I'm pretty sure I have bitcoin mining virus on my PC,and I need help.

[zedd]

Hello
This is my first time posting here,but i really hope you can help me out.

As the title says pretty much i think I have a bitcoin mining virus on my PC.When the PC idles for about 1 minute without touching the mouse and keyboard the GPU fans ramp up and the temp goes up,also the CPU starts to stress a litle bit ( I see this on the sidebar gadgets). But as soon as I touch the mouse or keyboard it seems like the virus stops and the GPU cools down. I tried to see if I could find the application in task manager but when task manager is open the virus isn't starting and the GPU stays at idle.

 

So here are the first results of dds:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576
Run by Ivo at 17:13:36 on 2013-11-21
Microsoft Windows 7 Ultimate   6.1.7601.1.1251.359.1026.18.8152.5415 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskeng.exe
C:\Fraps\fraps.exe
C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\PC Auto Shutdown\ShutdownService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Ivo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Ivo\AppData\Roaming\DAEMON Tools Lite\msdn.exe
C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\PC Auto Shutdown\AutoShutdown.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
C:\Fraps\fraps64.dat
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [GarenaPlus] "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
uRun: [spotify Web Helper] "C:\Users\Ivo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Keyboard Inf.] C:\Users\Ivo\AppData\Roaming\DAEMON Tools Lite\msdn.exe
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [PC Auto Shutdown] "C:\Program Files (x86)\PC Auto Shutdown\AutoShutdown.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [EVGAPrecision] "C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe" /s
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
StartupFolder: C:\Users\Ivo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVGAPR~1.LNK - C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
StartupFolder: C:\Users\Ivo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FRAPS-~1.LNK - C:\Fraps\fraps.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: TaskbarNoThumbnail = dword:0
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{45DB23F1-2025-4F6F-80B3-339F710FC250} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6F650D9B-F014-48FC-8B68-E48AD08A5270} : DHCPNameServer = 10.11.0.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= PWE
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [New Value #2] C:\Windows\System32\ctfmon.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [shadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\lmvu15zf.default\

FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-5-20 19224]
R0 RzFilter;RzFilter;C:\Windows\System32\drivers\RzFilter.sys [2013-5-23 74456]
R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2013-7-25 141920]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-2-14 213416]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2013-3-21 1341664]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2013-1-10 139768]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-2 418376]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-21 15125280]
R2 PCAutoShutdown_Service;PCAutoShutdown_Service;C:\Program Files (x86)\PC Auto Shutdown\ShutdownService.exe [2013-5-20 442136]
R2 RzOvlMon;Razer Overlay Subsystem Emergency Service;C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe [2013-8-26 32960]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-5-20 356632]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-5-20 789272]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-2 25928]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-8-28 32344]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-11-21 39200]
R3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [2013-7-18 15176]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\System32\drivers\Rtnic64.sys [2009-6-10 51712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-2 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2013-7-23 137488]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2013-1-23 171008]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-20 19456]
S3 RzDxgk;RzDxgk;C:\Windows\System32\drivers\RzDxgk.sys [2013-5-23 128984]
S3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;C:\Windows\System32\drivers\RzMaelstromVAD.sys [2013-5-17 40696]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-5-20 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-20 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-5-20 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 WatAdminSvc;Услуга на технологиите за активиране на Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-20 1255736]
S4 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-5-20 3574624]
.
=============== Created Last 30 ================
.
2013-11-21 15:13:08    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-21 14:32:15    --------    d-----w-    C:\Users\Ivo\AppData\Local\NVIDIA
2013-11-21 14:31:36    --------    d-----w-    C:\Users\Ivo\AppData\Roaming\NVIDIA
2013-11-21 14:31:28    955168    ----a-w-    C:\Windows\SysWow64\nvspcap.dll
2013-11-21 14:31:28    1064224    ----a-w-    C:\Windows\System32\nvspcap64.dll
2013-11-21 14:30:35    61216    ----a-w-    C:\Windows\System32\OpenCL.dll
2013-11-21 14:30:35    53024    ----a-w-    C:\Windows\SysWow64\OpenCL.dll
2013-11-21 14:28:34    --------    d-----w-    C:\NVIDIA
2013-11-21 14:18:27    922912    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-11-21 14:18:27    6674208    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-11-21 14:18:27    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-11-21 14:18:27    3490080    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-11-21 14:18:27    3467927    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-11-21 14:18:27    2559776    ----a-w-    C:\Windows\System32\nvsvcr.dll
2013-11-21 14:18:27    219424    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-11-21 14:18:04    --------    d-----w-    C:\ProgramData\NVIDIA Corporation
2013-11-21 14:17:46    --------    d-----w-    C:\Program Files (x86)\NVIDIA Corporation
2013-11-21 14:17:45    --------    d-----w-    C:\Program Files\NVIDIA Corporation
2013-11-21 13:39:01    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-11-21 13:12:17    116440    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2013-11-21 13:11:34    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2013-11-20 02:20:33    10285968    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E60136C3-1342-426D-B9C7-944FC37428FC}\mpengine.dll
2013-11-17 15:22:36    --------    d-----w-    C:\Users\Ivo\AppData\Roaming\Hard Disk Sentinel
2013-11-17 15:22:00    --------    d-----w-    C:\Program Files (x86)\Hard Disk Sentinel
2013-11-13 13:49:33    --------    d-----w-    C:\Users\Ivo\AppData\Local\Blizzard
2013-11-05 17:55:19    --------    d-----w-    C:\Users\Ivo\AppData\Roaming\Sony Creative Software Inc
2013-11-02 18:57:48    --------    d-----w-    C:\Users\Ivo\AppData\Roaming\Mael
2013-11-02 18:53:00    --------    d-----w-    C:\Program Files (x86)\HxD
2013-10-26 20:46:12    --------    d-----w-    C:\Program Files\Speccy
2013-10-23 16:06:26    --------    d-----w-    C:\Users\Ivo\AppData\Local\238010
2013-10-22 16:45:00    18293608    ----a-w-    C:\Windows\System32\nvwgf2umx.dll
2013-10-22 16:45:00    1436528    ----a-w-    C:\Windows\System32\nvumdshimx.dll
2013-10-22 16:44:59    3069608    ----a-w-    C:\Windows\System32\nvapi64.dll
2013-10-22 16:44:59    2697248    ----a-w-    C:\Windows\SysWow64\nvapi.dll
2013-10-22 16:44:59    1884448    ----a-w-    C:\Windows\System32\nvdispco6433158.dll
2013-10-22 16:44:59    18208624    ----a-w-    C:\Windows\System32\nvd3dumx.dll
2013-10-22 16:44:59    15218504    ----a-w-    C:\Windows\SysWow64\nvd3dum.dll
2013-10-22 16:44:59    1511712    ----a-w-    C:\Windows\System32\nvdispgenco6433158.dll
.
==================== Find3M  ====================
.
2013-11-21 15:13:08    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-23 20:23:04    281688    ----a-w-    C:\Windows\SysWow64\PnkBstrB.xtr
2013-10-23 20:23:04    281688    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2013-10-10 10:47:43    214392    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2013-10-10 09:46:29    76888    ----a-w-    C:\Windows\SysWow64\PnkBstrA.exe
2013-10-10 09:07:36    2126    ----a-w-    C:\Windows\SysWow64\ealregsnapshot1.reg
2013-09-12 08:58:10    1884448    ----a-w-    C:\Windows\System32\nvdispco6432723.dll
2013-09-12 08:58:10    1511712    ----a-w-    C:\Windows\System32\nvdispgenco6432723.dll
2013-09-03 11:35:10    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-08-26 19:05:21    74456    ----a-w-    C:\Windows\System32\drivers\RzFilter.sys
2013-08-26 19:05:21    128984    ----a-w-    C:\Windows\System32\drivers\RzDxgk.sys
2013-08-24 19:09:16    2829    ----a-w-    C:\Windows\War3Unin.pif
2013-08-24 19:09:15    139264    ----a-w-    C:\Windows\War3Unin.exe
.
============= FINISH: 17:13:42,37 ===============
 

