TechSpot

Adware:Win32/Adkubru will not get out!

By dchoi303
Oct 10, 2012
  1. I get the following virus reading from MSE: Adware:Win32/Adkubru (Category: Adware

    Description: This program displays pop-up advertisements.)

    MBAM LOG:
    Malwarebytes Anti-Malware (Trial) 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.10.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    DC :: DC-HP822 [administrator]

    Protection: Enabled

    10/9/2012 9:56:34 PM
    mbam-log-2012-10-09 (21-56-34).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 214261
    Time elapsed: 3 minute(s), 26 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 3
    HKCR\bho_project.bho_object (Trojan.BHO) -> Quarantined and deleted successfully.
    HKCR\bho_project.bho_object.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\DC\Local Settings\Temporary Internet Files\Content.IE5\SEA0WNAX\5071e026799aa[1].exe (Adware.Dropper) -> Quarantined and deleted successfully.

    (end)
    GMER LOG:
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-10-09 22:43:30
    Windows 6.1.7601 Service Pack 1
    Running: 05fljbny.exe
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb421f0be8
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb4228a699
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb421f0be8 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb4228a699 (not active ControlSet)
    ---- EOF - GMER 1.0.15 ----
     
  2. dchoi303

    dchoi303 TS Rookie Topic Starter

    DDS1 LOG: (OTL.txt & EXTRA.txt are together here in this post)

