Infected, thx for help

[wesdxc]

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16611

Run by William at 21:27:57 on 2013-06-11

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6143.4172 [GMT -4:00]

.

AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Program Files\Logitech\SolarApp\L4301_Solar.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Users\Leviathan\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\explorer.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\explorer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll

uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

StartupFolder: C:\Users\William\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Leviathan\AppData\Roaming\Dropbox\bin\Dropbox.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: SoftwareSASGeneration = dword:1

LSP: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{15D25B78-9538-43EB-B64F-D84A410CDE94} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{3A4B1913-922E-497C-A25C-0A6AA5E03FF9} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{C5BB2846-EA60-4EF8-8717-688A9A814935} : DHCPNameServer = 192.168.1.1

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

x64-Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-SSODL: WebCheck - <orphaned>

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\owfum257.default\

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2012-12-21 57904]

R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-12-21 213416]

R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2012-12-21 59440]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-7 143088]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-12-21 1333424]

R2 L4301_Solar;Logitech Solar Keyboard Service;C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [2010-10-26 403536]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-2 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-2 701512]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-5-12 413472]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2012-9-18 78648]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2012-9-18 15160]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-2 25928]

S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-4-18 17480]

S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-4-18 9800]

S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr7364.sys [2011-10-5 729152]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-4 19456]

S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2013-1-23 13368]

S3 SaiH0464;SaiH0464;C:\Windows\System32\drivers\SaiH0464.sys [2008-3-31 178432]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-4 57856]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-1 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

.

=============== Created Last 30 ================

.

2013-06-12 00:57:29 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AB1C0F04-8C31-4ED7-BCA1-947D7C201D50}\mpengine.dll

2013-06-11 23:28:59 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-06-11 23:24:56 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-06-11 23:24:53 751104 ----a-w- C:\Windows\System32\win32spl.dll

2013-06-11 23:24:53 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-06-11 23:24:53 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-06-11 23:24:53 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-06-10 17:00:44 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll

2013-06-10 17:00:44 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll

2013-06-10 17:00:44 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll

2013-06-10 17:00:44 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll

2013-06-10 17:00:44 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll

2013-06-10 16:58:02 -------- d-----w- C:\Program Files\iPod

2013-06-10 16:58:01 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-06-10 16:58:01 -------- d-----w- C:\Program Files\iTunes

2013-06-10 16:58:01 -------- d-----w- C:\Program Files (x86)\iTunes

2013-06-04 04:35:01 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-04 04:35:01 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-06-02 02:20:09 -------- d-----w- C:\Users\William\.thumbnails

2013-06-02 02:19:00 -------- d-----w- C:\Users\William\AppData\Local\fontconfig

2013-06-02 02:18:59 -------- d-----w- C:\Users\William\AppData\Local\gegl-0.2

2013-06-02 02:18:59 -------- d-----w- C:\Users\William\.gimp-2.8

2013-06-02 02:17:36 -------- d-----w- C:\Program Files\GIMP 2

2013-05-26 19:28:04 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll

2013-05-15 12:36:33 -------- d-----w- C:\Users\William\AppData\Roaming\SUPERAntiSpyware.com

2013-05-15 12:36:11 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2013-05-15 12:36:11 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2013-05-15 12:20:54 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

.

==================== Find3M ====================

.

2013-06-12 03:02:27 3928064 ----a-w- C:\Windows\System32\d2d1.dll

2013-06-12 03:02:22 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll

2013-06-12 03:02:17 2086912 ----a-w- C:\Windows\System32\ole32.dll

2013-06-12 03:02:10 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-06-02 16:46:06 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-06-02 16:46:06 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll

2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe

2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe

2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll

2013-05-12 20:34:14 6491936 ----a-w- C:\Windows\System32\nvcpl.dll

2013-05-12 20:34:14 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll

2013-05-12 20:34:12 884512 ----a-w- C:\Windows\System32\nvvsvc.exe

2013-05-12 20:34:12 63776 ----a-w- C:\Windows\System32\nvshext.dll

2013-05-12 20:34:11 237856 ----a-w- C:\Windows\System32\nvmctray.dll

2013-05-12 19:43:36 566048 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll

2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll

2013-05-08 14:13:10 3165737 ----a-w- C:\Windows\System32\nvcoproc.bin

2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-05-01 07:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2013-05-01 07:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2013-04-28 06:54:38 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll

2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-11 18:10:50 2498216 ----a-w- C:\Windows\SysWow64\BootMan.exe

2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-31 22:52:16 1887232 ----a-w- C:\Windows\System32\d3d11.dll

2013-03-28 23:02:52 3376640 ----a-w- C:\Windows\System32\BootMan.exe

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

2013-03-15 05:53:06 1807136 ----a-w- C:\Windows\System32\nvdispco6431422.dll

2013-03-15 05:53:06 1510176 ----a-w- C:\Windows\System32\nvdispgenco6431422.dll

.

============= FINISH: 21:28:12.32 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 2/1/2013 7:56:04 PM

System Uptime: 6/11/2013 8:55:11 PM (1 hours ago)

.

Motherboard: XFX | | XFX Nforce 680i LT

Processor: Intel® Core2 Quad CPU @ 2.40GHz | Socket 775 | 2400/266mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 87 GiB total, 12.62 GiB free.

D: is FIXED (NTFS) - 400 GiB total, 33.886 GiB free.

E: is FIXED (NTFS) - 149 GiB total, 15.356 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: PCI Device

Device ID: PCI\VEN_F810&DEV_FFFF&SUBSYS_0402011A&REV_10\4&36AC3632&0&3878

Manufacturer:

Name: PCI Device

PNP Device ID: PCI\VEN_F810&DEV_FFFF&SUBSYS_0402011A&REV_10\4&36AC3632&0&3878

Service:

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

µTorrent

7-Zip 9.20 (x64 edition)

Adobe Flash Player 11 Plugin

AirPort

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

BOSS

CCleaner

Core Temp 1.0 RC4

Counter-Strike: Global Offensive

CPUID CPU-Z 1.63.0

Decipher TextMessage

Defraggler

Dropbox

EaseUS Partition Master 9.2.2

EditPad Lite 7.2.2

Elcomsoft Phone Password Breaker

eReg

ERUNT 1.1j

ESET Smart Security

foobar2000 v1.2.2

GIMP 2.8.4

Google Chrome

Google Update Helper

Grand Theft Auto IV

Heaven Benchmark version 4.0

iBackupBot for iTunes 3.6.5

iCloud

iTunes

Logitech SetPoint 6.51

Logitech Solar App 1.0

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 21.0 (x86 en-US)

Mozilla Maintenance Service

MSI Afterburner 2.3.1

MSI Kombustor 2.5.0

Nexus Mod Manager

NVIDIA 3D Vision Controller Driver 320.18

NVIDIA 3D Vision Driver 320.18

NVIDIA Control Panel 320.18

NVIDIA Drivers

NVIDIA ForceWare Network Access Manager

NVIDIA Graphics Driver 320.18

NVIDIA HD Audio Driver 1.3.24.2

NVIDIA Install Application

NVIDIA MediaShield

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Stereoscopic 3D Driver

OpenVPN 2.3.0-I004

plist Editor for Windows 1.0.2

Portal 2

PuTTY version 0.62

QuickTime

Screens Connect

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Soldat 1.6.3

Steam

SUPERAntiSpyware

System Requirements Lab for Intel

TAP-Windows 9.9.2

TechPowerUp GPU-Z

The Elder Scrolls V: Skyrim

TrueCrypt

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2836939)

VLC media player 2.0.6

WhoCrashed 4.01

Windows Live ID Sign-in Assistant

WinSCP 5.1.3

.

