Results 1 to 6 of 6

Thread: My computer is a tramp

  1. #1
    Junior Member mattbeowulf's Avatar
    Join Date
    Aug 2013
    Location
    Seattle
    Posts
    4

    Unhappy My computer is a tramp

    ...bringing home all sorts of who-knows-what ;-) I would be most appreciative for some assistance in cleaning the goblins out of her...

    Because I can tell y'all like a challenge (not really, I was simply ignorant) I have done most of the things a user is directed NOT to do prior to your assistance, as enumerated in the "before you post" thread. Sorry Specifically, before admitting that I'm out of my depth, I tried many and various means for removal of the shadowy software lurking in my PC -- registry cleaning (a la Glary Utilities), a couple of anti spyware/root kit tools like Malwarebytes, AVG (until I got fed up & tried to remove it), and then I found Hiran's Boot CD -- and in one blurred, frenzied and ineffective night I tried all sorts of options in the suite of tools. Combofix included, but although I opened the program, I don't think I used any of its tools, but not sure. Also tried ClamWin AV, which is the only thing that named some of the elusive trojans. Here is that scan log; infected files are at the end:

    Scan Started Mon Aug 19 15:21:03 2013
    -------------------------------------------------------------------------------

    WARNING: Can't open file C:\Boot\BCD: Permission denied
    WARNING: Can't open file C:\pagefile.sys: Permission denied
    C:\Program Files (x86)\Creative\ShareDLL\CADI\CtPresetW.dll: moved to 'C:\Qoobox\Quarantine\CtPresetW.dll.infected'
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\033645cb82d642d47aa605cc88e0e3ca_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\049b06736804db2f5e7621bebf6ed59e_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\07bd1d916181adf10240b62971ccf64e_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\09f52e0a31fd18662690f8bd772e66e4_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0b51c6cc08e821819fc4d861dd43abf9_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\102e8dbbecf306b873cfca4be985e399_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1148650d479f382165a373d3dbe95a90_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\121b3ed2f250f997cb71d0cdf2b59822_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\169fc132319d105a90d0644948e7bc3b_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1a14b697ac72b698323074f874c8888b_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1c7aa1bc7ce76500a52b91ec4ce58b47_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\23e0fbdbaedcfc2208c1509a8293872e_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2d478076527342ef7fcdbecb4ecdc28a_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2ecf015b6012bd91248be329bbd2bf47_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3031c930d4aa06a42755f87a67e9af8b_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3047a828acdf97013d991028b880c556_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\33b84a1097cc036a3fd4b4353cc63f69_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c12f6e1467c4ac4966c5bb8e2f20ee3_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3da4117aeb23d4e0d33dbbc262bee0d8_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3e65d1ff502c8948ba275bdc9778e2ea_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3f91b791638dd75bbdf72f5345cd64dc_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3ff144a43259042866d488203c817df5_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\41ba34bcdb2177f953c214a169f0c227_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4240280e49be3991007efb65cbc599ff_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4591ef02cebc8ec876cac822eddeaed2_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\46d6cc5a3e6bf68989208591f0b5ebef_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4a52d2b4827844c4b4e19a12df7fd831_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4f2fb8045bc240825db618b02e093265_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\50759155b0276663b5a4a49979d5594b_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\51356229475c76892b3edfb4487c0a2f_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\57f6e27b1d1a8b0912fb77c9a58a3cd0_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\68294f27f83983725ebbab624846cbb2_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\69cc8aca239d277ad44c008e2257886a_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b209b20d48fd8de500c0c0073e1640b_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6c9ae8a5f86c33ae67f6fc15b7ff7d8c_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6d33e26fd8288b0fb339322306765dfd_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7270e2d4532469b59a90c7bb6deba41d_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\764ff12e6bfa66cbad00cb446cbac448_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7d9dfa7d386a104a25fd530f7bf56273_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\844e98caa4582b782bcf7e623354afed_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8a4e5055d1760287dde00e446b672ea6_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8b897ef36142f0e23e409c077d20065d_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8d5bc829e84337ce16dc414c2fadc916_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8f050e05aaff7e90980ab0b5d7f83707_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9b5d0040b5a564605fb08b44ed340451_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9bb34e4a824539a9beaa5219eae3a64b_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a2917eedc30797a12920d8012653265e_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a6c82625a7a95e0c7b4284a9a1d883e2_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ab913a1d7eee1e429ec3abaff5b1620f_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ade23b912d0c3e1abae02fbb64975b76_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b19f341a36468a6a39ffb0d280f6d336_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b4e6e30a45e4aa79fa27fbddf5363b15_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b5724232facc542c4c366528017177c1_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bc9ce41a6bc5152c1ffe764ae12143a8_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bdf935d91b9907e0d2e14a582c308c8a_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c1c5472bb5c698de9a3a9dfa39296ce4_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c39dea9c049e6b8c9fca7ffdaa0e9688_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c689064be407e1c74d7aa125e51a5dd2_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c69a8968a46a35e3e091cc4e5d6a7e6e_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c73add8524540e2385dd2df9e781c1b9_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c8132611abe0e5eca0b8f7e8cbf7dd1d_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cc0a29fb795e598881213cf0f134b1cc_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d0ddcfc62115b7a14ea8676b7644aa5a_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d54af066da8d738fdfcf6cfeed483166_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d7beeb857d4435b5b77912fb7c7cb5a1_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dd493c4537a14931d5b6e63490c65ff0_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\de66b6c415bda6afac89ca285eb7c4c5_