ESET Scanner detecting Somoto C.Application help

[r1kub0y]

Due to my stupidity, I clicked Ok to installation of Snap.do on installation of a program given by CNET.

Here is my DDS.txt and attach.txt.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.25.2
Run by Wilber at 3:06:28 on 2013-08-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.65.1033.18.8173.5578 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Advanced SystemCare Ultimate *Enabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascsvc.exe
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
C:\Program Files (x86)\Thunder Master\THPanel.exe
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
E:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
E:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [THPanel] "C:\Program Files (x86)\Thunder Master\THPanel.exe" /A
uRun: [Advanced SystemCare Ultimate] "C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe" /AutoStart
uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [biosNotice] C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{367023B9-CC6C-46A5-8057-627BF1477B04} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R1 BIOS;BIOS;C:\Windows\System32\drivers\BIOS64.sys [2009-7-15 14136]
R1 BS_I2cIo;BS_I2cIo;C:\Windows\System32\drivers\BS_I2c64.sys [2013-7-25 15408]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-24 143120]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCSvc.exe [2013-7-25 1051088]
R2 ASCAntivirusSrv;AdvancedSystemCareAntivirus;C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCAvSvc.exe [2013-7-25 621008]
R2 Dokan;Dokan;C:\Windows\System32\drivers\dokan.sys [2011-1-10 120408]
R2 DokanMounter;DokanMounter;C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [2011-1-10 14848]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-8-2 14984480]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2012-2-15 11576]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-8-2 39712]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-26 769168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 SetupARService;SetupARService;C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [2013-7-25 24576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-7-25 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-7-18 366600]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-26 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-26 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-26 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-08-08 18:20:04    --------    d-----w-    C:\Program Files (x86)\ESET
2013-08-08 18:15:47    9460976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{812D0626-D7CC-4D9E-BE14-4F72A683A7DC}\mpengine.dll
2013-08-08 18:07:50    --------    d-----w-    C:\$RECYCLE.BIN
2013-08-08 18:04:06    98816    ----a-w-    C:\Windows\sed.exe
2013-08-08 18:04:06    256000    ----a-w-    C:\Windows\PEV.exe
2013-08-08 18:04:06    208896    ----a-w-    C:\Windows\MBR.exe
2013-08-08 17:32:56    388096    ----a-r-    C:\Users\Wilber\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-08-08 17:32:47    --------    d-----w-    C:\Users\Wilber\AppData\Roaming\picpick
2013-08-07 12:52:32    9460976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-05 13:44:26    --------    d-----w-    C:\Users\Wilber\AppData\Local\Proxure
2013-08-05 13:44:23    --------    d-----w-    C:\ProgramData\ClubSanDisk
2013-08-02 13:59:40    --------    d-----w-    C:\NvidiaLogging
2013-08-02 13:59:23    39712    ----a-w-    C:\Windows\System32\drivers\nvvad64v.sys
2013-08-02 13:59:23    29984    ----a-w-    C:\Windows\System32\nvaudcap64v.dll
2013-08-02 13:59:23    28448    ----a-w-    C:\Windows\SysWow64\nvaudcap32v.dll
2013-07-29 11:51:36    --------    d-----w-    C:\Program Files\Common Files\Common Desktop Agent
2013-07-29 11:51:36    --------    d-----w-    C:\Program Files (x86)\Common Files\Common Desktop Agent
2013-07-29 11:50:44    --------    d-----w-    C:\ProgramData\Samsung
2013-07-29 11:50:42    41984    ----a-w-    C:\Windows\System32\Spool\prtprocs\x64\sst6cpc.dll
2013-07-29 11:50:14    34304    ----a-w-    C:\Windows\System32\sst6ylm.dll
2013-07-29 11:50:08    89600    ----a-w-    C:\Windows\System32\sst6yci.dll
2013-07-29 11:50:08    151552    ----a-w-    C:\Windows\System32\sst6yci.exe