==== Event Viewer Messages From Past Week ========

.

6/9/2013 12:12:34 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

6/9/2013 12:12:32 AM, Error: Service Control Manager [7022] - The ESET Service service hung on starting.

6/7/2013 1:13:05 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa800482d100, 0xfffff880057c8010, 0xffffffffc00000b5, 0x000000000000000a). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060713-10906-01.

6/6/2013 8:58:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

6/6/2013 8:58:13 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/4/2013 10:04:50 PM, Error: nvstor64 [3] - Data error on device. Device: \Device\RaidPort1 Model: ST3160023AS Firmware Version: 8.05 Serial Number: 5JS3ZRXV Port: 0

6/11/2013 9:26:40 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

6/11/2013 9:26:06 PM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The service has not been started.

6/11/2013 8:55:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom

6/11/2013 8:55:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff8800317e688, 0xfffff8800317dee0, 0xfffff800031b2123). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061113-9859-01.

6/11/2013 8:55:18 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.

6/11/2013 8:53:32 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/11/2013 8:52:53 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\System Volume Information\Syscache.hve' was corrupted and it has been recovered. Some data might have been lost.

6/11/2013 8:46:54 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

6/11/2013 8:46:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

6/11/2013 8:46:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

6/11/2013 8:46:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

6/11/2013 8:46:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

6/11/2013 8:46:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

6/11/2013 8:46:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

6/11/2013 8:46:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdrom CSC DfsC discache eamonm ehdrv EpfwLWF NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx truecrypt vwififlt Wanarpv6 WfpLwf

6/11/2013 8:46:03 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

6/11/2013 8:46:03 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

6/11/2013 8:46:03 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

6/11/2013 8:46:03 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

6/11/2013 8:46:03 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

6/11/2013 8:46:03 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

6/11/2013 8:46:03 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

6/11/2013 8:46:03 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

6/11/2013 8:46:03 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

6/11/2013 8:46:03 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

6/11/2013 8:36:05 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

6/11/2013 8:35:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom discache eamonm ehdrv SASDIFSV SASKUTIL spldr truecrypt Wanarpv6

6/11/2013 8:31:59 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).

6/11/2013 8:28:35 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.

6/11/2013 8:27:35 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Workstation service, but this action failed with the following error: An instance of the service is already running.

6/11/2013 8:26:35 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/11/2013 8:26:35 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

6/11/2013 8:26:35 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 8:26:35 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/11/2013 8:23:29 PM, Error: nvlddmkm [14] -

6/11/2013 8:13:50 PM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 8:13:50 PM, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 8:13:50 PM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

6/11/2013 8:13:50 PM, Error: Service Control Manager [7031] - The Security Center service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

6/11/2013 8:13:50 PM, Error: Service Control Manager [7031] - The HomeGroup Provider service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/11/2013 8:13:50 PM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

6/11/2013 8:10:07 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Audio service, but this action failed with the following error: An instance of the service is already running.

6/11/2013 8:09:07 PM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/11/2013 8:09:07 PM, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/11/2013 8:09:07 PM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

6/11/2013 8:09:07 PM, Error: Service Control Manager [7031] - The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 8:09:07 PM, Error: Service Control Manager [7031] - The HomeGroup Provider service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/11/2013 8:09:07 PM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 8:06:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff6bb400019f8, 0x0000000000000000, 0xfffff80003059903, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061113-9906-01.

6/11/2013 7:46:06 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147023781.

6/11/2013 7:46:06 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x8007045B.

6/11/2013 7:14:53 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff8800319a5f8, 0xfffff88003199e50, 0xfffff800031ad123). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061113-7859-01.

6/11/2013 7:06:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

6/11/2013 7:05:39 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff800031c4b13, 0xfffff88007fb9810, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061113-9187-01.

6/11/2013 6:58:37 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\William\ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.

6/11/2013 6:49:16 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\William\AppData\Local\Microsoft\Windows\UsrClass.dat' was corrupted and it has been recovered. Some data might have been lost.

6/11/2013 6:46:57 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 6:46:57 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 6:46:57 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/11/2013 6:46:57 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/11/2013 6:46:57 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 6:46:57 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/11/2013 6:46:57 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 6:46:57 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 6:46:57 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 6:46:57 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 6:46:54 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff8000303af3b, 0xfffff88002b24a40, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061113-10812-01.

6/11/2013 6:43:42 PM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The authentication service is unknown.

6/11/2013 6:43:38 PM, Error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

6/11/2013 6:43:28 PM, Error: Service Control Manager [7034] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 3 time(s).

6/11/2013 6:43:24 PM, Error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

6/11/2013 6:43:17 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

6/11/2013 6:43:13 PM, Error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

6/11/2013 6:43:07 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

6/11/2013 6:43:07 PM, Error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

6/11/2013 6:42:58 PM, Error: Service Control Manager [7000] - The epfw service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

.

==== End Of File ===========================

[D-FRED-BROWN]

Hello wesdxc and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• If TDSSKiller does not run, try renaming it.
  
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  
• Click the Start Scan button.
  
• Do not use the computer during the scan
  
• If the scan completes with nothing found, click Close to exit.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  
• Copy and paste the contents of that file in your next reply.
  

----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
  
• Open the folder where the contents were unzipped and run mbar.exe
  
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  
• Wait while the system shuts down and the cleanup process is performed.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
  

----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

----------Step 5----------------

In your next reply, please include the following:

• TDSSKiller's logfile
  
• MBAR mbar-log.txt and system-log.txt
  
• ComboFix's report (C:\ComboFix.txt)
  
• Security Check checkup.txt
  

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

[wesdxc]

Results of screen317's Security Check version 0.99.64

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 10

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

ESET Smart Security 6.0

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

Adobe Flash Player 11.7.700.202

Mozilla Firefox (21.0)

Google Chrome 26.0.1410.64

Google Chrome 27.0.1453.93

````````Process Check: objlist.exe by Laurent````````

ESET NOD32 Antivirus ekrn.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 3%

````````````````````End of Log``````````````````````

ComboFix.txt

TDSSKiller.2.8.18.0_11.06.2013_21.43.33_log.txt

system-log.txt

mbar-log-2013-06-11 (21-46-38).txt

[D-FRED-BROWN]

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Driver::

18460701

18E15A7DB

46504863

519C28532D8E8C0C

66328648

File::

C:\Windows\System32\Drivers\18460701.sys

C:\Windows\System32\Drivers\18E15A7DB.sys

C:\Windows\System32\Drivers\46504863.sys

C:\Windows\System32\Drivers\519C28532D8E8C0C.sys

C:\Windows\System32\Drivers\66328648.sys

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now

[wesdxc]

ComboFix 13-06-08.02 - William 06/12/2013 0:41.4.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6143.4585 [GMT -4:00]

Running from: c:\users\William\Desktop\ComboFix.exe

Command switches used :: c:\users\William\Desktop\CFScript.txt

AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

FILE ::

"c:\windows\System32\Drivers\18460701.sys"

"c:\windows\System32\Drivers\18E15A7DB.sys"

"c:\windows\System32\Drivers\46504863.sys"

"c:\windows\System32\Drivers\519C28532D8E8C0C.sys"

"c:\windows\System32\Drivers\66328648.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_18460701

-------\Legacy_18E15A7DB

-------\Legacy_46504863

-------\Legacy_519C28532D8E8C0C

-------\Legacy_66328648

.

.

((((((((((((((((((((((((( Files Created from 2013-05-12 to 2013-06-12 )))))))))))))))))))))))))))))))

.

.

