Free Malware Removal Forum

by **kalembo** » November 5th, 2013, 4:02 am

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16720
Run by Legend at 2:55:26 on 2013-11-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1936 [GMT -5:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Users\Legend\AppData\Local\Skillbrains\lightshot\4.4.2.10\LightShot.exe
C:\Users\Legend\AppData\Roaming\Explorer\Explorer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\VyprVPN\VyprVPN.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Program Files\TeamViewer\Version8\tv_w32.exe
C:\Users\Legend\AppData\Roaming\win update\win update.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\teamviewer\version8\TeamViewer_Desktop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\onlinebanking\online_banking_bho.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\urladvisor\klwtbbho.dll
uRun: [LightShot] c:\users\legend\appdata\local\skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
uRun: [Win Update] c:\users\legend\appdata\local\temp\win update\Win Update.exe
uRun: [] c:\users\legend\appdata\roaming\explorer\Explorer.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
StartupFolder: c:\users\legend\appdata\roaming\micros~1\windows\startm~1\programs\startup\vyprvpn.lnk - c:\windows\system32\schtasks.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ie_banner_deny.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{02FD2760-5B02-4937-9FEB-EB59125814DA} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7F41ACF0-AB2E-49A8-B653-94C82CF6A84B} : NameServer = 209.99.109.53 209.99.109.54
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\legend\appdata\roaming\mozilla\firefox\profiles\drlbpvfw.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: !HIDDEN! 2013-07-14 02:05; {0113D088-8ED1-468C-B225-585A9C53B5E3}; c:\users\legend\appdata\roaming\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2013-10-8 25696]
R1 klpd;klpd;c:\windows\system32\drivers\klpd.sys [2013-4-12 14432]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2013-5-14 45024]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2013-6-6 145120]
R2 AcuWVSSchedulerv8;Acunetix WVS Scheduler v8;c:\program files\acunetix\web vulnerability scanner 8\WVSScheduler.exe [2013-10-20 1006112]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 14.0.0\avp.exe [2013-10-8 214512]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-4-16 5087584]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2013-10-8 25696]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2013-10-8 25696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\bitcomet\tools\bitcometservice.exe -service --> c:\program files\bitcomet\tools\BitCometService.exe -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-4-16 14848]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2013-4-16 27192]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-4-16 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-4-16 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-4-17 1343400]
S4 klflt;klflt;c:\windows\system32\drivers\klflt.sys [2013-11-3 94304]
.
=============== Created Last 30 ================
.
2013-11-05 07:29:26 -------- d-----w- c:\users\legend\appdata\roaming\win update
2013-11-04 20:23:36 -------- d-sh--w- c:\users\legend\appdata\roaming\msgre
2013-11-04 20:07:31 -------- d-sh--w- c:\users\legend\appdata\roaming\msgr
2013-11-04 03:08:35 -------- d-----w- c:\windows\ELAMBKUP
2013-11-04 03:08:31 -------- d-----w- c:\programdata\Kaspersky Lab
2013-11-04 03:08:31 -------- d-----w- c:\program files\Kaspersky Lab
2013-11-04 03:08:22 94304 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-11-02 19:08:31 -------- d-----w- c:\users\legend\appdata\roaming\Explorer
2013-11-02 19:06:25 53 ----a-w- c:\users\legend\appdata\roaming\r58Ies.tmp
2013-11-02 19:06:20 -------- d-----w- c:\users\legend\appdata\roaming\vertex
2013-11-01 05:47:24 7796464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{df700856-d5ac-41f3-8e4f-e190bf761f89}\mpengine.dll
2013-10-30 20:00:38 -------- d-----w- c:\users\legend\appdata\local\Apple Computer
2013-10-30 19:59:49 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-10-30 19:58:52 -------- d-----w- c:\program files\iPod
2013-10-30 19:58:50 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-30 19:58:50 -------- d-----w- c:\program files\iTunes
2013-10-30 19:55:44 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2013-10-30 19:55:44 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2013-10-30 19:55:44 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2013-10-30 19:55:44 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2013-10-30 19:55:44 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
2013-10-30 19:55:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-10-30 19:55:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-10-30 19:55:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-10-30 19:55:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-10-30 19:55:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-10-30 19:54:32 -------- d-----w- c:\program files\Bonjour
2013-10-20 23:12:52 -------- d-----w- c:\program files\Acunetix
2013-10-16 17:03:11 -------- d-----w- C:\xampp
2013-10-14 23:17:31 -------- d-----w- c:\programdata\Globalscape
2013-10-14 23:17:26 -------- d-----w- c:\users\legend\appdata\local\Globalscape
2013-10-14 23:16:13 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2013-10-14 23:16:13 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2013-10-14 23:16:12 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2013-10-14 23:16:12 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2013-10-14 23:16:11 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2013-10-14 23:16:10 -------- d-----w- c:\program files\Globalscape
2013-10-08 18:49:18 25696 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2013-10-08 18:49:18 25696 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2013-10-08 18:49:18 25696 ----a-w- c:\windows\system32\drivers\klim6.sys
2013-10-08 18:49:18 135776 ----a-w- c:\windows\system32\drivers\kl1.sys
.
==================== Find3M ====================
.
2013-10-08 23:53:06 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 23:53:06 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-22 23:28:06 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-09-21 03:30:24 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-21 02:39:47 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-09-14 00:48:58 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-08 02:07:12 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03:58 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-09-04 01:15:32 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 01:14:52 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 01:14:52 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 01:14:45 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 01:14:45 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 01:14:43 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 01:14:40 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-09-03 18:35:12 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-29 01:51:45 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 01:50:30 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-08-28 01:04:30 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 00:57:20 434688 ----a-w- c:\windows\system32\scavengeui.dll
.
============= FINISH: 2:56:37.95 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/16/2013 10:24:18 PM
System Uptime: 11/5/2013 2:28:44 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0U7084
Processor: Intel(R) Pentium(R) 4 CPU 3.46GHz | Microprocessor | 3458/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 413.854 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 145.763 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Input Device
Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&10416D21&0&11F0
Manufacturer:
Name: PCI Input Device
PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&10416D21&0&11F0
Service:
.
==== System Restore Points ===================
.
RP62: 10/1/2013 5:50:45 AM - Windows Update
RP63: 10/8/2013 5:50:41 AM - Windows Update
RP64: 10/9/2013 3:00:12 AM - Windows Update
RP66: 10/14/2013 7:16:22 PM - Installed CuteFTP 9
RP67: 10/15/2013 3:47:11 AM - Windows Update
RP69: 10/15/2013 8:00:09 PM - Revo Uninstaller Pro's restore point - Xlight FTP Server 3.7.8
RP70: 10/22/2013 5:41:28 AM - Windows Update
RP71: 10/29/2013 10:56:13 AM - Windows Update
.
==== Installed Programs ======================
.
Acunetix Web Vulnerability Scanner 8.0
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BitComet 1.35
Bonjour
CuteFTP 9
FileZilla Client 3.7.3
iCloud
iTunes
Kaspersky Internet Security
lightshot-4.4.2.10
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Mozilla Firefox 25.0 (x86 en-US)
Mozilla Maintenance Service
Netsparker - Web Application Security Scanner (2.3.0.0)
Notepad++
NVIDIA Control Panel 307.83
NVIDIA Graphics Driver 307.83
NVIDIA Install Application
NVIDIA Update 1.10.8
NVIDIA Update Components
QuickTime
Revo Uninstaller Pro 3.0.2
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Spybot - Search & Destroy
TeamViewer 8
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
VyprVPN
WinRAR archiver
XAMPP
.
==== Event Viewer Messages From Past Week ========
.
11/4/2013 5:33:26 AM, Error: Service Control Manager [7023] - The Application Experience service terminated with the following error: Application Experience is not a valid Win32 application.
11/4/2013 5:32:56 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
11/4/2013 5:31:14 AM, Error: Microsoft-Windows-WMPNSS-Service [14360] - IPv4 support has been disabled in WMPNetworkSvc because NotifyAddrChange encountered error '1450'. To enable IPv4 support, restart the WMPNetworkSvc service.
11/4/2013 2:40:31 PM, Error: AeLookupSvc [1] - The Application Experience Lookup service failed to initialize.
.
==== End Of File ===========================

