TechSpot

Trojan cleaning assistance

Solved
By Ken Hornback
Sep 4, 2012
Topic Status:
Not open for further replies.
  1. When I ran the MS Essential Scan the following viruses were discovered and placed in Quarantined Items Folder (I didn't remove any of them)
    Trojan:Win64/sirefe/AA
    Trojan:Win64/sirefe/AC
    Trojan:Win64/sirefe/W
    Trojan:Win64/sirefe
    Trojan:Win64/sirefe/AF
    Trojan:Win64/sirefe/P
    Trojan:Win32/sirefe/AN
    Trojan:Win32/sirefe/AB
    ---end

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.09.04.11

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Ken's Home :: KENSHOME-HP [administrator]

    9/4/2012 6:43:04 PM
    mbam-log-2012-09-04 (18-43-04).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 235167
    Time elapsed: 4 minute(s), 40 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-09-04 19:29:10
    Windows 6.1.7601 Service Pack 1
    Running: 7mvxwj3t.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9cb70d9bde1b
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9cb70d9bde1b@000dfd4575f7 0x8E 0x04 0xC2 0x93 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\d0df9ade0c0a
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9cb70d9bde1b (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9cb70d9bde1b@000dfd4575f7 0x8E 0x04 0xC2 0x93 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\d0df9ade0c0a (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
    Run by Ken's Home at 19:34:04 on 2012-09-04
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.10015.7710 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\IDT\WDM\beats64.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
    C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Users\Ken's Home\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
    C:\Users\Ken's Home\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\ProgramData\U3\U3Launcher\LaunchU3.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files (x86)\AirPort\APAgent.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\SysWOW64\bgsvcgen.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Windows\system32\lxducoms.exe
    C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\RunDll32.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\SysWOW64\WinMsgBalloonServer.exe
    C:\Windows\SysWOW64\WinMsgBalloonClient.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Users\Ken's Home\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ken's Home\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ken's Home\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ken's Home\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ken's Home\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ken's Home\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ken's Home\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ken's Home\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ken's Home\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ken's Home\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ken's Home\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ken's Home\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ken's Home\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    uInternet Settings,ProxyOverride = localhost;192.168.*.*;*.local
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: CutePDF Editor Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: CutePDF Editor Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    uRun: [Google Update] "C:\Users\Ken's Home\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [MusicManager] "C:\Users\Ken's Home\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
    uRun: [GoogleChromeAutoLaunch_C1591774139DA8E508A8A4E3685A1565] "C:\Users\Ken's Home\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
    uRun: [ODBC] C:\Users\Ken's Home\AppData\Roaming\0E44E2.exe
    uRun: [wlmof] "C:\Windows\System32\rundll32.exe" "C:\Users\Ken's Home\AppData\Roaming\wlmof.dll",GetFunction
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\Users\KEN'SH~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Ken's Home\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\KEN'SH~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LAUNCH~1.LNK - C:\Users\Ken's Home\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHOTOF~1.LNK - C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
    LSP: mswsock.dll
    TCP: DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{058A6CA8-D28F-4327-8F94-DB794A917531} : DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{CD05D111-B871-4CC6-A5D0-87C8CC392839} : DhcpNameServer = 10.0.1.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: CutePDF Editor Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: CutePDF Editor Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun-x64: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 ahcix64s;ahcix64s;C:\Windows\system32\drivers\ahcix64s.sys --> C:\Windows\system32\drivers\ahcix64s.sys [?]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-3-13 89600]
    R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2011-5-13 128904]
    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-7-20 249648]
    R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 lxdu_device;lxdu_device;C:\Windows\system32\lxducoms.exe -service --> C:\Windows\system32\lxducoms.exe -service [?]
    R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-3-13 1128952]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-4 378472]
    R3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 tihub3;TI USB3 Hub Service;C:\Windows\system32\drivers\tihub3.sys --> C:\Windows\system32\drivers\tihub3.sys [?]
    R3 tixhci;TI XHCI Service;C:\Windows\system32\drivers\tixhci.sys --> C:\Windows\system32\drivers\tixhci.sys [?]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\drivers\usbfilter.sys --> C:\Windows\system32\drivers\usbfilter.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-8-1 195320]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-09-04 04:30:28--------d-----w-C:\Users\Ken's Home\AppData\Roaming\Malwarebytes
    2012-09-04 04:30:05--------d-----w-C:\ProgramData\Malwarebytes
    2012-09-04 04:30:0424904----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-09-04 04:30:03--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-04 03:13:35927800----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C34F8C7D-4E08-482B-A890-D03A9BADCA76}\gapaengine.dll
    2012-09-04 03:13:059310152----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2B5282D5-4CCA-4A12-BF30-4A287380DB5E}\mpengine.dll
    2012-09-04 03:07:33--------d-----w-C:\Program Files (x86)\Microsoft Security Client
    2012-09-04 03:07:30--------d-----w-C:\Program Files\Microsoft Security Client
    2012-09-04 02:40:49637440----a-w-C:\Users\Ken's Home\AppData\Roaming\wlmof.dll
    2012-08-25 16:42:25--------d-sh--w-C:\Users\Ken's Home\UserData
    2012-08-19 15:16:55--------d-----w-C:\Users\Ken's Home\AppData\Roaming\PhotoScape
    2012-08-19 15:16:40--------d-----w-C:\Program Files (x86)\PhotoScape
    2012-08-19 10:04:15552960----a-w-C:\Windows\System32\drivers\bthport.sys
    2012-08-18 14:59:31503808----a-w-C:\Windows\System32\srcore.dll
    2012-08-18 14:59:3143008----a-w-C:\Windows\SysWow64\srclient.dll
