Inactive Adware:Win32/Adkubru will not get out!

D

dchoi303

Posts: 6   +0
I get the following virus reading from MSE: Adware:Win32/Adkubru (Category: Adware

Description: This program displays pop-up advertisements.)

MBAM LOG:
Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.10.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
DC :: DC-HP822 [administrator]

Protection: Enabled

10/9/2012 9:56:34 PM
mbam-log-2012-10-09 (21-56-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214261
Time elapsed: 3 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCR\bho_project.bho_object (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\bho_project.bho_object.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\DC\Local Settings\Temporary Internet Files\Content.IE5\SEA0WNAX\5071e026799aa[1].exe (Adware.Dropper) -> Quarantined and deleted successfully.

(end)
GMER LOG:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-09 22:43:30
Windows 6.1.7601 Service Pack 1
Running: 05fljbny.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb421f0be8
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb4228a699
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb421f0be8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb4228a699 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
 
DDS1 LOG: (OTL.txt & EXTRA.txt are together here in this post)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by DC at 22:51:27 on 2012-10-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4305 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\ISCTHidMonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\ISCTHidMonitor.exe
C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Download and Sa Class: {0d4892c1-54ff-1755-e610-ded2b791e8c9} - C:\ProgramData\Download and Sa\5071e02662739.ocx
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll"
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Google Update] "C:\Users\DC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [<NO NAME>]
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [BYRUA_AGENT] C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
TCP: Interfaces\{429C7986-6FC1-4048-992E-F6EFAF7F8C82} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{429C7986-6FC1-4048-992E-F6EFAF7F8C82}\55E69667562737964797F594E6E6 : DhcpNameServer = 172.17.0.1
TCP: Interfaces\{429C7986-6FC1-4048-992E-F6EFAF7F8C82}\74F6C64664963786D27657563747 : DhcpNameServer = 216.26.100.1
TCP: Interfaces\{5DD23F21-00E7-46FD-B621-DB489FF31912} : DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Download and Sa Class: {0D4892C1-54FF-1755-E610-DED2B791E8C9} - C:\ProgramData\Download and Sa\5071e02662739.ocx
BHO-X64: Download and Sa - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll
BHO-X64: TSBHO Class - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll"
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [(Default)]
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [BYRUA_AGENT] C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\DC\AppData\Roaming\Mozilla\Firefox\Profiles\ke6rohku.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\DC\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-2-24 89600]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-8-26 260424]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-4-25 197504]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-2-24 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-2-24 2375168]
