...bringing home all sorts of who-knows-what ;-) I would be most appreciative for some assistance in cleaning the goblins out of her...

Because I can tell y'all like a challenge (not really, I was simply ignorant) I have done most of the things a user is directed NOT to do prior to your assistance, as enumerated in the "before you post" thread. Sorry :red: Specifically, before admitting that I'm out of my depth, I tried many and various means for removal of the shadowy software lurking in my PC -- registry cleaning (a la Glary Utilities), a couple of anti spyware/root kit tools like Malwarebytes, AVG (until I got fed up & tried to remove it), and then I found Hiran's Boot CD -- and in one blurred, frenzied and ineffective night I tried all sorts of options in the suite of tools. Combofix included, but although I opened the program, I don't think I used any of its tools, but not sure. Also tried ClamWin AV, which is the only thing that named some of the elusive trojans. Here is that scan log; infected files are at the end:

Scan Started Mon Aug 19 15:21:03 2013
-------------------------------------------------------------------------------

WARNING: Can't open file C:\Boot\BCD: Permission denied
WARNING: Can't open file C:\pagefile.sys: Permission denied
C:\Program Files (x86)\Creative\ShareDLL\CADI\CtPresetW.dll: moved to 'C:\Qoobox\Quarantine\CtPresetW.dll.infected'
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\033645cb82d642d47aa605cc88e0e3ca_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\049b06736804db2f5e7621bebf6ed59e_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\07bd1d916181adf10240b62971ccf64e_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\09f52e0a31fd18662690f8bd772e66e4_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0b51c6cc08e821819fc4d861dd43abf9_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\102e8dbbecf306b873cfca4be985e399_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1148650d479f382165a373d3dbe95a90_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\121b3ed2f250f997cb71d0cdf2b59822_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\169fc132319d105a90d0644948e7bc3b_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1a14b697ac72b698323074f874c8888b_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1c7aa1bc7ce76500a52b91ec4ce58b47_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\23e0fbdbaedcfc2208c1509a8293872e_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2d478076527342ef7fcdbecb4ecdc28a_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2ecf015b6012bd91248be329bbd2bf47_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3031c930d4aa06a42755f87a67e9af8b_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3047a828acdf97013d991028b880c556_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\33b84a1097cc036a3fd4b4353cc63f69_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c12f6e1467c4ac4966c5bb8e2f20ee3_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3da4117aeb23d4e0d33dbbc262bee0d8_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3e65d1ff502c8948ba275bdc9778e2ea_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3f91b791638dd75bbdf72f5345cd64dc_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3ff144a43259042866d488203c817df5_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\41ba34bcdb2177f953c214a169f0c227_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4240280e49be3991007efb65cbc599ff_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4591ef02cebc8ec876cac822eddeaed2_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\46d6cc5a3e6bf68989208591f0b5ebef_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4a52d2b4827844c4b4e19a12df7fd831_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4f2fb8045bc240825db618b02e093265_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\50759155b0276663b5a4a49979d5594b_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\51356229475c76892b3edfb4487c0a2f_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\57f6e27b1d1a8b0912fb77c9a58a3cd0_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\68294f27f83983725ebbab624846cbb2_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\69cc8aca239d277ad44c008e2257886a_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b209b20d48fd8de500c0c0073e1640b_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6c9ae8a5f86c33ae67f6fc15b7ff7d8c_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6d33e26fd8288b0fb339322306765dfd_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7270e2d4532469b59a90c7bb6deba41d_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\764ff12e6bfa66cbad00cb446cbac448_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7d9dfa7d386a104a25fd530f7bf56273_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\844e98caa4582b782bcf7e623354afed_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8a4e5055d1760287dde00e446b672ea6_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8b897ef36142f0e23e409c077d20065d_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8d5bc829e84337ce16dc414c2fadc916_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8f050e05aaff7e90980ab0b5d7f83707_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9b5d0040b5a564605fb08b44ed340451_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9bb34e4a824539a9beaa5219eae3a64b_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a2917eedc30797a12920d8012653265e_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a6c82625a7a95e0c7b4284a9a1d883e2_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ab913a1d7eee1e429ec3abaff5b1620f_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ade23b912d0c3e1abae02fbb64975b76_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b19f341a36468a6a39ffb0d280f6d336_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b4e6e30a45e4aa79fa27fbddf5363b15_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b5724232facc542c4c366528017177c1_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bc9ce41a6bc5152c1ffe764ae12143a8_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bdf935d91b9907e0d2e14a582c308c8a_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c1c5472bb5c698de9a3a9dfa39296ce4_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c39dea9c049e6b8c9fca7ffdaa0e9688_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c689064be407e1c74d7aa125e51a5dd2_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c69a8968a46a35e3e091cc4e5d6a7e6e_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c73add8524540e2385dd2df9e781c1b9_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c8132611abe0e5eca0b8f7e8cbf7dd1d_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cc0a29fb795e598881213cf0f134b1cc