    2012-08-18 14:59:3059392----a-w-C:\Windows\System32\browcli.dll
    2012-08-18 14:59:3041984----a-w-C:\Windows\SysWow64\browcli.dll
    2012-08-18 14:59:303148800----a-w-C:\Windows\System32\win32k.sys
    2012-08-18 14:59:30136704----a-w-C:\Windows\System32\browser.dll
    2012-08-18 14:59:29956928----a-w-C:\Windows\System32\localspl.dll
    2012-08-18 14:59:29751104----a-w-C:\Windows\System32\win32spl.dll
    2012-08-18 14:59:2967072----a-w-C:\Windows\splwow64.exe
    2012-08-18 14:59:29559104----a-w-C:\Windows\System32\spoolsv.exe
    2012-08-18 14:59:29492032----a-w-C:\Windows\SysWow64\win32spl.dll
    .
    ==================== Find3M ====================
    .
    2012-09-04 02:42:1670344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-04 02:42:16426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-09 01:30:5690112----a-w-C:\Windows\SysWow64\WindowsAccessBridge.dll
    2012-07-09 01:30:5632768----a-w-C:\Windows\SysWow64\JAWTAccessBridge.dll
    2012-07-09 01:30:56167936----a-w-C:\Windows\SysWow64\JavaAccessBridge.dll
    2012-06-29 03:56:342312704----a-w-C:\Windows\System32\jscript9.dll
    2012-06-29 03:49:111392128----a-w-C:\Windows\System32\wininet.dll
    2012-06-29 03:48:071494528----a-w-C:\Windows\System32\inetcpl.cpl
    2012-06-29 03:43:49173056----a-w-C:\Windows\System32\ieUnatt.exe
    2012-06-29 03:39:482382848----a-w-C:\Windows\System32\mshtml.tlb
    2012-06-29 00:16:581800704----a-w-C:\Windows\SysWow64\jscript9.dll
    2012-06-29 00:09:011129472----a-w-C:\Windows\SysWow64\wininet.dll
    2012-06-29 00:08:591427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04:43142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00:452382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-06-27 13:49:312325599----a-w-C:\ProgramData\SPLA9A6.tmp
    2012-06-26 13:17:022325599----a-w-C:\ProgramData\SPLAB7A.tmp
    2012-06-26 04:57:462325599----a-w-C:\ProgramData\SPLE6A6.tmp
    .
    ============= FINISH: 19:34:25.61 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/11/2012 6:58:17 PM
    System Uptime: 9/4/2012 6:40:58 PM (1 hours ago)
    .
    Motherboard: Gigabyte | | 2AC8
    Processor: AMD FX(tm)-6100 Six-Core Processor | CPU 1 | 3300/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 1380 GiB total, 1289.601 GiB free.
    D: is FIXED (NTFS) - 17 GiB total, 2.128 GiB free.
    E: is CDROM ()
    G: is FIXED (NTFS) - 932 GiB total, 724.624 GiB free.
    H: is Removable
    I: is Removable
    J: is Removable
    K: is Removable
    L: is FIXED (FAT32) - 298 GiB total, 293.89 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP56: 7/31/2012 6:59:22 PM - Windows Update
    RP57: 8/2/2012 6:39:47 AM - HPSF Restore Point
    RP58: 8/10/2012 7:09:01 PM - Windows Update
    RP59: 8/18/2012 8:03:17 AM - Windows Update
    RP60: 8/19/2012 3:00:38 AM - Windows Update
    RP61: 8/24/2012 6:40:29 PM - Windows Update
    RP62: 9/1/2012 8:06:37 AM - Windows Update
    RP63: 9/1/2012 11:20:09 PM - HPSF Restore Point
    RP64: 9/3/2012 7:45:41 PM - Installed Java 7 Update 7
    RP65: 9/3/2012 7:56:34 PM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.4)
    AirPort
    Apple Application Support
    Apple Software Update
    Ask Toolbar
    Bejeweled 3
    Bing Bar
    Blackhawk Striker 2
    Blio
    Bubble Wrap
    Chuzzle Deluxe
    Compatibility Pack for the 2007 Office system
    Cradle of Rome 2
    CutePDF Editor Toolbar Updater
    D3DX10
    DirectX for Managed Code Update (Summer 2004)
    Dora's World Adventure
    Dropbox
    Facebook
    Farm Frenzy
    Farmscapes
    FATE
    Final Drive Fury
    Google Chrome
    Hewlett-Packard ACLM.NET v1.1.2.0
    Hoyle Card Games
    HP Calendar
    HP Clock
    HP Customer Experience Enhancements
    HP Games
    HP LinkUp
    HP Magic Canvas
    HP Magic Canvas Tutorials
    HP MovieStore
    HP Notes
    HP Odometer
    HP Product Detection
    HP RSS
    HP Setup
    HP Setup Manager
    HP Support Assistant
    HP Support Information
    HP TouchSmart Background - Beats
    HP TouchSmart RecipeBox
    HP Update
    HP Weather
    Java Auto Updater
    Java(TM) 7 Update 5
    JavaFX 2.1.1
    Jewel Match 3
    Jewel Quest Mysteries: The Seventh Gate Collector's Edition
    John Deere Drive Green
    Junk Mail filter update
    Kobo
    LabelPrint
    Letters from Nowhere 2
    Lexmark Printable Web
    Luxor HD
    Mah Jong Medley
    Malwarebytes Anti-Malware version 1.62.0.1300
    Mesh Runtime
    Metric Converter
    Microsoft Mathematics
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office File Validation Add-In
    Microsoft Office Standard Edition 2003
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft WSE 3.0 Runtime
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Music Manager
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    opensource
    PDF Complete Special Edition
    Penguins!
    PHOTOfunSTUDIO HD Edition
    PhotoScape
    Plants vs. Zombies - Game of the Year
    PlayReady PC Runtime x86
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PressReader
    RAIDXpert
    Recovery Manager
    Remote Graphics Receiver
    RollerCoaster Tycoon 3: Platinum
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    SkillSoft Course Manager
    Skype™ 5.5
    Spot
    Tap Tap Bear
    The Treasures of Mystery Island: The Ghost Ship
    Torchlight
    TSHostedAppLauncher
    U3Launcher
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update Installer for WildTangent Games App
    Virtual Villagers 4 - The Tree of Life
    WD Diagnostics
    WildTangent Games App (HP Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Zinio Reader 4
    Zuma's Revenge
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/4/2012 7:29:57 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    9/4/2012 7:29:57 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    9/4/2012 6:42:34 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    9/4/2012 6:41:43 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    9/4/2012 6:41:38 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    9/4/2012 6:41:38 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    9/3/2012 8:15:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.390.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: KensHome-HP\Ken's Home Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    9/3/2012 8:15:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.390.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: KensHome-HP\Ken's Home Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    9/3/2012 8:15:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.390.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: KensHome-HP\Ken's Home Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    9/3/2012 8:15:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.390.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: KensHome-HP\Ken's Home Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    9/3/2012 8:08:34 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/3/2012 8:07:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/1/2012 8:55:24 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
    .
    ==== End Of File ===========================
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Download Farbar Recovery Scan Tool and save it to a flash drive.