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by DC at 22:51:27 on 2012-10-09
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4305 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k WbioSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\ISCTHidMonitor.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\ISCTHidMonitor.exe
    C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Microsoft Device Center\itype.exe
    C:\Program Files\Microsoft Device Center\ipoint.exe
    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: Download and Sa Class: {0d4892c1-54ff-1755-e610-ded2b791e8c9} - C:\ProgramData\Download and Sa\5071e02662739.ocx
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll"
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    uRun: [Google Update] "C:\Users\DC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [<NO NAME>]
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    mRun: [BYRUA_AGENT] C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    TCP: Interfaces\{429C7986-6FC1-4048-992E-F6EFAF7F8C82} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{429C7986-6FC1-4048-992E-F6EFAF7F8C82}\55E69667562737964797F594E6E6 : DhcpNameServer = 172.17.0.1
    TCP: Interfaces\{429C7986-6FC1-4048-992E-F6EFAF7F8C82}\74F6C64664963786D27657563747 : DhcpNameServer = 216.26.100.1
    TCP: Interfaces\{5DD23F21-00E7-46FD-B621-DB489FF31912} : DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Download and Sa Class: {0D4892C1-54FF-1755-E610-DED2B791E8C9} - C:\ProgramData\Download and Sa\5071e02662739.ocx
    BHO-X64: Download and Sa - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll
    BHO-X64: TSBHO Class - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll"
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun-x64: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun-x64: [(Default)]
    mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    mRun-x64: [BYRUA_AGENT] C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\DC\AppData\Roaming\Mozilla\Firefox\Profiles\ke6rohku.default\
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\DC\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-2-24 89600]
    R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]
    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
    R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-8-26 260424]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-4-25 197504]
    R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-2-24 13592]
    R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-2-24 2375168]
    R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2011-9-6 93696]
    R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-9 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-9 676936]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-24 2656280]
    R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
    R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\system32\DRIVERS\ATSwpWDF.sys --> C:\Windows\system32\DRIVERS\ATSwpWDF.sys [?]
    R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
    R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\system32\DRIVERS\ISCTD64.sys --> C:\Windows\system32\DRIVERS\ISCTD64.sys [?]
    R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
    S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
    S3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
    S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]