_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d0ddcfc62115b7a14ea8676b7644aa5a_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d54af066da8d738fdfcf6cfeed483166_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d7beeb857d4435b5b77912fb7c7cb5a1_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dd493c4537a14931d5b6e63490c65ff0_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\de66b6c415bda6afac89ca285eb7c4c5_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e053acf0f1aafb92c4e811d259e95410_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e07f532128c3e21aee6016e64f3872b1_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e371cd75ca7f6c64f505d624188780c1_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ebcadaaf5291757baa797716a1aaa702_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ee9d86034348152be99975864fcf2183_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\eeabb80d0bcd3f9f8e56bc7bff52c522_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f082e472fad03cbc2b870c945d1fe78b_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f4ff103e299a22c850065b1f08e22544_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f50247895c8cca5f8feabd5efb1e0ac6_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f9ac9fa9bdd2db2c93c05d33539f7651_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fb5e40d256c3c4fbb336e1cdc2688d51_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-EF17B81B8BEC21E07B878AA88994B27AEB19C5F2.bin.67: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-EF17B81B8BEC21E07B878AA88994B27AEB19C5F2.bin.7E: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-EF17B81B8BEC21E07B878AA88994B27AEB19C5F2.bin.80: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-EF17B81B8BEC21E07B878AA88994B27AEB19C5F2.bin.87: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-EF17B81B8BEC21E07B878AA88994B27AEB19C5F2.bin.A0: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-EF17B81B8BEC21E07B878AA88994B27AEB19C5F2.bin.VE0: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-EF17B81B8BEC21E07B878AA88994B27AEB19C5F2.bin.VE1: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-EF17B81B8BEC21E07B878AA88994B27AEB19C5F2.bin.VF: Permission denied
C:\Qoobox\Quarantine\CtPresetW.dll.infected not moved/copied since already in quarantine
WARNING: Can't open file C:\System Volume Information\Syscache.hve: Permission denied
WARNING: Can't open file C:\System Volume Information\Syscache.hve.LOG1: Permission denied
WARNING: Can't open file C:\System Volume Information\{05f081fd-0873-11e3-9bb4-7071bc10bd06}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{0f1592b2-f269-11e2-8021-7071bc10bd06}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{1c11a4c0-fba7-11e2-b122-7071bc10bd06}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{26507b0e-056f-11e3-b4e4-7071bc10bd06}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{3bdac356-00d7-11e3-8b59-7071bc10bd06}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{681b83d7-01c4-11e3-8478-7071bc10bd06}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{7d723cd5-f88d-11e2-8073-7071bc10bd06}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{86e88912-015c-11e3-b7f3-7071bc10bd06}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{86e8894c-015c-11e3-b7f3-7071bc10bd06}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{cc871934-070a-11e3-97c7-7071bc10bd06}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{d2cbd652-0815-11e3-9608-7071bc10bd06}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{ea593ef7-05f0-11e3-94b7-7071bc10bd06}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{ea593f0e-05f0-11e3-94b7-7071bc10bd06}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\Users\Matt\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1: Permission denied
WARNING: Can't open file C:\Users\Matt\ntuser.dat.LOG1: Permission denied
C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe: moved to 'C:\Qoobox\Quarantine\acrobroker.exe.infected'
WARNING: Can't open file C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1: Permission denied
WARNING: Can't open file C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1: Permission denied
WARNING: Can't open file C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb: Permission denied
WARNING: Can't open file C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb: Permission denied
WARNING: Can't open file C:\Windows\System32\config\default: Permission denied
WARNING: Can't open file C:\Windows\System32\config\DEFAULT.LOG1: Permission denied
WARNING: Can't open file C:\Windows\System32\config\RegBack\DEFAULT: Permission denied
WARNING: Can't open file C:\Windows\System32\config\RegBack\SAM: Permission denied
WARNING: Can't open file C:\Windows\System32\config\RegBack\SECURITY: Permission denied
WARNING: Can't open file C:\Windows\System32\config\RegBack\SOFTWARE: Permission denied
WARNING: Can't open file C:\Windows\System32\config\RegBack\SYSTEM: Permission denied
WARNING: Can't open file C:\Windows\System32\config\sam: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SAM.LOG1: Permission denied
WARNING: Can't open file C:\Windows\System32\config\security: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SECURITY.LOG1: Permission denied
WARNING: Can't open file C:\Windows\System32\config\software: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SOFTWARE.LOG1: Permission denied
WARNING: Can't open file C:\Windows\System32\config\system: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SYSTEM.LOG1: Permission denied
WARNING: Can't open file C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl: Permission denied
WARNING: Can't open file C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl: Permission denied
WARNING: Can't open file C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl: Permission denied
WARNING: Can't open file C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl: Permission denied
WARNING: Can't open file C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl: Permission denied
WARNING: Can't open file C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1: Permission denied
WARNING: Can't open file C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{02b8b5e0-ec81-11df-873b-00306724f956}.TM.blf: Permission denied
WARNING: Can't open file C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{02b8b5e0-ec81-11df-873b-00306724f956}.TMContainer00000000000000000001.regtrans-ms: Permission denied
WARNING: Can't open file C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{02b8b5e0-ec81-11df-873b-00306724f956}.TMContainer00000000000000000002.regtrans-ms: Permission denied
WARNING: Can't open file C:\Windows\Temp\TmpFile1: Permission denied