    Please make sure to download the 64-bit version.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there (if necessary)
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
  3. Ken Hornback

    Ken Hornback TS Rookie Topic Starter

    In reviewing the System Recover Options I noticed that it calls for me to insert the installation disc. My HP computer came with Win7 64 pre-loaded, so I don't have the physical install disc.
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    So, when you choose Repair your computer, it asks for the install disc?
  5. Ken Hornback

    Ken Hornback TS Rookie Topic Starter

    I haven't attempted the Repair yet, I was concerned about not being able to complete the activity without the install disc. Should I proceed with the Repair, even though I don't have the install disc? I will reach out to HP today and attempt have them forward me a copy, just in case I need it.
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Try this...

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  7. Ken Hornback

    Ken Hornback TS Rookie Topic Starter

    I have attached you will find copies of my logs from the FRST scan:
    Please review and advise me of additional actions required.

    Scan result of Farbar Recovery Scan Tool (x64) Version: 05-09-2012
    Ran by SYSTEM at 06-09-2012 18:59:49
    Running from N:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-12-23] (IDT, Inc.)
    HKLM\...\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe [37888 2011-12-23] (Hewlett-Packard )
    HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
    HKLM\...\Run: [lxdumon.exe] "C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [676520 2010-02-04] ()
    HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe" [131752 2010-02-04] (Lexmark International Inc.)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1564872 2012-06-06] (Ask)
    HKLM-x32\...\Run: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe" [771360 2009-11-11] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
    HKU\Ken's Home\...\Run: [Google Update] "C:\Users\Ken's Home\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-05-12] (Google Inc.)
    HKU\Ken's Home\...\Run: [MusicManager] "C:\Users\Ken's Home\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [7316480 2012-08-15] (Google Inc.)
    HKU\Ken's Home\...\Run: [GoogleChromeAutoLaunch_C1591774139DA8E508A8A4E3685A1565] "C:\Users\Ken's Home\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window [1229848 2012-08-29] (Google Inc.)
    HKU\Ken's Home\...\Run: [ODBC] C:\Users\Ken's Home\AppData\Roaming\0E44E2.exe [x]
    HKU\Ken's Home\...\Run: [wlmof] "C:\Windows\System32\rundll32.exe" "C:\Users\Ken's Home\AppData\Roaming\wlmof.dll",GetFunction [637440 2012-09-03] ()
    Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
    HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$ed480676bd305edb358262d60e2b10db\n. ATTENTION! ====> ZeroAccess
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk
    ShortcutTarget: PHOTOfunSTUDIO HD Edition.lnk -> C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe (Panasonic Corporation)
    Startup: C:\Users\Ken's Home\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)
    Startup: C:\Users\Ken's Home\Start Menu\Programs\Startup\LaunchU3.exe.lnk
    ShortcutTarget: LaunchU3.exe.lnk -> C:\Users\Ken's Home\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()

    ==================== Services ====================

    2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard)
    2 lxdu_device; C:\Windows\system32\lxducoms.exe -service [1039360 2009-10-16] ( )
    2 lxdu_device; C:\Windows\SysWow64\lxducoms.exe -service [589824 2009-10-16] ( )
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)

    ==================== Drivers =================================

    1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation)

    ==================== NetSvcs (Whitelisted) =================


    ==================== One Month Created Files and Folders ======================

    2012-09-06 18:59 - 2012-09-06 18:59 - 00000000 ____D C:\FRST
    2012-09-04 17:58 - 2012-09-04 17:58 - 00302592 ____A C:\Users\Ken's Home\Downloads\7mvxwj3t.exe
    2012-09-03 21:05 - 2012-09-04 18:41 - 00000000 ____D C:\Users\Ken's Home\Desktop\Virus
    2012-09-03 20:50 - 2012-09-03 20:50 - 00129446 ____A C:\Users\Ken's Home\Downloads\OTL.Txt
    2012-09-03 20:50 - 2012-09-03 20:50 - 00062294 ____A C:\Users\Ken's Home\Downloads\Extras.Txt
    2012-09-03 20:43 - 2012-09-03 20:43 - 00599040 ____A (OldTimer Tools) C:\Users\Ken's Home\Downloads\OTL.exe
    2012-09-03 20:30 - 2012-09-03 20:30 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-03 20:30 - 2012-09-03 20:30 - 00000000 ____D C:\Users\Ken's Home\AppData\Roaming\Malwarebytes
    2012-09-03 20:30 - 2012-09-03 20:30 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-09-03 20:30 - 2012-09-03 20:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-03 20:30 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-03 20:28 - 2012-09-03 20:29 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Ken's Home\Downloads\mbam-setup-1.62.0.1300.exe
    2012-09-03 19:07 - 2012-09-03 19:07 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-09-03 19:07 - 2012-09-03 19:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-09-03 19:04 - 2012-09-03 19:05 - 12621696 ____A (Microsoft Corporation) C:\Users\Ken's Home\Downloads\mseinstall.exe
    2012-09-03 18:40 - 2012-09-04 18:51 - 00000000 ____A C:\Users\Ken's Home\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
    2012-09-03 18:40 - 2012-09-03 18:40 - 00637440 ____A C:\Users\Ken's Home\AppData\Roaming\wlmof.dll
    2012-08-25 09:39 - 2012-08-25 09:39 - 00420864 ____A (GE Medical Systems) C:\Users\Ken's Home\Downloads\dcmvwr.exe
    2012-08-25 08:42 - 2012-08-25 08:42 - 00000000 __SHD C:\Users\Ken's Home\UserData
    2012-08-19 07:16 - 2012-08-19 07:22 - 00000000 ____D C:\Users\Ken's Home\AppData\Roaming\PhotoScape
    2012-08-19 07:16 - 2012-08-19 07:16 - 00001033 ____A C:\Users\Ken's Home\Desktop\PhotoScape.lnk
    2012-08-19 07:16 - 2012-08-19 07:16 - 00001033 ____A C:\Users\Guest\Desktop\PhotoScape.lnk
    2012-08-19 07:16 - 2012-08-19 07:16 - 00001033 ____A C:\Users\Administrator\Desktop\PhotoScape.lnk
    2012-08-19 07:16 - 2012-08-19 07:16 - 00000000 ____D C:\Program Files (x86)\PhotoScape
    2012-08-19 07:14 - 2012-08-19 07:14 - 00730344 ____A (CNET Download.com) C:\Users\Ken's Home\Downloads\cbsidlm-cbsi3_2_5_53-PhotoScape-10703122.exe
    2012-08-19 02:04 - 2012-07-06 12:07 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
    2012-08-19 02:03 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-19 02:03 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-19 02:03 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-19 02:03 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-19 02:03 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-19 02:03 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-19 02:03 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-19 02:03 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-19 02:03 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-19 02:03 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-19 02:03 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-19 02:03 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-19 02:03 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-19 02:03 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-19 02:03 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-19 02:03 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-19 02:03 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-19 02:03 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-19 02:03 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-19 02:03 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-19 02:03 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-19 02:03 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-19 02:03 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-19 02:03 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-19 02:03 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-19 02:03 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-19 02:03 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-19 02:03 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-18 06:59 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-08-18 06:59 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-08-18 06:59 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-08-18 06:59 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-08-18 06:59 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-08-18 06:59 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-08-18 06:59 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
    2012-08-18 06:59 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
    2012-08-18 06:59 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2012-08-18 06:59 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2012-08-18 06:59 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
    2012-08-18 06:59 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
    2012-08-18 06:59 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2012-08-10 19:27 - 2012-08-10 19:27 - 00073728 ____A C:\Users\Ken's Home\Downloads\General Policies and Procedures.dot
    2012-08-10 19:27 - 2012-08-10 19:27 - 00073728 ____A C:\Users\Ken's Home\Downloads\General Policies and Procedures (1).dot
    2012-08-10 19:27 - 2012-08-10 19:27 - 00034304 ____A C:\Users\Ken's Home\Downloads\Welcome letter staff 8 10 12 Final.dot
    2012-08-10 19:27 - 2012-08-10 19:27 - 00034304 ____A C:\Users\Ken's Home\Downloads\Welcome letter staff 8 10 12 Final (3).dot
    2012-08-10 19:27 - 2012-08-10 19:27 - 00034304 ____A C:\Users\Ken's Home\Downloads\Welcome letter staff 8 10 12 Final (2).dot
    2012-08-10 19:27 - 2012-08-10 19:27 - 00034304 ____A C:\Users\Ken's Home\Downloads\Welcome letter staff 8 10 12 Final (1).dot