2013-06-12 04:45 . 2013-06-12 04:45 -------- d-----w- c:\users\Leviathan\AppData\Local\temp

2013-06-12 04:45 . 2013-06-12 04:45 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-06-12 01:46 . 2013-06-12 02:06 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-06-12 01:42 . 2013-06-12 01:42 -------- d-----w- c:\users\William\Doctor Web

2013-06-12 01:03 . 2013-06-12 01:03 -------- d-----w- c:\program files (x86)\ERUNT

2013-06-12 00:57 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AB1C0F04-8C31-4ED7-BCA1-947D7C201D50}\mpengine.dll

2013-06-11 23:28 . 2013-05-17 00:59 2241024 ----a-w- c:\windows\system32\wininet.dll

2013-06-11 23:24 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-06-11 23:24 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll

2013-06-11 23:24 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll

2013-06-11 23:24 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll

2013-06-11 23:24 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll

2013-06-10 17:00 . 2013-06-10 17:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2013-06-10 17:00 . 2013-06-10 17:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2013-06-10 17:00 . 2013-06-10 17:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2013-06-10 17:00 . 2013-06-10 17:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2013-06-10 17:00 . 2013-06-10 17:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2013-06-10 17:00 . 2013-06-10 17:00 -------- d-----w- c:\program files (x86)\QuickTime

2013-06-10 16:58 . 2013-06-10 16:58 -------- d-----w- c:\program files\iPod

2013-06-10 16:58 . 2013-06-10 16:58 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-06-10 16:58 . 2013-06-10 16:58 -------- d-----w- c:\program files\iTunes

2013-06-10 16:58 . 2013-06-10 16:58 -------- d-----w- c:\program files (x86)\iTunes

2013-06-09 04:23 . 2013-06-09 04:31 -------- d-----w- c:\users\Mars

2013-06-08 02:20 . 2013-06-09 04:17 -------- d-----w- c:\users\Faust

2013-06-04 04:35 . 2013-06-04 04:35 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-04 04:35 . 2013-06-04 04:35 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-06-02 02:20 . 2013-06-02 02:20 -------- d-----w- c:\users\William\.thumbnails

2013-06-02 02:19 . 2013-06-02 02:19 -------- d-----w- c:\users\William\AppData\Local\fontconfig

2013-06-02 02:18 . 2013-06-02 16:31 -------- d-----w- c:\users\William\.gimp-2.8

2013-06-02 02:18 . 2013-06-02 02:18 -------- d-----w- c:\users\William\AppData\Local\gegl-0.2

2013-06-02 02:17 . 2013-06-02 02:17 -------- d-----w- c:\program files\GIMP 2

2013-05-26 21:54 . 2013-05-26 21:54 -------- d-----w- c:\users\Leviathan\AppData\Local\Macromedia

2013-05-26 21:53 . 2013-05-26 21:53 -------- d-----w- c:\users\Leviathan\AppData\Local\Mozilla

2013-05-15 12:36 . 2013-05-15 12:36 -------- d-----w- c:\users\William\AppData\Roaming\SUPERAntiSpyware.com

2013-05-15 12:36 . 2013-05-15 20:27 -------- d-----w- c:\program files\SUPERAntiSpyware

2013-05-15 12:36 . 2013-05-15 12:36 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2013-05-15 12:20 . 2013-05-15 20:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-12 03:02 . 2013-02-27 18:59 3928064 ----a-w- c:\windows\system32\d2d1.dll

2013-06-12 03:02 . 2013-02-02 02:13 404480 ----a-w- c:\windows\system32\umpnpmgr.dll

2013-06-12 03:02 . 2013-02-02 20:55 2086912 ----a-w- c:\windows\system32\ole32.dll

2013-06-11 23:29 . 2013-02-02 04:16 75825640 ----a-w- c:\windows\system32\MRT.exe

2013-06-02 16:46 . 2013-02-02 01:34 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-06-02 16:46 . 2013-02-02 01:34 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-05-12 21:42 . 2013-02-21 22:06 15910736 ----a-w- c:\windows\system32\nvwgf2umx.dll

2013-05-12 21:42 . 2013-02-21 22:06 1059560 ----a-w- c:\windows\system32\nvumdshimx.dll

2013-05-12 21:42 . 2013-02-21 22:06 2935696 ----a-w- c:\windows\system32\nvapi64.dll

2013-05-12 21:42 . 2013-02-02 02:11 61216 ----a-w- c:\windows\system32\OpenCL.dll

2013-05-12 21:42 . 2013-02-02 02:11 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll

2013-05-12 20:34 . 2013-02-21 22:07 3514656 ----a-w- c:\windows\system32\nvsvc64.dll

2013-05-12 20:34 . 2013-02-21 22:07 6491936 ----a-w- c:\windows\system32\nvcpl.dll

2013-05-12 20:34 . 2013-02-21 22:07 884512 ----a-w- c:\windows\system32\nvvsvc.exe

2013-05-12 20:34 . 2013-02-21 22:07 63776 ----a-w- c:\windows\system32\nvshext.dll

2013-05-12 20:34 . 2013-02-21 22:07 237856 ----a-w- c:\windows\system32\nvmctray.dll

2013-05-12 19:43 . 2013-05-12 19:43 566048 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2013-05-10 02:28 . 2009-08-18 16:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2013-05-10 02:28 . 2009-08-18 15:24 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-08 14:13 . 2013-02-21 22:07 3165737 ----a-w- c:\windows\system32\nvcoproc.bin

2013-05-02 06:06 . 2013-02-02 01:20 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-05-01 07:59 . 2013-05-01 07:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2013-05-01 07:59 . 2013-05-01 07:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2013-04-28 06:54 . 2013-04-28 06:54 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll

2013-04-13 05:49 . 2013-05-14 21:57 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-14 21:57 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-14 21:57 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-14 21:57 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-14 21:57 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-14 21:57 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-23 18:41 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-11 18:10 . 2013-04-18 17:40 2498216 ----a-w- c:\windows\SysWow64\BootMan.exe

2013-04-04 18:50 . 2013-05-02 21:45 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-28 23:02 . 2013-04-18 17:40 3376640 ----a-w- c:\windows\system32\BootMan.exe

2013-03-19 06:04 . 2013-04-10 01:29 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-10 01:29 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-10 01:29 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-10 01:29 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-10 01:29 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-10 01:29 112640 ----a-w- c:\windows\system32\smss.exe

2013-03-15 05:53 . 2013-03-28 00:26 1807136 ----a-w- c:\windows\system32\nvdispco6431422.dll

2013-03-15 05:53 . 2013-03-28 00:26 1510176 ----a-w- c:\windows\system32\nvdispgenco6431422.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 130736 ----a-w- c:\users\William\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 130736 ----a-w- c:\users\William\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 130736 ----a-w- c:\users\William\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]

.

c:\users\Faust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\William\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-4-4 25863280]

.

c:\users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\William\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-4-4 25863280]

.

c:\users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Leviathan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-5-24 27776968]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"SoftwareSASGeneration"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 ALSysIO;ALSysIO;c:\users\William\AppData\Local\Temp\ALSysIO64.sys;c:\users\William\AppData\Local\Temp\ALSysIO64.sys [x]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]

R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]

R3 SaiH0464;SaiH0464;c:\windows\system32\DRIVERS\SaiH0464.sys;c:\windows\SYSNATIVE\DRIVERS\SaiH0464.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]

S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]

S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]

S2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe;c:\program files\Logitech\SolarApp\L4301_Solar.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-05-22 17:00 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.93\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-02 09:42]

.