C:\Program Files (x86)\Creative\ShareDLL\CADI\CtPresetW.dll: Win.Trojan.Agent-469329 FOUND
C:\Qoobox\Quarantine\CtPresetW.dll.infected: Win.Trojan.Agent-469329 FOUND
C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe: Win.Trojan.Agent-428274 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 2668520
Engine version: 0.97.6
Scanned directories: 35367
Scanned files: 192194
Infected files: 3
Not copied: 1
Data scanned: 41281.57 MB
Data read: 52875.22 MB (ratio 0.78:1)
Time: 8136.986 sec (135 m 36 s)

Re: other inconvenient actions I may have taken, well, I can't actually recall everything I did... I think that night wrapped up with me randomly deleting some [likely benign/important] files/shares/permissions I didn't recognize (as though I would really know what belongs, anyway...:clown:) then when THAT somehow failed to fix everything, I unplugged the Interwebs, turned off the PC and engaged in exclusively analog activities for a few days. Now I have turned it back on and come here, with nothing to offer except a challenge, and my useless ego in sacrifice.

Here is my DDS log, per instructions:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2
Run by Matt at 17:33:53 on 2013-08-26
#Option Extended Search is enabled.
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2152 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\Windows\system32\hasplms.exe
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\splwow64.exe
C:\Users\Matt\Downloads\Suite del technomedico\aswMBR.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} -
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} -
uRun: [SpybotSD TeaTimer] C:\Users\Matt\AppData\Local\Temp\HBCD\SpybotSD\TeaTimer.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DontDisplayLockedUserId = dword:1
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{A373AF5D-6CF6-43F6-8A12-A8B3FBC13C69} : DHCPNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [IntelliType Pro] "C:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft Device Center\ipoint.exe"
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\tkb9qz04.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MIE\AlternaTIFF\npzzatif.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\tkb9qz04.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 BtHidBus;Bluetooth HID Bus Service;C:\Windows\System32\drivers\BtHidBus.sys [2011-12-21 25056]
R1 nm3;Microsoft Network Monitor 3 Driver;C:\Windows\System32\drivers\nm3.sys [2010-6-9 46392]
R1 StarPortLite;StarPort Storage Controller (Lite);C:\Windows\System32\drivers\StarPortLite.sys [2011-1-21 118888]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2013-5-1 83072]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-10-28 166400]
R2 hasplms;Sentinel Local License Manager;C:\Windows\System32\hasplms.exe -run --> C:\Windows\System32\hasplms.exe -run [?]
R2 iprip;RIP Listener;C:\Windows\System32\svchost.exe -k ipripsvc [2009-7-13 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 3xHybr64;3xHybrid service;C:\Windows\System32\drivers\3xHybr64.sys [2009-8-26 1333376]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\System32\drivers\lgandbus64.sys [2013-5-2 19456]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\System32\drivers\lganddiag64.sys [2013-5-2 27648]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\System32\drivers\lgandgps64.sys [2013-5-2 27136]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\System32\drivers\lgandmodem64.sys [2013-5-2 34304]
S3 BTCOM;Bluetooth Serial port driver;C:\Windows\System32\drivers\btcomport.sys [2011-7-27 29576]
S3 BTCOMBUS;Bluetooth Serial Port Bus Service;C:\Windows\System32\drivers\btcombus.sys [2011-7-27 25352]
S3 btnetBUs;Bluetooth PAN Bus Service;C:\Windows\System32\drivers\btnetBus.sys [2011-12-21 31968]
S3 CH341SER_A64;CH341SER_A64;C:\Windows\System32\drivers\CH341S64.SYS [2009-6-2 58368]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-27 48488]
S3 IvtBtBUs;IVT Bluetooth Bus Service;C:\Windows\System32\drivers\IvtBtBus.sys [2010-4-6 27016]
S3 RDPDISPM;RDPDISPM;C:\Windows\System32\drivers\rdpdispm.sys [2010-8-31 10752]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-18 19456]