    ==================== 3 Months Modified Files ================================

    2012-09-04 18:51 - 2012-09-03 18:40 - 00000000 ____A C:\Users\Ken's Home\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
    2012-09-04 18:41 - 2012-05-12 05:19 - 00000928 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-535430438-208981243-2130065786-1001UA.job
    2012-09-04 17:58 - 2012-09-04 17:58 - 00302592 ____A C:\Users\Ken's Home\Downloads\7mvxwj3t.exe
    2012-09-04 17:48 - 2009-07-13 21:13 - 00782962 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-04 17:48 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-04 17:48 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-04 17:41 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-04 17:41 - 2009-07-13 20:51 - 00062540 ____A C:\Windows\setupact.log
    2012-09-04 16:42 - 2012-05-12 05:21 - 00002481 ____A C:\Users\Ken's Home\Desktop\Google Chrome.lnk
    2012-09-03 20:50 - 2012-09-03 20:50 - 00129446 ____A C:\Users\Ken's Home\Downloads\OTL.Txt
    2012-09-03 20:50 - 2012-09-03 20:50 - 00062294 ____A C:\Users\Ken's Home\Downloads\Extras.Txt
    2012-09-03 20:43 - 2012-09-03 20:43 - 00599040 ____A (OldTimer Tools) C:\Users\Ken's Home\Downloads\OTL.exe
    2012-09-03 20:41 - 2010-11-20 19:47 - 00561326 ____A C:\Windows\PFRO.log
    2012-09-03 20:30 - 2012-09-03 20:30 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-03 20:29 - 2012-09-03 20:28 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Ken's Home\Downloads\mbam-setup-1.62.0.1300.exe
    2012-09-03 19:08 - 2012-05-11 17:57 - 01147324 ____A C:\Windows\WindowsUpdate.log
    2012-09-03 19:07 - 2012-05-11 17:23 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-09-03 19:07 - 2011-02-11 09:15 - 00796620 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-09-03 19:05 - 2012-09-03 19:04 - 12621696 ____A (Microsoft Corporation) C:\Users\Ken's Home\Downloads\mseinstall.exe
    2012-09-03 19:00 - 2012-05-12 20:08 - 00000348 ____A C:\Windows\Tasks\HPCeeScheduleForKENSHOME-HP$.job
    2012-09-03 19:00 - 2012-05-11 18:01 - 00000352 ____A C:\Windows\Tasks\HPCeeScheduleForKen's Home.job
    2012-09-03 18:42 - 2012-05-19 08:11 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-09-03 18:42 - 2012-03-13 15:08 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-09-03 18:40 - 2012-09-03 18:40 - 00637440 ____A C:\Users\Ken's Home\AppData\Roaming\wlmof.dll
    2012-09-03 18:18 - 2012-05-12 05:19 - 00000876 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-535430438-208981243-2130065786-1001Core.job
    2012-08-25 09:39 - 2012-08-25 09:39 - 00420864 ____A (GE Medical Systems) C:\Users\Ken's Home\Downloads\dcmvwr.exe
    2012-08-19 07:16 - 2012-08-19 07:16 - 00001033 ____A C:\Users\Ken's Home\Desktop\PhotoScape.lnk
    2012-08-19 07:16 - 2012-08-19 07:16 - 00001033 ____A C:\Users\Guest\Desktop\PhotoScape.lnk
    2012-08-19 07:16 - 2012-08-19 07:16 - 00001033 ____A C:\Users\Administrator\Desktop\PhotoScape.lnk
    2012-08-19 07:14 - 2012-08-19 07:14 - 00730344 ____A (CNET Download.com) C:\Users\Ken's Home\Downloads\cbsidlm-cbsi3_2_5_53-PhotoScape-10703122.exe
    2012-08-19 06:36 - 2009-07-13 20:45 - 00296032 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-19 02:04 - 2009-07-13 18:34 - 00000499 ____A C:\Windows\win.ini
    2012-08-19 02:01 - 2012-05-18 17:40 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-08-10 19:27 - 2012-08-10 19:27 - 00073728 ____A C:\Users\Ken's Home\Downloads\General Policies and Procedures.dot
    2012-08-10 19:27 - 2012-08-10 19:27 - 00073728 ____A C:\Users\Ken's Home\Downloads\General Policies and Procedures (1).dot
    2012-08-10 19:27 - 2012-08-10 19:27 - 00034304 ____A C:\Users\Ken's Home\Downloads\Welcome letter staff 8 10 12 Final.dot
    2012-08-10 19:27 - 2012-08-10 19:27 - 00034304 ____A C:\Users\Ken's Home\Downloads\Welcome letter staff 8 10 12 Final (3).dot
    2012-08-10 19:27 - 2012-08-10 19:27 - 00034304 ____A C:\Users\Ken's Home\Downloads\Welcome letter staff 8 10 12 Final (2).dot
    2012-08-10 19:27 - 2012-08-10 19:27 - 00034304 ____A C:\Users\Ken's Home\Downloads\Welcome letter staff 8 10 12 Final (1).dot
    2012-08-10 19:18 - 2012-07-03 18:14 - 00012564 ____A C:\Users\All Users\lxduJSW.log
    2012-07-18 10:15 - 2012-08-18 06:59 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-16 19:07 - 2012-07-16 19:06 - 10906352 ____A C:\Users\Ken's Home\Downloads\ZR3_V11.exe
    2012-07-16 18:49 - 2012-05-12 08:07 - 00001994 ____A C:\Users\Public\Desktop\PHOTOfunSTUDIO HD Edition.lnk
    2012-07-16 18:44 - 2012-07-16 18:26 - 368945248 ____A (Microsoft Corporation) C:\Users\Ken's Home\Downloads\office2007sp3-kb2526086-fullfile-en-us.exe
    2012-07-16 18:29 - 2012-07-16 18:26 - 38808920 ____A (Microsoft Corporation) C:\Users\Ken's Home\Downloads\FileFormatConverters.exe
    2012-07-16 18:21 - 2012-07-16 18:21 - 00012974 ____A C:\Users\Ken's Home\Downloads\Indivdual Working Schedules - TMSP Leadership Conference 2012.xlsx
    2012-07-16 18:11 - 2012-07-16 18:11 - 00012450 ____A C:\Users\Ken's Home\Downloads\Venue Report - Meet Location.xlsx
    2012-07-08 17:31 - 2012-07-08 17:31 - 00001656 ____A C:\Users\Public\Desktop\SkillSoft Course Manager.lnk
    2012-07-08 17:30 - 2012-07-08 17:31 - 00167936 ____A (Sun Microsystems©) C:\Windows\SysWOW64\JavaAccessBridge.dll
    2012-07-08 17:30 - 2012-07-08 17:31 - 00090112 ____A (Sun Microsystems©) C:\Windows\SysWOW64\WindowsAccessBridge.dll
    2012-07-08 17:30 - 2012-07-08 17:31 - 00032768 ____A (Sun Microsystems©) C:\Windows\SysWOW64\JAWTAccessBridge.dll
    2012-07-07 11:33 - 2012-07-07 11:33 - 00000719 ____A C:\Users\Ken's Home\Downloads\invite_637.ics
    2012-07-07 11:05 - 2012-07-07 11:05 - 00739840 ____A (Google Inc.) C:\Users\Ken's Home\Downloads\ChromeSetup.exe
    2012-07-06 12:07 - 2012-08-19 02:04 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
    2012-07-06 07:33 - 2012-07-06 07:33 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-07-04 14:16 - 2012-08-18 06:59 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-07-04 14:13 - 2012-08-18 06:59 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-07-04 14:13 - 2012-08-18 06:59 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-07-04 13:16 - 2012-08-18 06:59 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-07-04 13:14 - 2012-08-18 06:59 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-07-03 12:46 - 2012-09-03 20:30 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-30 14:02 - 2012-06-30 14:02 - 00000480 ____A C:\Users\Ken's Home\Downloads\Attachment (1)
    2012-06-30 14:00 - 2012-06-30 14:00 - 00000480 ____A C:\Users\Ken's Home\Downloads\Attachment
    2012-06-30 12:48 - 2012-05-12 06:25 - 00112682 ____A C:\Windows\System32\LexFiles.ulf
    2012-06-30 12:46 - 2012-06-30 12:40 - 134702296 ____A C:\Users\Ken's Home\Downloads\cj6600en64.exe
    2012-06-28 20:55 - 2012-08-19 02:03 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-28 20:09 - 2012-08-19 02:03 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-28 19:56 - 2012-08-19 02:03 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-28 19:49 - 2012-08-19 02:03 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-28 19:49 - 2012-08-19 02:03 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-28 19:48 - 2012-08-19 02:03 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-28 19:47 - 2012-08-19 02:03 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-28 19:45 - 2012-08-19 02:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-28 19:44 - 2012-08-19 02:03 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-28 19:43 - 2012-08-19 02:03 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-28 19:42 - 2012-08-19 02:03 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-28 19:40 - 2012-08-19 02:03 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-28 19:39 - 2012-08-19 02:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-28 19:35 - 2012-08-19 02:03 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-28 16:52 - 2012-08-19 02:03 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-28 16:27 - 2012-08-19 02:03 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-28 16:16 - 2012-08-19 02:03 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-28 16:09 - 2012-08-19 02:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-28 16:09 - 2012-08-19 02:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-28 16:08 - 2012-08-19 02:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-28 16:07 - 2012-08-19 02:03 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-28 16:06 - 2012-08-19 02:03 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-28 16:04 - 2012-08-19 02:03 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-28 16:04 - 2012-08-19 02:03 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-28 16:01 - 2012-08-19 02:03 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-28 16:01 - 2012-08-19 02:03 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-28 16:00 - 2012-08-19 02:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-28 15:57 - 2012-08-19 02:03 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-27 05:58 - 2012-06-27 05:58 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b05.log
    2012-06-27 05:49 - 2012-06-27 05:49 - 02325599 ____A C:\Users\All Users\SPLA9A6.tmp
    2012-06-26 05:17 - 2012-06-26 05:17 - 02325599 ____A C:\Users\All Users\SPLAB7A.tmp
    2012-06-25 20:57 - 2012-06-25 20:57 - 02325599 ____A C:\Users\All Users\SPLE6A6.tmp
    2012-06-24 20:10 - 2012-06-24 20:10 - 00049058 ____A C:\Users\Ken's Home\Downloads\Blue-Dream-Lean-Cover.jpeg
    2012-06-24 18:44 - 2012-06-24 18:43 - 08127814 ____A C:\Users\Ken's Home\Downloads\deion park clips.avi
    2012-06-24 18:44 - 2012-06-24 18:43 - 08127814 ____A C:\Users\Ken's Home\Downloads\deion park clips (1).avi
    2012-06-24 12:34 - 2012-06-24 12:19 - 253652912 ____A C:\Users\Ken's Home\Downloads\camtasia.exe
    2012-06-24 12:26 - 2012-06-24 12:26 - 03941464 ____A (NCH Software) C:\Users\Ken's Home\Downloads\vpsetup (2).exe
    2012-06-24 12:25 - 2012-06-24 12:25 - 03941464 ____A (NCH Software) C:\Users\Ken's Home\Downloads\vpsetup.exe
    2012-06-24 12:25 - 2012-06-24 12:25 - 03941464 ____A (NCH Software) C:\Users\Ken's Home\Downloads\vpsetup (1).exe
    2012-06-23 09:54 - 2012-06-23 09:54 - 09897053 ____A C:\Users\Ken's Home\Downloads\CuteWriter.zip
    2012-06-23 09:50 - 2012-06-23 09:50 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
    2012-06-22 10:37 - 2012-06-22 10:37 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2012-06-17 09:44 - 2012-05-12 20:08 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-06-09 13:30 - 2012-06-09 13:30 - 00739808 ____A (Google Inc.) C:\Users\Ken's Home\Downloads\musicmanagerinstaller.exe