by **Cypher** » November 5th, 2013, 2:09 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.

If you don't know or understand something, please don't hesitate to ask.
Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
Remember, absence of symptoms does not mean the infection is all gone.
Please DO NOT run any other tools or scans whilst I am helping you.
Please DO NOT install any other software (or hardware) during the cleaning process.
Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start

Click Start > Control Panel > Uninstall a program.
Uninstall the following if present.

BitComet 1.35

Next.

Please download Malwarebytes' Anti-Malware and save to your desktop.

Right-click mbam-setup.exe And select " Run as administrator " then follow the prompts to to install the program.
Follow the prompts and at the end, be sure a checkmark is placed next to:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you wish)
Once the program has loaded, select Perform Quick Scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Right click on adwcleaner.exe and select " Run as administrator " to run it.
Click on Scan.
When the scan has finished click on Clean.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next.

Please download OTL by Old Timer and save it to your Desktop.

Right click on OTL.exe And select Run as administrator to run it.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized
Please post the contents of these 2 Notepad files in your next reply.

Logs/Information to Post in your Next Reply

Malwarebytes log.
AdwCleaner log.
OTL.txt and Extra.txt contents.

by **kalembo** » November 5th, 2013, 6:57 pm

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.05.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16721
Legend :: LEGEND-PC [administrator]

Protection: Enabled

11/5/2013 5:00:51 PM
mbam-log-2013-11-05 (17-00-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217368
Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

# AdwCleaner v3.011 - Report created 05/11/2013 at 17:25:50
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Legend - LEGEND-PC
# Running from : C:\Users\Legend\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Users\Legend\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Legend\AppData\Roaming\Mozilla\Firefox\Profiles\drlbpvfw.default\CT3298572
Folder Deleted : C:\Users\Legend\AppData\Roaming\Mozilla\Firefox\Profiles\drlbpvfw.default\Extensions\{587d8d3d-079b-49d0-b54d-dd2a9911fffb}

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298572
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Users\Legend\AppData\Roaming\Mozilla\Firefox\Profiles\drlbpvfw.default\prefs.js ]

Line Deleted : user_pref("CT3298572.FF19Solved", "true");
Line Deleted : user_pref("CT3298572.UserID", "UN68952064397592449");
Line Deleted : user_pref("CT3298572.fullUserID", "UN68952064397592449.IN.2013071420428");
Line Deleted : user_pref("CT3298572.installDate", "14/07/2013 2:04:28");
Line Deleted : user_pref("CT3298572.installSessionId", "{2AC88926-CE54-45D5-BF7C-2A042E85E2AA}");
Line Deleted : user_pref("CT3298572.installSp", "TRUE");
Line Deleted : user_pref("CT3298572.originalHomepage", "about:home");
Line Deleted : user_pref("CT3298572.searchRevert", "true");
Line Deleted : user_pref("CT3298572.searchUserMode", "2");
Line Deleted : user_pref("CT3298572.smartbar.homepage", "true");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3298572&octid=CT3298572&SearchSource=61&CUI=UN68952064397592449&UM=2&UP=SP1C4FDA51-81F6-4C0D-AC2E-8687A1B67952");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298572&CUI=UN68952064397592449&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3298572&octid=CT3298572&SearchSource[...]
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3298572");

*************************

AdwCleaner[R0].txt - [6862 octets] - [05/11/2013 17:23:46]
AdwCleaner[S0].txt - [6935 octets] - [05/11/2013 17:25:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6995 octets] ##########

