bitcoin mining has hijacked my computer and is pushing my gpu to its limit

robertsonbrown · September 4, 2013

please help last night i noticed my gpu was going through the roof and after almost a day investigating im now here ive tried everything i can think of but malwarebytes cant find nothing nether can mse its driving me insane please help!

Psychotic · September 5, 2013

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt: save to your desktop then post its contents in your topic
Attach.txt: save to your desktop then attach it to your next reply

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

Double click the aswMBR.exe icon, and click Run.
There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
Click the Scan button to start the scan once the update has finished downloading
On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

robertsonbrown · September 5, 2013

here is the dss file

(Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2

Run by Simon at 8:50:56 on 2013-09-05

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8150.5794 [GMT 1:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe

C:\Windows\System32\TiltWheelMouse.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Users\Simon\Desktop\PCMeter\PCMeterV0.3.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\viakaraokesrv.exe

C:\Program Files (x86)\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe

C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\SABnzbd\SABnzbd.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe

C:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun

StartupFolder: C:\Users\Simon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Simon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SABnzbd.lnk - C:\Program Files (x86)\SABnzbd\SABnzbd.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{2318368B-242D-4141-8497-CE16964EF515} : DHCPNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{62D52C98-F85F-46C6-A8FB-499B51CF1181} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{C129924C-5DBB-4E49-AC63-EC33125C7861} : DHCPNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{CB70A6B5-C5B3-4825-9BA6-27B0C5EE4999} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{CB70A6B5-C5B3-4825-9BA6-27B0C5EE4999}\3596D6F6E6723702960586F6E656 : DHCPNameServer = 88.82.13.60 88.82.13.60

TCP: Interfaces\{CB70A6B5-C5B3-4825-9BA6-27B0C5EE4999}\6796277696E6D65646961613539303138393 : DHCPNameServer = 194.168.4.100 194.168.8.100

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [MouseDriver] TiltWheelMouse.exe

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-11-3 19224]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]

R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2012-11-8 26624]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-7 143088]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-8-15 239616]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-3 13592]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 139616]

R2 Time;Time;C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [2013-8-24 10752]

R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-11-3 27760]

R2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe [2012-11-8 167936]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2012-1-6 59392]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2012-1-6 84608]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-11-3 356632]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-11-3 789272]

R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-11-15 110744]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]

R3 t_mouse.sys;HID-compliand device;C:\Windows\System32\drivers\t_mouse.sys [2012-12-19 6144]

R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-11-3 2196592]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]

S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2012-11-8 1924096]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe --> C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [?]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-4 103448]

S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\NETGEAR\WNDA3200\jswpsapi.exe [2012-11-8 954368]

S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr7364.sys [2011-10-5 729152]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-3 19456]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-3 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-3 30208]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-3 1255736]

.

=============== Created Last 30 ================

.

2013-09-04 17:51:00 -------- d-sh--w- C:\$RECYCLE.BIN

2013-09-04 16:59:28 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B0EAAAC2-CAC6-479C-B6E7-D4DDA2E6FB1A}\mpengine.dll

2013-09-04 11:04:42 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-09-04 00:33:36 -------- d-----w- C:\Program Files (x86)\AMD AVT

2013-09-04 00:30:37 -------- d-----w- C:\ProgramData\Package Cache

2013-08-30 12:33:19 -------- d-----w- C:\ProgramData\Orbit

2013-08-24 18:35:09 569680 ----a-w- C:\ProgramData\Microsoft\Windows\Time\msvcp90.dll

2013-08-24 18:35:09 49664 ----a-w- C:\ProgramData\Microsoft\Windows\Time\w9xpopen.exe

2013-08-24 18:35:09 43008 ----a-w- C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe

2013-08-24 18:35:09 24064 ----a-w- C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe

2013-08-24 18:35:09 2303488 ----a-w- C:\ProgramData\Microsoft\Windows\Time\python27.dll

2013-08-24 18:35:09 10752 ----a-w- C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe

2013-08-24 18:35:08 219648 ----a-w- C:\ProgramData\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dll

2013-08-23 17:59:28 -------- d-----w- C:\Program Files\iTunes

2013-08-23 17:59:28 -------- d-----w- C:\Program Files\iPod

2013-08-23 17:59:28 -------- d-----w- C:\Program Files (x86)\iTunes

2013-08-23 10:16:01 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D50E84E5-D696-43FF-B393-5A827FF4661A}\gapaengine.dll