    S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2012-3-1 21504]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-8 113120]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;C:\Windows\system32\DRIVERS\lgvzandnetdiag64.sys --> C:\Windows\system32\DRIVERS\lgvzandnetdiag64.sys [?]
    S3 vzandnetdiag2;LGE AndroidNet for VZW Diagnostics Port;C:\Windows\system32\DRIVERS\lgvzandnetdiag264.sys --> C:\Windows\system32\DRIVERS\lgvzandnetdiag264.sys [?]
    S3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;C:\Windows\system32\DRIVERS\lgvzandnetmdm64.sys --> C:\Windows\system32\DRIVERS\lgvzandnetmdm64.sys [?]
    S3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;C:\Windows\system32\DRIVERS\lgvzandnetndis64.sys --> C:\Windows\system32\DRIVERS\lgvzandnetndis64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-10-10 03:44:279308616----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C37EAA0E-D0D1-4EA6-8C88-4C51B20173D5}\mpengine.dll
    2012-10-10 02:53:16--------d-----w-C:\Users\DC\AppData\Roaming\Malwarebytes
    2012-10-10 02:52:48--------d-----w-C:\ProgramData\Malwarebytes
    2012-10-10 02:52:4725928----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-10-10 02:52:46--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-10-09 20:30:11--------d-----w-C:\Users\DC\AppData\Local\{D67E781E-ABFE-415F-949A-6B0BAD418222}
    2012-10-09 12:41:439308616----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-10-09 07:38:07--------d-----w-C:\Users\DC\AppData\Local\{381F6C9B-7A2E-4CAD-BE36-CB6CF31F6DEB}
    2012-10-08 19:12:11--------d-----w-C:\Users\DC\AppData\Local\{7EE01BD0-A833-4AB7-8ABF-622D917697E9}
    2012-10-08 06:29:17--------d-----w-C:\Users\DC\AppData\Local\{991719B3-44A9-4CCB-A56A-7BDE8BBC2AA4}
    2012-10-07 20:01:27--------d-----w-C:\ProgramData\Premium
    2012-10-07 19:58:15--------d-----w-C:\Users\DC\AppData\Roaming\SendSpace
    2012-10-07 19:58:10--------d-----w-C:\ProgramData\Download and Sa
    2012-10-07 19:57:46--------d-----w-C:\ProgramData\InstallMate
    2012-10-07 18:29:05--------d-----w-C:\Users\DC\AppData\Local\{53C2C036-D650-430F-BE02-00A6C60CAE40}
    2012-10-07 06:28:53--------d-----w-C:\Users\DC\AppData\Local\{5EE0F7AE-CA73-4F48-A1C8-C9F2253EB602}
    2012-10-06 06:45:38972192------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BAB1742D-7C6F-4D94-A4F2-51A4985B7944}\gapaengine.dll
    2012-10-06 06:34:24--------d-----w-C:\Users\DC\AppData\Local\{2BFC16E3-B7FE-408B-B210-1D3D688AD5D6}
    2012-10-05 14:24:01--------d-----w-C:\Users\DC\AppData\Local\{93EA263C-50C8-40CF-8EE6-3E13C3EA220D}
    2012-10-05 01:55:21--------d-----w-C:\Users\DC\AppData\Local\{F5470CB7-1BA0-4F25-85AF-B3504ADA3D8E}
    2012-10-04 10:35:59--------d-----w-C:\Users\DC\AppData\Local\{946B55CA-FE38-4DDF-B979-961110B14796}
    2012-10-03 17:05:54--------d-----w-C:\Users\DC\AppData\Local\{661CDC3F-81CD-42F5-93E1-888B358128CB}
    2012-10-03 02:08:46--------d-----w-C:\Users\DC\AppData\Local\{46AC23DC-1948-406C-92B5-36949228C494}
    2012-10-02 21:44:02--------d-----w-C:\Users\DC\AppData\Local\{6A3D760E-4C98-442D-8F85-5677F3EFE3D7}
    2012-10-02 09:43:38--------d-----w-C:\Users\DC\AppData\Local\{F70ED8DB-E387-414F-8D25-C572C06C929B}
    2012-10-01 19:22:48--------d-----w-C:\Users\DC\AppData\Local\{526E30A3-9690-4896-BB83-F69B8D420360}
    2012-10-01 12:01:04--------d-----w-C:\Users\DC\AppData\Local\{4F4A48FA-F41F-4C62-9EE8-11BC8E995BAF}
    2012-10-01 00:00:52--------d-----w-C:\Users\DC\AppData\Local\{F73FF9AD-32C2-4191-AD17-A9E356A53674}