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e053acf0f1aafb92c4e811d259e95410_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e07f532128c3e21aee6016e64f3872b1_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e371cd75ca7f6c64f505d624188780c1_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ebcadaaf5291757baa797716a1aaa702_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ee9d86034348152be99975864fcf2183_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\eeabb80d0bcd3f9f8e56bc7bff52c522_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f082e472fad03cbc2b870c945d1fe78b_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f4ff103e299a22c850065b1f08e22544_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f50247895c8cca5f8feabd5efb1e0ac6_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f9ac9fa9bdd2db2c93c05d33539f7651_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fb5e40d256c3c4fbb336e1cdc2688d51_d11f5272-a737-490e-ac55-87e51c7c4e4f: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-EF17B81B8BEC21E07B878AA88994B27AEB19C5F2.bin.67: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-EF17B81B8BEC21E07B878AA88994B27AEB19C5F2.bin.7E: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-EF17B81B8BEC21E07B878AA88994B27AEB19C5F2.bin.80: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-EF17B81B8BEC21E07B878AA88994B27AEB19C5F2.bin.87: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-EF17B81B8BEC21E07B878AA88994B27AEB19C5F2.bin.A0: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-EF17B81B8BEC21E07B878AA88994B27AEB19C5F2.bin.VE0: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-EF17B81B8BEC21E07B878AA88994B27AEB19C5F2.bin.VE1: Permission denied
    WARNING: Can't open file C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-EF17B81B8BEC21E07B878AA88994B27AEB19C5F2.bin.VF: Permission denied
    C:\Qoobox\Quarantine\CtPresetW.dll.infected not moved/copied since already in quarantine
    WARNING: Can't open file C:\System Volume Information\Syscache.hve: Permission denied
    WARNING: Can't open file C:\System Volume Information\Syscache.hve.LOG1: Permission denied
    WARNING: Can't open file C:\System Volume Information\{05f081fd-0873-11e3-9bb4-7071bc10bd06}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
    WARNING: Can't open file C:\System Volume Information\{0f1592b2-f269-11e2-8021-7071bc10bd06}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
    WARNING: Can't open file C:\System Volume Information\{1c11a4c0-fba7-11e2-b122-7071bc10bd06}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
    WARNING: Can't open file C:\System Volume Information\{26507b0e-056f-11e3-b4e4-7071bc10bd06}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
    WARNING: Can't open file C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
    WARNING: Can't open file C:\System Volume Information\{3bdac356-00d7-11e3-8b59-7071bc10bd06}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
    WARNING: Can't open file C:\System Volume Information\{681b83d7-01c4-11e3-8478-7071bc10bd06}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
    WARNING: Can't open file C:\System Volume Information\{7d723cd5-f88d-11e2-8073-7071bc10bd06}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
    WARNING: Can't open file C:\System Volume Information\{86e88912-015c-11e3-b7f3-7071bc10bd06}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
    WARNING: Can't open file C:\System Volume Information\{86e8894c-015c-11e3-b7f3-7071bc10bd06}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
    WARNING: Can't open file C:\System Volume Information\{cc871934-070a-11e3-97c7-7071bc10bd06}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
    WARNING: Can't open file C:\System Volume Information\{d2cbd652-0815-11e3-9608-7071bc10bd06}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
    WARNING: Can't open file C:\System Volume Information\{ea593ef7-05f0-11e3-94b7-7071bc10bd06}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
    WARNING: Can't open file C:\System Volume Information\{ea593f0e-05f0-11e3-94b7-7071bc10bd06}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
    WARNING: Can't open file C:\Users\Matt\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1: Permission denied
    WARNING: Can't open file C:\Users\Matt\ntuser.dat.LOG1: Permission denied
    C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe: moved to 'C:\Qoobox\Quarantine\acrobroker.exe.infected'
    WARNING: Can't open file C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1: Permission denied
    WARNING: Can't open file C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1: Permission denied
    WARNING: Can't open file C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb: Permission denied
    WARNING: Can't open file C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb: Permission denied
    WARNING: Can't open file C:\Windows\System32\config\default: Permission denied
    WARNING: Can't open file C:\Windows\System32\config\DEFAULT.LOG1: Permission denied
    WARNING: Can't open file C:\Windows\System32\config\RegBack\DEFAULT: Permission denied
    WARNING: Can't open file C:\Windows\System32\config\RegBack\SAM: Permission denied
    WARNING: Can't open file C:\Windows\System32\config\RegBack\SECURITY: Permission denied
    WARNING: Can't open file C:\Windows\System32\config\RegBack\SOFTWARE: Permission denied
    WARNING: Can't open file C:\Windows\System32\config\RegBack\SYSTEM: Permission denied
    WARNING: Can't open file C:\Windows\System32\config\sam: Permission denied
    WARNING: Can't open file C:\Windows\System32\config\SAM.LOG1: Permission denied
    WARNING: Can't open file C:\Windows\System32\config\security: Permission denied
    WARNING: Can't open file C:\Windows\System32\config\SECURITY.LOG1: Permission denied
    WARNING: Can't open file C:\Windows\System32\config\software: Permission denied
    WARNING: Can't open file C:\Windows\System32\config\SOFTWARE.LOG1: Permission denied
    WARNING: Can't open file C:\Windows\System32\config\system: Permission denied
    WARNING: Can't open file C:\Windows\System32\config\SYSTEM.LOG1: Permission denied
    WARNING: Can't open file C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl: Permission denied
    WARNING: Can't open file C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl: Permission denied
    WARNING: Can't open file C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl: Permission denied
    WARNING: Can't open file C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl: Permission denied
    WARNING: Can't open file C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl: Permission denied
    WARNING: Can't open file C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1: Permission denied
    WARNING: Can't open file C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{02b8b5e0-ec81-11df-873b-00306724f956}.TM.blf: Permission denied
    WARNING: Can't open file C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{02b8b5e0-ec81-11df-873b-00306724f956}.TMContainer00000000000000000001.regtrans-ms: Permission denied
    WARNING: Can't open file C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{02b8b5e0-ec81-11df-873b-00306724f956}.TMContainer00000000000000000002.regtrans-ms: Permission denied
    WARNING: Can't open file C:\Windows\Temp\TmpFile1: Permission denied