OTL logfile created on: 11/5/2013 5:32:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Legend\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 56.75% Memory free
5.99 Gb Paging File | 4.47 Gb Available in Paging File | 74.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.65 Gb Total Space | 431.99 Gb Free Space | 92.77% Space Free | Partition Type: NTFS
Drive D: | 149.00 Gb Total Space | 145.76 Gb Free Space | 97.83% Space Free | Partition Type: NTFS

Computer Name: LEGEND-PC | User Name: Legend | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/05 17:30:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Legend\Downloads\OTL.exe
PRC - [2013/10/29 14:40:11 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/10/08 13:49:22 | 000,990,400 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
PRC - [2013/10/08 13:49:20 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
PRC - [2013/10/01 07:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/10/01 07:14:40 | 004,536,672 | ---- | M] (TeamViewer GmbH) -- c:\Program Files\TeamViewer\Version8\TeamViewer_Desktop.exe
PRC - [2013/10/01 07:14:39 | 012,631,904 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer.exe
PRC - [2013/10/01 07:05:43 | 000,195,936 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\tv_w32.exe
PRC - [2013/09/27 12:39:50 | 000,313,120 | ---- | M] (Skillbrains) -- C:\Users\Legend\AppData\Local\Skillbrains\lightshot\4.4.2.10\LightShot.exe
PRC - [2013/06/26 15:19:34 | 001,006,112 | ---- | M] () -- C:\Program Files\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/19 20:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/01/31 04:01:06 | 000,865,056 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/01/31 04:01:05 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/02 14:41:32 | 000,364,704 | ---- | M] (GoldenFrog) -- C:\Program Files\VyprVPN\VyprVPN.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 20:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2007/04/09 11:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CtHelper.exe

========== Modules (No Company Name) ==========

MOD - [2013/10/29 14:40:11 | 003,368,048 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/10/09 02:33:58 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll
MOD - [2013/10/09 02:29:16 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/09 02:29:07 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\abef2d6ca33a18d7af379ee35c64154c\System.Deployment.ni.dll
MOD - [2013/10/09 02:28:44 | 000,688,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\65fa27da96ef57affcac61ac16c111e0\System.Security.ni.dll
MOD - [2013/10/09 02:28:42 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/10/09 02:12:11 | 018,109,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\60608b811724b2711cb96817043c4dd8\System.ServiceModel.ni.dll
MOD - [2013/10/09 02:02:37 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\464a76a3fdc9ee7456cb4baaea3e503a\PresentationFramework.ni.dll
MOD - [2013/10/09 02:02:15 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/10/09 02:02:03 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b5b66869081b909d238fdea083cf3179\PresentationCore.ni.dll
MOD - [2013/10/09 02:01:50 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll
MOD - [2013/10/09 02:01:41 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0b37b2bafc33ef52282b9d7b217cabaf\WindowsBase.ni.dll
MOD - [2013/08/24 02:24:38 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/24 02:24:12 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/24 02:24:04 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/08/24 02:13:19 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\6a6925ae06bbe4b8e647e203597af47a\WindowsFormsIntegration.ni.dll
MOD - [2013/08/24 02:06:57 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll
MOD - [2013/08/24 02:04:00 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/24 02:03:29 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\228b114c79c5d9024bdb4cc580e32c09\PresentationFramework.Aero.ni.dll
MOD - [2013/08/24 02:03:06 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/08/07 14:25:24 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2013/07/10 02:26:18 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/10 02:07:01 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/06/17 12:35:10 | 000,478,400 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
MOD - [2012/11/02 14:40:30 | 000,091,648 | ---- | M] () -- C:\Program Files\VyprVPN\Lib\VpnLib.dll
MOD - [2012/11/02 14:40:06 | 000,056,832 | ---- | M] () -- C:\Program Files\VyprVPN\Lib\libvyprweb.dll
MOD - [2012/11/02 14:39:08 | 000,248,832 | ---- | M] () -- C:\Program Files\VyprVPN\Lib\libcurl.dll
MOD - [2012/10/11 20:56:46 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/10/11 20:56:22 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/06/18 10:24:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll
MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Services (SafeList) ==========

SRV - [2013/10/29 14:40:11 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/08 18:53:07 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/08 13:49:20 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe -- (AVP)
SRV - [2013/10/01 07:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/06/26 15:19:34 | 001,006,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe -- (AcuWVSSchedulerv8)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/17 02:00:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/19 20:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

========== Driver Services (SafeList) ==========

DRV - [2013/10/08 13:49:18 | 000,574,560 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2013/10/08 13:49:18 | 000,135,776 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2013/10/08 13:49:18 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2013/10/08 13:49:18 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2013/10/08 13:49:18 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2013/06/08 20:18:38 | 000,094,304 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\klflt.sys -- (klflt)
DRV - [2013/06/06 17:38:20 | 000,145,120 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2013/05/14 17:34:44 | 000,045,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2013/04/12 15:34:48 | 000,014,432 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klpd.sys -- (klpd)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/02/19 20:32:54 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/08/23 09:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 09:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/08/23 09:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2009/12/30 09:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/07/08 23:47:00 | 001,172,992 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/04/18 07:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 07:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 07:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 07:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 07:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 07:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 07:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 07:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 07:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 07:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 07:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 05:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 04:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 03:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 03:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 03:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 03:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 03:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 03:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 03:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2007/04/10 03:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BF 23 E3 C6 12 3B CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{8FE6B230-2735-413D-8824-52CD65BD30B7}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298572&CUI=UN19536156362933925&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7BB042753D-F57E-4e8e-A01B-7379A6D4CEFB%7D:1.35
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013/11/03 22:08:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013/11/03 22:08:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013/11/03 22:08:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013/11/03 22:08:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013/11/03 22:08:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/10/30 14:55:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/30 14:55:44 | 000,000,000 | ---D | M]