R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2011-9-6 93696]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-9 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-9 676936]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-24 2656280]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\system32\DRIVERS\ATSwpWDF.sys --> C:\Windows\system32\DRIVERS\ATSwpWDF.sys [?]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\system32\DRIVERS\ISCTD64.sys --> C:\Windows\system32\DRIVERS\ISCTD64.sys [?]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
S3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2012-3-1 21504]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-8 113120]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;C:\Windows\system32\DRIVERS\lgvzandnetdiag64.sys --> C:\Windows\system32\DRIVERS\lgvzandnetdiag64.sys [?]
S3 vzandnetdiag2;LGE AndroidNet for VZW Diagnostics Port;C:\Windows\system32\DRIVERS\lgvzandnetdiag264.sys --> C:\Windows\system32\DRIVERS\lgvzandnetdiag264.sys [?]
S3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;C:\Windows\system32\DRIVERS\lgvzandnetmdm64.sys --> C:\Windows\system32\DRIVERS\lgvzandnetmdm64.sys [?]
S3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;C:\Windows\system32\DRIVERS\lgvzandnetndis64.sys --> C:\Windows\system32\DRIVERS\lgvzandnetndis64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-10 03:44:279308616----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C37EAA0E-D0D1-4EA6-8C88-4C51B20173D5}\mpengine.dll
2012-10-10 02:53:16--------d-----w-C:\Users\DC\AppData\Roaming\Malwarebytes
2012-10-10 02:52:48--------d-----w-C:\ProgramData\Malwarebytes
2012-10-10 02:52:4725928----a-w-C:\Windows\System32\drivers\mbam.sys
2012-10-10 02:52:46--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-09 20:30:11--------d-----w-C:\Users\DC\AppData\Local\{D67E781E-ABFE-415F-949A-6B0BAD418222}
2012-10-09 12:41:439308616----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-09 07:38:07--------d-----w-C:\Users\DC\AppData\Local\{381F6C9B-7A2E-4CAD-BE36-CB6CF31F6DEB}
2012-10-08 19:12:11--------d-----w-C:\Users\DC\AppData\Local\{7EE01BD0-A833-4AB7-8ABF-622D917697E9}
2012-10-08 06:29:17--------d-----w-C:\Users\DC\AppData\Local\{991719B3-44A9-4CCB-A56A-7BDE8BBC2AA4}
2012-10-07 20:01:27--------d-----w-C:\ProgramData\Premium
2012-10-07 19:58:15--------d-----w-C:\Users\DC\AppData\Roaming\SendSpace
2012-10-07 19:58:10--------d-----w-C:\ProgramData\Download and Sa
2012-10-07 19:57:46--------d-----w-C:\ProgramData\InstallMate
2012-10-07 18:29:05--------d-----w-C:\Users\DC\AppData\Local\{53C2C036-D650-430F-BE02-00A6C60CAE40}
2012-10-07 06:28:53--------d-----w-C:\Users\DC\AppData\Local\{5EE0F7AE-CA73-4F48-A1C8-C9F2253EB602}
2012-10-06 06:45:38972192------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BAB1742D-7C6F-4D94-A4F2-51A4985B7944}\gapaengine.dll
2012-10-06 06:34:24--------d-----w-C:\Users\DC\AppData\Local\{2BFC16E3-B7FE-408B-B210-1D3D688AD5D6}
2012-10-05 14:24:01--------d-----w-C:\Users\DC\AppData\Local\{93EA263C-50C8-40CF-8EE6-3E13C3EA220D}
2012-10-05 01:55:21--------d-----w-C:\Users\DC\AppData\Local\{F5470CB7-1BA0-4F25-85AF-B3504ADA3D8E}
2012-10-04 10:35:59--------d-----w-C:\Users\DC\AppData\Local\{946B55CA-FE38-4DDF-B979-961110B14796}
2012-10-03 17:05:54--------d-----w-C:\Users\DC\AppData\Local\{661CDC3F-81CD-42F5-93E1-888B358128CB}
2012-10-03 02:08:46--------d-----w-C:\Users\DC\AppData\Local\{46AC23DC-1948-406C-92B5-36949228C494}
2012-10-02 21:44:02--------d-----w-C:\Users\DC\AppData\Local\{6A3D760E-4C98-442D-8F85-5677F3EFE3D7}