2013-07-29 11:50:07    1554336    ------w-    C:\Windows\TotalUninstaller.exe
2013-07-27 01:47:15    --------    d-----w-    C:\Users\Wilber\Zomboid
2013-07-27 00:59:23    25472    ----a-w-    C:\Windows\System32\RegistryDefragBootTime.exe
2013-07-26 11:31:05    --------    d-----w-    C:\Windows\PCHEALTH
2013-07-26 08:41:53    769168    ----a-w-    C:\Windows\System32\drivers\Rt64win7.sys
2013-07-26 08:41:53    74344    ----a-w-    C:\Windows\System32\RtNicProp64.dll
2013-07-26 08:35:05    --------    d-----w-    C:\Program Files (x86)\Trend Micro
2013-07-26 08:31:17    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-07-26 08:31:16    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-07-26 08:29:03    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-07-26 08:29:03    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-07-26 08:28:07    --------    d-----w-    C:\Program Files\Speccy
2013-07-26 08:26:26    --------    d-----w-    C:\Program Files\Defraggler
2013-07-26 08:13:28    --------    d-----w-    C:\Windows\SysWow64\Adobe
2013-07-26 08:07:28    --------    d-----w-    C:\Users\Wilber\AppData\Local\ElevatedDiagnostics
2013-07-26 07:45:49    --------    d-----w-    C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-07-26 07:45:49    --------    d-----w-    C:\ProgramData\{6F2F3866-38AD-4f48-852C-2FF5DE7A7588}
2013-07-26 07:45:28    --------    d-----w-    C:\ProgramData\iobit
2013-07-26 07:43:04    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-07-26 07:43:04    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-07-26 07:42:31    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-26 07:42:31    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-26 07:42:31    1643520    ----a-w-    C:\Windows\System32\DWrite.dll
2013-07-26 07:42:31    1247744    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2013-07-26 07:27:59    905728    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2013-07-26 07:24:34    --------    d-----w-    C:\Program Files (x86)\Dokan
2013-07-26 07:18:51    70144    ----a-w-    C:\Windows\System32\appinfo.dll
2013-07-26 07:17:40    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-07-26 07:17:40    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-07-26 07:17:38    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-07-26 07:17:38    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-07-26 07:17:20    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2013-07-26 07:17:20    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-07-26 05:52:59    --------    d-----w-    C:\Windows\Panther
2013-07-25 23:20:59    941720    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-25 23:20:59    941720    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6D20833B-7DB8-4CBB-9537-31B2207B05DB}\gapaengine.dll
2013-07-25 23:20:27    --------    d-----w-    C:\Windows\System32\MRT
2013-07-25 23:19:32    --------    d-----w-    C:\Windows\System32\SPReview
2013-07-25 23:19:23    --------    d-----w-    C:\Windows\System32\EventProviders
2013-07-25 23:18:07    48976    ----a-w-    C:\Windows\System32\netfxperf.dll
2013-07-25 23:18:07    1942856    ----a-w-    C:\Windows\System32\dfshim.dll
2013-07-25 23:18:03    1130824    ----a-w-    C:\Windows\SysWow64\dfshim.dll
2013-07-25 23:18:01    14967808    ----a-w-    C:\Program Files\DVD Maker\OmdBase.dll
2013-07-25 23:16:59    6144    ----a-w-    C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2013-07-25 23:16:59    4608    ----a-w-    C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2013-07-25 23:16:59    2560    ----a-w-    C:\Windows\System32\drivers\en-US\rdpwd.sys.mui
2013-07-25 23:16:58    399872    ----a-w-    C:\Windows\System32\dpx.dll
2013-07-25 23:16:58    189952    ----a-w-    C:\Windows\SysWow64\wdscore.dll
2013-07-25 23:16:56    189952    ----a-w-    C:\Windows\SysWow64\sqmapi.dll
2013-07-25 23:16:54    606208    ----a-w-    C:\Windows\SysWow64\wbem\fastprox.dll
2013-07-25 23:16:54    363008    ----a-w-    C:\Windows\SysWow64\wbemcomn.dll
2013-07-25 23:16:54    189952    ----a-w-    C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2013-07-25 23:16:46    529408    ----a-w-    C:\Windows\System32\wbemcomn.dll
2013-07-25 23:16:46    244736    ----a-w-    C:\Windows\System32\sqmapi.dll
2013-07-25 23:16:46    244736    ----a-w-    C:\Program Files\Windows Portable Devices\sqmapi.dll