    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-21-535430438-208981243-2130065786-1001\$ed480676bd305edb358262d60e2b10db

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-07-31 17:59:59
    Restore point made on: 2012-08-02 05:39:55
    Restore point made on: 2012-08-10 18:09:09
    Restore point made on: 2012-08-18 07:03:25
    Restore point made on: 2012-08-19 02:00:55
    Restore point made on: 2012-08-24 17:40:37
    Restore point made on: 2012-09-01 07:06:47
    Restore point made on: 2012-09-01 22:20:25
    Restore point made on: 2012-09-03 18:45:47
    Restore point made on: 2012-09-03 18:56:46

    ==================== Memory info ===========================

    Percentage of memory in use: 12%
    Total physical RAM: 10014.9 MB
    Available physical RAM: 8793.82 MB
    Total Pagefile: 10013.1 MB
    Available Pagefile: 8770.33 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions ============================

    1 Drive c: (OS) (Fixed) (Total:1379.86 GB) (Free:1289.55 GB) NTFS
    2 Drive e: (HP_RECOVERY) (Fixed) (Total:17.02 GB) (Free:2.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive g: (Elements) (Fixed) (Total:931.51 GB) (Free:724.62 GB) NTFS
    5 Drive h: (My Book) (Fixed) (Total:298.01 GB) (Free:293.89 GB) FAT32
    10 Drive m: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
    11 Drive n: (SCANDISK) (Removable) (Total:1.91 GB) (Free:1.89 GB) FAT
    12 Drive x: (Boot) (Fixed) (Total:0.12 GB) (Free:0.12 GB) NTFS
    13 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 1396 GB 0 B
    Disk 1 Online 931 GB 0 B
    Disk 2 Online 298 GB 9 MB
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B
    Disk 6 No Media 0 B 0 B
    Disk 7 Online 1953 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 1379 GB 101 MB
    Partition 3 Primary 17 GB 1379 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 Y SYSTEM NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C OS NTFS Partition 1379 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 E HP_RECOVERY NTFS Partition 17 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 931 GB 1024 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 G Elements NTFS Partition 931 GB Healthy

    ==================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 298 GB 31 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 H My Book FAT32 Partition 298 GB Healthy

    ==================================================================================

    Partitions of Disk 7:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1952 MB 122 KB

    ==================================================================================

    Disk: 7
    Partition 1
    Type : 06
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 11 N SCANDISK FAT Removable 1952 MB Healthy

    ==================================================================================

    Last Boot: 2012-09-01 07:39

    ==================== End Of Log =============================

    Farbar Recovery Scan Tool (x64) Version: 05-09-2012
    Ran by SYSTEM at 2012-09-06 19:01:37
    Running from N:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\i386\services.exe
    [2006-05-26 23:09] - [2004-08-10 02:00] - 0108032 ____C (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4

    ====== End Of Search ======
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    FRST Fixlist

    Download the attached file, please. Save it on your flash drive to replace the current fixlist.txt. Make sure it maintains its current name fixlist.txt.

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.

    Attached Files:

  9. Ken Hornback

    Ken Hornback TS Rookie Topic Starter

    I successfully perform the latest task, and everything seems to have went fine. I was able to reboot the computer as normal. What else should I do from this point?
  10. Ken Hornback

    Ken Hornback TS Rookie Topic Starter

    I did just receive a popup regarding an Java update being available, and it originated from my hard drive. I selected "No" don't allow update.
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
     
  12. Ken Hornback

    Ken Hornback TS Rookie Topic Starter

    ComboFix 12-09-07.03 - Ken's Home 09/07/2012 11:30:51.1.6 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.10015.8072 [GMT -7:00]
    Running from: c:\users\Ken's Home\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\SPLA9A6.tmp
    c:\programdata\SPLAB7A.tmp
    c:\programdata\SPLE6A6.tmp
    c:\users\Ken's Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk
    c:\users\Ken's Home\Documents\JETBTC~1.002
    c:\users\Ken's Home\Documents\JetBTHFx.001
    c:\users\Ken's Home\WINDOWS
    G:\autorun.inf
    L:\autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-07 to 2012-09-07 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-07 02:59 . 2012-09-07 02:59--------d-----w-C:\FRST
    2012-09-04 04:30 . 2012-09-04 04:30--------d-----w-c:\users\Ken's Home\AppData\Roaming\Malwarebytes
    2012-09-04 04:30 . 2012-09-04 04:30--------d-----w-c:\programdata\Malwarebytes
    2012-09-04 04:30 . 2012-07-03 20:4624904----a-w-c:\windows\system32\drivers\mbam.sys
    2012-09-04 04:30 . 2012-09-04 04:30--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-09-04 03:13 . 2012-02-09 21:17927800----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C34F8C7D-4E08-482B-A890-D03A9BADCA76}\gapaengine.dll
    2012-09-04 03:13 . 2012-08-28 08:499310152----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2B5282D5-4CCA-4A12-BF30-4A287380DB5E}\mpengine.dll
    2012-09-04 03:07 . 2012-09-04 03:07--------d-----w-c:\program files (x86)\Microsoft Security Client
    2012-09-04 03:07 . 2012-09-04 03:07--------d-----w-c:\program files\Microsoft Security Client
    2012-08-25 16:42 . 2012-08-25 16:42--------d-sh--w-c:\users\Ken's Home\UserData
    2012-08-19 15:16 . 2012-08-19 15:22--------d-----w-c:\users\Ken's Home\AppData\Roaming\PhotoScape
    2012-08-19 15:16 . 2012-08-19 15:16--------d-----w-c:\program files (x86)\PhotoScape
    2012-08-19 10:04 . 2012-07-06 20:07552960----a-w-c:\windows\system32\drivers\bthport.sys
    2012-08-18 14:59 . 2012-05-05 08:36503808----a-w-c:\windows\system32\srcore.dll
    2012-08-18 14:59 . 2012-05-05 07:4643008----a-w-c:\windows\SysWow64\srclient.dll
    2012-08-18 14:59 . 2012-07-18 18:153148800----a-w-c:\windows\system32\win32k.sys
    2012-08-18 14:59 . 2012-07-04 22:1673216----a-w-c:\windows\system32\netapi32.dll
    2012-08-18 14:59 . 2012-07-04 22:1359392----a-w-c:\windows\system32\browcli.dll
    2012-08-18 14:59 . 2012-07-04 22:13136704----a-w-c:\windows\system32\browser.dll
    2012-08-18 14:59 . 2012-07-04 21:1441984----a-w-c:\windows\SysWow64\browcli.dll
    2012-08-18 14:59 . 2012-05-14 05:26956928----a-w-c:\windows\system32\localspl.dll
    2012-08-18 14:59 . 2012-02-11 06:43751104----a-w-c:\windows\system32\win32spl.dll
    2012-08-18 14:59 . 2012-02-11 06:36559104----a-w-c:\windows\system32\spoolsv.exe
    2012-08-18 14:59 . 2012-02-11 06:3667072----a-w-c:\windows\splwow64.exe
    2012-08-18 14:59 . 2012-02-11 05:43492032----a-w-c:\windows\SysWow64\win32spl.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-04 02:42 . 2012-05-19 16:11426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-09-04 02:42 . 2012-03-13 23:0870344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-19 10:01 . 2012-05-19 01:4062134624----a-w-c:\windows\system32\MRT.exe
    2012-07-13 01:32 . 2012-07-13 01:3240960----a-r-c:\users\Ken's Home\AppData\Roaming\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
    2012-07-09 01:30 . 2012-07-09 01:3190112----a-w-c:\windows\SysWow64\WindowsAccessBridge.dll
    2012-07-09 01:30 . 2012-07-09 01:3132768----a-w-c:\windows\SysWow64\JAWTAccessBridge.dll
    2012-07-09 01:30 . 2012-07-09 01:31167936----a-w-c:\windows\SysWow64\JavaAccessBridge.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-06-07 04:331519304----a-w-c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3294208----a-w-c:\users\Ken's Home\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3294208----a-w-c:\users\Ken's Home\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3294208----a-w-c:\users\Ken's Home\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MusicManager"="c:\users\Ken's Home\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-08-16 7316480]
    "GoogleChromeAutoLaunch_C1591774139DA8E508A8A4E3685A1565"="c:\users\Ken's Home\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-08-30 1229848]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-12 658424]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]
    "AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
    .
    c:\users\Ken's Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Ken's Home\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-25 1137952]
    PHOTOfunSTUDIO HD Edition.lnk - c:\program files (x86)\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2012-5-12 44176]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-08-01 195320]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-03-26 39464]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-16 1255736]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [2011-08-16 280656]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-12-23 89600]
    S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2011-05-13 128904]
    S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-20 249648]
    S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-08-16 16384]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
    S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 1039360]
    S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-08-12 1128952]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-05 378472]
    S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-03-26 349736]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-11 174184]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-11-30 565352]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys [2011-12-29 136000]
    S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys [2011-12-29 409408]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-08-16 47232]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-535430438-208981243-2130065786-1001Core.job
    - c:\users\Ken's Home\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-12 13:19]
    .
    2012-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-535430438-208981243-2130065786-1001UA.job
    - c:\users\Ken's Home\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-12 13:19]
    .
    2012-09-04 c:\windows\Tasks\HPCeeScheduleForKen's Home.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
    .
    2012-09-04 c:\windows\Tasks\HPCeeScheduleForKENSHOME-HP$.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Ken's Home\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Ken's Home\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Ken's Home\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Ken's Home\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-12-23 1424896]
    "BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2011-12-23 37888]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    "lxdumon.exe"="c:\program files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [2010-02-04 676520]
    "EzPrint"="c:\program files (x86)\Lexmark 5600-6600 Series\ezprint.exe" [2010-02-04 131752]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = localhost;192.168.*.*;*.local
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 10.0.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
    "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\bgsvcgen.exe
    c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-07 11:40:56 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-07 18:40
    .
    Pre-Run: 1,384,994,668,544 bytes free
    Post-Run: 1,384,868,614,144 bytes free
    .
    - - End Of File - - 421D018672AB4246F1C045620287E7B7
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe

      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Search.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  14. Ken Hornback

    Ken Hornback TS Rookie Topic Starter

    ComboFix 12-09-09.02 - Ken's Home 09/09/2012 7:55.2.6 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.10015.8135 [GMT -7:00]
    Running from: c:\users\Ken's Home\Desktop\ComboFix.exe
    Command switches used :: M:\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-09 to 2012-09-09 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-09 15:04 . 2012-09-09 15:04--------d-----w-c:\users\Guest\AppData\Local\temp
    2012-09-09 15:04 . 2012-09-09 15:04--------d-----w-c:\users\Default\AppData\Local\temp
    2012-09-09 15:04 . 2012-09-09 15:04--------d-----w-c:\users\Administrator\AppData\Local\temp
    2012-09-07 19:01 . 2012-09-07 19:01--------d-----w-c:\program files (x86)\Common Files\Java
    2012-09-07 19:00 . 2012-09-07 19:0095208----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-07 18:46 . 2012-08-28 08:499310152----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{156549A8-4DB5-4145-9A32-CF97CF844804}\mpengine.dll
    2012-09-07 02:59 . 2012-09-07 02:59--------d-----w-C:\FRST
    2012-09-04 04:30 . 2012-09-04 04:30--------d-----w-c:\users\Ken's Home\AppData\Roaming\Malwarebytes
    2012-09-04 04:30 . 2012-09-04 04:30--------d-----w-c:\programdata\Malwarebytes
    2012-09-04 04:30 . 2012-07-03 20:4624904----a-w-c:\windows\system32\drivers\mbam.sys
    2012-09-04 04:30 . 2012-09-04 04:30--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-09-04 03:13 . 2012-02-09 21:17927800----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C34F8C7D-4E08-482B-A890-D03A9BADCA76}\gapaengine.dll
    2012-09-04 03:07 . 2012-09-04 03:07--------d-----w-c:\program files (x86)\Microsoft Security Client
    2012-09-04 03:07 . 2012-09-04 03:07--------d-----w-c:\program files\Microsoft Security Client
    2012-08-25 16:42 . 2012-08-25 16:42--------d-sh--w-c:\users\Ken's Home\UserData
    2012-08-19 15:16 . 2012-08-19 15:22--------d-----w-c:\users\Ken's Home\AppData\Roaming\PhotoScape
    2012-08-19 15:16 . 2012-08-19 15:16--------d-----w-c:\program files (x86)\PhotoScape
    2012-08-19 10:04 . 2012-07-06 20:07552960----a-w-c:\windows\system32\drivers\bthport.sys
    2012-08-18 14:59 . 2012-05-05 08:36503808----a-w-c:\windows\system32\srcore.dll
    2012-08-18 14:59 . 2012-05-05 07:4643008----a-w-c:\windows\SysWow64\srclient.dll
    2012-08-18 14:59 . 2012-07-18 18:153148800----a-w-c:\windows\system32\win32k.sys
    2012-08-18 14:59 . 2012-07-04 22:1673216----a-w-c:\windows\system32\netapi32.dll
    2012-08-18 14:59 . 2012-07-04 22:1359392----a-w-c:\windows\system32\browcli.dll
    2012-08-18 14:59 . 2012-07-04 22:13136704----a-w-c:\windows\system32\browser.dll
    2012-08-18 14:59 . 2012-07-04 21:1441984----a-w-c:\windows\SysWow64\browcli.dll
    2012-08-18 14:59 . 2012-05-14 05:26956928----a-w-c:\windows\system32\localspl.dll
    2012-08-18 14:59 . 2012-02-11 06:43751104----a-w-c:\windows\system32\win32spl.dll
    2012-08-18 14:59 . 2012-02-11 06:36559104----a-w-c:\windows\system32\spoolsv.exe
    2012-08-18 14:59 . 2012-02-11 06:3667072----a-w-c:\windows\splwow64.exe
    2012-08-18 14:59 . 2012-02-11 05:43492032----a-w-c:\windows\SysWow64\win32spl.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-07 19:00 . 2012-05-12 14:38821736----a-w-c:\windows\SysWow64\npDeployJava1.dll
    2012-09-07 19:00 . 2012-05-12 14:38746984----a-w-c:\windows\SysWow64\deployJava1.dll
    2012-09-04 02:42 . 2012-05-19 16:11426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-09-04 02:42 . 2012-03-13 23:0870344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-19 10:01 . 2012-05-19 01:4062134624----a-w-c:\windows\system32\MRT.exe
    2012-07-13 01:32 . 2012-07-13 01:3240960----a-r-c:\users\Ken's Home\AppData\Roaming\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
    2012-07-09 01:30 . 2012-07-09 01:3190112----a-w-c:\windows\SysWow64\WindowsAccessBridge.dll
    2012-07-09 01:30 . 2012-07-09 01:3132768----a-w-c:\windows\SysWow64\JAWTAccessBridge.dll
    2012-07-09 01:30 . 2012-07-09 01:31167936----a-w-c:\windows\SysWow64\JavaAccessBridge.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-09-07_18.37.21 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2012-09-04 03:0565536 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-09-09 14:4065536 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-11-21 03:09 . 2012-09-09 14:4243188 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-09-09 14:4236098 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2012-05-12 02:00 . 2012-09-09 14:428980 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-535430438-208981243-2130065786-1001_UserData.bin
    - 2012-09-07 18:36 . 2012-09-07 18:362048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-09-09 14:39 . 2012-09-09 14:392048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-09-09 14:39 . 2012-09-09 14:392048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-09-07 18:36 . 2012-09-07 18:362048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-09-07 19:00 . 2012-09-07 19:00246760 c:\windows\SysWOW64\javaws.exe
    + 2012-09-07 19:00 . 2012-09-07 19:00174056 c:\windows\SysWOW64\javaw.exe
    + 2012-09-07 19:00 . 2012-09-07 19:00174056 c:\windows\SysWOW64\java.exe
    - 2009-07-14 04:54 . 2012-09-04 03:05688128 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-09-09 14:40688128 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 02:36 . 2012-09-07 17:49662640 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-09-09 14:44662640 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-09-09 14:44122210 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2012-09-07 17:49122210 c:\windows\system32\perfc009.dat
    - 2009-07-14 05:01 . 2012-09-07 18:35264156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-09-07 19:29264156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-09-07 19:00 . 2012-09-07 19:00179200 c:\windows\Installer\afa77.msi
    - 2009-07-14 04:54 . 2012-09-04 03:051277952 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-09-09 14:401277952 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2012-05-12 02:02 . 2012-09-07 19:291647072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2012-05-12 13:53 . 2012-09-07 18:351988800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-535430438-208981243-2130065786-1001-8192.dat
    + 2012-05-12 13:53 . 2012-09-07 19:291988800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-535430438-208981243-2130065786-1001-8192.dat
    + 2012-09-07 19:00 . 2012-09-07 19:0027545600 c:\windows\Installer\afa6e.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-06-07 04:331519304----a-w-c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3294208----a-w-c:\users\Ken's Home\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3294208----a-w-c:\users\Ken's Home\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3294208----a-w-c:\users\Ken's Home\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MusicManager"="c:\users\Ken's Home\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-08-16 7316480]
    "GoogleChromeAutoLaunch_C1591774139DA8E508A8A4E3685A1565"="c:\users\Ken's Home\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-08-30 1229848]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-12 658424]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]
    "AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    c:\users\Ken's Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Ken's Home\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-25 1137952]
    PHOTOfunSTUDIO HD Edition.lnk - c:\program files (x86)\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2012-5-12 44176]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-08-01 195320]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-03-26 39464]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-16 1255736]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [2011-08-16 280656]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-12-23 89600]
    S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2011-05-13 128904]
    S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-20 249648]
    S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-08-16 16384]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
    S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
    S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 1039360]
    S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-08-12 1128952]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-05 378472]
    S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-03-26 349736]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-11 174184]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-11-30 565352]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys [2011-12-29 136000]
    S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys [2011-12-29 409408]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-08-16 47232]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-535430438-208981243-2130065786-1001Core.job
    - c:\users\Ken's Home\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-12 13:19]
    .
    2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-535430438-208981243-2130065786-1001UA.job
    - c:\users\Ken's Home\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-12 13:19]
    .
    2012-09-04 c:\windows\Tasks\HPCeeScheduleForKen's Home.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
    .
    2012-09-09 c:\windows\Tasks\HPCeeScheduleForKENSHOME-HP$.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Ken's Home\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Ken's Home\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Ken's Home\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Ken's Home\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-12-23 1424896]
    "BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2011-12-23 37888]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    "lxdumon.exe"="c:\program files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [2010-02-04 676520]
    "EzPrint"="c:\program files (x86)\Lexmark 5600-6600 Series\ezprint.exe" [2010-02-04 131752]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = localhost;192.168.*.*;*.local
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 10.0.1.1
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
    "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-09-09 08:24:47
    ComboFix-quarantined-files.txt 2012-09-09 15:24
    ComboFix2.txt 2012-09-07 18:40
    .
    Pre-Run: 1,385,795,891,200 bytes free
    Post-Run: 1,385,395,851,264 bytes free
    .
    - - End Of File - - BEAC5A95E6D51AEF84C95AAE7B0BC9E5
    # AdwCleaner v2.001 - Logfile created 09/09/2012 at 08:27:07
    # Updated 09/09/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Ken's Home - KENSHOME-HP
    # Boot Mode : Normal
    # Running from : C:\Users\Ken's Home\Downloads\adwcleaner.exe
    # Option [Search]
    ***** [Services] *****
    ***** [Files / Folders] *****
    File Found : C:\Users\Public\Desktop\eBay.lnk
    Folder Found : C:\Program Files (x86)\Ask.com
    Folder Found : C:\Users\Ken's Home\AppData\Local\APN
    Folder Found : C:\Users\Ken's Home\AppData\LocalLow\AskToolbar
    Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    ***** [Registry] *****
    Key Found : HKCU\Software\APN
    Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Found : HKCU\Software\Ask.com
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\VWPT
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Found : HKLM\Software\APN
    Key Found : HKLM\Software\AskToolbar
    Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Found : HKU\S-1-5-21-535430438-208981243-2130065786-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
    Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16421
    [OK] Registry is clean.
    -\\ Google Chrome v21.0.1180.89
    File : C:\Users\Ken's Home\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    *************************
    AdwCleaner[R1].txt - [4224 octets] - [09/09/2012 08:27:07]
    ########## EOF - C:\AdwCleaner[R1].txt - [4284 octets] ##########
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    AdwCleaner Fix
    • Please close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
    Please post the log.

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.
  16. Ken Hornback

    Ken Hornback TS Rookie Topic Starter

    # AdwCleaner v2.001 - Logfile created 09/10/2012 at 17:32:43
    # Updated 09/09/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Ken's Home - KENSHOME-HP
    # Boot Mode : Normal
    # Running from : C:\Users\Ken's Home\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Users\Public\Desktop\eBay.lnk
    Folder Deleted : C:\Program Files (x86)\Ask.com
    Folder Deleted : C:\Users\Ken's Home\AppData\Local\APN
    Folder Deleted : C:\Users\Ken's Home\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN
    Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Deleted : HKCU\Software\Ask.com
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\VWPT
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKLM\Software\APN
    Key Deleted : HKLM\Software\AskToolbar
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

    -\\ Google Chrome v21.0.1180.89

    File : C:\Users\Ken's Home\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [4341 octets] - [09/09/2012 08:27:07]
    AdwCleaner[S1].txt - [4648 octets] - [10/09/2012 17:32:43]

    ########## EOF - C:\AdwCleaner[S1].txt - [4708 octets] ##########
    C:\FRST\Quarantine\wlmof.dlla variant of Win32/Medfos.DC trojancleaned by deleting - quarantined
    C:\Users\Ken's Home\Documents\Downloads\PhotoPosPro_SetUp.exeWin32/Toolbar.Zugo applicationcleaned by deleting - quarantined
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi! Your logs appear to be clean. If there are no more issues, then we shall finish up!

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete

    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    * Double-click the CCleaner shortcut on the desktop to start the program.
    * Click on the Options block on the left, then choose Cookies.
    * Under Cookies to Delete, highlight any cookies you would like to retain permanently
    * Click the right arrow > to move them to the Cookies to Keep window.
    * Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
    * Click Cleaner on the left then Run Cleaner on the right to run the program.
    * Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  18. Ken Hornback

    Ken Hornback TS Rookie Topic Starter

    Results of screen317's Security Check version 0.99.50
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    Java 7 Update 7
    Adobe Reader X (10.1.4)
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 4%
    ````````````````````End of Log``````````````````````
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

  20. Ken Hornback

    Ken Hornback TS Rookie Topic Starter

    DMJ thanks for all of your support in helping me resolve this infection. Hopefully I will not need your assistance, but if the need arises I know when to go. Should I delete the other programs from yesterday?
    Please proceed in marking this as a solved topic.
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Yes, if you want to delete those, it's fine. You did a good job!

    Marked as solved. √
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.