2012-10-02 09:43:38--------d-----w-C:\Users\DC\AppData\Local\{F70ED8DB-E387-414F-8D25-C572C06C929B}
2012-10-01 19:22:48--------d-----w-C:\Users\DC\AppData\Local\{526E30A3-9690-4896-BB83-F69B8D420360}
2012-10-01 12:01:04--------d-----w-C:\Users\DC\AppData\Local\{4F4A48FA-F41F-4C62-9EE8-11BC8E995BAF}
2012-10-01 00:00:52--------d-----w-C:\Users\DC\AppData\Local\{F73FF9AD-32C2-4191-AD17-A9E356A53674}
2012-09-30 12:00:28--------d-----w-C:\Users\DC\AppData\Local\{B7A45663-42F9-49EB-B69F-21E529BEE8E3}
2012-09-29 22:36:09--------d-----w-C:\Users\DC\AppData\Local\{AA087B62-53EB-49F1-8E32-985394C0E3BE}
2012-09-29 10:35:45--------d-----w-C:\Users\DC\AppData\Local\{80287D98-463F-465D-A7C5-22713B33896E}
2012-09-28 19:32:50--------d-----w-C:\Users\DC\AppData\Local\{C594AEC2-84AD-469D-B8D4-DF64C04AF461}
2012-09-28 09:58:50--------d-----w-C:\Program Files (x86)\MSXML 4.0
2012-09-28 03:11:47--------d-----w-C:\Users\DC\AppData\Local\{DE2529AA-EFE1-4F57-8231-63A18A97E53E}
2012-09-27 13:37:15--------d-----w-C:\Users\DC\AppData\Local\{5E7F91FC-26C3-4FFE-BCF6-38980EEFC124}
2012-09-27 01:37:03--------d-----w-C:\Users\DC\AppData\Local\{2A93A993-7BC6-4A54-8E6F-D62C3BDC29FA}
2012-09-27 01:11:30--------d-----w-C:\Program Files (x86)\MindFusion Limited
2012-09-27 00:48:22--------d-----w-C:\Program Files (x86)\PCToolforSMS
2012-09-27 00:43:21--------d-----w-C:\Users\DC\AppData\Local\Wondershare
2012-09-27 00:43:19--------d-----w-C:\Program Files (x86)\Common Files\Wondershare
2012-09-27 00:43:10--------d-----w-C:\Users\DC\AppData\Roaming\Wondershare
2012-09-27 00:39:54--------d-----w-C:\LGMobileUpgrade
2012-09-27 00:39:431347584----a-w-C:\Users\DC\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
2012-09-26 13:36:39--------d-----w-C:\Users\DC\AppData\Local\{D333689B-1463-47BF-9C63-8E26A392A266}
2012-09-25 23:40:52245760----a-w-C:\Windows\System32\OxpsConverter.exe
2012-09-25 23:36:52--------d-----w-C:\Users\DC\AppData\Local\{D32FA130-C351-42A1-A57A-EBFC47D2B7FB}
2012-09-25 04:57:24--------d-----w-C:\Users\DC\AppData\Local\{971A9F65-383E-43D6-998F-0BE0D04D578D}
2012-09-24 16:57:00--------d-----w-C:\Users\DC\AppData\Local\{3A701527-34F3-4984-B82F-819CCD66DF48}
2012-09-24 14:30:26--------d-----w-C:\Users\DC\AppData\Local\{E73081CE-5F7E-4D2B-825E-83D2C31FAAD1}
2012-09-24 02:06:09--------d-----w-C:\Users\DC\AppData\Local\{ADB0529C-5424-4650-AF7F-F653A4F58AA2}
2012-09-23 12:25:50--------d-----w-C:\Users\DC\AppData\Local\{045E2512-CA9A-4792-9773-E485C957FF22}
2012-09-22 19:34:24--------d-----w-C:\Users\DC\AppData\Local\{9CF7ADA0-2133-4FBB-B674-B7C514182654}
2012-09-22 07:28:28--------d-----w-C:\Users\DC\AppData\Local\{94BBB1F4-73D6-4EF4-BA2E-10F2B82E8985}
2012-09-21 19:28:04--------d-----w-C:\Users\DC\AppData\Local\{9EA23508-DFAA-4646-972F-FE8206798F52}
2012-09-21 05:03:40--------d-----w-C:\Users\DC\AppData\Local\{C901AB15-EBE0-488E-AA9E-A28DA51854CE}
2012-09-20 17:03:15--------d-----w-C:\Users\DC\AppData\Local\{5D8006F3-2851-463B-B3ED-703EF2449F4C}
2012-09-20 05:02:32--------d-----w-C:\Users\DC\AppData\Local\{68EE5896-545A-41C5-9778-9A882CDCF50C}
2012-09-19 17:02:09--------d-----w-C:\Users\DC\AppData\Local\{3E1E6FB6-19AF-4BDC-AFBE-A734B12EB973}
2012-09-19 13:30:41--------d-----w-C:\Users\DC\AppData\Roaming\RealNetworks
2012-09-19 04:39:14--------d-----w-C:\Users\DC\AppData\Local\{23A1E7AC-DDF3-4694-B054-03A2F937CB81}
2012-09-19 03:18:33--------d-----w-C:\Program Files (x86)\GPLGS
2012-09-19 03:18:1087152----a-w-C:\Windows\System32\cpwmon64.dll