2013-07-25 23:16:45    518656    ----a-w-    C:\Program Files\Microsoft Games\Multiplayer\Checkers\Chkr.dll
2013-07-25 23:15:58    96768    ----a-w-    C:\Windows\System32\fsutil.exe
2013-07-25 23:15:58    410496    ----a-w-    C:\Windows\System32\drivers\iaStorV.sys
2013-07-25 23:15:58    27008    ----a-w-    C:\Windows\System32\drivers\amdxata.sys
2013-07-25 23:15:58    2565632    ----a-w-    C:\Windows\System32\esent.dll
2013-07-25 23:15:58    189824    ----a-w-    C:\Windows\System32\drivers\storport.sys
2013-07-25 23:15:58    1699328    ----a-w-    C:\Windows\SysWow64\esent.dll
2013-07-25 23:15:58    166272    ----a-w-    C:\Windows\System32\drivers\nvstor.sys
2013-07-25 23:15:58    148352    ----a-w-    C:\Windows\System32\drivers\nvraid.sys
2013-07-25 23:15:58    107904    ----a-w-    C:\Windows\System32\drivers\amdsata.sys
2013-07-25 23:15:57    74240    ----a-w-    C:\Windows\SysWow64\fsutil.exe
2013-07-25 23:09:39    98816    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-07-25 23:09:39    7936    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2013-07-25 23:09:39    52736    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2013-07-25 23:09:39    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2013-07-25 23:09:39    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2013-07-25 23:09:39    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2013-07-25 23:09:39    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2013-07-25 23:06:34    --------    d-----w-    C:\Windows\SysWow64\Wat
2013-07-25 23:06:34    --------    d-----w-    C:\Windows\System32\Wat
2013-07-25 23:01:31    --------    d-----w-    C:\Windows\en
2013-07-25 22:56:25    7450888    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\2fde1b611ce898a03\bingbarsetup.exe
2013-07-25 22:28:13    9728    ----a-w-    C:\Windows\System32\Wdfres.dll
2013-07-25 22:28:13    785512    ----a-w-    C:\Windows\System32\drivers\Wdf01000.sys
2013-07-25 22:28:13    54376    ----a-w-    C:\Windows\System32\drivers\WdfLdr.sys
2013-07-25 22:28:13    2560    ----a-w-    C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-07-25 15:46:35    70656    ----a-w-    C:\Windows\SysWow64\fontsub.dll
2013-07-25 15:46:35    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2013-07-25 15:46:35    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2013-07-25 15:46:35    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2013-07-25 15:46:35    100864    ----a-w-    C:\Windows\System32\fontsub.dll
2013-07-25 15:46:34    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2013-07-25 15:45:52    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2013-07-25 15:45:52    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
2013-07-25 15:45:52    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2013-07-25 15:45:52    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
2013-07-25 15:45:51    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
2013-07-25 15:45:51    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2013-07-25 15:45:51    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
2013-07-25 15:40:15    --------    d-----w-    C:\Users\Wilber\AppData\Local\Microsoft Games
2013-07-25 15:34:28    48488    ----a-w-    C:\Windows\System32\drivers\fssfltr.sys
2013-07-25 15:33:46    15712    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\5a5e812c1ce894c06\MeshBetaRemover.exe
2013-07-25 15:33:42    537432    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\5764c8d51ce894c05\DXSETUP.exe
2013-07-25 15:33:41    89944    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\5764c8d51ce894c05\DSETUP.dll
2013-07-25 15:33:41    1801048    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\5764c8d51ce894c05\dsetup32.dll
2013-07-25 15:33:37    94040    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\545cc83b1ce894c04\DSETUP.dll
2013-07-25 15:33:37    525656    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\545cc83b1ce894c04\DXSETUP.exe
2013-07-25 15:33:37    1691480    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\545cc83b1ce894c04\dsetup32.dll
2013-07-25 15:33:32    6260088    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\514b42211ce894c03\Silverlight.4.0.exe
2013-07-25 15:33:05    --------    d-----w-    C:\Users\Wilber\AppData\Local\Windows Live
