013-05-28 12:49 . 2013-05-28 12:48 1987072 ----a-w- c:\windows\system32\stapo64.dll

2013-05-28 12:49 . 2013-05-28 12:51 -------- d-----w- c:\program files\IDT

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M-raportti   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-12 18:40 . 2012-04-03 19:52 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-06-12 18:40 . 2011-11-16 21:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-03 15:16 . 2013-05-24 12:12 75898224 ----a-w- c:\windows\system32\MRT.exe

2013-05-28 12:48 . 2012-01-28 04:26 5298688 ----a-w- c:\windows\system32\IDTNHP.dll

2013-05-28 12:48 . 2012-01-28 04:26 4444672 ----a-w- c:\windows\system32\stlang64.dll

2013-05-28 12:48 . 2012-01-28 04:26 249344 ----a-w- c:\windows\system32\IDTNJ.exe

2013-05-28 12:48 . 2012-01-28 04:26 1425408 ----a-w- c:\windows\sttray64.exe

2013-05-28 12:48 . 2012-01-28 04:26 1085440 ----a-w- c:\windows\system32\IDTNX.dll

2013-05-28 12:48 . 2012-01-28 04:25 251904 ----a-w- c:\windows\system32\staco64.dll

2013-05-28 12:48 . 2012-01-28 04:26 90624 ----a-w- c:\windows\system32\AESTCo64.dll

2013-05-28 12:48 . 2012-01-28 04:26 68608 ----a-w- c:\windows\system32\AESTAR64.dll

2013-05-28 12:48 . 2012-01-28 04:26 6344704 ----a-w- c:\windows\system32\IDTNGUI.exe

2013-05-28 12:48 . 2012-01-28 04:26 442368 ----a-w- c:\windows\system32\AESTEC64.dll

2013-05-28 12:48 . 2012-01-28 04:26 223744 ----a-w- c:\windows\system32\HPToneCtrls64.dll

2013-05-28 12:48 . 2012-01-28 04:26 1819136 ----a-w- c:\windows\system32\IDTNC64.cpl

2013-05-28 12:48 . 2012-01-28 04:26 162304 ----a-w- c:\windows\system32\AESTAC64.dll

2013-05-23 20:21 . 2013-05-23 20:21 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-05-23 20:21 . 2013-05-23 20:21 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-05-23 20:21 . 2013-05-23 20:21 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-05-23 20:21 . 2013-05-23 20:21 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-05-23 20:21 . 2013-05-23 20:21 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-05-23 20:21 . 2013-05-23 20:21 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-05-23 20:21 . 2013-05-23 20:21 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-05-23 20:21 . 2013-05-23 20:21 81408 ----a-w- c:\windows\system32\icardie.dll

2013-05-23 20:21 . 2013-05-23 20:21 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-05-23 20:21 . 2013-05-23 20:21 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-05-23 20:21 . 2013-05-23 20:21 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-05-23 20:21 . 2013-05-23 20:21 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-05-23 20:21 . 2013-05-23 20:21 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-05-23 20:21 . 2013-05-23 20:21 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-05-23 20:21 . 2013-05-23 20:21 441856 ----a-w- c:\windows\system32\html.iec

2013-05-23 20:21 . 2013-05-23 20:21 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-05-23 20:21 . 2013-05-23 20:21 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-05-23 20:21 . 2013-05-23 20:21 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-05-23 20:21 . 2013-05-23 20:21 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-05-23 20:21 . 2013-05-23 20:21 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-05-23 20:21 . 2013-05-23 20:21 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-05-23 20:21 . 2013-05-23 20:21 235008 ----a-w- c:\windows\system32\url.dll

2013-05-23 20:21 . 2013-05-23 20:21 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-05-23 20:21 . 2013-05-23 20:21 216064 ----a-w- c:\windows\system32\msls31.dll

2013-05-23 20:21 . 2013-05-23 20:21 197120 ----a-w- c:\windows\system32\msrating.dll

2013-05-23 20:21 . 2013-05-23 20:21 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-05-23 20:21 . 2013-05-23 20:21 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-05-23 20:21 . 2013-05-23 20:21 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-05-23 20:21 . 2013-05-23 20:21 144896 ----a-w- c:\windows\system32\wextract.exe

2013-05-23 20:21 . 2013-05-23 20:21 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-05-23 20:21 . 2013-05-23 20:21 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-05-23 20:21 . 2013-05-23 20:21 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-05-23 20:21 . 2013-05-23 20:21 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-05-23 20:21 . 2013-05-23 20:21 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-05-23 20:21 . 2013-05-23 20:21 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-05-23 20:21 . 2013-05-23 20:21 102912 ----a-w- c:\windows\system32\inseng.dll

2013-05-23 20:21 . 2013-05-23 20:21 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-05-23 20:21 . 2013-05-23 20:21 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-05-23 20:21 . 2013-05-23 20:21 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-05-23 20:21 . 2013-05-23 20:21 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-05-23 20:21 . 2013-05-23 20:21 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-05-23 20:21 . 2013-05-23 20:21 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-05-23 20:21 . 2013-05-23 20:21 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-05-23 20:21 . 2013-05-23 20:21 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-05-23 20:21 . 2013-05-23 20:21 149504 ----a-w- c:\windows\system32\occache.dll