    C:\Program Files (x86)\Creative\ShareDLL\CADI\CtPresetW.dll: Win.Trojan.Agent-469329 FOUND
    C:\Qoobox\Quarantine\CtPresetW.dll.infected: Win.Trojan.Agent-469329 FOUND
    C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe: Win.Trojan.Agent-428274 FOUND
    ----------- SCAN SUMMARY -----------
    Known viruses: 2668520
    Engine version: 0.97.6
    Scanned directories: 35367
    Scanned files: 192194
    Infected files: 3
    Not copied: 1
    Data scanned: 41281.57 MB
    Data read: 52875.22 MB (ratio 0.78:1)
    Time: 8136.986 sec (135 m 36 s)

    Re: other inconvenient actions I may have taken, well, I can't actually recall everything I did... I think that night wrapped up with me randomly deleting some [likely benign/important] files/shares/permissions I didn't recognize (as though I would really know what belongs, anyway...) then when THAT somehow failed to fix everything, I unplugged the Interwebs, turned off the PC and engaged in exclusively analog activities for a few days. Now I have turned it back on and come here, with nothing to offer except a challenge, and my useless ego in sacrifice.

    Here is my DDS log, per instructions:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2
    Run by Matt at 17:33:53 on 2013-08-26
    #Option Extended Search is enabled.
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2152 [GMT -7:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
    C:\Windows\system32\hasplms.exe
    C:\Windows\System32\svchost.exe -k ipripsvc
    C:\Windows\System32\tcpsvcs.exe
    C:\Windows\System32\snmp.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
    C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft Device Center\itype.exe
    C:\Program Files\Microsoft Device Center\ipoint.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\splwow64.exe
    C:\Users\Matt\Downloads\Suite del technomedico\aswMBR.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} -
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} -
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} -
    uRun: [SpybotSD TeaTimer] C:\Users\Matt\AppData\Local\Temp\HBCD\SpybotSD\TeaTimer.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: DontDisplayLockedUserId = dword:1
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} -
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{A373AF5D-6CF6-43F6-8A12-A8B3FBC13C69} : DHCPNameServer = 192.168.2.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
    x64-Run: [IntelliType Pro] "C:\Program Files\Microsoft Device Center\itype.exe"
    x64-Run: [IntelliPoint] "C:\Program Files\Microsoft Device Center\ipoint.exe"
    x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\tkb9qz04.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\MIE\AlternaTIFF\npzzatif.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\tkb9qz04.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 BtHidBus;Bluetooth HID Bus Service;C:\Windows\System32\drivers\BtHidBus.sys [2011-12-21 25056]
    R1 nm3;Microsoft Network Monitor 3 Driver;C:\Windows\System32\drivers\nm3.sys [2010-6-9 46392]
    R1 StarPortLite;StarPort Storage Controller (Lite);C:\Windows\System32\drivers\StarPortLite.sys [2011-1-21 118888]
    R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2013-5-1 83072]
    R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-10-28 166400]
    R2 hasplms;Sentinel Local License Manager;C:\Windows\System32\hasplms.exe -run --> C:\Windows\System32\hasplms.exe -run [?]
    R2 iprip;RIP Listener;C:\Windows\System32\svchost.exe -k ipripsvc [2009-7-13 27136]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 3xHybr64;3xHybrid service;C:\Windows\System32\drivers\3xHybr64.sys [2009-8-26 1333376]
    S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\System32\drivers\lgandbus64.sys [2013-5-2 19456]
    S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\System32\drivers\lganddiag64.sys [2013-5-2 27648]
    S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\System32\drivers\lgandgps64.sys [2013-5-2 27136]
    S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\System32\drivers\lgandmodem64.sys [2013-5-2 34304]
    S3 BTCOM;Bluetooth Serial port driver;C:\Windows\System32\drivers\btcomport.sys [2011-7-27 29576]
    S3 BTCOMBUS;Bluetooth Serial Port Bus Service;C:\Windows\System32\drivers\btcombus.sys [2011-7-27 25352]
    S3 btnetBUs;Bluetooth PAN Bus Service;C:\Windows\System32\drivers\btnetBus.sys [2011-12-21 31968]
    S3 CH341SER_A64;CH341SER_A64;C:\Windows\System32\drivers\CH341S64.SYS [2009-6-2 58368]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-27 48488]
    S3 IvtBtBUs;IVT Bluetooth Bus Service;C:\Windows\System32\drivers\IvtBtBus.sys [2010-4-6 27016]
    S3 RDPDISPM;RDPDISPM;C:\Windows\System32\drivers\rdpdispm.sys [2010-8-31 10752]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-18 19456]
    S3 SCMUSB;SCM Microsystems SCR300 USB Smart Card Reader;C:\Windows\System32\drivers\stcusb.sys [2009-7-13 26112]
    S3 synusb64;eLicenser;C:\Windows\System32\drivers\synusb64.sys [2011-4-15 30352]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-18 57856]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-27 1255736]
    S3 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
    S4 BS_I2cIo;BS_I2cIo;C:\Windows\System32\drivers\BS_I2cIo.sys [2010-10-26 15408]
    S4 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2011-6-5 296808]