2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ce4d7d5d45265e.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-02 09:42]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-05 17:17 164016 ----a-w- c:\users\Mars\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-05 17:17 164016 ----a-w- c:\users\Mars\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-05 17:17 164016 ----a-w- c:\users\Mars\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-05 17:17 164016 ----a-w- c:\users\Mars\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-12-21 6326448]

"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 291944]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\William\AppData\Roaming\Mozilla\Firefox\Profiles\owfum257.default\

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2261366382-1824771852-284236166-1001\Software\SecuROM\License information*]

"datasecu"=hex:e7,44,fd,19,95,c6,e6,f4,c1,92,37,4e,04,78,57,dd,0f,d7,07,29,c6,

9a,ca,2c,1e,b9,47,4d,a0,7a,e0,c1,e6,b3,c4,9f,5d,51,5e,98,66,3e,80,93,78,98,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

.

**************************************************************************

.

Completion time: 2013-06-12 00:52:06 - machine was rebooted

ComboFix-quarantined-files.txt 2013-06-12 04:52

.

Pre-Run: 13,130,567,680 bytes free

Post-Run: 12,812,824,576 bytes free

.

- - End Of File - - 51B8BA38D96BE8F7E1394F9561654F66

A36C5E4F47E84449FF07ED3517B43A31

[D-FRED-BROWN]

Looks a whole lot better. Please run the following scans to verify we haven't missed anything:

----------Step 1----------------

Please download AdwCleaner by Xplode onto your desktop.

• Double click on AdwCleaner.exe to run the tool.
  
• Click on Search.
  
• A logfile will automatically open after the scan has finished.
  
• Please post the contents of that logfile with your next reply.
  
• You can find the logfile at C:\AdwCleaner[R1].txt as well.
  

----------Step 2----------------

We need to create a New FULL OTL Report

• Please download OTL from here if you have not done so already:
  
  • Main Mirror
    

  [*]Save it to your desktop.

  [*]Double click on the OTL icon on your desktop.

  [*]Click the "Scan All Users" checkbox.

  [*]Change the "Extra Registry" option to "SafeList"

  [*]Push the Run Scan button.

  [*]Two reports will open, copy and paste them in a reply here:

  • OTL.txt <-- Will be opened
    
  • Extra.txt <-- Will be minimized
    

----------Step 3 (note: this scan may take a little time)----------------

I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  
  • Click on to download the ESET Smart Installer. Save it to your desktop.
    
  • Double click on the icon on your desktop.
    

  [*]Check

  [*]Click the button.

  [*]Accept any security warnings from your browser.

  [*]Check

  [*]Push the Start button.

  [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

  [*]When the scan completes, push

  [*]Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

  [*]Push the button.

  [*]Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

----------Step 4----------------

Please post the AdwCleaner logfile, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.

[wesdxc]

Can you explain what looks better? From my point of view nothing has been removed or cleaned yet. Thanks again for your time.

# AdwCleaner v2.303 - Logfile created 06/12/2013 at 01:07:56

# Updated 08/06/2013 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : William - LEVIATHAN-PC

# Boot Mode : Normal

# Running from : C:\Users\William\Downloads\AdwCleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\ProgramData\APN

Folder Found : C:\ProgramData\boost_interprocess

Folder Found : C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\owfum257.default\jetpack

***** [Registry] *****

Key Found : HKCU\Software\APN PIP

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

Key Found : HKLM\Software\InstallIQ

Key Found : HKLM\Software\PIP

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\owfum257.default\prefs.js

[OK] File is clean.

File : C:\Users\Leviathan\AppData\Roaming\Mozilla\Firefox\Profiles\ck3hb4p9.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.110

File : C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Leviathan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1786 octets] - [12/06/2013 01:07:56]

########## EOF - C:\AdwCleaner[R1].txt - [1846 octets] ##########

OTL logfile created on: 6/12/2013 1:10:06 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\William\Downloads

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16614)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.16 Gb Available Physical Memory | 69.42% Memory free

12.00 Gb Paging File | 10.02 Gb Available in Paging File | 83.50% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 86.73 Gb Total Space | 11.98 Gb Free Space | 13.81% Space Free | Partition Type: NTFS

Drive D: | 400.00 Gb Total Space | 33.89 Gb Free Space | 8.47% Space Free | Partition Type: NTFS

Drive E: | 149.04 Gb Total Space | 15.07 Gb Free Space | 10.11% Space Free | Partition Type: NTFS

Computer Name: LEVIATHAN-PC | User Name: William | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/12 01:07:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\William\Downloads\OTL.exe

PRC - [2013/05/24 20:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Leviathan\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2013/05/17 17:35:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2013/05/12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2013/04/21 21:43:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/12/21 14:08:56 | 001,333,424 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

PRC - [2012/12/17 18:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/17 17:35:42 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\ppgooglenaclpluginchrome.dll

MOD - [2013/05/17 17:35:41 | 013,136,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\PepperFlash\pepflashplayer.dll

MOD - [2013/05/17 17:35:40 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\pdf.dll

MOD - [2013/05/17 17:34:47 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\libglesv2.dll

MOD - [2013/05/17 17:34:47 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\libegl.dll

MOD - [2013/05/17 17:34:45 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\ffmpegsumo.dll

MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Leviathan\AppData\Roaming\Dropbox\bin\libcef.dll

MOD - [2012/11/28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012/11/28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Leviathan\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/05/07 18:37:15 | 000,143,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)

SRV:64bit: - [2013/02/14 11:31:58 | 000,034,528 | ---- | M] (The OpenVPN Project) [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)

SRV:64bit: - [2012/12/21 14:08:56 | 001,333,424 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)

SRV:64bit: - [2012/10/01 03:22:52 | 000,359,224 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2010/10/26 17:24:36 | 000,403,536 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Logitech\SolarApp\L4301_Solar.exe -- (L4301_Solar)

SRV:64bit: - [2009/08/10 16:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)

SRV:64bit: - [2009/08/10 16:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2013/06/06 18:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2013/05/26 15:28:03 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/05/12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2013/03/07 09:49:18 | 000,017,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)

DRV:64bit: - [2013/03/07 09:49:18 | 000,009,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)

DRV:64bit: - [2013/02/25 01:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2013/02/19 21:10:21 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)

DRV:64bit: - [2013/02/08 10:45:38 | 000,036,736 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)

DRV:64bit: - [2013/02/01 09:43:00 | 000,052,640 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)

DRV:64bit: - [2013/02/01 09:43:00 | 000,025,120 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)

DRV:64bit: - [2012/12/21 14:09:28 | 000,057,904 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)

DRV:64bit: - [2012/12/21 14:09:24 | 000,190,232 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)

DRV:64bit: - [2012/12/21 14:09:24 | 000,059,440 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)

DRV:64bit: - [2012/12/21 14:08:54 | 000,150,616 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)

DRV:64bit: - [2012/12/21 14:08:18 | 000,213,416 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)

DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/09/18 05:32:32 | 000,078,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)

DRV:64bit: - [2012/09/18 05:32:32 | 000,075,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2012/09/18 05:32:32 | 000,061,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2012/09/18 05:32:32 | 000,015,160 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)

DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/10/05 10:55:02 | 000,729,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)

DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/11/11 15:47:18 | 000,348,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)

DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

DRV:64bit: - [2008/03/31 10:29:38 | 000,178,432 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiH0464.sys -- (SaiH0464)

DRV - [2013/03/07 09:49:20 | 000,013,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)

DRV - [2013/03/07 09:49:20 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)

DRV - [2013/01/23 02:12:38 | 000,013,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2261366382-1824771852-284236166-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-2261366382-1824771852-284236166-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 11 9C AA 70 E0 00 CE 01 [binary data]