2013-05-23 20:21 . 2013-05-23 20:21 13824 ----a-w- c:\windows\system32\mshta.exe

2013-05-23 20:21 . 2013-05-23 20:21 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-05-23 20:21 . 2013-05-23 20:21 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-05-23 20:21 . 2013-05-23 20:21 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-05-15 11:47 . 2011-03-29 02:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-07 11:17 . 2013-05-07 11:17 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys

2013-05-01 23:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-13 05:49 . 2013-05-15 20:50 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-15 20:50 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-15 20:50 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-15 20:50 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-15 20:50 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-15 20:50 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-24 11:25 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-10 05:24 . 2013-05-15 20:50 983912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-04-10 05:24 . 2013-05-15 20:50 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-04-10 03:30 . 2013-05-15 20:50 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-04-04 02:35 . 2013-04-26 13:14 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-29 21:48 . 2013-03-29 21:48 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2013-03-29 21:48 . 2013-03-29 21:48 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys

2013-03-29 21:48 . 2013-03-29 21:48 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys

.

.

((((((((((((((((((((((((((((((   Rekisterin käynnistyskohteet   )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2013-04-18 1090912]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-28 343168]

"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]

"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-08-04 75048]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]

"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-09-15 61112]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

c:\users\Nyarlathotep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CurseClientStartup.ccip [2012-6-27 0]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/01/27 20:43;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe;c:\programdata\MobileBrServ\mbbservice.exe [x]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windowsin aktivointitekniikoiden palvelu;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]

S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe [x]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]

S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]

S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]

.

.

--- Muut muistissa olevat ajurit/palvelut ---

.

*Deregistered* - CLKMDRV10_38F51D56

.

'Ajoitetut tehtävät'-kansion sisältö

.

2013-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 18:40]

.

2013-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2258288600-979424359-1637490865-1001Core.job

- c:\users\Nyarlathotep\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-19 19:22]

.

2013-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2258288600-979424359-1637490865-1001UA.job

- c:\users\Nyarlathotep\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-19 19:22]

.

2013-05-29 c:\windows\Tasks\HPCeeScheduleForNyarlathotep.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-09-30 43320]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-05-28 1425408]

.

------- Täydentävä tarkistus -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Nyarlathotep\AppData\Roaming\Mozilla\Firefox\Profiles\dk9nvjhk.default\

FF - ExtSQL: 2013-06-24 16:35; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF

.

- - - - POISTETUT JÄMÄRIVIT - - - -

.

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe

.

.

.

--------------------- LUKITUT REKISTERIAVAIMET ---------------------

.

[HKEY_USERS\S-1-5-21-2258288600-979424359-1637490865-1001\Software\SecuROM\License information*]

"datasecu"=hex:85,fc,9d,68,4f,b4,9a,d8,e3,66,d0,db,e5,a2,86,36,98,e0,44,fe,a5,

   db,7f,8c,2f,78,f6,a7,ed,aa,05,92,26,0e,bd,3f,ae,3d,1b,54,26,41,de,d4,3f,bf,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Valmistumisajankohta: 2013-06-25  17:10:28

ComboFix-quarantined-files.txt  2013-06-25 14:10

.

Ennen ajoa: 52 761 112 576 tavua vapaana

Ajon jälkeen: 53 383 475 200 tavua vapaana

.

- - End Of File - - B35E2888A0A499A05BCD45116AFC2378

A36C5E4F47E84449FF07ED3517B43A31

[Nyarla]

There, i removed bittorrent and avast. And my windows is Finnish i hope it doesnt matter for now. ofc i can change it if you need

[Maniac]

Nope, it is okay for me, but we need to clean some leftovers from Avast. For this goal, please use their uninstaller tool:

http://www.avast.com/uninstall-utility

[Nyarla]

Ok done and done, what now?

[Maniac]

Please scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.

  ESET OnlineScan

• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

    Save it to your Desktop.

  • Double click on the to download the ESET Smart Installer. icon on your Desktop.
• Check "YES, I accept the Terms of Use."
• Click the Start button.
• Accept any security warnings from your browser.
• Under Scan Settings, check "Scan Archives" and "Remove found threats"
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Click the Back button.
• Click the Finish button.

[Nyarla]

Scan took over 15hours is this normal? 

C:\Users\Nyarlathotep\Downloads\avira_free_antivirus_en.exe a variant of Win32/Bundled.Toolbar.Ask application

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application

C:\Documents and Settings\Nyarlathotep\Downloads\avira_free_antivirus_en.exe a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined

C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting (after the next restart) - quarantined

C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting (after the next restart) - quarantined

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

[Maniac]

Sometimes it happen.

How are things now?

[Nyarla]

Seems to be alright now, no spams and working faster now,  wow thanks is it done now already?

[Maniac]

Yes, we are almost done.

Step 1

• Download OTC to your desktop and run it
• Click Yes to beginning the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Step 2

Please uninstall ESET Online Scanner.

Step 3

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing!

[Nyarla]

Done. Thanks alot for your help and tips. Good to know that there is nice, friendly and helpfull people still in internet, maybe i should get your full antimalware program later..

THX. 

[Maniac]

You're welcome!

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!