2013-08-15 13:11:26 157736 ----a-w- C:\Windows\System32\amdhcp64.dll

2013-08-15 13:11:26 142304 ----a-w- C:\Windows\SysWow64\amdhcp32.dll

2013-08-15 13:11:24 78432 ----a-w- C:\Windows\System32\atimpc64.dll

2013-08-15 13:11:24 78432 ----a-w- C:\Windows\System32\amdpcom64.dll

2013-08-15 13:11:24 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2013-08-15 13:11:24 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2013-08-15 13:11:16 115512 ----a-w- C:\Windows\System32\atiu9p64.dll

2013-08-15 13:11:14 1266552 ----a-w- C:\Windows\System32\aticfx64.dll

2013-08-15 13:11:08 9067808 ----a-w- C:\Windows\System32\atidxx64.dll

2013-08-15 13:11:06 7919328 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2013-08-15 13:10:52 7128240 ----a-w- C:\Windows\System32\atiumd6a.dll

2013-08-15 13:10:48 7625784 ----a-w- C:\Windows\System32\atiumd64.dll

2013-08-15 13:09:02 12652544 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2013-08-15 12:55:20 229888 ----a-w- C:\Windows\System32\clinfo.exe

2013-08-15 12:55:02 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll

2013-08-15 12:54:52 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2013-08-15 12:54:46 86528 ----a-w- C:\Windows\System32\OVDecode64.dll

2013-08-15 12:54:40 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2013-08-15 12:54:20 28445184 ----a-w- C:\Windows\System32\amdocl64.dll

2013-08-15 12:49:16 63488 ----a-w- C:\Windows\System32\OpenCL.dll

2013-08-15 12:45:58 129536 ----a-w- C:\Windows\System32\coinst_13.20.11.dll

2013-08-15 12:33:58 368640 ----a-w- C:\Windows\System32\atiapfxx.exe

2013-08-15 12:33:48 62464 ----a-w- C:\Windows\System32\aticalrt64.dll

2013-08-15 12:33:46 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2013-08-15 12:33:38 55808 ----a-w- C:\Windows\System32\aticalcl64.dll

2013-08-15 12:33:36 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2013-08-15 12:33:20 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll

2013-08-15 12:33:14 25611264 ----a-w- C:\Windows\System32\atio6axx.dll

2013-08-15 12:29:48 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2013-08-15 12:15:14 21624832 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2013-08-15 12:12:18 442368 ----a-w- C:\Windows\System32\atidemgy.dll

2013-08-15 12:12:06 26112 ----a-w- C:\Windows\System32\atimuixx.dll

2013-08-15 12:12:00 574976 ----a-w- C:\Windows\System32\atieclxx.exe

2013-08-15 12:11:02 239616 ----a-w- C:\Windows\System32\atiesrxx.exe

2013-08-15 12:09:26 190976 ----a-w- C:\Windows\System32\atitmm64.dll

2013-08-15 11:40:32 75264 ----a-w- C:\Windows\System32\atig6pxx.dll

2013-08-15 11:40:28 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2013-08-15 11:40:28 69632 ----a-w- C:\Windows\System32\atiglpxx.dll

2013-08-15 11:40:22 100352 ----a-w- C:\Windows\System32\atig6txx.dll

2013-08-15 11:40:02 617984 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2013-08-15 11:38:00 95744 ----a-w- C:\Windows\System32\amdave64.dll

2013-08-15 11:37:54 90112 ----a-w- C:\Windows\SysWow64\amdave32.dll

2013-08-15 11:37:44 89088 ----a-w- C:\Windows\System32\atisamu64.dll

2013-08-15 11:37:40 80896 ----a-w- C:\Windows\SysWow64\atisamu32.dll

2013-08-15 11:36:10 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2013-08-15 08:06:06 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll

2013-08-15 08:01:18 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll

2013-08-13 23:00:06 224256 ----a-w- C:\Windows\System32\wintrust.dll

2013-08-13 22:59:47 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-08-13 22:59:47 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-08-13 22:59:46 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys

2013-08-13 22:59:46 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

==================== Find3M ====================

.