    2012-09-30 12:00:28--------d-----w-C:\Users\DC\AppData\Local\{B7A45663-42F9-49EB-B69F-21E529BEE8E3}
    2012-09-29 22:36:09--------d-----w-C:\Users\DC\AppData\Local\{AA087B62-53EB-49F1-8E32-985394C0E3BE}
    2012-09-29 10:35:45--------d-----w-C:\Users\DC\AppData\Local\{80287D98-463F-465D-A7C5-22713B33896E}
    2012-09-28 19:32:50--------d-----w-C:\Users\DC\AppData\Local\{C594AEC2-84AD-469D-B8D4-DF64C04AF461}
    2012-09-28 09:58:50--------d-----w-C:\Program Files (x86)\MSXML 4.0
    2012-09-28 03:11:47--------d-----w-C:\Users\DC\AppData\Local\{DE2529AA-EFE1-4F57-8231-63A18A97E53E}
    2012-09-27 13:37:15--------d-----w-C:\Users\DC\AppData\Local\{5E7F91FC-26C3-4FFE-BCF6-38980EEFC124}
    2012-09-27 01:37:03--------d-----w-C:\Users\DC\AppData\Local\{2A93A993-7BC6-4A54-8E6F-D62C3BDC29FA}
    2012-09-27 01:11:30--------d-----w-C:\Program Files (x86)\MindFusion Limited
    2012-09-27 00:48:22--------d-----w-C:\Program Files (x86)\PCToolforSMS
    2012-09-27 00:43:21--------d-----w-C:\Users\DC\AppData\Local\Wondershare
    2012-09-27 00:43:19--------d-----w-C:\Program Files (x86)\Common Files\Wondershare
    2012-09-27 00:43:10--------d-----w-C:\Users\DC\AppData\Roaming\Wondershare
    2012-09-27 00:39:54--------d-----w-C:\LGMobileUpgrade
    2012-09-27 00:39:431347584----a-w-C:\Users\DC\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
    2012-09-26 13:36:39--------d-----w-C:\Users\DC\AppData\Local\{D333689B-1463-47BF-9C63-8E26A392A266}
    2012-09-25 23:40:52245760----a-w-C:\Windows\System32\OxpsConverter.exe
    2012-09-25 23:36:52--------d-----w-C:\Users\DC\AppData\Local\{D32FA130-C351-42A1-A57A-EBFC47D2B7FB}
    2012-09-25 04:57:24--------d-----w-C:\Users\DC\AppData\Local\{971A9F65-383E-43D6-998F-0BE0D04D578D}
    2012-09-24 16:57:00--------d-----w-C:\Users\DC\AppData\Local\{3A701527-34F3-4984-B82F-819CCD66DF48}
    2012-09-24 14:30:26--------d-----w-C:\Users\DC\AppData\Local\{E73081CE-5F7E-4D2B-825E-83D2C31FAAD1}
    2012-09-24 02:06:09--------d-----w-C:\Users\DC\AppData\Local\{ADB0529C-5424-4650-AF7F-F653A4F58AA2}
    2012-09-23 12:25:50--------d-----w-C:\Users\DC\AppData\Local\{045E2512-CA9A-4792-9773-E485C957FF22}
    2012-09-22 19:34:24--------d-----w-C:\Users\DC\AppData\Local\{9CF7ADA0-2133-4FBB-B674-B7C514182654}
    2012-09-22 07:28:28--------d-----w-C:\Users\DC\AppData\Local\{94BBB1F4-73D6-4EF4-BA2E-10F2B82E8985}
    2012-09-21 19:28:04--------d-----w-C:\Users\DC\AppData\Local\{9EA23508-DFAA-4646-972F-FE8206798F52}
    2012-09-21 05:03:40--------d-----w-C:\Users\DC\AppData\Local\{C901AB15-EBE0-488E-AA9E-A28DA51854CE}
    2012-09-20 17:03:15--------d-----w-C:\Users\DC\AppData\Local\{5D8006F3-2851-463B-B3ED-703EF2449F4C}
    2012-09-20 05:02:32--------d-----w-C:\Users\DC\AppData\Local\{68EE5896-545A-41C5-9778-9A882CDCF50C}
    2012-09-19 17:02:09--------d-----w-C:\Users\DC\AppData\Local\{3E1E6FB6-19AF-4BDC-AFBE-A734B12EB973}
    2012-09-19 13:30:41--------d-----w-C:\Users\DC\AppData\Roaming\RealNetworks
    2012-09-19 04:39:14--------d-----w-C:\Users\DC\AppData\Local\{23A1E7AC-DDF3-4694-B054-03A2F937CB81}
    2012-09-19 03:18:33--------d-----w-C:\Program Files (x86)\GPLGS
    2012-09-19 03:18:1087152----a-w-C:\Windows\System32\cpwmon64.dll
    2012-09-19 03:18:09--------d-----w-C:\Program Files (x86)\Acro Software
    2012-09-18 16:01:48--------d-----w-C:\Users\DC\AppData\Local\{CE45FF3F-F5E2-426C-A452-78E0EC6F2BB8}