 

And here is the results of the Attach.txt
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 20.5.2013 г. 17:56:53
System Uptime: 21.11.2013 г. 16:32:48 (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | Z77X-UD5H
Processor: Intel® Core i5-3570K CPU @ 3.40GHz | Intel® Core i5-3570K CPU @ 3.40GHz | 3762/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 141 GiB total, 93,677 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 41,893 GiB free.
E: is FIXED (NTFS) - 697 GiB total, 366,175 GiB free.
F: is FIXED (NTFS) - 1025 GiB total, 115,524 GiB free.
H: is CDROM ()
I: is CDROM ()
J: is CDROM ()
K: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: USB 3.0 Hub
Device ID: USB\VID_2109&PID_0810\5&EA77E6&0&7
Manufacturer: Intel® Corporation
Name: USB 3.0 Hub
PNP Device ID: USB\VID_2109&PID_0810\5&EA77E6&0&7
Service: iusb3hub
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_8086&DEV_1503&SUBSYS_E0001458&REV_04\3&11583659&0&C8
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_8086&DEV_1503&SUBSYS_E0001458&REV_04\3&11583659&0&C8
Service:
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_1969&DEV_1083&SUBSYS_E0001458&REV_C0\4&841E55&0&00E6
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_1969&DEV_1083&SUBSYS_E0001458&REV_C0\4&841E55&0&00E6
Service:
.
==== System Restore Points ===================
.
RP162: 21.11.2013 г. 15:37:57 - ComboFix created restore point
.
==== Installed Programs ======================
.
µTorrent
3DMark
3DMark 11
abgx360 v1.0.6
Adobe After Effects CS5.5
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Adobe Story
AIDA64 Extreme Edition v2.85
Auslogics Disk Defrag Professional
Battle.net
Battlelog Web Plugins
BioShock Infinite
BioShock Infinite Burial at Sea - Episode 1
Boris Continuum Complete 7 Adobe CS5
Call of Duty: Ghosts Update 1
CCleaner
Cheat Engine 6.2
CloneCD
CPUID CPU-Z 1.64.0
Crysis®3
DAEMON Tools Lite
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
Dll-Files.com Fixer
Driver San Francisco
Driver San Francisco version 1.0
ESET NOD32 Antivirus
ESN Sonar
EVGA Precision X 4.2.1
Fallout Mod Manager 0.13.21
Fraps (remove only)
Futuremark SystemInfo
Garena Plus
GeForce Experience NvStream Client Components
GOM Player
Google Chrome
Google Talk (remove only)
Google Update Helper
GTA - Complete Edition
Hard Disk Sentinel PRO
HD Tune Pro 5.50
Hearthstone
Heaven Benchmark version 4.0
HxD Hex Editor version 1.7.7.0
Icaros 2.2.0
Intel® USB 3.0 eXtensible Host Controller Driver
Java 7 Update 21 (64-bit)
K-Lite Mega Codec Pack 9.8.5
L.A. Noire
LOLReplay
Malwarebytes Anti-Malware, версия 1.75.0.1300
marvell 91xx driver
Microsoft .NET Framework 4.5
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Games for Windows - LIVE Redistributable
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office 32-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Espanol
Microsoft Office Shared 32-bit MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Silverlight
Microsoft Speech 5.1
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft Word MUI (English) 2013
Microsoft_VC100_CRT_SP1_x64
Microsoft_VC100_CRT_SP1_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
Mp3tag v2.56
MSVC80_x64_v2
MSVC80_x86_v2
MSVC90_x64
MSVC90_x86
MSVCRT Redists
Nokia Connectivity Cable Driver
Nokia Suite
Notepad++
NVIDIA Control Panel 331.82
NVIDIA GeForce Experience 1.7.1
NVIDIA Graphics Driver 331.82
NVIDIA HD Audio Driver 1.3.26.4
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA ShadowPlay 9.3.21
NVIDIA Update 9.3.21
NVIDIA Update Components
NVIDIA Virtual Audio 1.2.9
Open Broadcaster Software
Origin
Outils de verification linguistique 2013 de Microsoft Office - Francais
PC Auto Shutdown 5.3
PC Connectivity Solution
PunkBuster Services
Razer Comms
Razer Core
Realtek High Definition Audio Driver
RivaTuner Statistics Server 5.3.2
Rockstar Games Social Club
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
SecurityKISS Tunnel v0.3.0
SHIELD Streaming
Skype™ 6.10
Speccy
Spotify
Steam
TeamViewer 8
The KMPlayer (remove only)
Ultra Video Converter 5.2.0411
Unigine Valley Benchmark version 1.0
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
Update for Microsoft Access 2013 (KB2760350) 64-Bit Edition