    S4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-10-28 128512]
    S4 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S4 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2013-6-7 3574624]
    .
    =============== Created Last 60 ================
    .
    2013-08-26 23:29:00 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{969CFC6C-30AB-4FD8-8F0D-9595E1B6174C}\mpengine.dll
    2013-08-18 23:04:03 -------- d-----w- C:\Program Files\Clamwin
    2013-08-18 14:00:13 -------- d-----w- C:\Users\Matt\Doctor Web
    2013-08-17 10:24:19 -------- d-----w- C:\TDSSKiller_Quarantine
    2013-08-17 07:02:18 -------- d-----w- C:\$RECYCLE.BIN
    2013-08-17 06:35:53 -------- d-----w- C:\Users\Matt\AppData\Local\Avg2013
    2013-08-17 06:22:18 208896 ----a-w- C:\Windows\MBR.exe
    2013-08-17 06:22:17 98816 ----a-w- C:\Windows\sed.exe
    2013-08-17 06:22:17 256000 ----a-w- C:\Windows\PEV.exe
    2013-08-17 05:52:04 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2013-08-17 04:15:48 -------- d-----w- C:\Users\Matt\AppData\Local\{88FFCDE7-AD07-4FCD-AA93-0876CD804585}
    2013-08-15 06:38:13 -------- d-----w- C:\Windows\System32\MRT
    2013-08-09 09:40:06 -------- d-----w- C:\Users\Matt\AppData\Local\{14A2E42B-4629-4D19-A912-4DE02DD6F750}
    2013-08-09 09:34:48 63776 ----a-w- C:\Windows\System32\nvshext.dll
    2013-08-09 09:34:48 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll
    2013-08-09 09:34:47 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
    2013-08-09 09:34:47 6496544 ----a-w- C:\Windows\System32\nvcpl.dll
    2013-08-09 09:34:47 237856 ----a-w- C:\Windows\System32\nvmctray.dll
    2013-08-09 09:34:23 61216 ----a-w- C:\Windows\System32\OpenCL.dll
    2013-08-09 09:34:23 53024 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2013-08-09 09:34:16 -------- d-----w- C:\ProgramData\NVIDIA Corporation
    2013-08-09 09:25:58 -------- d-----w- C:\NVIDIA
    2013-08-08 11:57:25 -------- d-----w- C:\Program Files (x86)\USBformat
    2013-08-08 11:57:04 -------- d-----w- C:\Users\Matt\New folder
    2013-08-08 11:25:27 -------- d-----w- C:\MyBootCD
    2013-08-08 11:06:05 -------- d-----w- C:\Program Files (x86)\Hiram Rescue Suite
    2013-08-07 18:54:50 -------- d-----w- C:\Users\Matt\HiramRescue
    2013-08-02 19:41:05 -------- d-----w- C:\Users\Matt\AppData\Local\Windows Live
    2013-08-02 19:40:56 -------- d-----w- C:\Users\Matt\AppData\Local\{C2D30A09-923D-4CE1-9EAB-5BBB47F05783}
    2013-07-16 15:54:36 -------- d-----w- C:\Program Files (x86)\LSS Locksmith
    2013-07-14 19:46:45 -------- d-----w- C:\Users\Matt\AppData\Local\AnVir
    2013-07-14 09:12:34 -------- d-----w- C:\Windows\System32\Reg
    2013-07-02 10:21:20 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-07-01 19:13:48 -------- d-----w- C:\Users\Matt\AppData\Local\{1094F067-AA91-4B8B-ADC7-D8854F014796}
    2013-07-01 07:13:17 -------- d-----w- C:\Users\Matt\AppData\Local\{EF3D19A0-B90B-4D23-9914-79E08420A584}
    .
    ==================== Find6M ====================
    .
    2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
    2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
    2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
    2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
    2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2013-07-11 23:59:54 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-07-11 23:59:54 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
    2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
    2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
    2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
    2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
    2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
    2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
    2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-07-02 10:21:11 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-07-02 10:21:11 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
    2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
    2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
    2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
    2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
    2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
    2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
    2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
    2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
    2013-05-03 01:24:47 1002728 ----a-w- C:\Windows\System32\WinUSBCoInstaller2.dll
    2013-05-02 09:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
    2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
    2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
    2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
    2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2013-04-09 23:34:01 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2013-04-04 21:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-04-02 22:51:57 1643520 ----a-w- C:\Windows\System32\DWrite.dll
    2013-03-31 22:52:16 1887232 ----a-w- C:\Windows\System32\d3d11.dll
    2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
    2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll
    2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
    2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
    .
    ============= FINISH: 17:34:32.60 ===============