    2012-09-18 02:56:05--------d-----w-C:\Users\DC\AppData\Local\{DAFF5836-679D-4268-A453-77C73347F52A}
    2012-09-17 10:47:56--------d-----w-C:\Users\DC\AppData\Local\{16216AA9-B0F5-45C7-A79D-EEB0460737FA}
    2012-09-16 19:48:48--------d-----w-C:\Users\DC\AppData\Local\{38A16B19-24AB-4D14-872E-695EF590E97E}
    2012-09-16 07:48:24--------d-----w-C:\Users\DC\AppData\Local\{50468537-4298-4BB3-B275-7734C5B00D3B}
    2012-09-15 06:04:13--------d-----w-C:\Users\DC\AppData\Local\{247822D7-35E7-4E2F-8CB7-C94710CA404F}
    2012-09-14 18:03:50--------d-----w-C:\Users\DC\AppData\Local\{011AE95D-AE59-40C0-BCE0-2D4004E31573}
    2012-09-14 05:09:05--------d-----w-C:\Users\DC\AppData\Local\{22AD2049-570E-43CF-996A-09CED63F1307}
    2012-09-13 17:57:46--------d-----r-C:\Program Files (x86)\Skype
    2012-09-13 17:08:41--------d-----w-C:\Users\DC\AppData\Local\{C0A41809-1FFB-4CCC-A80C-ED7D704739D7}
    2012-09-13 05:08:17--------d-----w-C:\Users\DC\AppData\Local\{BB1D9B49-C3DE-4452-83C7-7CAFD879CBF6}
    2012-09-12 17:07:53--------d-----w-C:\Users\DC\AppData\Local\{7D8A940C-F8E0-4440-A8FE-589834992BF4}
    2012-09-12 04:15:16--------d-----w-C:\Users\DC\AppData\Local\{64EA0384-5E41-4C7D-8261-C46DC8CAFFE4}
    2012-09-12 02:58:49950128----a-w-C:\Windows\System32\drivers\ndis.sys
    2012-09-12 02:58:4941472----a-w-C:\Windows\System32\drivers\RNDISMP.sys
    2012-09-12 02:58:48574464----a-w-C:\Windows\System32\d3d10level9.dll
    2012-09-12 02:58:47490496----a-w-C:\Windows\SysWow64\d3d10level9.dll
    2012-09-12 02:58:47376688----a-w-C:\Windows\System32\drivers\netio.sys
    2012-09-12 02:58:47288624----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-09-12 02:58:471913200----a-w-C:\Windows\System32\drivers\tcpip.sys
    2012-09-11 16:14:50--------d-----w-C:\Users\DC\AppData\Local\{C9F27255-0FED-46A9-BDC2-5993F946C6B4}
    2012-09-11 01:08:44--------d-----w-C:\Users\DC\AppData\Local\{609C49E5-4710-40CB-830A-622473B1844B}
    2012-09-10 18:13:0990112----a-r-C:\Users\DC\AppData\Roaming\Microsoft\Windows\Templates\I\LGUTchkdl.dll
    2012-09-10 18:13:0924576----a-r-C:\Users\DC\AppData\Roaming\Microsoft\Windows\Templates\I\LGEUSBAutorun.dll
    2012-09-10 10:55:28--------d-----w-C:\Users\DC\AppData\Local\{4DE21825-CB93-4058-9A69-782DA4D465FC}
    .
    ==================== Find3M ====================
    .
    2012-08-31 03:03:48228768----a-w-C:\Windows\System32\drivers\MpFilter.sys
    2012-08-31 03:03:48128456----a-w-C:\Windows\System32\drivers\NisDrvWFP.sys
    2012-08-24 10:31:322312704----a-w-C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:181392128----a-w-C:\Windows\System32\wininet.dll
    2012-08-24 10:20:111494528----a-w-C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45173056----a-w-C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29599040----a-w-C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:422382848----a-w-C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:171800704----a-w-C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:271129472----a-w-C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:021427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12420864----a-w-C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:582382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-08-08 18:19:57348160----a-w-C:\Windows\SysWow64\msvcr71.dll
    2012-08-08 18:19:56499712----a-w-C:\Windows\SysWow64\msvcp71.dll
    2012-07-18 18:15:063148800----a-w-C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 22:51:47.96 ===============
     