Update for Microsoft Excel 2013 (KB2760339) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2768004) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726961) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition
Update for Microsoft Office 2013 (KB2737954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752025) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752094) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752101) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760343) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767860) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767861) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767864) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768333) 64-Bit Edition
Update for Microsoft Office 2013 (KB2810010) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2760334) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB2810015) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2727013) 64-Bit Edition
Update for Microsoft SkyDrive Pro (KB2810019) 64-Bit Edition
Update for Microsoft Visio 2013 (KB2810008) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition
Update for Microsoft Word 2013 (KB2768007) 64-Bit Edition
Update for Microsoft Word 2013 (KB2768337) 64-Bit Edition
Uplay
VC80CRTRedist - 8.0.50727.6195
Vegas Pro 12.0 (64-bit)
Vicon boujou 5.0
Warcraft III
Warcraft III: All Products
Waterfox
Win7codecs
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
WinRAR 4.20 (64-битова версия)
x64 Components v4.0.4
Xilisoft 3GP Video Converter
Your Uninstaller! 7
YTD Video Downloader 4.5.1
.
==== Event Viewer Messages From Past Week ========
.
21.11.2013 г. 16:45:58, Error: LsaSrv [6033]  - An anonymous session connected from IVO-PC has attempted to open an LSA policy handle on this machine. The attempt was rejected with STATUS_ACCESS_DENIED to prevent leaking security sensitive information to the anonymous caller.  The application that made this attempt needs to be fixed. Please contact the application vendor. As a temporary workaround, this security measure can be disabled by setting the \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock DWORD value to 1.  This message will be logged at most once a day.
21.11.2013 г. 15:36:19, Error: Service Control Manager [7001]  - Услуга Планировчик на задачите зависи от услуга Windows Event Log, която не може да бъде стартирана поради следната грешка:  Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
21.11.2013 г. 15:34:38, Error: Service Control Manager [7030]  - Услуга PEVSystemStart е маркирана като интерактивна услуга. Обаче системата е конфигурирана да не допуска интерактивни услуги. Тази услуга може да не функционира правилно.
21.11.2013 г. 15:32:49, Error: Service Control Manager [7030]  - Услуга PEVSystemStart е маркирана като интерактивна услуга. Обаче системата е конфигурирана да не допуска интерактивни услуги. Тази услуга може да не функционира правилно.
21.11.2013 г. 15:21:38, Error: Service Control Manager [7001]  - Услуга Планировчик на задачите зависи от услуга Windows Event Log, която не може да бъде стартирана поради следната грешка:  Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
21.11.2013 г. 15:00:03, Error: Service Control Manager [7001]  - Услуга Планировчик на задачите зависи от услуга Windows Event Log, която не може да бъде стартирана поради следната грешка:  Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
21.11.2013 г. 13:36:41, Error: Service Control Manager [7001]  - Услуга Планировчик на задачите зависи от услуга Windows Event Log, която не може да бъде стартирана поради следната грешка:  Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
20.11.2013 г. 23:11:36, Error: Service Control Manager [7001]  - Услуга Планировчик на задачите зависи от услуга Windows Event Log, която не може да бъде стартирана поради следната грешка:  Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
20.11.2013 г. 19:10:48, Error: Service Control Manager [7001]  - Услуга Планировчик на задачите зависи от услуга Windows Event Log, която не може да бъде стартирана поради следната грешка:  Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
20.11.2013 г. 10:27:33, Error: Service Control Manager [7001]  - Услуга Планировчик на задачите зависи от услуга Windows Event Log, която не може да бъде стартирана поради следната грешка:  Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