    The file, "attach.txt" from the DDS run, is zipped into the attachment along with aswMBR.txt and .dat which were produced once I hit the "save log" button... despite the scan still running on my C: drive. Wasn't sure you needed that part, so figured I'll get the ball rolling with what I've got, and gladly post the rest of the aswMBR log once it is done, if you wish.

    That about covers it, I think that is everything I can do to complicate things. (Unless you think I ought to stick some big magnets onto the harddrive enclosure...? :-)) Thanks in advance,

    Best,

    Matt

    PS- I know this isn't reflected in the log, but I DID just turn off the S&D Tea Timer. However, the program ignored my attempts to uncheck the "SD Helper", even when run as an admin. FYI.
    Attached Files Attached Files

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi,

    I dont recognize any malware in your logs and it seems you have run several tools yourself that most likely would have cleaned anything up. Not sure what led you to think you had a malware problem.
    I cant really help with the Spybot issue as I dont use it myself. Only suggestion would be that If you can locate its folder in C: Program files you might find a uninstall.exe to run, reboot then download and reinstall it.
    How Can I Reduce My Risk?

  3. #3
    Junior Member mattbeowulf's Avatar
    Join Date
    Aug 2013
    Location
    Seattle
    Posts
    4

    Default Could it be a hacker?

    Hi Shelf Life,

    Thank you for taking the time to review my logs. I am relieved to hear that you see no indication of malware! I wonder if my system could be remotely compromised, without any malware being present? My reason for asking (and most of the evidence that led me to believe my system is infected) is that I've had various system settings related to networking and security changing, without my knowledge or action (so far as I know). For example, at least twice I've disabled an inbound firewall rule which allows any remote computer to use SSTP to port 443, but it has re-enabled itself. Also found firewall rules apparently geared to allow me to run a DNS server.
    Another example; an online port scan (SpeedGuide.net) found my port 161UDP to be open... I spent 10 minutes reading about that port, scanned again, and it was no longer listed open, simply unresponsive.
    My security center service has suddenly become disabled several times, giving me a message, "The security center service cannot be started" when I try to restart it.
    DNS-associated services spontaneously re-enable.
    After reading that DCOM can present a security risk, I looked at the DCOM service... all options are grayed-out and unavailable to change. Normal?
    A second Windows & boot-option has mysteriously appeared. When selected, I'm told the location is inaccessible, and to repair the system with the install disc. When I try that, it only sees one install and finds no problems to repair.
    Day before yesterday, I found my router's firewall disabled (Motorola SB900). Set it back to highest level. An hour later, was unable to re-login to the router, had to do a hard reset to factory default. Upon regaining access, firewall was down again. Pretty sure the router ships with it enabled...

    Stuff like that. Any thoughts?

    Thanks again!

  4. #4
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Looks like combofix did run. If you click on start in the search field type in combofix /uninstall
    click ok or enter to uninstall combofix.
    Next visit this page for directions on running it and the download link.
    Lets see what it can did up and we will go from there.
    How Can I Reduce My Risk?

  5. #5
    Junior Member mattbeowulf's Avatar
    Join Date
    Aug 2013
    Location
    Seattle
    Posts
    4

    Default

    Hi sorry about the delay; my net connection was totally hijacked! I thought I was going to have to fully reinstall Windows; even the original-disc system repair was resulting in a BSOD! Only by using regedit from the command line, and deleting all the weird networking keys I could find, was I able to finally use the Startup repair tool effectively- whew! It seems to be of note, that at one point the netstat /v command showed about a dozen ports actively listening to "eleven.ebola.cz"... not a connection I deliberately made, for sure.
    Anyhoo, after getting back online, uninstalled old Combofix and installed from link provided. Followed install/run directions exactly, log follows:


    ComboFix 13-09-14.01 - Matt 09/16/2013 10:32:55.1.2 - x64
    Running from: c:\users\Matt\Desktop\ComboFix.exe
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\wininit.ini
    D:\Recycler
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-08-16 to 2013-09-16 )))))))))))))))))))))))))))))))
    .
    .
    2013-09-16 18:01 . 2013-09-16 18:01 -------- d-----w- c:\users\Public\AppData\Local\temp
    2013-09-16 18:01 . 2013-09-16 18:01 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-09-16 18:01 . 2013-09-16 18:01 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2013-09-13 17:27 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8001DCCF-BA57-40E4-8516-E720B38A21BD}\mpengine.dll
    2013-09-13 17:25 . 2013-09-13 17:25 -------- d-----w- c:\users\Matt\AppData\Local\Apple Computer
    2013-09-11 12:47 . 2013-09-11 12:47 -------- d-----w- c:\users\Matt\AppData\Local\Apple
    2013-09-10 06:44 . 2013-09-15 09:56 -------- d-----w- c:\program files\RevoUninstaller
    2013-09-07 03:53 . 2013-09-07 03:53 -------- d-----w- c:\users\Matt\AppData\Roaming\OpenOffice
    2013-09-05 05:00 . 2013-09-05 05:01 -------- d-----w- c:\program files (x86)\OpenOffice 4
    2013-09-04 18:55 . 2012-08-21 20:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2013-09-04 18:55 . 2013-09-04 18:55 -------- d-----w- c:\program files\iPod
    2013-09-04 18:55 . 2013-09-04 18:55 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-09-04 18:55 . 2013-09-04 18:55 -------- d-----w- c:\program files\iTunes
    2013-09-04 18:54 . 2013-09-04 18:54 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
    2013-09-04 18:54 . 2013-09-04 18:54 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
    2013-09-04 18:53 . 2013-09-13 00:04 -------- d-----w- c:\program files\Bonjour
    2013-09-04 18:53 . 2013-09-13 00:04 -------- d-----w- c:\program files (x86)\Bonjour
    2013-09-04 18:52 . 2013-09-13 00:04 -------- d-----w- c:\program files\Common Files\Apple
    2013-09-04 18:13 . 2013-09-07 20:07 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2013-09-04 18:13 . 2013-09-06 20:36 262552 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
    2013-09-04 17:43 . 2013-09-04 17:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
    2013-09-04 17:43 . 2013-09-04 17:43 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    2013-09-04 17:43 . 2013-09-04 17:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
    2013-09-04 17:43 . 2013-09-04 17:43 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    2013-09-04 17:43 . 2013-09-04 17:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
    2013-09-04 17:43 . 2013-09-04 17:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
    2013-09-04 17:43 . 2013-09-04 17:43 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    2013-09-04 17:43 . 2013-09-04 17:43 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    2013-09-04 17:43 . 2013-09-04 17:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
    2013-09-04 17:43 . 2013-09-04 17:43 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    2013-09-04 17:42 . 2013-09-04 17:43 -------- d-----w- c:\program files (x86)\QuickTime
    2013-09-04 16:54 . 2013-09-04 16:54 -------- d-----w- c:\users\Matt\AppData\Local\WindowsUpdate
    2013-09-04 16:51 . 2013-09-04 16:51 -------- d-----w- c:\users\Matt\AppData\Local\Secunia PSI
    2013-09-04 16:51 . 2013-09-04 16:51 -------- d-----w- c:\program files (x86)\Secunia
    2013-09-04 07:56 . 2013-09-04 07:56 -------- d-----w- c:\windows\ERUNT
    2013-09-04 07:51 . 2013-09-04 07:52 -------- d-----w- c:\program files (x86)\Arduino
    2013-09-03 13:53 . 2013-09-03 13:53 187248 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2013-09-03 13:53 . 2013-09-03 13:53 187248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2013-08-29 00:39 . 2013-09-11 12:23 -------- d-----w- c:\users\Matt\AppData\Local\Apps
    2013-08-27 23:16 . 2013-08-30 07:48 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2013-08-27 23:16 . 2013-08-30 07:48 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2013-08-27 23:16 . 2013-08-30 07:48 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2013-08-27 23:16 . 2013-08-30 07:48 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2013-08-27 23:16 . 2013-08-30 07:48 204880 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-08-27 23:16 . 2013-08-30 07:48 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-08-27 23:16 . 2013-08-30 07:48 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-08-27 23:16 . 2013-08-30 07:48 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-08-27 23:16 . 2013-08-30 07:47 287840 ----a-w- c:\windows\system32\aswBoot.exe
    2013-08-27 23:13 . 2013-08-30 07:47 41664 ----a-w- c:\windows\avastSS.scr
    2013-08-27 23:13 . 2013-09-07 20:07 -------- d-----w- c:\program files\Avast
    2013-08-27 23:11 . 2013-08-27 23:13 -------- d-----w- c:\programdata\AVAST Software
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-09-14 06:46 . 2012-04-10 14:07 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-09-14 06:46 . 2011-06-17 06:02 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-09-13 10:01 . 2010-10-27 09:12 79143768 ----a-w- c:\windows\system32\MRT.exe
    2013-08-02 01:48 . 2013-09-13 17:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2013-07-25 09:25 . 2013-08-15 06:02 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2013-07-25 08:57 . 2013-08-15 06:02 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
    2013-07-19 01:58 . 2013-08-15 06:02 2048 ----a-w- c:\windows\system32\tzres.dll
    2013-07-19 01:41 . 2013-08-15 06:02 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2013-07-09 05:52 . 2013-08-15 06:02 224256 ----a-w- c:\windows\system32\wintrust.dll
    2013-07-09 05:51 . 2013-08-15 06:02 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
    2013-07-09 05:46 . 2013-08-15 06:02 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2013-07-09 05:46 . 2013-08-15 06:02 1472512 ----a-w- c:\windows\system32\crypt32.dll
    2013-07-09 05:46 . 2013-08-15 06:02 139776 ----a-w- c:\windows\system32\cryptnet.dll
    2013-07-09 04:52 . 2013-08-15 06:02 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
    2013-07-09 04:52 . 2013-08-15 06:02 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
    2013-07-09 04:46 . 2013-08-15 06:02 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2013-07-09 04:46 . 2013-08-15 06:02 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
    2013-07-09 04:46 . 2013-08-15 06:02 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2013-07-06 06:03 . 2013-08-15 06:02 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-07-03 08:32 . 2013-07-03 08:32 18456 ----a-w- c:\windows\system32\drivers\psi_mf_amd64.sys
    2013-07-02 10:21 . 2013-07-02 10:21 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-07-02 10:21 . 2012-12-06 12:30 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2013-07-02 10:21 . 2011-09-29 13:40 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2013-06-21 12:06 . 2013-08-09 09:34 61216 ----a-w- c:\windows\system32\OpenCL.dll