2013-08-15 13:11:18 143304 ----a-w- C:\Windows\System32\atiuxp64.dll

2013-08-15 13:11:18 126336 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2013-08-15 13:11:16 98496 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2013-08-15 13:11:12 1052264 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2013-08-15 13:11:00 6502024 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2013-08-15 13:10:56 6549928 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2013-08-15 12:51:26 23989248 ----a-w- C:\Windows\SysWow64\amdocl.dll

2013-08-15 12:49:10 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2013-08-15 11:41:02 1097728 ----a-w- C:\Windows\System32\atiadlxx.dll

2013-08-15 11:40:48 828416 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2013-08-15 11:40:12 96768 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll

2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll

2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll

2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll

2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll

2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll

2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-07-05 08:40:38 96256 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys

2013-07-05 08:40:26 110080 ----a-w- C:\Windows\System32\DelayAPO.dll

2013-06-25 14:55:54 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-06-25 14:55:52 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-06-25 14:55:52 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-06-18 20:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2013-06-18 20:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

robertsonbrown · September 5, 2013

here is the attach file

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 03/11/2012 18:13:43

System Uptime: 05/09/2013 08:17:51 (0 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | Z77-D3H

Processor: Intel® Core i5-3570K CPU @ 3.40GHz | Intel® Core i5-3570K CPU @ 3.40GHz | 3801/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 119 GiB total, 17.335 GiB free.

D: is FIXED (NTFS) - 932 GiB total, 571.916 GiB free.

E: is CDROM (CDFS)

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP237: 04/09/2013 17:25:16 - Malwarebytes Anti-Rootkit Restore Point

RP238: 04/09/2013 18:58:42 - Windows Update

RP239: 04/09/2013 19:26:37 - Installed Application Profiles

RP240: 04/09/2013 19:35:45 - Windows Update

.

==== Installed Programs ======================

.

Adobe Reader XI (11.0.03)

Alan Wake

Alan Wake's American Nightmare

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Control Center

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

AMD Wireless Display v3.0

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Application Profiles

Assassin's Creed Revelations

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

µTorrent

Bastion

Bonjour

Borderlands

Borderlands 2: Premiere Club

Bully: Scholarship Edition

calibre 64bit

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Championship Manager 01-02

CM3 Series SaveGame Editor 4.0 Build 4000

ComicRack v0.9.159

Deadlight

Deus Ex: Human Revolution

Devil May Cry 3: Special Edition

Devil May Cry 4

Dragon Age: Origins

Dropbox

Etron USB3.0 Host Controller

F.E.A.R.

F.E.A.R.: Extraction Point

F.E.A.R.: Perseus Mandate

Fallout: New Vegas

GOG.com Downloader version 3.5.2

Google Chrome

Google Drive

Google Earth

Google Update Helper

GRID

HIS iTurbo

Hitman: Absolution

iCloud

Intel® Control Center

Intel® Rapid Storage Technology

Intel® USB 3.0 eXtensible Host Controller Driver

iTunes

Java 7 Update 25

Java Auto Updater

Malwarebytes Anti-Malware version 1.75.0.1300

Marvel Heroes

Microsoft .NET Framework 4.5

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Mouse and Keyboard Center

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office File Validation Add-In

Microsoft Office Office 64-bit Components 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727

Microsoft XNA Framework Redistributable 3.1

NETGEAR WNDA3200 wireless adapter Setup

NVIDIA PhysX

OpenAL

Pando Media Booster

Platform

PowerISO

PunkBuster Services

QuickPar 0.9

Rapture3D 2.5.1 Game

SABnzbd 0.7.5

SafeSaver 1.74

Security Update for Microsoft .NET Framework 4.5 (KB2737083)

Security Update for Microsoft .NET Framework 4.5 (KB2742613)

Security Update for Microsoft .NET Framework 4.5 (KB2789648)

Security Update for Microsoft .NET Framework 4.5 (KB2804582)

Security Update for Microsoft .NET Framework 4.5 (KB2833957)

Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Sid Meier's Civilization V

Skype™ 6.6

Sleeping Dogs™

SopCast 3.5.0

Star Wars: Knights of the Old Republic II

Steam

Stellarium 0.11.4

SUPERAntiSpyware

The Incredible Adventures of Van Helsing

The Witcher 2 Enhanced Edition version 3.0

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4.5 (KB2750147)

Update for Microsoft .NET Framework 4.5 (KB2805221)

Update for Microsoft .NET Framework 4.5 (KB2805226)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Uplay

VIA Platform Device Manager

VLC media player 2.0.4

Windows Live ID Sign-in Assistant

WinRAR 4.20 (64-bit)

XCOM: Enemy Unknown

.