[2013/07/14 01:05:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Legend\AppData\Roaming\mozilla\Extensions
[2013/11/05 16:59:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Legend\AppData\Roaming\mozilla\Firefox\Profiles\drlbpvfw.default\extensions
[2013/11/05 04:27:48 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Legend\AppData\Roaming\mozilla\Firefox\Profiles\drlbpvfw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2013/10/29 05:49:08 | 000,015,421 | ---- | M] () (No name found) -- C:\Users\Legend\AppData\Roaming\mozilla\firefox\profiles\drlbpvfw.default\extensions\firefox-hotfix@mozilla.org.xpi
[2013/10/19 15:48:40 | 000,135,673 | ---- | M] () (No name found) -- C:\Users\Legend\AppData\Roaming\mozilla\firefox\profiles\drlbpvfw.default\extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi
[2013/10/29 14:40:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/29 14:40:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\LEGEND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DRLBPVFW.DEFAULT\EXTENSIONS\{B042753D-F57E-4E8E-A01B-7379A6D4CEFB}
[2012/01/12 03:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [LightShot] C:\Users\Legend\AppData\Local\Skillbrains\lightshot\LightShot.exe ()
O4 - Startup: C:\Users\Legend\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VyprVPN.lnk = C:\Windows\System32\schtasks.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02FD2760-5B02-4937-9FEB-EB59125814DA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F41ACF0-AB2E-49A8-B653-94C82CF6A84B}: NameServer = 209.99.109.53 209.99.109.54
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/05 17:23:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/05 04:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/11/05 04:29:15 | 000,000,000 | ---D | C] -- C:\Users\Legend\AppData\Roaming\QuickScan
[2013/11/05 04:08:52 | 000,000,000 | ---D | C] -- C:\MGtools
[2013/11/05 04:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/11/05 03:50:08 | 000,000,000 | ---D | C] -- C:\Users\Legend\Desktop\RK_Quarantine
[2013/11/05 03:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/11/05 03:10:21 | 000,000,000 | ---D | C] -- C:\Users\Legend\AppData\Roaming\Malwarebytes
[2013/11/05 03:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/05 03:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/11/05 03:10:08 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/11/05 03:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/11/05 02:29:26 | 000,000,000 | ---D | C] -- C:\Users\Legend\AppData\Roaming\win update
[2013/11/04 15:23:36 | 000,000,000 | -HSD | C] -- C:\Users\Legend\AppData\Roaming\msgre
[2013/11/04 15:07:31 | 000,000,000 | -HSD | C] -- C:\Users\Legend\AppData\Roaming\msgr
[2013/11/03 22:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
[2013/11/03 22:08:35 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013/11/03 22:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/11/03 22:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013/11/03 22:08:22 | 000,574,560 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klif.sys
[2013/11/03 22:08:22 | 000,094,304 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klflt.sys
[2013/11/02 14:41:30 | 000,000,000 | ---D | C] -- C:\Users\Legend\Desktop\advancedpost
[2013/11/02 14:08:31 | 000,000,000 | ---D | C] -- C:\Users\Legend\AppData\Roaming\Explorer
[2013/11/02 14:06:20 | 000,000,000 | ---D | C] -- C:\Users\Legend\AppData\Roaming\vertex
[2013/10/30 15:00:38 | 000,000,000 | ---D | C] -- C:\Users\Legend\AppData\Local\Apple Computer
[2013/10/30 15:00:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/10/30 14:59:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2013/10/30 14:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/10/30 14:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/10/30 14:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/10/30 14:56:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2013/10/30 14:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/10/30 14:55:25 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/10/30 14:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/10/29 14:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/10/20 18:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acunetix Web Vulnerability Scanner 8
[2013/10/20 18:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\Acunetix
[2013/10/20 18:01:25 | 000,000,000 | ---D | C] -- C:\Users\Legend\Desktop\Acunetix 8 version 2013_06_26 [mindcrasher]
[2013/10/19 01:38:31 | 000,000,000 | ---D | C] -- C:\Users\Legend\Desktop\awardsystem
[2013/10/16 20:26:51 | 000,000,000 | ---D | C] -- C:\Users\Legend\Desktop\CUSTOM-MODS
[2013/10/16 19:20:35 | 000,000,000 | ---D | C] -- C:\Users\Legend\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013/10/16 19:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013/10/16 19:20:31 | 000,000,000 | ---D | C] -- C:\Users\Legend\AppData\Roaming\Notepad++
[2013/10/16 19:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2013/10/16 19:11:18 | 000,000,000 | ---D | C] -- C:\Users\Legend\Desktop\NEWVB
[2013/10/16 17:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2013/10/16 12:19:54 | 000,000,000 | ---D | C] -- C:\Users\Legend\Desktop\CRACKINGFORCE STUFF
[2013/10/16 12:08:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
[2013/10/16 12:03:11 | 000,000,000 | ---D | C] -- C:\xampp
[2013/10/16 11:52:40 | 000,000,000 | ---D | C] -- C:\Users\Legend\Desktop\includes
[2013/10/16 04:35:18 | 000,000,000 | ---D | C] -- C:\Users\Legend\Desktop\admincp
[2013/10/14 19:05:31 | 000,000,000 | ---D | C] -- C:\Users\Legend\Desktop\NEW-MoD-CP-COmEs-WiTh-CrAcK3r-PrInCe966369974114
[2013/10/14 19:05:30 | 000,000,000 | ---D | C] -- C:\Users\Legend\Desktop\NEW-ADMIN-CP-COmEs-WiTh-CrAcK3r-PrInCe966369974114
[2013/10/14 18:23:13 | 000,000,000 | ---D | C] -- C:\Users\Legend\Desktop\vb
[2013/10/14 18:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Globalscape
[2013/10/14 18:17:26 | 000,000,000 | ---D | C] -- C:\Users\Legend\AppData\Local\Globalscape
[2013/10/14 18:16:40 | 000,000,000 | ---D | C] -- C:\Users\Legend\AppData\Roaming\Globalscape
[2013/10/14 18:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Globalscape
[2013/10/14 18:16:33 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2013/10/14 18:16:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2013/10/14 18:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\Globalscape
[2013/10/14 18:11:13 | 000,000,000 | ---D | C] -- C:\Users\Legend\Desktop\CuteFTP Pro 9.0.5.0007 Final ML - SceneDL (PimpRG)
[2013/10/08 13:49:18 | 000,135,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kl1.sys
[2013/10/08 13:49:18 | 000,025,696 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klmouflt.sys
[2013/10/08 13:49:18 | 000,025,696 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klkbdflt.sys
[2013/10/08 13:49:18 | 000,025,696 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klim6.sys
[1 C:\Users\Legend\AppData\Roaming\*.tmp files -> C:\Users\Legend\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/05 17:35:05 | 000,020,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/05 17:35:05 | 000,020,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/05 17:34:04 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/05 17:34:04 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/05 17:29:03 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\update-sys.job
[2013/11/05 17:27:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/05 17:27:29 | 2414,469,120 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/05 17:26:29 | 000,030,888 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2013/11/05 17:26:29 | 000,030,888 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2013/11/05 17:26:29 | 000,030,528 | ---- | M] () -- C:\Windows\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2013/11/05 17:26:29 | 000,030,528 | ---- | M] () -- C:\Windows\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2013/11/05 17:26:29 | 000,011,564 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2013/11/05 17:02:04 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-3948627023-1765461353-29695978-1000.job
[2013/11/05 16:53:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/05 16:50:53 | 004,958,588 | ---- | M] () -- C:\Windows\{00000004-00000000-00000002-00001102-00000004-20061102}.CDF
[2013/11/05 04:18:16 | 000,224,386 | ---- | M] () -- C:\Users\Legend\Desktop\MGlogs.zip
[2013/11/05 04:18:16 | 000,224,386 | ---- | M] () -- C:\MGlogs.zip
[2013/11/05 03:10:11 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/03 22:09:44 | 000,002,276 | ---- | M] () -- C:\Users\Legend\Desktop\Safe Money.lnk
[2013/11/03 22:08:58 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
[2013/11/02 14:53:33 | 000,000,255 | -HS- | M] () -- C:\boot.ini
[2013/11/02 14:25:27 | 000,183,787 | ---- | M] () -- C:\Users\Legend\Desktop\[DBTech] Advanced Post Thanks - Like v3.1.7 [Lite].zip
[2013/11/01 17:58:20 | 000,002,188 | -H-- | M] () -- C:\Users\Legend\Documents\Default.rdp
[2013/10/30 15:00:28 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/20 18:13:28 | 000,000,716 | ---- | M] () -- C:\Windows\WVS_InstDBLogFile.csv
[2013/10/18 06:28:00 | 000,041,068 | ---- | M] () -- C:\Users\Legend\Desktop\register.php
[2013/10/16 20:20:34 | 000,018,708 | ---- | M] () -- C:\Users\Legend\Desktop\point.rar
[2013/10/16 20:19:38 | 000,010,064 | ---- | M] () -- C:\Users\Legend\Desktop\2 mods.rar
[2013/10/16 19:51:28 | 000,151,049 | ---- | M] () -- C:\Users\Legend\Desktop\class_core.php
[2013/10/16 19:38:38 | 000,010,249 | ---- | M] () -- C:\Users\Legend\Desktop\config.php
[2013/10/16 19:20:35 | 000,001,025 | ---- | M] () -- C:\Users\Legend\Desktop\Notepad++.lnk
[2013/10/16 18:37:41 | 000,008,044 | ---- | M] () -- C:\Users\Legend\Desktop\socialgroupmessage.php
[2013/10/16 18:37:39 | 000,010,694 | ---- | M] () -- C:\Users\Legend\Desktop\socialgroupdiscussion.php
[2013/10/16 18:28:20 | 000,041,575 | ---- | M] () -- C:\Users\Legend\Desktop\files.rar
[2013/10/16 01:40:00 | 100,190,414 | ---- | M] () -- C:\Users\Legend\Desktop\public_html.zip
[2013/10/14 17:28:20 | 011,608,074 | ---- | M] () -- C:\Users\Legend\Desktop\vbulletinsuite_4-2-2_VBCE3A3A83.zip
[2013/10/14 14:27:32 | 000,001,485 | ---- | M] () -- C:\Users\Legend\Desktop\install.php
[2013/10/09 04:34:31 | 000,000,443 | ---- | M] () -- C:\Users\Legend\AppData\Local\UserProducts.xml
[2013/10/09 02:27:55 | 000,269,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/10/08 13:49:18 | 000,574,560 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klif.sys
[2013/10/08 13:49:18 | 000,135,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kl1.sys
[2013/10/08 13:49:18 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klmouflt.sys
[2013/10/08 13:49:18 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klkbdflt.sys
[2013/10/08 13:49:18 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klim6.sys
[1 C:\Users\Legend\AppData\Roaming\*.tmp files -> C:\Users\Legend\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/05 04:18:16 | 000,224,386 | ---- | C] () -- C:\Users\Legend\Desktop\MGlogs.zip
[2013/11/05 04:09:00 | 000,224,386 | ---- | C] () -- C:\MGlogs.zip
[2013/11/05 03:10:11 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/04 15:37:23 | 000,041,068 | ---- | C] () -- C:\Users\Legend\Desktop\register.php
[2013/11/03 22:09:44 | 000,002,276 | ---- | C] () -- C:\Users\Legend\Desktop\Safe Money.lnk
[2013/11/03 22:09:08 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
[2013/11/02 14:40:31 | 000,183,787 | ---- | C] () -- C:\Users\Legend\Desktop\[DBTech] Advanced Post Thanks - Like v3.1.7 [Lite].zip
[2013/10/30 15:00:28 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/16 20:25:54 | 000,018,708 | ---- | C] () -- C:\Users\Legend\Desktop\point.rar
[2013/10/16 20:25:46 | 000,010,064 | ---- | C] () -- C:\Users\Legend\Desktop\2 mods.rar
[2013/10/16 19:20:35 | 000,001,025 | ---- | C] () -- C:\Users\Legend\Desktop\Notepad++.lnk
[2013/10/16 18:54:03 | 000,001,485 | ---- | C] () -- C:\Users\Legend\Desktop\install.php
[2013/10/16 18:28:20 | 000,041,575 | ---- | C] () -- C:\Users\Legend\Desktop\files.rar
[2013/10/16 18:25:52 | 000,010,694 | ---- | C] () -- C:\Users\Legend\Desktop\socialgroupdiscussion.php
[2013/10/16 18:25:52 | 000,008,044 | ---- | C] () -- C:\Users\Legend\Desktop\socialgroupmessage.php
[2013/10/16 18:24:33 | 000,151,049 | ---- | C] () -- C:\Users\Legend\Desktop\class_core.php
[2013/10/16 11:39:49 | 100,190,414 | ---- | C] () -- C:\Users\Legend\Desktop\public_html.zip
[2013/10/14 21:10:54 | 000,010,249 | ---- | C] () -- C:\Users\Legend\Desktop\config.php
[2013/10/14 18:20:08 | 011,608,074 | ---- | C] () -- C:\Users\Legend\Desktop\vbulletinsuite_4-2-2_VBCE3A3A83.zip
[2013/04/20 14:16:24 | 000,000,103 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/04/16 21:58:13 | 000,000,443 | ---- | C] () -- C:\Users\Legend\AppData\Local\UserProducts.xml