2013-07-25 15:33:05    --------    d-----w-    C:\Program Files (x86)\Common Files\Windows Live
2013-07-25 15:29:16    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-07-25 15:29:16    5120    ----a-w-    C:\Windows\SysWow64\wmi.dll
2013-07-25 15:29:16    5120    ----a-w-    C:\Windows\System32\wmi.dll
2013-07-25 15:29:16    23408    ----a-w-    C:\Windows\System32\drivers\fs_rec.sys
2013-07-25 15:29:16    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-07-25 15:28:04    773968    ----a-w-    C:\Windows\SysWow64\msvcr100.dll
2013-07-25 15:27:50    --------    d-----w-    C:\ProgramData\Logs
2013-07-25 15:27:49    19392    ----a-w-    C:\Windows\System32\roboot64.exe
2013-07-25 15:12:44    --------    d-----w-    C:\Program Files\Microsoft Security Client
2013-07-25 15:09:17    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-07-25 15:09:16    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-07-25 15:09:15    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-25 14:48:48    --------    d-----w-    C:\Users\Wilber\AppData\Local\WindowsUpdate
2013-07-25 14:43:06    --------    d-----w-    C:\Program Files (x86)\VideoLAN
2013-07-25 14:43:05    --------    d-----w-    C:\Program Files (x86)\SogouInput
2013-07-25 14:43:04    89600    ----a-w-    C:\Windows\System32\sst6cci.dll
2013-07-25 14:43:04    34304    ----a-w-    C:\Windows\System32\sst6clm.dll
2013-07-25 14:43:04    151552    ----a-w-    C:\Windows\System32\sst6cci.exe
2013-07-25 14:41:23    --------    d-----w-    C:\Program Files (x86)\IObit
2013-07-25 14:30:07    --------    d-----w-    C:\Users\Wilber\AppData\Roaming\WOT Statistics
2013-07-25 14:30:06    --------    d-----w-    C:\Users\Wilber\AppData\Roaming\Wargaming.net
2013-07-25 14:30:06    --------    d-----w-    C:\Users\Wilber\AppData\Roaming\TS3Client
2013-07-25 14:30:06    --------    d-----w-    C:\Users\Wilber\AppData\Roaming\SUPERAntiSpyware.com
2013-07-25 14:30:05    --------    d-----w-    C:\Users\Wilber\AppData\Roaming\Samsung
2013-07-25 14:30:05    --------    d-----w-    C:\Users\Wilber\AppData\Roaming\PingPlotter
2013-07-25 14:30:05    --------    d-----w-    C:\Users\Wilber\AppData\Roaming\NVIDIA
2013-07-25 14:28:55    --------    d-----w-    C:\Users\Wilber\AppData\Local\Macromedia
2013-07-25 14:28:55    --------    d-----w-    C:\Users\Wilber\AppData\Local\Google
2013-07-25 14:28:54    --------    d-----w-    C:\Users\Wilber\AppData\Local\Diagnostics
2013-07-25 14:28:54    --------    d-----w-    C:\Users\Wilber\AppData\Local\Adobe
2013-07-25 14:28:54    --------    d-----w-    C:\Users\Wilber\.swt
2013-07-25 14:24:32    9460976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{838762B7-E535-4B76-BA6B-B2B5BBE17E32}\mpengine.dll
2013-07-25 14:24:29    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-07-25 14:16:58    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-07-25 14:15:54    395776    ----a-w-    C:\Windows\System32\webio.dll
2013-07-25 14:11:14    826880    ----a-w-    C:\Windows\SysWow64\rdpcore.dll
2013-07-25 14:11:14    23552    ----a-w-    C:\Windows\System32\drivers\tdtcp.sys
2013-07-25 14:11:14    1031680    ----a-w-    C:\Windows\System32\rdpcore.dll
2013-07-25 14:09:16    2622464    ----a-w-    C:\Windows\System32\wucltux.dll
2013-07-25 14:09:15    99840    ----a-w-    C:\Windows\System32\wudriver.dll
2013-07-25 14:09:14    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2013-07-25 14:09:14    186752    ----a-w-    C:\Windows\System32\wuwebv.dll
2013-07-25 14:05:41    107552    ----a-w-    C:\Windows\System32\RTNUninst64.dll
2013-07-25 14:05:29    --------    d-----w-    C:\Program Files (x86)\Realtek
2013-07-25 14:05:24    2079816    ----a-w-    C:\Windows\RtlExUpd.dll
2013-07-25 14:05:24    --------    d--h--w-    C:\Program Files (x86)\Temp
2013-07-25 14:04:26    --------    d-----w-    C:\Program Files (x86)\Renesas Electronics
2013-07-25 14:04:16    8192    ----a-w-    C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
2013-07-25 14:04:16    8192    ----a-w-    C:\Windows\System32\drivers\IntelMEFWVer.dll
2013-07-25 14:02:44    --------    d-sh--w-    C:\Windows\Installer