  3. dchoi303

    dchoi303 TS Rookie Topic Starter

    ATTACH LOG

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/3/2012 1:09:34 AM
    System Uptime: 10/9/2012 10:07:35 PM (0 hours ago)
    .
    Motherboard: Hewlett-Packard | | 1793
    Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz | CPU1 | 2501/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 678 GiB total, 553.397 GiB free.
    D: is FIXED (NTFS) - 17 GiB total, 1.851 GiB free.
    E: is FIXED (FAT32) - 4 GiB total, 1.092 GiB free.
    F: is CDROM ()
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP65: 9/22/2012 3:00:13 AM - Windows Update
    RP66: 9/25/2012 3:55:44 AM - HPSF Restore Point
    RP67: 9/25/2012 5:40:11 AM - HPSF Applying updates
    RP68: 9/25/2012 6:46:32 PM - Windows Update
    RP69: 9/26/2012 3:00:13 AM - Windows Update
    RP70: 9/26/2012 7:46:14 PM - Device Driver Package Install: Google Corporation
    RP71: 9/26/2012 7:46:57 PM - Device Driver Package Install: Google Corporation
    RP72: 9/26/2012 8:11:15 PM - Installed Xml Viewer
    RP73: 9/28/2012 4:58:26 AM - Windows Update
    RP74: 10/1/2012 1:20:22 PM - Windows Update
    RP75: 10/1/2012 2:18:37 PM - Restore Operation
    RP76: 10/1/2012 2:25:14 PM - Windows Update
    RP77: 10/1/2012 9:08:34 PM - Windows Update
    RP78: 10/6/2012 1:44:26 AM - Windows Update
    RP79: 10/8/2012 11:12:15 AM - HPSF Applying updates
    RP80: 10/9/2012 7:41:06 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe Flash Player 10 ActiveX
    Adobe Reader X (10.1.0) MUI
    Adobe Shockwave Player 11.6
    Agatha Christie - Peril at End House
    Apple Application Support
    Apple Software Update
    Bejeweled 3
    Bing Bar
    Blackhawk Striker 2
    Blasterball 3
    Blio
    Bounce Symphony
    Cake Mania
    Chronicles of Albian
    Chuzzle Deluxe
    Cradle of Rome 2
    CyberLink YouCam
    D3DX10
    DAEMON Tools Lite
    Download and Sa
    ESU for Microsoft Windows 7 SP1
    Farm Frenzy
    FATE
    Google Chrome
    Governor of Poker 2 Premium Edition
    Hewlett-Packard ACLM.NET v1.1.2.0
    HP CoolSense
    HP Customer Experience Enhancements
    HP Documentation
    HP Games
    HP On Screen Display
    HP Power Manager
    HP Product Detection
    HP Quick Launch
    HP QuickWeb
    HP Recovery Manager
    HP Setup
    HP Setup Manager
    HP SimplePass 2012
    HP Software Framework
    HP Support Assistant
    IDT Audio
    Intel PROSet Wireless
    Intel(R) Identity Protection Technology 1.1.2.0
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Intel(R) Smart Connect Technology 1.0
    Intel(R) WiDi
    Jewel Quest: The Sleepless Star - Collector's Edition
    Junk Mail filter update
    Kobo
    LG Verizon United Drivers
    Mah Jong Medley
    Malwarebytes Anti-Malware version 1.65.0.1400
    Mesh Runtime
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft WSE 3.0 Runtime
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery of Mortlake Mansion
    Namco All-Stars: PAC-MAN
    OpenOffice.org 3.4
    PC Tool for VeryAndroid SMS Backup 2.2
    Penguins!
    Plants vs. Zombies - Game of the Year
    PlayReady PC Runtime x86
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek Ethernet Controller Driver
    Realtek PCIE Card Reader
    RealUpgrade 1.1
    Renesas Electronics USB 3.0 Host Controller Driver
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Skype™ 5.10
    Slingo Supreme
    swMSM
    The Sims 2 Pets
    The Sims™ 2 Deluxe
    The Sims™ 2 Seasons
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update Installer for WildTangent Games App
    Vacation Quest - The Hawaiian Islands
    VIP Access SDK (1.0.1.2)
    Virtual Villagers 5 - New Believers
    VLC media player 2.0.1
    WildTangent Games App (HP Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 4.20 (32-bit)
    Xml Viewer
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/5/2012 4:26:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
    .
    ==== End Of File ===========================
     
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.
     
  5. dchoi303

    dchoi303 TS Rookie Topic Starter

    Thanks so much! I didn't get anything from the ESET but I'm going to post the first scan's log anyway.

    # AdwCleaner v2.004 - Logfile created 10/10/2012 at 14:33:05
    # Updated 06/10/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : DC - DC-HP822
    # Boot Mode : Normal
    # Running from : C:\Users\DC\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\Program Files (x86)\OApps
    Folder Deleted : C:\ProgramData\InstallMate
    Folder Deleted : C:\ProgramData\Premium
    Folder Deleted : C:\Users\DC\AppData\Roaming\Mozilla\Firefox\Profiles\ke6rohku.default\extensions\staged

    ***** [Registry] *****

    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Registry is clean.

    -\\ Mozilla Firefox v14.0.1 (en-US)

    Profile name : default
    File : C:\Users\DC\AppData\Roaming\Mozilla\Firefox\Profiles\ke6rohku.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v22.0.1229.92

    File : C:\Users\DC\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [1750 octets] - [10/10/2012 14:33:05]