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 16:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/11/05 03:21:52 | 000,000,000 | ---D | M] -- C:\Users\Legend\AppData\Roaming\Explorer
[2013/11/05 03:44:23 | 000,000,000 | ---D | M] -- C:\Users\Legend\AppData\Roaming\FileZilla
[2013/10/14 18:16:40 | 000,000,000 | ---D | M] -- C:\Users\Legend\AppData\Roaming\Globalscape
[2013/04/20 13:17:49 | 000,000,000 | ---D | M] -- C:\Users\Legend\AppData\Roaming\Mavituna Security Ltd
[2013/11/04 15:07:31 | 000,000,000 | -HSD | M] -- C:\Users\Legend\AppData\Roaming\msgr
[2013/11/04 15:23:36 | 000,000,000 | -HSD | M] -- C:\Users\Legend\AppData\Roaming\msgre
[2013/10/16 19:20:46 | 000,000,000 | ---D | M] -- C:\Users\Legend\AppData\Roaming\Notepad++
[2013/11/05 04:29:21 | 000,000,000 | ---D | M] -- C:\Users\Legend\AppData\Roaming\QuickScan
[2013/11/04 14:48:36 | 000,000,000 | ---D | M] -- C:\Users\Legend\AppData\Roaming\vertex
[2013/11/05 03:21:52 | 000,000,000 | ---D | M] -- C:\Users\Legend\AppData\Roaming\win update