2012-09-19 03:18:09--------d-----w-C:\Program Files (x86)\Acro Software
2012-09-18 16:01:48--------d-----w-C:\Users\DC\AppData\Local\{CE45FF3F-F5E2-426C-A452-78E0EC6F2BB8}
2012-09-18 02:56:05--------d-----w-C:\Users\DC\AppData\Local\{DAFF5836-679D-4268-A453-77C73347F52A}
2012-09-17 10:47:56--------d-----w-C:\Users\DC\AppData\Local\{16216AA9-B0F5-45C7-A79D-EEB0460737FA}
2012-09-16 19:48:48--------d-----w-C:\Users\DC\AppData\Local\{38A16B19-24AB-4D14-872E-695EF590E97E}
2012-09-16 07:48:24--------d-----w-C:\Users\DC\AppData\Local\{50468537-4298-4BB3-B275-7734C5B00D3B}
2012-09-15 06:04:13--------d-----w-C:\Users\DC\AppData\Local\{247822D7-35E7-4E2F-8CB7-C94710CA404F}
2012-09-14 18:03:50--------d-----w-C:\Users\DC\AppData\Local\{011AE95D-AE59-40C0-BCE0-2D4004E31573}
2012-09-14 05:09:05--------d-----w-C:\Users\DC\AppData\Local\{22AD2049-570E-43CF-996A-09CED63F1307}
2012-09-13 17:57:46--------d-----r-C:\Program Files (x86)\Skype
2012-09-13 17:08:41--------d-----w-C:\Users\DC\AppData\Local\{C0A41809-1FFB-4CCC-A80C-ED7D704739D7}
2012-09-13 05:08:17--------d-----w-C:\Users\DC\AppData\Local\{BB1D9B49-C3DE-4452-83C7-7CAFD879CBF6}
2012-09-12 17:07:53--------d-----w-C:\Users\DC\AppData\Local\{7D8A940C-F8E0-4440-A8FE-589834992BF4}
2012-09-12 04:15:16--------d-----w-C:\Users\DC\AppData\Local\{64EA0384-5E41-4C7D-8261-C46DC8CAFFE4}
2012-09-12 02:58:49950128----a-w-C:\Windows\System32\drivers\ndis.sys
2012-09-12 02:58:4941472----a-w-C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 02:58:48574464----a-w-C:\Windows\System32\d3d10level9.dll
2012-09-12 02:58:47490496----a-w-C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 02:58:47376688----a-w-C:\Windows\System32\drivers\netio.sys
2012-09-12 02:58:47288624----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 02:58:471913200----a-w-C:\Windows\System32\drivers\tcpip.sys
2012-09-11 16:14:50--------d-----w-C:\Users\DC\AppData\Local\{C9F27255-0FED-46A9-BDC2-5993F946C6B4}
2012-09-11 01:08:44--------d-----w-C:\Users\DC\AppData\Local\{609C49E5-4710-40CB-830A-622473B1844B}
2012-09-10 18:13:0990112----a-r-C:\Users\DC\AppData\Roaming\Microsoft\Windows\Templates\I\LGUTchkdl.dll
2012-09-10 18:13:0924576----a-r-C:\Users\DC\AppData\Roaming\Microsoft\Windows\Templates\I\LGEUSBAutorun.dll
2012-09-10 10:55:28--------d-----w-C:\Users\DC\AppData\Local\{4DE21825-CB93-4058-9A69-782DA4D465FC}
.
==================== Find3M ====================
.
2012-08-31 03:03:48228768----a-w-C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 03:03:48128456----a-w-C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-24 10:31:322312704----a-w-C:\Windows\System32\jscript9.dll
2012-08-24 10:21:181392128----a-w-C:\Windows\System32\wininet.dll
2012-08-24 10:20:111494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29599040----a-w-C:\Windows\System32\vbscript.dll
2012-08-24 10:09:422382848----a-w-C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:171800704----a-w-C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:271129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:021427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12420864----a-w-C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:582382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-08-08 18:19:57348160----a-w-C:\Windows\SysWow64\msvcr71.dll
2012-08-08 18:19:56499712----a-w-C:\Windows\SysWow64\msvcp71.dll
2012-07-18 18:15:063148800----a-w-C:\Windows\System32\win32k.sys
.
============= FINISH: 22:51:47.96 ===============
 