==== Event Viewer Messages From Past Week ========

.

05/09/2013 08:18:09, Error: Service Control Manager [7000] - The WinRing0_1_2_0 service failed to start due to the following error: The system cannot find the file specified.

04/09/2013 18:48:11, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

04/09/2013 18:45:56, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

04/09/2013 18:31:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

04/09/2013 18:31:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

04/09/2013 18:31:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

04/09/2013 18:31:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

04/09/2013 18:31:21, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter SASDIFSV SASKUTIL SCDEmu spldr Wanarpv6

04/09/2013 18:31:21, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.

04/09/2013 18:28:18, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

04/09/2013 18:19:42, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

04/09/2013 18:19:42, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

04/09/2013 18:19:35, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache JSWPSLWF MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl

04/09/2013 18:19:35, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

04/09/2013 18:19:35, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

04/09/2013 18:19:35, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

04/09/2013 18:19:35, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

04/09/2013 18:19:35, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

04/09/2013 18:19:35, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

04/09/2013 18:19:35, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

04/09/2013 18:19:35, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

04/09/2013 18:19:35, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

04/09/2013 18:19:35, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

04/09/2013 18:19:35, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

04/09/2013 17:54:06, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

04/09/2013 17:49:33, Error: Service Control Manager [7034] - The Time service terminated unexpectedly. It has done this 1 time(s).

04/09/2013 17:47:55, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

04/09/2013 17:47:55, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

04/09/2013 17:25:58, Error: mbamchameleon [61440] -

04/09/2013 01:33:09, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AMD External Events Utility service to connect.

04/09/2013 01:33:09, Error: Service Control Manager [7000] - The AMD External Events Utility service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

03/09/2013 22:32:16, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0

.

==== End Of File ===========================

Psychotic · September 5, 2013

The dds log is incomplete, please post up the whole content of the textfile.

also do the scan with aswMBR, please.

robertsonbrown · September 5, 2013

aswMBR file:

Run date: 2013-09-05 08:59:31

-----------------------------

08:59:31.950 OS Version: Windows x64 6.1.7601 Service Pack 1

08:59:31.950 Number of processors: 4 586 0x3A09

08:59:31.950 ComputerName: SIMON-PC UserName: Simon

08:59:32.121 Initialize success

09:39:23.234 AVAST engine defs: 13090401

09:41:13.760 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

09:41:13.760 Disk 0 Vendor: SAMSUNG_ CXM0 Size: 122104MB BusType: 3

09:41:13.760 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2

09:41:13.760 Disk 1 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3

09:41:13.776 Disk 0 MBR read successfully

09:41:13.776 Disk 0 MBR scan

09:41:13.823 Disk 0 Windows 7 default MBR code

09:41:13.823 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

09:41:13.838 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848

09:41:13.885 Disk 0 scanning C:\Windows\system32\drivers

09:41:17.941 Service scanning

09:41:26.989 Modules scanning

09:41:26.989 Disk 0 trace - called modules:

09:41:27.005 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll

09:41:27.005 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006f3c060]

09:41:27.005 3 CLASSPNP.SYS[fffff88001ccd43f] -> nt!IofCallDriver -> [0xfffffa8006c3ce40]

09:41:27.020 5 ACPI.sys[fffff88000ee37a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006c3f050]