20.11.2013 г. 00:26:41, Error: Service Control Manager [7022]  - Услуга Услуга за мрежово споделяне на Windows Media Player увисна при стартиране.
20.11.2013 г. 00:22:22, Error: Service Control Manager [7001]  - Услуга Планировчик на задачите зависи от услуга Windows Event Log, която не може да бъде стартирана поради следната грешка:  Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
19.11.2013 г. 18:11:04, Error: Service Control Manager [7001]  - Услуга Планировчик на задачите зависи от услуга Windows Event Log, която не може да бъде стартирана поради следната грешка:  Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
19.11.2013 г. 12:12:38, Error: Service Control Manager [7001]  - Услуга Планировчик на задачите зависи от услуга Windows Event Log, която не може да бъде стартирана поради следната грешка:  Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
18.11.2013 г. 19:00:07, Error: Service Control Manager [7001]  - Услуга Планировчик на задачите зависи от услуга Windows Event Log, която не може да бъде стартирана поради следната грешка:  Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
18.11.2013 г. 10:32:22, Error: Service Control Manager [7001]  - Услуга Планировчик на задачите зависи от услуга Windows Event Log, която не може да бъде стартирана поради следната грешка:  Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
17.11.2013 г. 20:49:06, Error: Service Control Manager [7001]  - Услуга Планировчик на задачите зависи от услуга Windows Event Log, която не може да бъде стартирана поради следната грешка:  Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
17.11.2013 г. 12:41:09, Error: LsaSrv [6033]  - An anonymous session connected from IVO-PC has attempted to open an LSA policy handle on this machine. The attempt was rejected with STATUS_ACCESS_DENIED to prevent leaking security sensitive information to the anonymous caller.  The application that made this attempt needs to be fixed. Please contact the application vendor. As a temporary workaround, this security measure can be disabled by setting the \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock DWORD value to 1.  This message will be logged at most once a day.
17.11.2013 г. 11:16:13, Error: Service Control Manager [7001]  - Услуга Планировчик на задачите зависи от услуга Windows Event Log, която не може да бъде стартирана поради следната грешка:  Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
16.11.2013 г. 19:07:21, Error: Service Control Manager [7001]  - Услуга Планировчик на задачите зависи от услуга Windows Event Log, която не може да бъде стартирана поради следната грешка:  Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
16.11.2013 г. 14:06:27, Error: Service Control Manager [7001]  - Услуга Планировчик на задачите зависи от услуга Windows Event Log, която не може да бъде стартирана поради следната грешка:  Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
16.11.2013 г. 10:17:41, Error: LsaSrv [6033]  - An anonymous session connected from IVO-PC has attempted to open an LSA policy handle on this machine. The attempt was rejected with STATUS_ACCESS_DENIED to prevent leaking security sensitive information to the anonymous caller.  The application that made this attempt needs to be fixed. Please contact the application vendor. As a temporary workaround, this security measure can be disabled by setting the \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock DWORD value to 1.  This message will be logged at most once a day.
16.11.2013 г. 10:04:51, Error: Service Control Manager [7001]  - Услуга Планировчик на задачите зависи от услуга Windows Event Log, която не може да бъде стартирана поради следната грешка:  Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
15.11.2013 г. 11:50:58, Error: Service Control Manager [7001]  - Услуга Планировчик на задачите зависи от услуга Windows Event Log, която не може да бъде стартирана поради следната грешка:  Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
14.11.2013 г. 18:28:38, Error: Service Control Manager [7001]  - Услуга Планировчик на задачите зависи от услуга Windows Event Log, която не може да бъде стартирана поради следната грешка:  Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
.
==== End Of File ===========================
 