ATTACH LOG

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/3/2012 1:09:34 AM
System Uptime: 10/9/2012 10:07:35 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 1793
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz | CPU1 | 2501/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 678 GiB total, 553.397 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 1.851 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 1.092 GiB free.
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP65: 9/22/2012 3:00:13 AM - Windows Update
RP66: 9/25/2012 3:55:44 AM - HPSF Restore Point
RP67: 9/25/2012 5:40:11 AM - HPSF Applying updates
RP68: 9/25/2012 6:46:32 PM - Windows Update
RP69: 9/26/2012 3:00:13 AM - Windows Update
RP70: 9/26/2012 7:46:14 PM - Device Driver Package Install: Google Corporation
RP71: 9/26/2012 7:46:57 PM - Device Driver Package Install: Google Corporation
RP72: 9/26/2012 8:11:15 PM - Installed Xml Viewer
RP73: 9/28/2012 4:58:26 AM - Windows Update
RP74: 10/1/2012 1:20:22 PM - Windows Update
RP75: 10/1/2012 2:18:37 PM - Restore Operation
RP76: 10/1/2012 2:25:14 PM - Windows Update
RP77: 10/1/2012 9:08:34 PM - Windows Update
RP78: 10/6/2012 1:44:26 AM - Windows Update
RP79: 10/8/2012 11:12:15 AM - HPSF Applying updates
RP80: 10/9/2012 7:41:06 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.0) MUI
Adobe Shockwave Player 11.6
Agatha Christie - Peril at End House
Apple Application Support
Apple Software Update
Bejeweled 3
Bing Bar
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Cake Mania
Chronicles of Albian
Chuzzle Deluxe
Cradle of Rome 2
CyberLink YouCam
D3DX10
DAEMON Tools Lite
Download and Sa
ESU for Microsoft Windows 7 SP1
Farm Frenzy
FATE
Google Chrome
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.1.2.0
HP CoolSense
HP Customer Experience Enhancements
HP Documentation
HP Games
HP On Screen Display
HP Power Manager
HP Product Detection
HP Quick Launch
HP QuickWeb
HP Recovery Manager
HP Setup
HP Setup Manager
HP SimplePass 2012
HP Software Framework
HP Support Assistant
IDT Audio
Intel PROSet Wireless
Intel(R) Identity Protection Technology 1.1.2.0
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) Smart Connect Technology 1.0
Intel(R) WiDi
Jewel Quest: The Sleepless Star - Collector's Edition
Junk Mail filter update
Kobo
LG Verizon United Drivers
Mah Jong Medley
Malwarebytes Anti-Malware version 1.65.0.1400
Mesh Runtime
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery of Mortlake Mansion
Namco All-Stars: PAC-MAN
OpenOffice.org 3.4
PC Tool for VeryAndroid SMS Backup 2.2
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
RealUpgrade 1.1
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype™ 5.10
Slingo Supreme
swMSM
The Sims 2 Pets
The Sims™ 2 Deluxe
The Sims™ 2 Seasons
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Vacation Quest - The Hawaiian Islands
VIP Access SDK (1.0.1.2)
Virtual Villagers 5 - New Believers
VLC media player 2.0.1
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (32-bit)
Xml Viewer
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
10/5/2012 4:26:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
.
==== End Of File ===========================
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.
 