2013-07-25 14:02:06    884512    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-07-25 14:02:06    6496544    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-07-25 14:02:06    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-07-25 14:02:06    3514656    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-07-25 14:02:06    3253909    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-07-25 14:02:06    2557800    ----a-w-    C:\Windows\System32\nvsvcr.dll
2013-07-25 14:02:06    237856    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-07-25 14:00:44    --------    d-----w-    C:\NVIDIA
2013-07-25 13:59:02    --------    d-----w-    C:\Program Files (x86)\Thunder Master
.
==================== Find3M  ====================
.
2013-07-26 07:27:59    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 07:08:21    175616    ----a-w-    C:\Windows\System32\msclmd.dll
2013-07-26 07:08:21    152576    ----a-w-    C:\Windows\SysWow64\msclmd.dll
2013-06-21 05:32:20    226424    ----a-w-    C:\Windows\System32\SBuySupplies.exe
2013-06-20 21:16:02    566048    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2013-06-18 13:50:08    247216    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2013-06-18 13:50:08    139616    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2013-06-05 03:34:27    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-06-04 06:00:13    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-04 04:53:07    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
.
============= FINISH:  3:06:36.12 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 25/7/2013 9:56:14 PM
System Uptime: 9/8/2013 2:09:57 AM (1 hours ago)
.
Motherboard: BIOSTAR Group |  | TP67B+
Processor: Intel® Core i5-2400 CPU @ 3.10GHz | SOCKET 0 | 3101/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 60 GiB total, 16.214 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 397.443 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP20: 24/7/2013 11:57:08 PM - Windows 7 Service Pack 1
RP21: 25/7/2013 10:05:37 AM - Windows Update
RP22: 25/7/2013 4:46:56 PM - Windows Update
RP23: 25/7/2013 5:09:50 PM - Windows Update
RP24: 25/7/2013 5:46:06 PM - Windows Update
RP25: 25/7/2013 6:05:00 PM - Windows Update
RP26: 25/7/2013 7:24:29 PM - Installed Paragon Migrate OS to SSD™.
RP27: 25/7/2013 7:50:10 PM - Windows Modules Installer
RP28: 25/7/2013 7:50:53 PM - Windows Modules Installer
RP33: 8/8/2013 10:21:29 PM - Windows Update
RP34: 9/8/2013 1:48:56 AM - Removed Skype™ 6.6
RP35: 9/8/2013 2:53:41 AM - Removed Skype Click to Call
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 12.0
Advanced SystemCare Ultimate 6
BiosNotice
CCleaner
Common Desktop Agent
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler
Dokan Library 0.6.0
ESET Online Scanner v3
HiJackThis
Intel® Control Center
Intel® Management Engine Components
Intel® Trusted Connect Service Client
Java 7 Update 25
Java Auto Updater
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 23.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Notepad++
NVIDIA 3D Vision Controller Driver 320.49
NVIDIA 3D Vision Driver 320.49
NVIDIA Control Panel 320.49
NVIDIA GeForce Experience 1.6
NVIDIA Graphics Driver 320.49
NVIDIA HD Audio Driver 1.3.24.2
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 7.2.17
NVIDIA Update Components
NVIDIA Virtual Audio 1.2.1
Realtek Ethernet Controller Driver
Renesas Electronics USB 3.0 Host Controller Driver
Samsung CLP-360 Series
Samsung Easy Printer Manager
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SHIELD Streaming
Speccy
SUPERAntiSpyware
swMSM
Thunder Master v1.5
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
9/8/2013 2:10:16 AM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/8/2013 2:07:17 AM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
9/8/2013 2:07:02 AM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
9/8/2013 2:05:06 AM, Error: Service Control Manager [7034]  - The DokanMounter service terminated unexpectedly.  It has done this 1 time(s).
9/8/2013 2:02:30 AM, Error: Service Control Manager [7034]  - The Skype C2C Service service terminated unexpectedly.  It has done this 1 time(s).
8/8/2013 9:56:00 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR2.
4/8/2013 8:57:48 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
4/8/2013 8:57:48 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-2147218173.
2/8/2013 9:59:29 PM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================
 