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 11/5/2013 5:32:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Legend\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 56.75% Memory free
5.99 Gb Paging File | 4.47 Gb Available in Paging File | 74.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.65 Gb Total Space | 431.99 Gb Free Space | 92.77% Space Free | Partition Type: NTFS
Drive D: | 149.00 Gb Total Space | 145.76 Gb Free Space | 97.83% Space Free | Partition Type: NTFS

Computer Name: LEGEND-PC | User Name: Legend | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2E3A943A-60B4-41A6-9B55-97C29ED9B632}" = lport=26702 | protocol=17 | dir=in | name=bitcomet 26702 udp |
"{88361D74-1988-4034-8903-B7BA44008D29}" = lport=26702 | protocol=6 | dir=in | name=bitcomet 26702 tcp |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19938158-ED7D-4694-B853-087605545A8F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{1F4C3B74-6959-4EED-ACFF-04CC6538BB0B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{5B306152-8D4D-428E-BD3F-BCFCCED2BCB2}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{6B37AD4E-6B35-4E5A-A24F-9A3FB090EAD5}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{A1BBB2F1-DFB4-43E9-9A3E-B2CE3E564E4A}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{FE8AC7E6-B3D3-4A5A-90BC-8E88302C5A5A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"TCP Query User{1847D9A7-1567-4C4D-B296-89992038D04D}C:\program files\globalscape\cuteftp\ftpte.exe" = protocol=6 | dir=in | app=c:\program files\globalscape\cuteftp\ftpte.exe |
"TCP Query User{567B12A3-8E35-46B2-95A0-0C6042E0F13F}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{A27365DD-0DB0-49CE-87B9-A24937FB5E1A}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{68BA2DA5-B8DD-45F8-9194-BCE671B78756}C:\program files\globalscape\cuteftp\ftpte.exe" = protocol=17 | dir=in | app=c:\program files\globalscape\cuteftp\ftpte.exe |
"UDP Query User{8765D853-631B-44A4-9E04-613CA5B7C94F}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{95E99BA7-5181-4F8C-B85B-4132842C1C84}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{20C6FF70-690B-4DF7-8F5D-269DD3A7FD23}" = iCloud
"{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1" = lightshot-4.4.2.10
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.2
"{6F6873E3-5C92-4049-B511-231A138DD090}" = Kaspersky Internet Security
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89B9E358-75C6-4C6B-BD38-803FF156CC4B}" = CuteFTP 9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C8EBB0DE-5655-4D32-99E1-9447E702A89F}" = iTunes
"{DBD76811-6CF0-4A15-9436-B779C3A36929}_is1" = Acunetix Web Vulnerability Scanner 8.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.7.3
"InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}" = Kaspersky Internet Security
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 25.0 (x86 en-US)" = Mozilla Firefox 25.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Netsparker" = Netsparker - Web Application Security Scanner (2.3.0.0)
"Notepad++" = Notepad++
"TeamViewer 8" = TeamViewer 8
"VyprVPN 1.4.1.601" = VyprVPN
"WinRAR archiver" = WinRAR archiver
"xampp" = XAMPP