S3 SCMUSB;SCM Microsystems SCR300 USB Smart Card Reader;C:\Windows\System32\drivers\stcusb.sys [2009-7-13 26112]
S3 synusb64;eLicenser;C:\Windows\System32\drivers\synusb64.sys [2011-4-15 30352]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-18 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-27 1255736]
S3 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 BS_I2cIo;BS_I2cIo;C:\Windows\System32\drivers\BS_I2cIo.sys [2010-10-26 15408]
S4 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2011-6-5 296808]
S4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-10-28 128512]
S4 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S4 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2013-6-7 3574624]
.
=============== Created Last 60 ================
.
2013-08-26 23:29:00 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{969CFC6C-30AB-4FD8-8F0D-9595E1B6174C}\mpengine.dll
2013-08-18 23:04:03 -------- d-----w- C:\Program Files\Clamwin
2013-08-18 14:00:13 -------- d-----w- C:\Users\Matt\Doctor Web
2013-08-17 10:24:19 -------- d-----w- C:\TDSSKiller_Quarantine
2013-08-17 07:02:18 -------- d-----w- C:\$RECYCLE.BIN
2013-08-17 06:35:53 -------- d-----w- C:\Users\Matt\AppData\Local\Avg2013
2013-08-17 06:22:18 208896 ----a-w- C:\Windows\MBR.exe
2013-08-17 06:22:17 98816 ----a-w- C:\Windows\sed.exe
2013-08-17 06:22:17 256000 ----a-w- C:\Windows\PEV.exe
2013-08-17 05:52:04 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-08-17 04:15:48 -------- d-----w- C:\Users\Matt\AppData\Local\{88FFCDE7-AD07-4FCD-AA93-0876CD804585}
2013-08-15 06:38:13 -------- d-----w- C:\Windows\System32\MRT
2013-08-09 09:40:06 -------- d-----w- C:\Users\Matt\AppData\Local\{14A2E42B-4629-4D19-A912-4DE02DD6F750}
2013-08-09 09:34:48 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-08-09 09:34:48 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-08-09 09:34:47 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-08-09 09:34:47 6496544 ----a-w- C:\Windows\System32\nvcpl.dll
2013-08-09 09:34:47 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-08-09 09:34:23 61216 ----a-w- C:\Windows\System32\OpenCL.dll
2013-08-09 09:34:23 53024 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-08-09 09:34:16 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-08-09 09:25:58 -------- d-----w- C:\NVIDIA
2013-08-08 11:57:25 -------- d-----w- C:\Program Files (x86)\USBformat
2013-08-08 11:57:04 -------- d-----w- C:\Users\Matt\New folder
2013-08-08 11:25:27 -------- d-----w- C:\MyBootCD
2013-08-08 11:06:05 -------- d-----w- C:\Program Files (x86)\Hiram Rescue Suite
2013-08-07 18:54:50 -------- d-----w- C:\Users\Matt\HiramRescue
2013-08-02 19:41:05 -------- d-----w- C:\Users\Matt\AppData\Local\Windows Live
2013-08-02 19:40:56 -------- d-----w- C:\Users\Matt\AppData\Local\{C2D30A09-923D-4CE1-9EAB-5BBB47F05783}
2013-07-16 15:54:36 -------- d-----w- C:\Program Files (x86)\LSS Locksmith
2013-07-14 19:46:45 -------- d-----w- C:\Users\Matt\AppData\Local\AnVir
2013-07-14 09:12:34 -------- d-----w- C:\Windows\System32\Reg
2013-07-02 10:21:20 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-01 19:13:48 -------- d-----w- C:\Users\Matt\AppData\Local\{1094F067-AA91-4B8B-ADC7-D8854F014796}
2013-07-01 07:13:17 -------- d-----w- C:\Users\Matt\AppData\Local\{EF3D19A0-B90B-4D23-9914-79E08420A584}
.
==================== Find6M ====================
.
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-11 23:59:54 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-11 23:59:54 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-07-02 10:21:11 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-02 10:21:11 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-03 01:24:47 1002728 ----a-w- C:\Windows\System32\WinUSBCoInstaller2.dll
2013-05-02 09:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-09 23:34:01 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-04-04 21:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-02 22:51:57 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-03-31 22:52:16 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
.
============= FINISH: 17:34:32.60 ===============