Thanks so much! I didn't get anything from the ESET but I'm going to post the first scan's log anyway.

# AdwCleaner v2.004 - Logfile created 10/10/2012 at 14:33:05
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : DC - DC-HP822
# Boot Mode : Normal
# Running from : C:\Users\DC\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\DC\AppData\Roaming\Mozilla\Firefox\Profiles\ke6rohku.default\extensions\staged

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\DC\AppData\Roaming\Mozilla\Firefox\Profiles\ke6rohku.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.92

File : C:\Users\DC\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1750 octets] - [10/10/2012 14:33:05]

########## EOF - C:\AdwCleaner[S1].txt - [1810 octets] ##########
 
ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
I just ran the ComboFix here is the log

ComboFix 12-10-12.01 - DC 10/12/2012 8:30.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4346 [GMT -5:00]
Running from: c:\users\DC\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Download and Sa
c:\programdata\Download and Sa\5071e02662772.html
c:\programdata\Download and Sa\5071e026627aa.js
c:\programdata\Download and Sa\bajchmpbpdmdaggjiifbkmciomogigfn.crx
c:\programdata\Download and Sa\settings.ini
c:\programdata\Download and Sa\uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Download and Sa
c:\programdata\Microsoft\Windows\Start Menu\Programs\Download and Sa\Download and Sa.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Download and Sa\Uninstall.lnk
c:\programdata\Roaming
c:\users\Administrator\AppData\Roaming\JomCap.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-12 to 2012-10-12 )))))))))))))))))))))))))))))))
.
.
2012-10-12 13:35 . 2012-10-12 13:35--------d-----w-c:\users\Default\AppData\Local\temp
2012-10-12 10:11 . 2012-08-30 07:279308616----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75E92296-4A7B-4145-9502-95C4DF1F1169}\mpengine.dll
2012-10-11 10:00 . 2012-08-30 07:279308616----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-10 19:38 . 2012-10-10 19:38--------d-----w-c:\program files (x86)\ESET
2012-10-10 02:53 . 2012-10-10 02:53--------d-----w-c:\users\DC\AppData\Roaming\Malwarebytes
2012-10-10 02:52 . 2012-10-10 02:52--------d-----w-c:\programdata\Malwarebytes
2012-10-10 02:52 . 2012-09-07 22:0425928----a-w-c:\windows\system32\drivers\mbam.sys
2012-10-10 02:52 . 2012-10-10 02:52--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-07 19:58 . 2012-10-07 19:58--------d-----w-c:\users\DC\AppData\Roaming\SendSpace
2012-10-06 06:45 . 2012-10-01 21:30972192------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BAB1742D-7C6F-4D94-A4F2-51A4985B7944}\gapaengine.dll
2012-09-28 09:58 . 2012-09-28 09:58--------d-----w-c:\program files (x86)\MSXML 4.0
2012-09-27 00:48 . 2012-09-27 00:48--------d-----w-c:\program files (x86)\PCToolforSMS
2012-09-27 00:43 . 2012-09-27 00:43--------d-----w-c:\users\DC\AppData\Local\Wondershare
2012-09-27 00:43 . 2012-09-27 00:43--------d-----w-c:\program files (x86)\Common Files\Wondershare
2012-09-27 00:43 . 2012-09-27 00:43--------d-----w-c:\users\DC\AppData\Roaming\Wondershare
2012-09-27 00:39 . 2012-09-27 00:39--------d-----w-C:\LGMobileUpgrade
2012-09-27 00:39 . 2012-09-27 00:391347584----a-w-c:\users\DC\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
2012-09-25 23:40 . 2012-08-21 21:01245760----a-w-c:\windows\system32\OxpsConverter.exe
2012-09-19 13:30 . 2012-09-19 13:30--------d-----w-c:\users\DC\AppData\Roaming\RealNetworks
2012-09-19 03:18 . 2012-10-10 13:47--------d-----w-c:\program files (x86)\Acro Software
2012-09-13 17:57 . 2012-09-13 17:57--------d-----w-c:\program files (x86)\Common Files\Skype
2012-09-13 17:57 . 2012-09-13 17:57--------d-----r-c:\program files (x86)\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 08:03 . 2012-06-24 18:4665309168----a-w-c:\windows\system32\MRT.exe
2012-10-01 21:30 . 2012-06-13 00:37972192------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-27 00:39 . 2012-07-06 21:3298304----a-w-c:\users\DC\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll
2012-09-27 00:39 . 2012-07-06 21:3224576----a-w-c:\users\DC\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll
2012-08-31 03:03 . 2012-08-31 03:03228768----a-w-c:\windows\system32\drivers\MpFilter.sys