09:41:27.176 AVAST engine scan C:\Windows

09:41:27.754 AVAST engine scan C:\Windows\system32

09:43:07.968 AVAST engine scan C:\Windows\system32\drivers

09:43:14.208 AVAST engine scan C:\Users\Simon

09:44:24.814 File: C:\Users\Simon\Documents\Downloads\Adobe-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:24.845 File: C:\Users\Simon\Documents\Downloads\AMD APP-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:24.861 File: C:\Users\Simon\Documents\Downloads\AMD AVT-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:24.876 File: C:\Users\Simon\Documents\Downloads\Apple Software Update-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:24.908 File: C:\Users\Simon\Documents\Downloads\AppName-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:24.923 File: C:\Users\Simon\Documents\Downloads\ATI Technologies-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:24.939 File: C:\Users\Simon\Documents\Downloads\Bonjour-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:24.954 File: C:\Users\Simon\Documents\Downloads\BRS-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:24.986 File: C:\Users\Simon\Documents\Downloads\Championship Manager 01-02-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.001 File: C:\Users\Simon\Documents\Downloads\CM3 Series SaveGame Editor-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.032 File: C:\Users\Simon\Documents\Downloads\dumps-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.048 File: C:\Users\Simon\Documents\Downloads\Etron Technology-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.064 File: C:\Users\Simon\Documents\Downloads\GOG.com-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.095 File: C:\Users\Simon\Documents\Downloads\Google-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.110 File: C:\Users\Simon\Documents\Downloads\HIS iTurbo-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.126 File: C:\Users\Simon\Documents\Downloads\InstallShield Installation Information-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.157 File: C:\Users\Simon\Documents\Downloads\Intel-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.173 File: C:\Users\Simon\Documents\Downloads\iTunes-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.204 File: C:\Users\Simon\Documents\Downloads\Java-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.220 File: C:\Users\Simon\Documents\Downloads\Kalypso Media-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.251 File: C:\Users\Simon\Documents\Downloads\Metro Last Light-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.266 File: C:\Users\Simon\Documents\Downloads\Microsoft DirectX SDK (June 2010)-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.282 File: C:\Users\Simon\Documents\Downloads\Microsoft Games for Windows - LIVE-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.313 File: C:\Users\Simon\Documents\Downloads\Microsoft Office-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.329 File: C:\Users\Simon\Documents\Downloads\Microsoft Security Client-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.360 File: C:\Users\Simon\Documents\Downloads\Microsoft Silverlight-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.376 File: C:\Users\Simon\Documents\Downloads\Microsoft Works-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.407 File: C:\Users\Simon\Documents\Downloads\Microsoft XNA-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.422 File: C:\Users\Simon\Documents\Downloads\Microsoft-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.438 File: C:\Users\Simon\Documents\Downloads\Mozilla Firefox-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.469 File: C:\Users\Simon\Documents\Downloads\MSI Afterburner-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.485 File: C:\Users\Simon\Documents\Downloads\MSI Kombustor 2.5-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.516 File: C:\Users\Simon\Documents\Downloads\NETGEAR-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.532 File: C:\Users\Simon\Documents\Downloads\NVIDIA Corporation-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.547 File: C:\Users\Simon\Documents\Downloads\OpenAL-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.578 File: C:\Users\Simon\Documents\Downloads\Pando Networks-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.594 File: C:\Users\Simon\Documents\Downloads\PowerISO-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.610 File: C:\Users\Simon\Documents\Downloads\QuickPar-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.641 File: C:\Users\Simon\Documents\Downloads\SABnzbd-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.672 File: C:\Users\Simon\Documents\Downloads\SafeSaver-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.703 File: C:\Users\Simon\Documents\Downloads\Skype-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.719 File: C:\Users\Simon\Documents\Downloads\SopCast-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.734 File: C:\Users\Simon\Documents\Downloads\Soul's Software-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.766 File: C:\Users\Simon\Documents\Downloads\Steam-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.797 File: C:\Users\Simon\Documents\Downloads\Ubisoft-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.812 File: C:\Users\Simon\Documents\Downloads\uTorrent-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.844 File: C:\Users\Simon\Documents\Downloads\VIA-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.875 File: C:\Users\Simon\Documents\Downloads\Windows Defender-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.890 File: C:\Users\Simon\Documents\Downloads\Windows Mail-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.922 File: C:\Users\Simon\Documents\Downloads\Windows Photo Viewer-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.937 File: C:\Users\Simon\Documents\Downloads\Windows Portable Devices-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:25.968 File: C:\Users\Simon\Documents\Downloads\Windows Sidebar-crack.exe **INFECTED** Win32:Dropper-gen [Drp]

09:44:48.604 AVAST engine scan C:\ProgramData

09:44:53.565 Scan finished successfully

09:46:09.439 Disk 0 MBR has been saved successfully to "C:\Users\Simon\Desktop\MBR.dat"

09:46:09.470 The log file has been saved successfully to "C:\Users\Simon\Desktop\aswMBR.txt"

robertsonbrown · September 5, 2013

dss log file:

DDS (Ver_2012-11-20.01) - NTFS_AMD64