[MrCharlie]

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[r1kub0y]

Here is the roguekiller64 logs

RogueKiller V8.6.5 _x64_ [Aug  5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Wilber [Admin rights]
Mode : Scan -- Date : 08/09/2013 08:27:00
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[FF][PROXY] ptfs09uy.default : user_pref("network.proxy.type", 2); -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> E:\windows\system32\config\SYSTEM | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\windows\system32\config\SOFTWARE | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\windows\system32\config\SECURITY | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\windows\system32\config\SAM | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\windows\system32\config\DEFAULT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\Documents and Settings\UpdatusUser\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\Documents and Settings\Wilber\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST500DM002-1BD142 ATA Device +++++
--- User ---
[MBR] 5f053de242d4d88ac88817e6ccfc1566
[bSP] 5f1bb4f3cea4127133333e75f0b61d3b : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST500DM002-1BD142 ATA Device +++++
--- User ---
[MBR] 6bae0dc2cf81227e9c55283c5512602e
[bSP] 808b9bfde87f0f8372d2a291bc206aa2 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 60955 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_08092013_082700.txt >>



 

[MrCharlie]

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

• Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
• Now click on the Search tab.
• Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

[r1kub0y]

here is the adware log

# AdwCleaner v2.306 - Logfile created 08/09/2013 at 09:21:57
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Wilber - WILBER-PC
# Boot Mode : Normal
# Running from : C:\Users\Wilber\Downloads\adwcleaner.exe
# Option [search]


***** [services] *****


***** [Files / Folders] *****

File Found : C:\Users\Wilber\AppData\Roaming\Mozilla\Firefox\Profiles\ptfs09uy.default\foxydeal.sqlite
Folder Found : C:\Users\Wilber\AppData\Roaming\Mozilla\Firefox\Profiles\ptfs09uy.default\jetpack

***** [Registry] *****


***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v23.0 (en-US)

File : C:\Users\Wilber\AppData\Roaming\Mozilla\Firefox\Profiles\cy4mepo9.default\prefs.js

[OK] File is clean.