    2013-06-21 12:06 . 2013-08-09 09:34 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2013-06-21 12:06 . 2013-08-09 09:27 9239344 ----a-w- c:\windows\system32\nvcuda.dll
    2013-06-21 12:06 . 2013-08-09 09:27 7687592 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2013-06-21 12:06 . 2013-08-09 09:27 7641832 ----a-w- c:\windows\system32\nvopencl.dll
    2013-06-21 12:06 . 2013-08-09 09:27 6324360 ----a-w- c:\windows\SysWow64\nvopencl.dll
    2013-06-21 12:06 . 2013-08-09 09:27 572704 ----a-w- c:\windows\system32\NvFBC64.dll
    2013-06-21 12:06 . 2013-08-09 09:27 570656 ----a-w- c:\windows\system32\NvIFR64.dll
    2013-06-21 12:06 . 2013-08-09 09:27 467232 ----a-w- c:\windows\SysWow64\NvIFR.dll
    2013-06-21 12:06 . 2013-08-09 09:27 465184 ----a-w- c:\windows\SysWow64\NvFBC.dll
    2013-06-21 12:06 . 2013-08-09 09:27 2953504 ----a-w- c:\windows\system32\nvcuvid.dll
    2013-06-21 12:06 . 2013-08-09 09:27 2936208 ----a-w- c:\windows\system32\nvapi64.dll
    2013-06-21 12:06 . 2013-08-09 09:27 27781920 ----a-w- c:\windows\system32\nvoglv64.dll
    2013-06-21 12:06 . 2013-08-09 09:27 2777888 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2013-06-21 12:06 . 2013-08-09 09:27 2597856 ----a-w- c:\windows\SysWow64\nvapi.dll
    2013-06-21 12:06 . 2013-08-09 09:27 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
    2013-06-21 12:06 . 2013-08-09 09:27 2363680 ----a-w- c:\windows\system32\nvcuvenc.dll
    2013-06-21 12:06 . 2013-08-09 09:27 21102368 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2013-06-21 12:06 . 2013-08-09 09:27 2002720 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2013-06-21 12:06 . 2013-08-09 09:27 1832224 ----a-w- c:\windows\system32\nvdispco6432049.dll
    2013-06-21 12:06 . 2013-08-09 09:27 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2013-06-21 12:06 . 2013-08-09 09:27 15920536 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2013-06-21 12:06 . 2013-08-09 09:27 15144928 ----a-w- c:\windows\system32\nvd3dumx.dll
    2013-06-21 12:06 . 2013-08-09 09:27 1511712 ----a-w- c:\windows\system32\nvdispgenco6432049.dll
    2013-06-21 12:06 . 2013-08-09 09:27 13411896 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2013-06-21 12:06 . 2013-08-09 09:27 12427240 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2013-06-21 12:06 . 2013-08-09 09:27 11235104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2013-06-21 10:23 . 2013-08-09 09:34 3514656 ----a-w- c:\windows\system32\nvsvc64.dll
    2013-06-21 10:23 . 2013-08-09 09:34 6496544 ----a-w- c:\windows\system32\nvcpl.dll
    2013-06-21 10:23 . 2013-08-09 09:34 884512 ----a-w- c:\windows\system32\nvvsvc.exe
    2013-06-21 10:23 . 2013-08-09 09:34 63776 ----a-w- c:\windows\system32\nvshext.dll
    2013-06-21 10:23 . 2013-08-09 09:34 237856 ----a-w- c:\windows\system32\nvmctray.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "avast"="c:\program files\Avast\avastUI.exe" [2013-08-30 4858968]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-7-3 563416]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "DontDisplayLockedUserId"= 1 (0x1)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "HideLogonScripts"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "DisablePersonalDirChange"= 1 (0x1)
    "ForceRunOnStartMenu"= 1 (0x1)
    "NoStartMenuMyGames"= 1 (0x1)
    "NoWebServices"= 1 (0x1)
    "NoOnlinePrintsWizard"= 1 (0x1)
    "NoPublishingWizard"= 1 (0x1)
    "NoNetConnectDisconnect"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe"
    "SpybotSnD"="c:\users\Matt\AppData\Local\Temp\HBCD\SpybotSD\SpybotSD.exe" /autocheck /autoclose /waitstart
    .
    R0 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\windows\c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\windows\c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 3xHybr64;3xHybrid service;c:\windows\system32\DRIVERS\3xHybr64.sys;c:\windows\SYSNATIVE\DRIVERS\3xHybr64.sys [x]
    R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
    R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
    R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
    R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
    R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys;c:\windows\SYSNATIVE\DRIVERS\btcomport.sys [x]
    R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys;c:\windows\SYSNATIVE\Drivers\btcombus.sys [x]
    R3 CH341SER_A64;CH341SER_A64;c:\windows\system32\Drivers\CH341S64.SYS;c:\windows\SYSNATIVE\Drivers\CH341S64.SYS [x]
    R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
    R3 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]
    R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys;c:\windows\SYSNATIVE\Drivers\IvtBtBus.sys [x]
    R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
    R3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys;c:\windows\SYSNATIVE\DRIVERS\rdpdispm.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 SCMUSB;SCM Microsystems SCR300 USB Smart Card Reader;c:\windows\system32\DRIVERS\stcusb.sys;c:\windows\SYSNATIVE\DRIVERS\stcusb.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 synusb64;eLicenser;c:\windows\system32\DRIVERS\synusb64.sys;c:\windows\SYSNATIVE\DRIVERS\synusb64.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 aswRvrt;aswRvrt; [x]
    S0 aswVmm;aswVmm; [x]
    S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys;c:\windows\SYSNATIVE\Drivers\BtHidBus.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys;c:\windows\SYSNATIVE\DRIVERS\nm3.sys [x]
    S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]
    S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
    S2 iprip;RIP Listener;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-09-04 18:20 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 06:46]
    .
    2013-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-13 22:00]
    .
    2013-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-13 22:00]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2013-08-30 07:47 133840 ----a-w- c:\program files\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
    "IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    mWindow Title = INTERNET! By MegaCorp Pan Galactic
    TCP: DhcpNameServer = 192.168.2.1
    FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\tkb9qz04.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    FF - prefs.js: network.proxy.type - 4
    FF - ExtSQL: 2013-08-27 16:14; wrc@avast.com; c:\program files\Avast\WebRep\FF
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-38452173.sys
    SafeBoot-52802374.sys
    SafeBoot-70504822.sys
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_168_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_168_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\swearware]
    @Denied: (Full) (Owner)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2013-09-16 11:21:11 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-09-16 18:21
    ComboFix2.txt 2013-08-17 07:13
    .
    Pre-Run: 172,823,891,968 bytes free
    Post-Run: 172,483,440,640 bytes free
    .
    - - End Of File - - 924DA8CCCE582797EDA90B7F81992B4A
    A36C5E4F47E84449FF07ED3517B43A31