The file, "attach.txt" from the DDS run, is zipped into the attachment along with aswMBR.txt and .dat which were produced once I hit the "save log" button... despite the scan still running on my C: drive. Wasn't sure you needed that part, so figured I'll get the ball rolling with what I've got, and gladly post the rest of the aswMBR log once it is done, if you wish.

That about covers it, I think that is everything I can do to complicate things. (Unless you think I ought to stick some big magnets onto the harddrive enclosure...? :-)) Thanks in advance,

Best,

Matt

PS- I know this isn't reflected in the log, but I DID just turn off the S&D Tea Timer. However, the program ignored my attempts to uncheck the "SD Helper", even when run as an admin. FYI.

hi,

I dont recognize any malware in your logs and it seems you have run several tools yourself that most likely would have cleaned anything up. Not sure what led you to think you had a malware problem.
I cant really help with the Spybot issue as I dont use it myself. Only suggestion would be that If you can locate its folder in C: Program files you might find a uninstall.exe to run, reboot then download and reinstall it.

Hi Shelf Life,

Thank you for taking the time to review my logs. I am relieved to hear that you see no indication of malware! I wonder if my system could be remotely compromised, without any malware being present? My reason for asking (and most of the evidence that led me to believe my system is infected) is that I've had various system settings related to networking and security changing, without my knowledge or action (so far as I know). For example, at least twice I've disabled an inbound firewall rule which allows any remote computer to use SSTP to port 443, but it has re-enabled itself. Also found firewall rules apparently geared to allow me to run a DNS server.
Another example; an online port scan (SpeedGuide.net) found my port 161UDP to be open... I spent 10 minutes reading about that port, scanned again, and it was no longer listed open, simply unresponsive.
My security center service has suddenly become disabled several times, giving me a message, "The security center service cannot be started" when I try to restart it.
DNS-associated services spontaneously re-enable.
After reading that DCOM can present a security risk, I looked at the DCOM service... all options are grayed-out and unavailable to change. Normal?
A second Windows & boot-option has mysteriously appeared. When selected, I'm told the location is inaccessible, and to repair the system with the install disc. When I try that, it only sees one install and finds no problems to repair.
Day before yesterday, I found my router's firewall disabled (Motorola SB900). Set it back to highest level. An hour later, was unable to re-login to the router, had to do a hard reset to factory default. Upon regaining access, firewall was down again. Pretty sure the router ships with it enabled...

Stuff like that. Any thoughts?

Thanks again!

Looks like combofix did run. If you click on start in the search field type in combofix /uninstall
click ok or enter to uninstall combofix.
Next visit this page (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) for directions on running it and the download link.
Lets see what it can did up and we will go from there.

Hi sorry about the delay; my net connection was totally hijacked! I thought I was going to have to fully reinstall Windows; even the original-disc system repair was resulting in a BSOD! Only by using regedit from the command line, and deleting all the weird networking keys I could find, was I able to finally use the Startup repair tool effectively- whew! It seems to be of note, that at one point the netstat /v command showed about a dozen ports actively listening to "eleven.ebola.cz"... not a connection I deliberately made, for sure.
Anyhoo, after getting back online, uninstalled old Combofix and installed from link provided. Followed install/run directions exactly, log follows:


ComboFix 13-09-14.01 - Matt 09/16/2013 10:32:55.1.2 - x64
Running from: c:\users\Matt\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
D:\Recycler
.
.
((((((((((((((((((((((((( Files Created from 2013-08-16 to 2013-09-16 )))))))))))))))))))))))))))))))
.
.
2013-09-16 18:01 . 2013-09-16 18:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-09-16 18:01 . 2013-09-16 18:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-16 18:01 . 2013-09-16 18:01 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-09-13 17:27 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8001DCCF-BA57-40E4-8516-E720B38A21BD}\mpengine.dll
2013-09-13 17:25 . 2013-09-13 17:25 -------- d-----w- c:\users\Matt\AppData\Local\Apple Computer
2013-09-11 12:47 . 2013-09-11 12:47 -------- d-----w- c:\users\Matt\AppData\Local\Apple
2013-09-10 06:44 . 2013-09-15 09:56 -------- d-----w- c:\program files\RevoUninstaller
2013-09-07 03:53 . 2013-09-07 03:53 -------- d-----w- c:\users\Matt\AppData\Roaming\OpenOffice
2013-09-05 05:00 . 2013-09-05 05:01 -------- d-----w- c:\program files (x86)\OpenOffice 4
2013-09-04 18:55 . 2012-08-21 20:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-09-04 18:55 . 2013-09-04 18:55 -------- d-----w- c:\program files\iPod
2013-09-04 18:55 . 2013-09-04 18:55 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-04 18:55 . 2013-09-04 18:55 -------- d-----w- c:\program files\iTunes
2013-09-04 18:54 . 2013-09-04 18:54 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
2013-09-04 18:54 . 2013-09-04 18:54 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
2013-09-04 18:53 . 2013-09-13 00:04 -------- d-----w- c:\program files\Bonjour
2013-09-04 18:53 . 2013-09-13 00:04 -------- d-----w- c:\program files (x86)\Bonjour
2013-09-04 18:52 . 2013-09-13 00:04 -------- d-----w- c:\program files\Common Files\Apple
2013-09-04 18:13 . 2013-09-07 20:07 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-09-04 18:13 . 2013-09-06 20:36 262552 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-09-04 17:43 . 2013-09-04 17:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-09-04 17:43 . 2013-09-04 17:43 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2013-09-04 17:43 . 2013-09-04 17:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-09-04 17:43 . 2013-09-04 17:43 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2013-09-04 17:43 . 2013-09-04 17:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-09-04 17:43 . 2013-09-04 17:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-09-04 17:43 . 2013-09-04 17:43 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2013-09-04 17:43 . 2013-09-04 17:43 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2013-09-04 17:43 . 2013-09-04 17:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-09-04 17:43 . 2013-09-04 17:43 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2013-09-04 17:42 . 2013-09-04 17:43 -------- d-----w- c:\program files (x86)\QuickTime
2013-09-04 16:54 . 2013-09-04 16:54 -------- d-----w- c:\users\Matt\AppData\Local\WindowsUpdate
2013-09-04 16:51 . 2013-09-04 16:51 -------- d-----w- c:\users\Matt\AppData\Local\Secunia PSI
2013-09-04 16:51 . 2013-09-04 16:51 -------- d-----w- c:\program files (x86)\Secunia
2013-09-04 07:56 . 2013-09-04 07:56 -------- d-----w- c:\windows\ERUNT
2013-09-04 07:51 . 2013-09-04 07:52 -------- d-----w- c:\program files (x86)\Arduino
2013-09-03 13:53 . 2013-09-03 13:53 187248 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-09-03 13:53 . 2013-09-03 13:53 187248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-08-29 00:39 . 2013-09-11 12:23 -------- d-----w- c:\users\Matt\AppData\Local\Apps
2013-08-27 23:16 . 2013-08-30 07:48 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-27 23:16 . 2013-08-30 07:48 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-27 23:16 . 2013-08-30 07:48 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-08-27 23:16 . 2013-08-30 07:48 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-27 23:16 . 2013-08-30 07:48 204880 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-27 23:16 . 2013-08-30 07:48 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-27 23:16 . 2013-08-30 07:48 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-27 23:16 . 2013-08-30 07:48 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-27 23:16 . 2013-08-30 07:47 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-27 23:13 . 2013-08-30 07:47 41664 ----a-w- c:\windows\avastSS.scr
2013-08-27 23:13 . 2013-09-07 20:07 -------- d-----w- c:\program files\Avast
2013-08-27 23:11 . 2013-08-27 23:13 -------- d-----w- c:\programdata\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-14 06:46 . 2012-04-10 14:07 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-14 06:46 . 2011-06-17 06:02 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-13 10:01 . 2010-10-27 09:12 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-02 01:48 . 2013-09-13 17:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-15 06:02 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-15 06:02 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-15 06:02 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-15 06:02 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-15 06:02 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-15 06:02 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-15 06:02 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-15 06:02 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-15 06:02 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-15 06:02 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-15 06:02 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-15 06:02 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-15 06:02 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-15 06:02 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-15 06:02 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-07-03 08:32 . 2013-07-03 08:32 18456 ----a-w- c:\windows\system32\drivers\psi_mf_amd64.sys