File : C:\Users\Wilber\AppData\Roaming\Mozilla\Firefox\Profiles\ptfs09uy.default\prefs.js

Found : user_pref("BlockSite.locations", "animeshippuden.com     |||nequiz.com     |||4megaupload.com     |||danbooru[...]

*************************

AdwCleaner[R1].txt - [1086 octets] - [09/08/2013 09:21:57]
AdwCleaner[s1].txt - [3432 octets] - [09/08/2013 01:52:32]

########## EOF - C:\AdwCleaner[R1].txt - [1206 octets] ##########
 

[MrCharlie]

Some adware found....lets clear it out.....

• Please re-run AdwCleaner
• Click on Delete button.
• Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Last.........

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[r1kub0y]

Adware Log

# AdwCleaner v2.306 - Logfile created 08/09/2013 at 09:45:39
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Wilber - WILBER-PC
# Boot Mode : Normal
# Running from : C:\Users\Wilber\Downloads\adwcleaner.exe
# Option [Delete]


***** [services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Wilber\AppData\Roaming\Mozilla\Firefox\Profiles\ptfs09uy.default\foxydeal.sqlite
Folder Deleted : C:\Users\Wilber\AppData\Roaming\Mozilla\Firefox\Profiles\ptfs09uy.default\jetpack

***** [Registry] *****


***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v23.0 (en-US)

File : C:\Users\Wilber\AppData\Roaming\Mozilla\Firefox\Profiles\cy4mepo9.default\prefs.js

[OK] File is clean.

File : C:\Users\Wilber\AppData\Roaming\Mozilla\Firefox\Profiles\ptfs09uy.default\prefs.js

Deleted : user_pref("BlockSite.locations", "animeshippuden.com     |||nequiz.com     |||4megaupload.com     |||danbooru[...]

*************************

AdwCleaner[R1].txt - [1275 octets] - [09/08/2013 09:21:57]
AdwCleaner[s1].txt - [3432 octets] - [09/08/2013 01:52:32]
AdwCleaner[s2].txt - [1212 octets] - [09/08/2013 09:45:39]

########## EOF - C:\AdwCleaner[s2].txt - [1272 octets] ##########
 

Here is JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.8 (08.07.2013:4)
OS: Windows 7 Home Premium x64
Ran by Wilber on Fri 09/08/2013 at  9:47:54.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\trolltech



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 09/08/2013 at  9:50:15.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Here is the mbam log

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.08.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Wilber :: WILBER-PC [administrator]

9/8/2013 9:53:04 AM
mbam-log-2013-08-09 (09-53-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 244151
Time elapsed: 1 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Thank you mrcharlie,my computer is running significantly faster now. I used to face startup slow down when doubleclicking mozilla firefox, it would take ages for it to start.

[MrCharlie]

Run another scan with ESET Scanner and see if it comes up clean....MrC

[r1kub0y]

ESET scan completed

No threats found.

Thank you for your assistance.

[r1kub0y]

Oops, i forgot to tick the box for PuP on eset, redoing scan again. Sorry!

[r1kub0y]

Okay rescan done, no threats found. Thanks again.

[MrCharlie]

Good...

A little clean up to do:

Please download OTC to your desktop.

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (may be down right now)

Cached version:

http://webcache.googleusercontent.com/search?q=cache:T4_y-D1qZAoJ:maddoktor2.com/forums/index.php%3Ftopic%3D46886.0+&cd=3&hl=en&ct=clnk&gl=us

Good Luck and Thanks for using the forum, MrC

[Maurice Naggar]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.