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/4/2013 6:32:41 AM | Computer Name = Legend-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Sentry_MBA.exe, version: 1.4.1.9619, time
stamp: 0x2a425e19 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229,
time stamp: 0x51fb10c6 Exception code: 0x0eedfade Fault offset: 0x0000812f Faulting
process id: 0x14c0 Faulting application start time: 0x01ced7aabc276e2b Faulting application
path: C:\Tools\SentryMBA1.4.1\Sentry_MBA.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 6e53a90b-453c-11e3-927a-001111898a6b

Error - 11/4/2013 3:45:59 PM | Computer Name = Legend-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/5/2013 1:32:20 AM | Computer Name = Legend-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 11/5/2013 3:30:43 AM | Computer Name = Legend-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/5/2013 3:59:48 AM | Computer Name = Legend-PC | Source = VSS | ID = 8194
Description =

Error - 11/5/2013 4:23:43 AM | Computer Name = Legend-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/5/2013 4:39:25 AM | Computer Name = Legend-PC | Source = VSS | ID = 8194
Description =

Error - 11/5/2013 5:54:09 PM | Computer Name = Legend-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/5/2013 5:59:04 PM | Computer Name = Legend-PC | Source = VSS | ID = 8194
Description =

Error - 11/5/2013 6:29:16 PM | Computer Name = Legend-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 7/14/2013 2:06:47 AM | Computer Name = Legend-PC | Source = Service Control Manager | ID = 7030
Description = The SProtection service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/14/2013 2:07:26 AM | Computer Name = Legend-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Installer service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 7/14/2013 2:09:26 AM | Computer Name = Legend-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Installer service,
but this action failed with the following error: %%1056

Error - 8/23/2013 8:06:58 PM | Computer Name = Legend-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:56:55 PM on ?7/?18/?2013 was unexpected.

Error - 11/4/2013 6:31:14 AM | Computer Name = Legend-PC | Source = WMPNetworkSvc | ID = 866328
Description =

Error - 11/4/2013 6:32:56 AM | Computer Name = Legend-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WerSvc service.

Error - 11/4/2013 6:33:26 AM | Computer Name = Legend-PC | Source = Service Control Manager | ID = 7023
Description = The Application Experience service terminated with the following error:
%%193

Error - 11/4/2013 6:33:26 AM | Computer Name = Legend-PC | Source = Service Control Manager | ID = 7023
Description = The Application Experience service terminated with the following error:
%%193

Error - 11/4/2013 3:40:31 PM | Computer Name = Legend-PC | Source = AeLookupSvc | ID = 1
Description = The Application Experience Lookup service failed to initialize.

Error - 11/5/2013 4:20:29 AM | Computer Name = Legend-PC | Source = DCOM | ID = 10010
Description =

< End of report >

by **Cypher** » November 6th, 2013, 6:14 am

Hi,

Please download RogueKiller by Tigzy and save it to your desktop.

Allow the download if prompted by your security software and please close all your programs.
Right click on RogueKiller.exe and select " Run as administrator " to run it.
If it does not run, please try a few times.
Wait for PreScan to finish, then click on Scan.
Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
Please copy and paste the contents of that log in your next reply.

Next.

Please download SystemLook from the link below and save it to your Desktop.

For 32 bit Systems

Right-click SystemLook.exe and select " Run as administrator " to run it.
Copy and paste the content of the following codebox into the main textfield:
(Click the select all button next to code to select the entire script).
Code: Select all
```
:filefind
*zpyemhvct.exe*

:folderfind
*zpyemhvct*

:Regfind
zpyemhvct
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Logs/Information to Post in your Next Reply

RKreport.
SystemLook.txt.

by **kalembo** » November 6th, 2013, 7:43 am

:filefind
*zpyemhvct.exe*

:folderfind
*zpyemhvct*

:Regfind
zpyemhvct

RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Legend [Admin rights]
Mode : Scan -- Date : 11/06/2013 06:37:42
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] Lightshot.exe -- C:\Users\Legend\AppData\Local\Skillbrains\lightshot\4.4.2.10\LightShot.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 20 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : LightShot (C:\Users\Legend\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue [7][x][x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3948627023-1765461353-29695978-1000\[...]\Run : LightShot (C:\Users\Legend\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue [7][x][x]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{7F41ACF0-AB2E-49A8-B653-94C82CF6A84B} : NameServer (209.99.109.53 209.99.109.54 [UNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{7F41ACF0-AB2E-49A8-B653-94C82CF6A84B} : NameServer (209.99.109.53 209.99.109.54 [UNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\Documents and Settings\jj\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) ARRAY +++++
--- User ---
[MBR] 74054e5221c2ad8232378fd4b94e56a9
[BSP] 95c6a5daa18eecf9f177eb8a946f3cef : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476827 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ SCSI) ST3160023AS +++++
--- User ---
[MBR] 753dc6b69089ae222befc86d6fa21a22
[BSP] 87ce363c22524ea924351ebf9ace3fde : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152578 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_11062013_063742.txt >>
RKreport[0]_S_11052013_035800.txt

by **Cypher** » November 6th, 2013, 11:11 am

Hi,
I'm not sure what happened but that's not a SystemLook log you posted.
Please run SystemLook again, be carefully to follow the instructions correctly.

Right-click SystemLook.exe and select " Run as administrator " to run it.
Copy and paste the content of the following codebox into the main textfield: Do not include the words Code: select all
(Click the select all button next to code to select the entire script).
Code: Select all
```
:filefind
*zpyemhvct.exe*

:folderfind
*zpyemhvct*

:Regfind
zpyemhvct
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

by **kalembo** » November 6th, 2013, 3:46 pm

SystemLook 04.09.10 by jpshortstuff
Log created at 14:44 on 06/11/2013 by Legend
Administrator - Elevation successful

========== filefind ==========

Searching for "*zpyemhvct.exe*"
No files found.