IE - HKU\S-1-5-21-2261366382-1824771852-284236166-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2261366382-1824771852-284236166-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKU\S-1-5-21-2261366382-1824771852-284236166-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2261366382-1824771852-284236166-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.5

FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9

FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.2

FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15

FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.9.520

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/02/06 07:27:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/10 13:00:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013/02/21 17:00:25 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/10 13:00:44 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/02/01 21:08:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\William\AppData\Roaming\Mozilla\Extensions

[2013/06/05 01:39:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\owfum257.default\extensions

[2013/05/28 22:13:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\owfum257.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2013/06/05 01:39:08 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\owfum257.default\extensions\donottrackplus@abine.com

[2013/05/21 21:23:48 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\owfum257.default\extensions\firefox@ghostery.com

[2013/03/05 00:09:31 | 000,401,328 | ---- | M] () (No name found) -- C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\owfum257.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi

[2013/05/25 23:45:29 | 000,534,261 | ---- | M] () (No name found) -- C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\owfum257.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

[2013/05/09 23:21:14 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\owfum257.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013/05/23 22:26:19 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\owfum257.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

[2013/05/26 15:27:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2013/05/26 15:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[2013/05/26 15:28:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\pdf.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll

CHR - Extension: Google Docs = C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Adblock Plus = C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0\

CHR - Extension: Google Search = C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Logitech SetPoint = C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.51.8_0\

CHR - Extension: Gmail = C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/06/12 00:49:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)

O4:64bit: - HKLM..\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKU\S-1-5-21-2261366382-1824771852-284236166-1001..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)

O4 - Startup: C:\Users\Faust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\William\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\William\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Leviathan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2261366382-1824771852-284236166-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2261366382-1824771852-284236166-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15D25B78-9538-43EB-B64F-D84A410CDE94}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A4B1913-922E-497C-A25C-0A6AA5E03FF9}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5BB2846-EA60-4EF8-8717-688A9A814935}: DhcpNameServer = 192.168.1.1

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/12 00:52:09 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/06/12 00:49:34 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2013/06/11 22:52:36 | 000,000,000 | ---D | C] -- C:\Users\William\Desktop\logs

[2013/06/11 22:09:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/06/11 22:09:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/06/11 22:09:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/06/11 22:07:54 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/06/11 21:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

[2013/06/11 21:42:39 | 000,000,000 | ---D | C] -- C:\Users\William\Doctor Web

[2013/06/11 21:41:23 | 005,078,680 | R--- | C] (Swearware) -- C:\Users\William\Desktop\ComboFix.exe

[2013/06/11 21:39:50 | 002,240,864 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\William\Desktop\tdsskiller.exe

[2013/06/11 21:04:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2013/06/11 21:03:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2013/06/11 21:03:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2013/06/11 19:29:05 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013/06/11 19:29:05 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/06/11 19:29:05 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2013/06/11 19:29:05 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/06/11 19:29:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013/06/11 19:29:05 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/06/11 19:29:05 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/06/11 19:29:05 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013/06/11 19:29:05 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/06/11 19:29:04 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/06/11 19:29:03 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/06/11 19:29:03 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/06/11 19:29:03 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/06/11 19:25:38 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/06/11 19:25:37 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/06/11 19:25:08 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll

[2013/06/11 19:25:08 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll

[2013/06/11 19:25:06 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2013/06/11 19:25:06 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe

[2013/06/11 19:25:06 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe

[2013/06/11 19:25:06 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

[2013/06/11 19:25:06 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll

[2013/06/11 19:25:06 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll

[2013/06/11 19:25:00 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll

[2013/06/11 19:25:00 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll

[2013/06/11 19:24:53 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll

[2013/06/11 19:24:53 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll

[2013/06/11 19:24:53 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll

[2013/06/10 13:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2013/06/10 13:00:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2013/06/10 12:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2013/06/10 12:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2013/06/10 12:58:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2013/06/10 12:58:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2013/06/10 12:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2013/06/04 00:35:01 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/06/04 00:35:01 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/06/02 12:53:45 | 027,775,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll

[2013/06/02 12:53:45 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll

[2013/06/02 12:53:45 | 021,096,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll

[2013/06/02 12:53:45 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll

[2013/06/02 12:53:45 | 015,143,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll

[2013/06/02 12:53:45 | 013,403,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll

[2013/06/02 12:53:45 | 012,426,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll

[2013/06/02 12:53:45 | 009,233,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll

[2013/06/02 12:53:45 | 007,682,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll

[2013/06/02 12:53:45 | 007,641,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll

[2013/06/02 12:53:45 | 006,324,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll

[2013/06/02 12:53:45 | 002,942,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll

[2013/06/02 12:53:45 | 002,754,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll

[2013/06/02 12:53:45 | 002,597,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll

[2013/06/02 12:53:45 | 002,363,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll

[2013/06/02 12:53:45 | 002,002,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll

[2013/06/02 12:53:45 | 001,832,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6432018.dll

[2013/06/02 12:53:45 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6432018.dll

[2013/06/02 12:53:45 | 000,925,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll

[2013/06/02 12:53:45 | 000,550,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll

[2013/06/02 12:53:45 | 000,518,944 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll

[2013/06/02 12:53:45 | 000,443,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll

[2013/06/02 12:53:45 | 000,421,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll

[2013/06/02 12:53:45 | 000,266,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll

[2013/06/02 12:53:45 | 000,218,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll

[2013/06/02 12:53:45 | 000,214,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll

[2013/06/02 12:53:45 | 000,194,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys

[2013/06/02 12:53:45 | 000,181,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll

[2013/06/02 12:53:45 | 000,031,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll

[2013/06/01 22:20:09 | 000,000,000 | ---D | C] -- C:\Users\William\.thumbnails

[2013/06/01 22:19:00 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\fontconfig

[2013/06/01 22:18:59 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\gegl-0.2

[2013/06/01 22:18:59 | 000,000,000 | ---D | C] -- C:\Users\William\.gimp-2.8

[2013/06/01 22:17:36 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2

[2013/05/26 15:27:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013/05/24 14:11:25 | 000,000,000 | ---D | C] -- C:\Users\William\Documents\mbar-1.05.0.1001

[2013/05/21 21:23:53 | 000,000,000 | ---D | C] -- C:\Users\William\Desktop\Shortcuts

[2013/05/15 08:36:33 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Roaming\SUPERAntiSpyware.com

[2013/05/15 08:36:14 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2013/05/15 08:36:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2013/05/15 08:36:11 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2013/05/15 08:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2013/05/15 08:15:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2013/05/14 17:57:38 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys

[2013/05/14 17:57:38 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll

[2013/05/14 17:57:34 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll

[2013/05/14 17:57:34 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll

[2013/05/14 17:57:34 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll

[2013/05/14 17:57:34 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe

[2013/05/14 17:57:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll

========== Files - Modified Within 30 Days ==========

[2013/06/12 01:06:41 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1ce4d7d5d45265e.job

[2013/06/12 01:06:40 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/06/12 00:56:08 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/06/12 00:56:08 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/06/12 00:49:37 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/06/12 00:49:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/06/12 00:48:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/06/12 00:48:55 | 535,732,223 | -HS- | M] () -- C:\hiberfil.sys

[2013/06/12 00:31:48 | 394,207,212 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2013/06/11 23:02:27 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll

[2013/06/11 23:02:17 | 002,086,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll

[2013/06/11 23:02:10 | 001,930,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll

[2013/06/11 21:41:50 | 000,890,839 | ---- | M] () -- C:\Users\William\Desktop\SecurityCheck.exe