 

[Psychotic]

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

• First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
• Perform everything in the correct order. Sometimes one step requires the previous one.
• If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
• Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
• Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

• Execute TDSSKiller.exe by doubleclicking on it.
• Press Start Scan
  
• If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  
• Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
  

Please post the contents of that log in your next reply.

[zedd]

Here is the TDSS-Killer log file:

 

TDSSKiller.3.0.0.19_21.11.2013_18.09.50_log.txt

[Psychotic]

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

• Run FRST.
• Don´t change one of the checkboxes and hit Scan.
• Logfiles are created on your desktop.
• Poste the FRST.txt and (after the first scan only!) the Addition.txt.
  

[zedd]

Here they are
 

FRST.txt

Addition.txt

[Psychotic]

Nothing suspicious...

 

Full System Scan with Malwarebytes Antimalware

• 
  If not existing, please download

Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

• Run Malwarebytes Antimalware
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location.
• The log can also be found here:
  C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Post that log back here.
  

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

[zedd]

The 2 log files

mbam-log-2013-11-22 (13-21-44).txt

eset scan log.txt

[Psychotic]

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.

[zedd]

I'm really sorry for the inconvenience I might have caused you.

 

I removed all of the cracked software,and redid the scan.Here is it.

 

[Psychotic]

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.

• Run adwcleaner.exe
• Hit Scan and wait for the scan to finish.
• Confirm the message but don´t uncheck anything.
• Hit Clean
• When the run is finished, it will open up a text file
• Please post its contents within your next reply
• You´ll find the log file at C:\AdwCleaner[s1].txt also
  

SecurityCheck

Please download SecurityCheck: LINK1 LINK2

• Save it to your desktop, start it and follow the instructions in the window.
• After the scan finished the (checkup.txt) will open. Copy its content to your thread.
  

[zedd]

The results of the cleanup

AdwCleanerS0.txt

checkup.txt

[Psychotic]

Your system is clean now!

 

 

Internet Explorer out of date

Your version of Internet Explorer is outdated.

1. Please download IE 10 from http://windows.microsoft.com/en-US/internet-explorer/downloads/ie-10/worldwide-languages
2. Save it to your desktop.
3. Double click on the file on your desktop to start the installation process.
4. Reboot
   

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
3. In any case please download delfix to your desktop.
   
   • Close all other programms and start delfix.
   • Please check all the boxes and run the tool.
   • delfix will now delete all found traces of our removal process
     

[*] If there is still something left please delete it manualy.

 

 

 

Recommendations: How to protect yourself

• System Updates
  Please ensure to have automatic updates activated in your control panel.
  For further information and a tutorial, see this Microsoft Support article.
• Protection
  What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
  Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
  
  • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
    It will filter unwanted advertising out of the website´s content.
  • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
    It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
    In addition, before accessing a dangerous classified web site, a warning screen is displayed.
    

  
  [*]Up to date Software
  Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:
  

  • Secunia Personal Software Inspector - checks if your software has updates available.
  • SecurityCheck (by screen317) - scans your computer for most vulnerable outdated software.
  • Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins running in your Firefox browser.
    

  [*]Backup
  Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]Behaviour
  The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
  

  • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
  • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
  • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
    They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
    

  
  
  

[zedd]

Thanks for the help so far but my original problem still persists.We cleaned some malware but the problem i had is still here.

I would be grateful if you could give me other tips to try to solve this.

[Psychotic]

as this is no malware related problem, I cannot provide further advice.

Please start a topic in our General PC help forum: https://forums.malwarebytes.org/index.php?showforum=6

These guys are well trained and might help you.

[Maurice Naggar]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.