2013-07-02 10:21 . 2013-07-02 10:21 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-02 10:21 . 2012-12-06 12:30 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-02 10:21 . 2011-09-29 13:40 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-21 12:06 . 2013-08-09 09:34 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-06-21 12:06 . 2013-08-09 09:34 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-06-21 12:06 . 2013-08-09 09:27 9239344 ----a-w- c:\windows\system32\nvcuda.dll
2013-06-21 12:06 . 2013-08-09 09:27 7687592 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-06-21 12:06 . 2013-08-09 09:27 7641832 ----a-w- c:\windows\system32\nvopencl.dll
2013-06-21 12:06 . 2013-08-09 09:27 6324360 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-06-21 12:06 . 2013-08-09 09:27 572704 ----a-w- c:\windows\system32\NvFBC64.dll
2013-06-21 12:06 . 2013-08-09 09:27 570656 ----a-w- c:\windows\system32\NvIFR64.dll
2013-06-21 12:06 . 2013-08-09 09:27 467232 ----a-w- c:\windows\SysWow64\NvIFR.dll
2013-06-21 12:06 . 2013-08-09 09:27 465184 ----a-w- c:\windows\SysWow64\NvFBC.dll
2013-06-21 12:06 . 2013-08-09 09:27 2953504 ----a-w- c:\windows\system32\nvcuvid.dll
2013-06-21 12:06 . 2013-08-09 09:27 2936208 ----a-w- c:\windows\system32\nvapi64.dll
2013-06-21 12:06 . 2013-08-09 09:27 27781920 ----a-w- c:\windows\system32\nvoglv64.dll
2013-06-21 12:06 . 2013-08-09 09:27 2777888 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-06-21 12:06 . 2013-08-09 09:27 2597856 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-06-21 12:06 . 2013-08-09 09:27 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-06-21 12:06 . 2013-08-09 09:27 2363680 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-06-21 12:06 . 2013-08-09 09:27 21102368 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-06-21 12:06 . 2013-08-09 09:27 2002720 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-06-21 12:06 . 2013-08-09 09:27 1832224 ----a-w- c:\windows\system32\nvdispco6432049.dll
2013-06-21 12:06 . 2013-08-09 09:27 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-06-21 12:06 . 2013-08-09 09:27 15920536 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-06-21 12:06 . 2013-08-09 09:27 15144928 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-06-21 12:06 . 2013-08-09 09:27 1511712 ----a-w- c:\windows\system32\nvdispgenco6432049.dll
2013-06-21 12:06 . 2013-08-09 09:27 13411896 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-06-21 12:06 . 2013-08-09 09:27 12427240 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-06-21 12:06 . 2013-08-09 09:27 11235104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-06-21 10:23 . 2013-08-09 09:34 3514656 ----a-w- c:\windows\system32\nvsvc64.dll
2013-06-21 10:23 . 2013-08-09 09:34 6496544 ----a-w- c:\windows\system32\nvcpl.dll
2013-06-21 10:23 . 2013-08-09 09:34 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-06-21 10:23 . 2013-08-09 09:34 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-06-21 10:23 . 2013-08-09 09:34 237856 ----a-w- c:\windows\system32\nvmctray.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Avast\avastUI.exe" [2013-08-30 4858968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-7-3 563416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DontDisplayLockedUserId"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
"ForceRunOnStartMenu"= 1 (0x1)
"NoStartMenuMyGames"= 1 (0x1)
"NoWebServices"= 1 (0x1)
"NoOnlinePrintsWizard"= 1 (0x1)
"NoPublishingWizard"= 1 (0x1)
"NoNetConnectDisconnect"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe"
"SpybotSnD"="c:\users\Matt\AppData\Local\Temp\HBCD\SpybotSD\SpybotSD.exe" /autocheck /autoclose /waitstart
.
R0 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\windows\c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\windows\c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 3xHybr64;3xHybrid service;c:\windows\system32\DRIVERS\3xHybr64.sys;c:\windows\SYSNATIVE\DRIVERS\3xHybr64.sys [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys;c:\windows\SYSNATIVE\DRIVERS\btcomport.sys [x]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys;c:\windows\SYSNATIVE\Drivers\btcombus.sys [x]
R3 CH341SER_A64;CH341SER_A64;c:\windows\system32\Drivers\CH341S64.SYS;c:\windows\SYSNATIVE\Drivers\CH341S64.SYS [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys;c:\windows\SYSNATIVE\Drivers\IvtBtBus.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys;c:\windows\SYSNATIVE\DRIVERS\rdpdispm.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SCMUSB;SCM Microsystems SCR300 USB Smart Card Reader;c:\windows\system32\DRIVERS\stcusb.sys;c:\windows\SYSNATIVE\DRIVERS\stcusb.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 synusb64;eLicenser;c:\windows\system32\DRIVERS\synusb64.sys;c:\windows\SYSNATIVE\DRIVERS\synusb64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys;c:\windows\SYSNATIVE\Drivers\BtHidBus.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys;c:\windows\SYSNATIVE\DRIVERS\nm3.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 iprip;RIP Listener;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 18:20 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 06:46]
.
2013-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-13 22:00]
.
2013-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-13 22:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 133840 ----a-w- c:\program files\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mWindow Title = INTERNET! By MegaCorp Pan Galactic
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\tkb9qz04.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-08-27 16:14; wrc@avast.com; c:\program files\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-38452173.sys
SafeBoot-52802374.sys
SafeBoot-70504822.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\swearware]
@Denied: (Full) (Owner)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Completion time: 2013-09-16 11:21:11 - machine was rebooted
ComboFix-quarantined-files.txt 2013-09-16 18:21
ComboFix2.txt 2013-08-17 07:13
.
Pre-Run: 172,823,891,968 bytes free
Post-Run: 172,483,440,640 bytes free
.
- - End Of File - - 924DA8CCCE582797EDA90B7F81992B4A
A36C5E4F47E84449FF07ED3517B43A31