========== folderfind ==========

Searching for "*zpyemhvct*"
No folders found.

========== Regfind ==========

Searching for "zpyemhvct"
No data found.

-= EOF =-

by **Cypher** » November 7th, 2013, 10:56 am

Hi,
Good work, i need you to run another scan for me.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

First please Disable any Antivirus you have active, as shown in This topic.
Note: Don't forget to re-enable it after the scan.
Next hold down Control then click on the following link to open a new window to ESET online scannner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
When prompted allow the Add-On/Active X to install.
Click on Run ESET Online Scanner, then elect the option YES, I accept the Terms of Use, then click Start.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Now click on Start.
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on Finish.
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

by **kalembo** » November 7th, 2013, 5:39 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=29eed4f2ea6b9c458b9f3d188cd95ab4
# engine=15757
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-05 11:29:47
# local_time=2013-11-07 04:29:47 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 135195778 0 0
# scanned=173103
# found=0
# cleaned=0
# scan_time=5927

BTW i had the same issue on my laptop some time ago and there was some file called vertex messing things up too. Just a heads u cuz i see some vertex files on my PC

by **Cypher** » November 8th, 2013, 6:13 am

Hi,
Do the following then give me an update on your computes performance.

Backup the Registry:

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please download the installer for Registry Backup from Here or Here and save to your desktop.
Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
Once the GUI(graphical user interface) has appeared/loaded:-

Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-

Close Tweaking.com - Registry Backup

Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

A tutorial for Registry Backup explaining the various features can be viewed Here.

Next.

We need to run an OTL Fix

Right-click OTL.exe and select " Run as administrator " to run it.
Copy and Paste the following script into the textbox. Do not include the words Code: select all

(Click the select all button next to code to select the entire script).

Code: Select all

:otl
IE - HKCU\..\SearchScopes\{8FE6B230-2735-413D-8824-52CD65BD30B7}: "URL" = http://search.conduit.com/ResultsExt.aspx?q= {searchTerms}&SearchSource=4&ctid=CT3298572&CUI=UN19536156362933925&UM=2
[2012/01/12 03:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2013/11/05 02:29:26 | 000,000,000 | ---D | C] -- C:\Users\Legend\AppData\Roaming\win update
[2013/11/02 14:08:31 | 000,000,000 | ---D | C] -- C:\Users\Legend\AppData\Roaming\Explorer
[2013/11/04 15:07:31 | 000,000,000 | -HSD | M] -- C:\Users\Legend\AppData\Roaming\msgr
[2013/11/04 15:23:36 | 000,000,000 | -HSD | M] -- C:\Users\Legend\AppData\Roaming\msgre
[2013/11/04 14:48:36 | 000,000,000 | ---D | M] -- C:\Users\Legend\AppData\Roaming\vertex

:files
ipconfig /flushdns /c

:commands
[emptytemp]

Then click the Run Fix button at the top.
Click .
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Logs/Information to Post in your Next Reply

OTL Fix log.
Please give me an update on your computers performance.

by **kalembo** » November 8th, 2013, 9:13 am

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8FE6B230-2735-413D-8824-52CD65BD30B7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FE6B230-2735-413D-8824-52CD65BD30B7}\ not found.
C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll moved successfully.
C:\Users\Legend\AppData\Roaming\win update folder moved successfully.
C:\Users\Legend\AppData\Roaming\Explorer folder moved successfully.
C:\Users\Legend\AppData\Roaming\msgr folder moved successfully.
C:\Users\Legend\AppData\Roaming\msgre folder moved successfully.
C:\Users\Legend\AppData\Roaming\vertex folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Legend\Downloads\cmd.bat deleted successfully.
C:\Users\Legend\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Legend
->Temp folder emptied: 2940068 bytes
->Temporary Internet Files folder emptied: 73974564 bytes
->FireFox cache emptied: 23285462 bytes
->Flash cache emptied: 700 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1107052 bytes
RecycleBin emptied: 380392 bytes

Total Files Cleaned = 97.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11082013_055345

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

It works ok but after a while sites wont open.... they stay "loading" i have to reboot.

by **Cypher** » November 8th, 2013, 11:04 am

kalembo wrote:It works ok but after a while sites wont open.... they stay "loading" i have to reboot.

Which browser are you using when this happens?

by **kalembo** » November 8th, 2013, 11:16 am

Doesnt matter. Chome Firefox Explorer they all do the same.

by **Cypher** » November 8th, 2013, 11:38 am

Before we dig deeper, try this then let me know what happens.

Internet Explorer

Click Start > All Programs > Accessories > System Tools, and then click Internet Explorer (No Add-ons).

Now try using IE, still problems?

by **kalembo** » November 8th, 2013, 3:51 pm

right now both are working fine. but chrome says loading.......

Free Malware Removal Forum

Virus zpyemhvct.exe

Virus zpyemhvct.exe

Re: Virus zpyemhvct.exe

Re: Virus zpyemhvct.exe

Re: Virus zpyemhvct.exe

Re: Virus zpyemhvct.exe

Re: Virus zpyemhvct.exe

Re: Virus zpyemhvct.exe

Re: Virus zpyemhvct.exe

Re: Virus zpyemhvct.exe

Re: Virus zpyemhvct.exe

Re: Virus zpyemhvct.exe

Re: Virus zpyemhvct.exe

Re: Virus zpyemhvct.exe

Re: Virus zpyemhvct.exe

Re: Virus zpyemhvct.exe

Who is online