2012-08-31 03:03 . 2012-03-21 01:44128456----a-w-c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-22 18:12 . 2012-09-12 02:581913200----a-w-c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 02:58950128----a-w-c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 02:58376688----a-w-c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 02:58288624----a-w-c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 04:23 . 2012-08-21 04:218795216----a-w-c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-08-20 17:38 . 2012-10-09 23:1944032----a-w-c:\windows\apppatch\acwow64.dll
2012-08-08 18:19 . 2003-02-21 12:42348160----a-w-c:\windows\SysWow64\msvcr71.dll
2012-08-08 18:19 . 2003-03-19 04:14499712----a-w-c:\windows\SysWow64\msvcp71.dll
2012-08-02 17:58 . 2012-09-12 02:58574464----a-w-c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 02:58490496----a-w-c:\windows\SysWow64\d3d10level9.dll
2012-07-18 18:15 . 2012-08-15 12:083148800----a-w-c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-15 113288]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-09-02 169528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-08-08 296096]
"BYRUA_AGENT"="c:\lgmobileupgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe" [2012-09-24 392312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-03-08 51712]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-05-28 52320]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-10 60416]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-08-05 34200]
R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2012-03-02 29184]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\DRIVERS\lgvzandnetdiag64.sys [2012-05-09 29696]
R3 vzandnetdiag2;LGE AndroidNet for VZW Diagnostics Port;c:\windows\system32\DRIVERS\lgvzandnetdiag264.sys [2012-05-09 29696]
R3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\DRIVERS\lgvzandnetmdm64.sys [2012-05-09 36864]
R3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgvzandnetndis64.sys [2012-05-09 94208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-04 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-12 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 1166848]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-08-26 260424]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-04-25 197504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-08-24 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files (x86)\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2011-09-06 93696]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [2011-08-30 1050016]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys [2011-09-06 44992]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-08-05 25496]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-04 8604672]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-06-11 91648]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-06-11 208896]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-31 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2632249507-4276905549-3884253506-1000Core.job
- c:\users\DC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-03 07:12]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2632249507-4276905549-3884253506-1000UA.job
- c:\users\DC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-03 07:12]
.
2012-09-25 c:\windows\Tasks\HPCeeScheduleForDC.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-08-16 1424896]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\DC\AppData\Roaming\Mozilla\Firefox\Profiles\ke6rohku.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0D4892C1-54FF-1755-E610-DED2B791E8C9} - c:\programdata\Download and Sa\5071e02662739.ocx
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{20E7BC40-33F6-4A81-9D52-B58349326206} - c:\programdata\Download and Sa\uninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-12 08:37:34
ComboFix-quarantined-files.txt 2012-10-12 13:37
.
Pre-Run: 594,207,264,768 bytes free
Post-Run: 594,470,653,952 bytes free
.
- - End Of File - - 5D57232ABFF0FB40639B78672FC73871
 
ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death
 
Hello, are you still with us? Please update us with the state of your situation, so we know how to continue from here.

We'd still like to help. Topic marked inactive, until your return.
 
You must log in or register to reply here.

Similar threads

L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back