    ########## EOF - C:\AdwCleaner[S1].txt - [1810 octets] ##########
     
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
     
  7. dchoi303

    dchoi303 TS Rookie Topic Starter

    I just ran the ComboFix here is the log

    ComboFix 12-10-12.01 - DC 10/12/2012 8:30.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4346 [GMT -5:00]
    Running from: c:\users\DC\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\programdata\Download and Sa
    c:\programdata\Download and Sa\5071e02662772.html
    c:\programdata\Download and Sa\5071e026627aa.js
    c:\programdata\Download and Sa\bajchmpbpdmdaggjiifbkmciomogigfn.crx
    c:\programdata\Download and Sa\settings.ini
    c:\programdata\Download and Sa\uninstall.exe
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Download and Sa
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Download and Sa\Download and Sa.lnk
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Download and Sa\Uninstall.lnk
    c:\programdata\Roaming
    c:\users\Administrator\AppData\Roaming\JomCap.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-12 to 2012-10-12 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-12 13:35 . 2012-10-12 13:35--------d-----w-c:\users\Default\AppData\Local\temp
    2012-10-12 10:11 . 2012-08-30 07:279308616----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75E92296-4A7B-4145-9502-95C4DF1F1169}\mpengine.dll
    2012-10-11 10:00 . 2012-08-30 07:279308616----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-10-10 19:38 . 2012-10-10 19:38--------d-----w-c:\program files (x86)\ESET
    2012-10-10 02:53 . 2012-10-10 02:53--------d-----w-c:\users\DC\AppData\Roaming\Malwarebytes
    2012-10-10 02:52 . 2012-10-10 02:52--------d-----w-c:\programdata\Malwarebytes
    2012-10-10 02:52 . 2012-09-07 22:0425928----a-w-c:\windows\system32\drivers\mbam.sys
    2012-10-10 02:52 . 2012-10-10 02:52--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-10-07 19:58 . 2012-10-07 19:58--------d-----w-c:\users\DC\AppData\Roaming\SendSpace
    2012-10-06 06:45 . 2012-10-01 21:30972192------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BAB1742D-7C6F-4D94-A4F2-51A4985B7944}\gapaengine.dll
    2012-09-28 09:58 . 2012-09-28 09:58--------d-----w-c:\program files (x86)\MSXML 4.0
    2012-09-27 00:48 . 2012-09-27 00:48--------d-----w-c:\program files (x86)\PCToolforSMS
    2012-09-27 00:43 . 2012-09-27 00:43--------d-----w-c:\users\DC\AppData\Local\Wondershare
    2012-09-27 00:43 . 2012-09-27 00:43--------d-----w-c:\program files (x86)\Common Files\Wondershare
    2012-09-27 00:43 . 2012-09-27 00:43--------d-----w-c:\users\DC\AppData\Roaming\Wondershare
    2012-09-27 00:39 . 2012-09-27 00:39--------d-----w-C:\LGMobileUpgrade
    2012-09-27 00:39 . 2012-09-27 00:391347584----a-w-c:\users\DC\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
    2012-09-25 23:40 . 2012-08-21 21:01245760----a-w-c:\windows\system32\OxpsConverter.exe
    2012-09-19 13:30 . 2012-09-19 13:30--------d-----w-c:\users\DC\AppData\Roaming\RealNetworks
    2012-09-19 03:18 . 2012-10-10 13:47--------d-----w-c:\program files (x86)\Acro Software
    2012-09-13 17:57 . 2012-09-13 17:57--------d-----w-c:\program files (x86)\Common Files\Skype
    2012-09-13 17:57 . 2012-09-13 17:57--------d-----r-c:\program files (x86)\Skype
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-10 08:03 . 2012-06-24 18:4665309168----a-w-c:\windows\system32\MRT.exe
    2012-10-01 21:30 . 2012-06-13 00:37972192------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-09-27 00:39 . 2012-07-06 21:3298304----a-w-c:\users\DC\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll
    2012-09-27 00:39 . 2012-07-06 21:3224576----a-w-c:\users\DC\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll
    2012-08-31 03:03 . 2012-08-31 03:03228768----a-w-c:\windows\system32\drivers\MpFilter.sys
    2012-08-31 03:03 . 2012-03-21 01:44128456----a-w-c:\windows\system32\drivers\NisDrvWFP.sys
    2012-08-22 18:12 . 2012-09-12 02:581913200----a-w-c:\windows\system32\drivers\tcpip.sys
    2012-08-22 18:12 . 2012-09-12 02:58950128----a-w-c:\windows\system32\drivers\ndis.sys
    2012-08-22 18:12 . 2012-09-12 02:58376688----a-w-c:\windows\system32\drivers\netio.sys
    2012-08-22 18:12 . 2012-09-12 02:58288624----a-w-c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-21 04:23 . 2012-08-21 04:218795216----a-w-c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
    2012-08-20 17:38 . 2012-10-09 23:1944032----a-w-c:\windows\apppatch\acwow64.dll
    2012-08-08 18:19 . 2003-02-21 12:42348160----a-w-c:\windows\SysWow64\msvcr71.dll
    2012-08-08 18:19 . 2003-03-19 04:14499712----a-w-c:\windows\SysWow64\msvcp71.dll
    2012-08-02 17:58 . 2012-09-12 02:58574464----a-w-c:\windows\system32\d3d10level9.dll