[2013/06/11 21:41:37 | 005,078,680 | R--- | M] (Swearware) -- C:\Users\William\Desktop\ComboFix.exe

[2013/06/11 21:40:06 | 002,240,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\William\Desktop\tdsskiller.exe

[2013/06/11 19:28:32 | 000,772,558 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/06/11 19:28:32 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/06/11 19:28:32 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/06/11 19:28:24 | 000,772,558 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/06/11 19:20:59 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat

[2013/06/10 12:58:20 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2013/06/10 00:39:08 | 000,000,600 | ---- | M] () -- C:\Users\William\AppData\Roaming\winscp.rnd

[2013/06/10 00:30:11 | 420,462,492 | ---- | M] () -- C:\Users\William\Desktop\Game.of.Thrones.S03E10.HDTV.x264-EVOLVE.mp4

[2013/06/09 23:18:12 | 315,864,062 | ---- | M] () -- C:\Users\William\Desktop\mad.men.s06e11.hdtv.x264-2hd.mp4

[2013/06/08 23:15:56 | 000,028,838 | ---- | M] () -- C:\Users\William\Documents\cc_20130608_231548.reg

[2013/06/08 23:13:41 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2013/06/08 10:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/06/08 07:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/06/05 14:35:37 | 000,017,990 | ---- | M] () -- C:\Users\William\AppData\Roaming\mbam.context.scan

[2013/06/04 00:35:01 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/06/04 00:35:01 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/06/02 12:46:06 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll

[2013/06/02 12:46:06 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll

[2013/06/01 22:23:58 | 000,002,816 | ---- | M] () -- C:\Users\William\AppData\Local\recently-used.xbel

[2013/05/31 19:21:19 | 000,001,407 | ---- | M] () -- C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2013/05/26 23:44:35 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2013/05/16 21:25:27 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/05/16 21:25:26 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/05/16 21:25:26 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/05/16 21:25:26 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/05/16 20:59:12 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/05/16 20:58:20 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/05/16 20:58:10 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/05/16 20:58:10 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/05/16 20:58:08 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013/05/16 20:58:08 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013/05/16 20:58:08 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013/05/15 08:36:14 | 000,001,808 | ---- | M] () -- C:\Users\William\Desktop\SUPERAntiSpyware Free Edition.lnk

[2013/05/15 08:13:06 | 000,268,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/05/14 08:23:25 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2013/05/14 04:40:13 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/05/13 01:51:00 | 001,464,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2013/05/13 01:51:00 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

[2013/05/13 01:50:40 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll

========== Files Created - No Company Name ==========

[2013/06/12 00:31:48 | 394,207,212 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2013/06/11 22:09:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/06/11 22:09:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/06/11 22:09:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/06/11 22:09:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/06/11 22:09:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/06/11 21:41:47 | 000,890,839 | ---- | C] () -- C:\Users\William\Desktop\SecurityCheck.exe

[2013/06/11 19:20:59 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat

[2013/06/10 12:58:20 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2013/06/10 00:30:15 | 420,462,492 | ---- | C] () -- C:\Users\William\Desktop\Game.of.Thrones.S03E10.HDTV.x264-EVOLVE.mp4

[2013/06/09 23:19:19 | 315,864,062 | ---- | C] () -- C:\Users\William\Desktop\mad.men.s06e11.hdtv.x264-2hd.mp4

[2013/06/08 23:15:52 | 000,028,838 | ---- | C] () -- C:\Users\William\Documents\cc_20130608_231548.reg

[2013/06/05 14:35:37 | 000,017,990 | ---- | C] () -- C:\Users\William\AppData\Roaming\mbam.context.scan

[2013/06/01 22:23:58 | 000,002,816 | ---- | C] () -- C:\Users\William\AppData\Local\recently-used.xbel

[2013/06/01 22:18:04 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk

[2013/05/26 23:44:35 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2013/05/15 08:36:14 | 000,001,808 | ---- | C] () -- C:\Users\William\Desktop\SUPERAntiSpyware Free Edition.lnk

[2013/05/15 08:15:27 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2013/04/18 13:40:33 | 002,498,216 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe

[2013/04/18 13:40:33 | 000,087,112 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe

[2013/04/18 13:40:33 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll

[2013/04/18 13:40:33 | 000,013,896 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys

[2013/04/18 13:40:33 | 000,009,160 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys

[2013/03/27 20:34:03 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/03/02 00:06:34 | 001,065,984 | ---- | C] () -- C:\Users\William\AppData\Local\file__0.localstorage

[2013/02/10 15:20:37 | 000,000,600 | ---- | C] () -- C:\Users\William\AppData\Roaming\winscp.rnd

[2013/02/10 13:16:44 | 000,000,600 | ---- | C] () -- C:\Users\William\AppData\Local\PUTTY.RND

[2013/02/08 20:52:36 | 000,001,361 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI

[2012/09/28 15:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll

[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

OTL Extras logfile created on: 6/12/2013 1:10:06 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\William\Downloads

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16614)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.16 Gb Available Physical Memory | 69.42% Memory free

12.00 Gb Paging File | 10.02 Gb Available in Paging File | 83.50% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 86.73 Gb Total Space | 11.98 Gb Free Space | 13.81% Space Free | Partition Type: NTFS

Drive D: | 400.00 Gb Total Space | 33.89 Gb Free Space | 8.47% Space Free | Partition Type: NTFS

Drive E: | 149.04 Gb Total Space | 15.07 Gb Free Space | 10.11% Space Free | Partition Type: NTFS

Computer Name: LEVIATHAN-PC | User Name: William | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2261366382-1824771852-284236166-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{09B52F33-3A7C-40AB-9EB0-42A00E56D448}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{19F1D329-2111-4878-B579-A471C44FF3A5}" = protocol=6 | dir=in | app=c:\users\william\appdata\roaming\dropbox\bin\dropbox.exe |

"{1B6C97B2-A340-45B2-8C1E-BC1304E15C58}" = protocol=6 | dir=in | app=c:\users\william\appdata\roaming\utorrent\utorrent.exe |

"{20EFBE03-0401-4F05-92EC-4BDE1FEC744E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{21B82D0D-F62D-42C7-947A-785F060D19C6}" = protocol=6 | dir=in | app=c:\program files (x86)\screens connect\screensconnect.exe |

"{2C4384B9-C8AF-4F4C-ACEC-5D53DFD8A437}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{31E571DA-24D6-422C-A201-65C41D0EC2BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |

"{3BC18A67-BC5B-4C8A-9142-45B090D89809}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{46F7591B-61C8-4E14-9D15-8ED638FF1A5E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{4DA86B9E-3DF4-4D2F-8CAE-E478FD7A7A6E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{54081CAD-CB7B-4FEB-83DF-C91DFB35BAF2}" = protocol=6 | dir=in | app=c:\users\mars\appdata\roaming\dropbox\bin\dropbox.exe |

"{55F25D2D-D3B5-4BEA-989B-2EAF1E878CE4}" = protocol=17 | dir=in | app=c:\users\mars\appdata\roaming\dropbox\bin\dropbox.exe |

"{63F1A0AE-95DE-478C-B6E1-11AF3B432C17}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |

"{6B1454D0-C863-47AF-8A3F-18F575A12392}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{6F614B08-FE5B-4FF6-8996-4AF21A95C964}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{7448BF36-111D-443A-95AB-0A8ADCCBC5F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |

"{8A2036A8-F30F-49AF-9F2A-D911EAE1BA10}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{A57B2D65-15E2-4575-9E83-F83BD66C2417}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{AA1B7E5A-CE23-44B0-BEBB-B787C8424963}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{AF38599A-EAB1-4A83-9E93-BFDADD625509}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{B23F680C-3F7E-42E6-BDB3-9813F241040B}" = dir=in | app=c:\program files (x86)\airport\apagent.exe |

"{B76F6259-B589-45BC-9C58-7E4F7B01976C}" = protocol=17 | dir=in | app=c:\program files (x86)\screens connect\screensconnect.exe |

"{BEB7A7FA-0C19-43BC-894B-829E1CD10FC3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{C46016D9-3143-4A0E-BA2A-30BE70B1F9B9}" = protocol=17 | dir=in | app=c:\users\leviathan\appdata\roaming\dropbox\bin\dropbox.exe |

"{D247B821-6134-4967-9966-B9866DAC9F03}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |

"{E7041D90-CF54-41EA-A927-004B4682EAF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{EC7840C8-106E-4446-AFBA-9F1A7DA993F9}" = protocol=6 | dir=in | app=c:\users\leviathan\appdata\roaming\dropbox\bin\dropbox.exe |

"{F02A41F5-EAB8-4529-845E-48948C326961}" = protocol=17 | dir=in | app=c:\users\william\appdata\roaming\utorrent\utorrent.exe |

"{F2C9E1BA-DA99-4F08-A154-7A7E05D88839}" = protocol=17 | dir=in | app=c:\users\william\appdata\roaming\dropbox\bin\dropbox.exe |

"{F4A1812C-CB3F-412D-8224-F5899CF9D47A}" = protocol=17 | dir=in | app=c:\users\faust\appdata\roaming\dropbox\bin\dropbox.exe |

"{F7979C5D-9492-4026-AF59-359634060E88}" = protocol=6 | dir=in | app=c:\users\faust\appdata\roaming\dropbox\bin\dropbox.exe |

"TCP Query User{03E416A6-B65D-4570-B0F8-4B4AE4707FC7}C:\program files (x86)\steam\steamapps\xecho64x\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xecho64x\counter-strike source\hl2.exe |

"TCP Query User{03E8D539-4B99-4295-83FF-CB44B493FF0E}C:\program files\core temp\core temp.exe" = protocol=6 | dir=in | app=c:\program files\core temp\core temp.exe |

"TCP Query User{0B8048FA-38B5-41A6-BD4A-184B6F6BD6BF}C:\program files (x86)\decipher media\decipher textmessage\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\decipher media\decipher textmessage\jre\bin\java.exe |

"TCP Query User{0D5F243B-FD0E-44EA-A3FA-4381D24A4AFC}C:\program files (x86)\steam\steamapps\xecho64x\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xecho64x\team fortress 2\hl2.exe |

"TCP Query User{A7BB611B-4287-48EE-899A-58FD987A6562}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |

"TCP Query User{CD687C55-93E0-4857-9BD4-4ED4574904E3}C:\soldat\soldat.exe" = protocol=6 | dir=in | app=c:\soldat\soldat.exe |

"UDP Query User{51C62945-5909-4993-9F6E-FB1FF90335BA}C:\program files\core temp\core temp.exe" = protocol=17 | dir=in | app=c:\program files\core temp\core temp.exe |

"UDP Query User{677BBD92-38B6-4863-AAB5-2CE00D6ACFDC}C:\program files (x86)\decipher media\decipher textmessage\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\decipher media\decipher textmessage\jre\bin\java.exe |

"UDP Query User{7D39E2A5-AA10-4DCC-8222-419D9E1C2D5F}C:\program files (x86)\steam\steamapps\xecho64x\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xecho64x\counter-strike source\hl2.exe |

"UDP Query User{874C68FD-0E1B-4FF9-88ED-24E40DAE0E30}C:\program files (x86)\steam\steamapps\xecho64x\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xecho64x\team fortress 2\hl2.exe |

"UDP Query User{9C141FA9-92F8-4ADA-ACE8-EF8FDBF8CBCD}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |

"UDP Query User{A19C4AA2-411E-4C9B-823F-28412F81A3CA}C:\soldat\soldat.exe" = protocol=17 | dir=in | app=c:\soldat\soldat.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC4

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support

"{45CA4B17-F1C4-4058-8164-367AA349D85A}" = ESET Smart Security

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes

"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 320.18

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 320.18

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 320.18

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 320.18

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.24.2

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager

"CCleaner" = CCleaner

"CPUID CPU-Z_is1" = CPUID CPU-Z 1.63.0

"Defraggler" = Defraggler

"EditPad Lite" = EditPad Lite 7.2.2

"GIMP-2_is1" = GIMP 2.8.4

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"NVIDIA Drivers" = NVIDIA Drivers

"OpenVPN" = OpenVPN 2.3.0-I004

"SolarApp" = Logitech Solar App 1.0

"sp6" = Logitech SetPoint 6.51

"TAP-Windows" = TAP-Windows 9.9.2

"WhoCrashed_is1" = WhoCrashed 4.01

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.5.0

"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE

"{320DCB30-84E2-4849-8537-2B37473FD6AC}" = Elcomsoft Phone Password Breaker

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg

"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable

"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AA68AAAE-41F0-40B5-8896-5947F5FD6889}" = AirPort

"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime

"{BDAB1E7E-64FF-4DC5-B153-1C66BB4AD677}_is1" = Screens Connect

"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel

"{CC452A50-5C87-4A1F-B295-445C3C69BF7D}" = NVIDIA MediaShield

"{D932F380-6E10-45C0-B17F-59AE0C9094CD}" = Decipher TextMessage

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Afterburner" = MSI Afterburner 2.3.1

"BOSS" = BOSS

"EaseUS Partition Master_is1" = EaseUS Partition Master 9.2.2

"ERUNT_is1" = ERUNT 1.1j

"foobar2000" = foobar2000 v1.2.2

"Google Chrome" = Google Chrome

"iBackupBot for iTunes" = iBackupBot for iTunes 3.6.5

"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"plist Editor for Windows" = plist Editor for Windows 1.0.2

"PuTTY_is1" = PuTTY version 0.62

"Soldat_is1" = Soldat 1.6.3

"Steam App 12210" = Grand Theft Auto IV

"Steam App 620" = Portal 2

"Steam App 72850" = The Elder Scrolls V: Skyrim

"Steam App 730" = Counter-Strike: Global Offensive

"TechPowerUp GPU-Z" = TechPowerUp GPU-Z

"TrueCrypt" = TrueCrypt

"Unigine Heaven Benchmark (Basic Edition)_is1" = Heaven Benchmark version 4.0

"uTorrent" = µTorrent

"VLC media player" = VLC media player 2.0.6

"winscp3_is1" = WinSCP 5.1.3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2261366382-1824771852-284236166-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 6/12/2013 12:09:40 AM | Computer Name = Leviathan-PC | Source = .NET Runtime Optimization Service | ID = 1101

Description =

Error - 6/12/2013 12:09:54 AM | Computer Name = Leviathan-PC | Source = .NET Runtime | ID = 1023

Description =

Error - 6/12/2013 12:09:54 AM | Computer Name = Leviathan-PC | Source = .NET Runtime Optimization Service | ID = 1101

Description =

Error - 6/12/2013 12:09:58 AM | Computer Name = Leviathan-PC | Source = .NET Runtime | ID = 1023

Description =

Error - 6/12/2013 12:09:58 AM | Computer Name = Leviathan-PC | Source = .NET Runtime Optimization Service | ID = 1101

Description =

Error - 6/12/2013 12:10:14 AM | Computer Name = Leviathan-PC | Source = .NET Runtime | ID = 1023