NOW HERE IS THE QUARANTINED FILE LIST:

2013-09-16 18:18:56 . 2013-09-16 18:18:56 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-70504822.sys.reg.dat
2013-09-16 18:18:56 . 2013-09-16 18:18:56 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-52802374.sys.reg.dat
2013-09-16 18:18:56 . 2013-09-16 18:18:56 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-38452173.sys.reg.dat
2013-09-16 18:09:30 . 2013-09-09 22:21:46 16 ----a-w- C:\Qoobox\Quarantine\D\Recycler.vir
2013-09-16 17:56:53 . 2013-09-16 17:56:53 7,168 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-09-16 17:30:09 . 2013-09-16 17:30:09 51 ----a-w- C:\Qoobox\Quarantine\catchme.log
2013-09-04 17:28:44 . 2013-09-04 17:28:44 112 ----a-w- C:\Qoobox\Quarantine\C\Windows\wininit.ini.vir

Two more downloads to get. Aswmbr.exe and TDSSkiller.exe:

Please download aswMBR.exe to your desktop.

Download Aswmbr.exe (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.
Right click on icon and select "run as admin."
For the question: Would you like to download latest Avast! virus definitions?" Click YES to download the additional files..then
Click the "Scan" button to start scan.
Once the scan is done click the"Save log", save it to your desktop and post it in your next reply.

TDSSkiller:

Download TDSSkiller.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) to your desktop.

Right click on TDSSKiller.exe and chose "run as admin" , then click on Change parameters.
Put a checkmark beside loaded modules box.
A reboot will be needed to apply the changes. Please reboot at the prompt to apply the change.

TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
Click the Start Scan button.
The scan should take no longer than 2 minutes.
If a suspicious object is detected, the default action will be Skip, click on Continue.

If malicious objects are found, they will show in the Scan results
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here. Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)