    2012-08-02 16:57 . 2012-09-12 02:58490496----a-w-c:\windows\SysWow64\d3d10level9.dll
    2012-07-18 18:15 . 2012-08-15 12:083148800----a-w-c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-15 113288]
    "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-09-02 169528]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
    "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-08-08 296096]
    "BYRUA_AGENT"="c:\lgmobileupgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe" [2012-09-24 392312]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer3"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
    R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-03-08 51712]
    R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
    R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-05-28 52320]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-10 60416]
    R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-08-05 34200]
    R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2012-03-02 29184]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
    R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\DRIVERS\lgvzandnetdiag64.sys [2012-05-09 29696]
    R3 vzandnetdiag2;LGE AndroidNet for VZW Diagnostics Port;c:\windows\system32\DRIVERS\lgvzandnetdiag264.sys [2012-05-09 29696]
    R3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\DRIVERS\lgvzandnetmdm64.sys [2012-05-09 36864]
    R3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgvzandnetndis64.sys [2012-05-09 94208]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-04 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-12 283200]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 1166848]
    S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
    S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
    S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
    S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-08-26 260424]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-04-25 197504]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-08-24 13592]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]
    S2 ISCTAgent;ISCT Always Updated Agent;c:\program files (x86)\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2011-09-06 93696]
    S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
    S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
    S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [2011-08-30 1050016]
    S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
    S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]
    S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys [2011-09-06 44992]
    S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-08-05 25496]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-04 8604672]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-06-11 91648]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-06-11 208896]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-31 338536]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2632249507-4276905549-3884253506-1000Core.job
    - c:\users\DC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-03 07:12]
    .
    2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2632249507-4276905549-3884253506-1000UA.job
    - c:\users\DC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-03 07:12]
    .
    2012-09-25 c:\windows\Tasks\HPCeeScheduleForDC.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
    "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-08-16 1424896]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
    "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]
    "IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
    "IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\DC\AppData\Roaming\Mozilla\Firefox\Profiles\ke6rohku.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{0D4892C1-54FF-1755-E610-DED2B791E8C9} - c:\programdata\Download and Sa\5071e02662739.ocx
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-{20E7BC40-33F6-4A81-9D52-B58349326206} - c:\programdata\Download and Sa\uninstall.exe
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-10-12 08:37:34
    ComboFix-quarantined-files.txt 2012-10-12 13:37
    .
    Pre-Run: 594,207,264,768 bytes free
    Post-Run: 594,470,653,952 bytes free
    .
    - - End Of File - - 5D57232ABFF0FB40639B78672FC73871
     
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.

    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
     
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello, are you still with us? Please update us with the state of your situation, so we know how to continue from here.

    We'd still like to help. Topic marked inactive, until your return.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...