Description =

Error - 6/12/2013 12:10:14 AM | Computer Name = Leviathan-PC | Source = .NET Runtime Optimization Service | ID = 1101

Description =

Error - 6/12/2013 12:10:24 AM | Computer Name = Leviathan-PC | Source = .NET Runtime | ID = 1023

Description =

Error - 6/12/2013 12:10:24 AM | Computer Name = Leviathan-PC | Source = .NET Runtime Optimization Service | ID = 1101

Description =

Error - 6/12/2013 12:10:27 AM | Computer Name = Leviathan-PC | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe_WinDefend, version: 6.1.7600.16385,

time stamp: 0x4a5bc3c1 Faulting module name: mpengine.dll, version: 1.1.9506.0,

time stamp: 0x51908a11 Exception code: 0xc0000005 Fault offset: 0x00000000000f8f03

Faulting

process id: 0x7d8 Faulting application start time: 0x01ce6721378fbf49 Faulting application

path: C:\Windows\System32\svchost.exe Faulting module path: C:\ProgramData\Microsoft\Windows

Defender\Definition Updates\{AB1C0F04-8C31-4ED7-BCA1-947D7C201D50}\mpengine.dll

Report

Id: 02fa29c2-d316-11e2-a383-00044b031511

[ System Events ]

Error - 6/11/2013 10:23:41 PM | Computer Name = Leviathan-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1058

Error - 6/11/2013 10:23:42 PM | Computer Name = Leviathan-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1058

Error - 6/11/2013 10:23:42 PM | Computer Name = Leviathan-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1058

Error - 6/11/2013 10:23:42 PM | Computer Name = Leviathan-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1058

Error - 6/11/2013 10:35:55 PM | Computer Name = Leviathan-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1058

Error - 6/11/2013 10:35:55 PM | Computer Name = Leviathan-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1058

Error - 6/11/2013 10:35:55 PM | Computer Name = Leviathan-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1058

Error - 6/11/2013 10:35:55 PM | Computer Name = Leviathan-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1058

Error - 6/11/2013 10:35:55 PM | Computer Name = Leviathan-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1058

Error - 6/11/2013 10:35:55 PM | Computer Name = Leviathan-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1058

< End of report >

[D-FRED-BROWN]

Can you explain what looks better? From my point of view nothing has been removed or cleaned yet. Thanks again for your time.

We cleaned some of the malware that remained on your system (they were mostly drivers).

Please post the ESET log whenever possible.

[wesdxc]

We cleaned some of the malware that remained on your system (they were mostly drivers).

Please post the ESET log whenever possible.

Ah, okay. I was getting a message from windows about a Win32/small.ca but every attempt at finding or cleaning it produced no evidence that it was there in the first place.

I am waiting on that log as we speak - it is almost done.

[D-FRED-BROWN]

Sounds good. It's 1AM here so I'll check back tomorrow morning.

[wesdxc]

The scan did not find anything.

[D-FRED-BROWN]

----------Step 1----------------

We need to run an OTL Fix

• Please reopen on your desktop.
  
• Copy and Paste the following code into the textbox.
  

  :OTL
  [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
  
  [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
  
  [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  
  [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
  
  [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
  
  [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
  "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
  "ThreadingModel" = Apartment
  
  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
  "ThreadingModel" = Apartment
  
  [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
  "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
  "ThreadingModel" = Free
  
  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
  "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
  "ThreadingModel" = Free
  
  [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
  "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
  "ThreadingModel" = Both
  
  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
  
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

  
  

• Push
  
• OTL may ask to reboot the machine. Please do so if asked.
  
• Click the OK button.
  
• A report will open. Copy and Paste that report in your next reply.
  

----------Step 2----------------

Instructions for DELETE:

• Close all open programs and internet browsers.
  
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with Ok.
  
• You will be prompted to restart your computer. A text file will open after the restart.
  
• Please post the contents of that logfile with your next reply.
  
• You can find the logfile at C:\AdwCleaner[s1].txt as well.
  

Afterwards, please reboot the computer.

----------Step 3----------------

Please post the OTL and AdwCleaner reports in your next reply. How are things running now?

[wesdxc]

All processes killed

========== OTL ==========

C:\Windows\assembly\Desktop.ini moved successfully.

File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.

File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.

File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.

File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.

File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.

File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.

Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.

Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.

Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.

Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Faust

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 128 bytes

->Google Chrome cache emptied: 7257540 bytes

User: Leviathan

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 807807 bytes

->FireFox cache emptied: 38418637 bytes

->Google Chrome cache emptied: 20028319 bytes

->Flash cache emptied: 492 bytes

User: Mars

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 128 bytes

->Google Chrome cache emptied: 7340457 bytes

User: Public

->Temp folder emptied: 0 bytes

User: William

->Temp folder emptied: 1650684 bytes

->Temporary Internet Files folder emptied: 89609131 bytes

->Java cache emptied: 1188240 bytes

->FireFox cache emptied: 441453504 bytes

->Google Chrome cache emptied: 49922138 bytes

->Flash cache emptied: 20003 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 267 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78039 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 627.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Faust

User: Leviathan

User: Mars

User: Public

User: William

->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Faust

User: Leviathan

->Flash cache emptied: 0 bytes

User: Mars

User: Public

User: William

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 06122013_044120

Files\Folders moved on Reboot...

C:\Users\William\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[wesdxc]

# AdwCleaner v2.303 - Logfile created 06/12/2013 at 04:46:03

# Updated 08/06/2013 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : William - LEVIATHAN-PC

# Boot Mode : Normal

# Running from : C:\Users\William\Desktop\New folder\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\APN

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\owfum257.default\jetpack

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

Key Deleted : HKLM\Software\InstallIQ

Key Deleted : HKLM\Software\PIP

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\owfum257.default\prefs.js

[OK] File is clean.

File : C:\Users\Leviathan\AppData\Roaming\Mozilla\Firefox\Profiles\ck3hb4p9.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.110

File : C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Leviathan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1915 octets] - [12/06/2013 01:07:56]

AdwCleaner[s1].txt - [1871 octets] - [12/06/2013 04:46:03]

########## EOF - C:\AdwCleaner[s1].txt - [1931 octets] ##########

[D-FRED-BROWN]

Looks like that got the last of it.

Before we move on, please let me know: How are things running? Do you have any further issues?

[wesdxc]

Looks like that got the last of it.

Before we move on, please let me know: How are things running? Do you have any further issues?

Things are a bit smoother. I have not had a crash recently (which is great) and things are not freezing up yet. Before I would get a small freezeup for like 2-15 seconds and then the system would resume. I've been monitoring my outgoing traffic and it doesnt look like anything is sending data (that i dont recognize) - which is good.

If you think this is good. thank you very much for your time.

[D-FRED-BROWN]

Unless there are any other issues, I will now provide you with some steps to better protect your computer.

First, however we need to remove ComboFix.

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------------

Let's remove OTL and the other tools we used as well:

• Reopen on your desktop.
  
• Click on
  
• You will be prompted to reboot your system. Please do so.
  

-------------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

-------------------

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Microsoft Security Essentials

-------------------

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

-------------------

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

• Outpost Firewall Free
  Online Armor Firewall
  

A tutorial on understanding and using firewalls may be found here.

-------------------

Please keep your security programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time.

-------------------

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewa...nti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

-------------------

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

-------------------

For more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

-------------------

I would grateful if you could reply to this post so that I know you have read it and, if you have no other questions, the thread can then be closed.

I will leave the thread open for a few more days. If you need anything, just come back here and let me know. After that time you will have to send me a PM.

---------------------------------------------------------

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against malware, then click here:

Every little bit helps.

-DFB

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!