    NOW HERE IS THE QUARANTINED FILE LIST:

    2013-09-16 18:18:56 . 2013-09-16 18:18:56 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-70504822.sys.reg.dat
    2013-09-16 18:18:56 . 2013-09-16 18:18:56 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-52802374.sys.reg.dat
    2013-09-16 18:18:56 . 2013-09-16 18:18:56 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-38452173.sys.reg.dat
    2013-09-16 18:09:30 . 2013-09-09 22:21:46 16 ----a-w- C:\Qoobox\Quarantine\D\Recycler.vir
    2013-09-16 17:56:53 . 2013-09-16 17:56:53 7,168 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
    2013-09-16 17:30:09 . 2013-09-16 17:30:09 51 ----a-w- C:\Qoobox\Quarantine\catchme.log
    2013-09-04 17:28:44 . 2013-09-04 17:28:44 112 ----a-w- C:\Qoobox\Quarantine\C\Windows\wininit.ini.vir

  6. #6
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Two more downloads to get. Aswmbr.exe and TDSSkiller.exe:

    Please download aswMBR.exe to your desktop.

    Download Aswmbr.exe to your desktop.
    Right click on icon and select "run as admin."
    For the question: Would you like to download latest Avast! virus definitions?" Click YES to download the additional files..then
    Click the "Scan" button to start scan.
    Once the scan is done click the"Save log", save it to your desktop and post it in your next reply.

    TDSSkiller:

    Download TDSSkiller.exe to your desktop.

    Right click on TDSSKiller.exe and chose "run as admin" , then click on Change parameters.
    Put a checkmark beside loaded modules box.
    A reboot will be needed to apply the changes. Please reboot at the prompt to apply the change.

    TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
    Then click on Change parameters in TDSSKiller.
    Check all boxes then click OK.
    Click the Start Scan button.
    The scan should take no longer than 2 minutes.
    If a suspicious object is detected, the default action will be Skip, click on Continue.

    If malicious objects are found, they will show in the Scan results
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
    more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here. Please Download TDSSkiller
    Launch it.
    Click on change parameters-Select TDLFS file system
    Click on "Scan".
    Please post the LOG report(log file should be in your C drive)
    How Can I Reduce My Risk?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •