ilitili.com

ANers · August 27, 2012

I'm trying to clean my mother's computer, but this malware is very stubborn.

I've run DDS as instructed, and here are the logs:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by Sonia at 12:19:35 on 2012-08-27

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.5229 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Program Files\Canon\DIAS\CnxDIAS.exe

C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\RamSoft\PowerReader4\CacheServers\LocalCache20090226114\prcacheservice.exe

C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe

C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe

C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe

C:\Program Files (x86)\RamSoft\PowerReader4\UpdateService\RSUpdateServiceApplication.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RAVCpl64.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\System32\nvraidservice.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe

C:\Users\Sonia\AppData\Local\Google\Chrome\Application\21.0.1180.83\chrome_frame_helper.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe

C:\Program Files (x86)\Windows Live\Companion\companionuser.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Sonia\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Users\Sonia\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

c:\Program Files\Microsoft Security Client\MpCmdRun.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1208&m=lx6810-01

uDefault_Search_URL = hxxp://www.google.com/ie

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.com/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: ArcadeCandy Games: {ab6bd08c-db6b-4f02-8a22-4bd343e990ff} - C:\Users\Sonia\AppData\Local\ArcadeCandy\candyEX.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [Google Update] "C:\Users\Sonia\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

uRun: [ChromeFrameHelper] "C:\Users\Sonia\AppData\Local\Google\Chrome\Application\21.0.1180.83\chrome_frame_helper.exe" --startup

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [eRecoveryService]

mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" -startup

mRun: [sSDMonitor] "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [<NO NAME>]

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

Trusted Zone: google.com\www

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB

DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab

DPF: {C4FC3447-2531-4BBB-A589-516ABADD93CF} - hxxps://www.petlinq.com/PETLinQ/DicomViewer.CAB

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CD372BF2-87E4-4291-9F49-E0A09A9FDF11} - hxxps://pacs.archrad.com/powerreader4/PRInstall.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36

TCP: Interfaces\{1382C867-F693-43B0-A71F-1B14D6A9E1E6} : DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36

Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Users\Sonia\AppData\Local\Google\Chrome\Application\21.0.1180.83\npchrome_frame.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: ArcadeCandy Games: {AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - C:\Users\Sonia\AppData\Local\ArcadeCandy\candyEX.dll

BHO-X64: ArcadeCandy Games - No File

BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [eRecoveryService]

mRun-x64: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" -startup

mRun-x64: [sSDMonitor] "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [(Default)]

mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R0 nvamacpi;Nvidia Away Mode System;C:\Windows\system32\DRIVERS\NVAMACPI.sys --> C:\Windows\system32\DRIVERS\NVAMACPI.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

R2 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-12-18 24576]

R2 LocalCache20090226114;RamSoft PACS 4 Cache (LocalCache20090226114);C:\Program Files (x86)\RamSoft\PowerReader4\CacheServers\LocalCache20090226114\prcacheservice.exe LocalCache20090226114 --> C:\Program Files (x86)\RamSoft\PowerReader4\CacheServers\LocalCache20090226114\prcacheservice.exe LocalCache20090226114 [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-27 655944]

R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-6-24 517632]

R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-6-21 341296]

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-5-2 793048]

R2 RSUpdateService;RamSoft PACS4 Update Service;C:\Program Files (x86)\RamSoft\PowerReader4\UpdateService\RSUpdateServiceApplication.exe [2011-5-9 560864]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-4-10 1153368]

R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;C:\Windows\system32\drivers\AVer88xHD64.sys --> C:\Windows\system32\drivers\AVer88xHD64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RTS5121.sys --> C:\Windows\system32\Drivers\RTS5121.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-28 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 250056]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-28 135664]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-08-27 18:58:05 -------- d-----w- C:\Users\Sonia\AppData\Roaming\Malwarebytes

2012-08-27 18:57:53 -------- d-----w- C:\ProgramData\Malwarebytes

2012-08-27 18:57:52 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-27 18:57:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-27 18:25:47 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{106565BD-084F-4B07-80AC-4F477BCD1AD1}\offreg.dll

2012-08-27 17:03:03 9309624 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{106565BD-084F-4B07-80AC-4F477BCD1AD1}\mpengine.dll

2012-08-24 18:18:24 9309624 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-22 18:51:59 -------- d-----w- C:\Users\Sonia\AppData\Local\Deployment

2012-08-22 18:02:26 24952 ----a-w- C:\Windows\System32\vntmon64.dll

2012-08-22 18:02:23 -------- d-----w- C:\ProgramData\Venta

2012-08-22 18:02:23 -------- d-----w- C:\Program Files (x86)\Venta

2012-08-22 02:11:14 -------- d-----w- C:\Users\Sonia\AppData\Roaming\Oberon Media

2012-08-22 02:11:00 -------- d-----w- C:\Program Files (x86)\Oberon Media SIDR

2012-08-22 02:10:57 -------- d-----w- C:\Program Files (x86)\Common Files\Oberon Media

2012-08-22 02:05:00 -------- d-----w- C:\ProgramData\Oberon Media

2012-08-22 02:04:52 -------- d-----w- C:\Program Files (x86)\Ask.com

2012-08-22 02:04:47 -------- d-----w- C:\Users\Sonia\AppData\Local\APN

2012-08-21 00:52:54 -------- d-----w- C:\Windows\SysWow64\Wat

2012-08-21 00:52:54 -------- d-----w- C:\Windows\System32\Wat

2012-08-21 00:42:29 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-08-21 00:42:29 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-08-21 00:42:29 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-08-21 00:42:29 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-08-21 00:42:29 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-08-21 00:42:29 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-08-21 00:42:29 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-08-21 00:25:54 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2012-08-21 00:24:55 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-08-21 00:23:59 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2012-08-21 00:20:21 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2012-08-21 00:20:21 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-08-21 00:20:04 77312 ----a-w- C:\Windows\System32\packager.dll

2012-08-21 00:20:04 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-08-21 00:10:19 -------- d-sh--w- C:\Recovery

2012-08-21 00:08:47 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-08-21 00:08:47 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-08-21 00:08:47 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-08-21 00:03:19 -------- d-----w- C:\Windows\Panther

2012-08-20 23:51:24 -------- d--h--w- C:\$WINDOWS.~Q

2012-08-20 23:45:09 -------- d--h--w- C:\$INPLACE.~TR

2012-08-20 23:11:18 -------- d-----w- C:\Windows\SysWow64\URTTEMP

2012-08-20 23:08:27 -------- d-sh--w- C:\Windows\Installer

2012-08-20 23:08:22 -------- d-----w- C:\Program Files\NVIDIA Corporation

2012-08-20 23:07:37 -------- d-----w- C:\Windows\SysWow64\RTCOM

2012-08-20 23:07:35 -------- d-----w- C:\Program Files\LSI SoftModem

2012-08-20 23:05:57 658536 ----a-w- C:\Windows\System32\nvuninst.exe

2012-08-20 21:46:41 -------- d-----w- C:\Users\Sonia\AppData\Roaming\PowerISO

2012-08-20 21:40:07 126944 ----a-w- C:\Windows\System32\drivers\scdemu.sys

2012-08-20 21:40:07 -------- d-----w- C:\Program Files (x86)\PowerISO

2012-08-20 21:17:16 -------- d-----w- C:\Users\Sonia\AppData\Roaming\DMCache

2012-08-20 21:13:02 -------- d-----w- C:\Users\Sonia\AppData\Local\LogMeIn Rescue Applet

2012-08-17 21:45:20 -------- d-----w- C:\win7upgrade

2012-08-17 21:44:41 98304 ----a-r- C:\Users\Sonia\AppData\Roaming\Microsoft\Installer\{2C019AC0-E2E1-4E63-8113-87F9D44EAF07}\dmcicons.exe

2012-08-17 21:44:36 -------- d-----w- C:\Users\Sonia\AppData\Local\Applications

.

==================== Find3M ====================

.

2012-08-15 17:18:52 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-08-15 17:18:51 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll

2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-06-07 03:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

.

============= FINISH: 12:20:20.29 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 8/20/2012 5:10:20 PM

System Uptime: 8/27/2012 9:51:11 AM (3 hours ago)

.

Motherboard: Gateway | | FMCP7AM

Processor: Intel® Core2 Quad CPU Q8200 @ 2.33GHz | CPU 1 | 2336/333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 582 GiB total, 404.014 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}

Description: PS/2 Mouse

Device ID: ACPI\PNP0F03\4&2D45C30F&0

Manufacturer: Logitech

Name: PS/2 Mouse

PNP Device ID: ACPI\PNP0F03\4&2D45C30F&0

Service: i8042prt

.

Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}

Description: PS/2 Keyboard

Device ID: ACPI\PNP0303\4&2D45C30F&0

Manufacturer: Logitech

Name: PS/2 Keyboard

PNP Device ID: ACPI\PNP0303\4&2D45C30F&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP11: 8/20/2012 6:18:49 PM - Windows Update

RP12: 8/21/2012 7:12:00 PM - Windows Update

RP13: 8/22/2012 10:16:41 AM - Windows Modules Installer

RP14: 8/22/2012 11:51:15 AM - Installed Microsoft Visual C++ 2005 Redistributable

RP15: 8/27/2012 10:02:33 AM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

7 Wonders of the World

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.4)

Alchemist's Apprentice

ArcadeCandy

ArcSoft PhotoStudio 5.5

Ask Toolbar

Ask Toolbar Updater

att.net Internet Mail

AVerMedia M791 PCIe Combo NTSC/ATSC 6.104.64.5

Bejeweled 3

Big Fish Games: Game Manager

Bing Rewards Client Installer

Blood and Ruby

Bubble Bonanza

Call of Atlantis

Canon Utilities Solution Menu

Cisco Connect

Classic PhoneTools

CommNet

Compatibility Pack for the 2007 Office system

CyberLink LabelPrint

CyberLink Power2Go

D3DX10

DR Systems Web Ambassador

Dragon NaturallySpeaking 10

Gateway Games

Gateway Recovery Management

GCS MedOffice

GCS MedOffice Update V15

Google Chrome

Google Chrome Frame

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Hidden Wonders of the Depths 3: Atlantis Adventures

Java Auto Updater

Java 6 Update 5

Java 7 Update 5

JavaFX 2.1.1

Junk Mail filter update

Kofax VirtualReScan 4.10

Kofax VRS Update for Visioneer OneTouch OEM

LifeFrame2

Logitech SetPoint

Malwarebytes Anti-Malware version 1.62.0.1300

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 1.1

Microsoft Default Manager

Microsoft Money Essentials

Microsoft Money Shared Libraries

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Live Add-in 1.5

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Store Download Manager

Microsoft UI Engine

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA ForceWare Network Access Manager

OneTouch 4.0 ScanSoft OmniPage OCR Module

PC Tools Registry Mechanic 11.0

Picasa 3

PowerISO

Presto! PageManager 7.15.16

QuickScan 4.5.1

Radlink Lite Launcher

Realtek Card Reader

Realtek High Definition Audio Driver

ScanSoft OmniPage SE 4

ScanSoft PaperPort 11

Secrets of the Dark: Temple of Night

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Segoe UI

SmartCopy

SmartLauncher

Spelling Dictionaries Support For Adobe Reader 9

Spybot - Search & Destroy

The Rise of Atlantis

Unity Web Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Venta Fax & Voice 7.0 (Home version) (remove/restore)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Xerox DocuMate 515 Driver

Yahoo! BrowserPlus 2.9.8

.

==== Event Viewer Messages From Past Week ========

.

8/27/2012 9:51:32 AM, Error: nvrd64 [11] -

8/22/2012 10:02:31 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR12.

8/22/2012 10:02:20 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR11.

8/22/2012 10:02:08 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR10.

8/22/2012 10:01:57 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR9.

8/20/2012 6:21:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2732500).

8/20/2012 6:21:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2729094).

8/20/2012 6:21:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2640148).

8/20/2012 6:21:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2563227).

8/20/2012 6:21:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2547666).

8/20/2012 6:21:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2515325).

8/20/2012 6:21:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Windows Malicious Software Removal Tool x64 - August 2012 (KB890830).

8/20/2012 6:21:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB982018).

8/20/2012 6:21:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2732487).

8/20/2012 6:21:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2709630).

8/20/2012 6:21:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2699779).

8/20/2012 6:21:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2679255).

8/20/2012 6:21:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2660075).

8/20/2012 6:21:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2647753).

8/20/2012 6:21:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2603229).

8/20/2012 6:21:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2545698).

8/20/2012 6:21:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2541014).

8/20/2012 6:21:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2529073).

8/20/2012 6:21:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2522422).

8/20/2012 6:21:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2511250).

8/20/2012 6:21:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2506928).

8/20/2012 6:21:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2492386).

8/20/2012 6:21:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2488113).

8/20/2012 6:21:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2484033).

8/20/2012 6:21:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).

8/20/2012 6:21:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows 7 for x64-based Systems (KB2532531).

8/20/2012 5:54:01 PM, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s).

8/20/2012 5:53:56 PM, Error: Service Control Manager [7034] - The RamSoft PACS4 Update Service service terminated unexpectedly. It has done this 1 time(s).

8/20/2012 5:53:55 PM, Error: Service Control Manager [7034] - The OneTouch 4.0 Monitor service terminated unexpectedly. It has done this 1 time(s).

8/20/2012 5:53:54 PM, Error: Service Control Manager [7034] - The PC Tools Startup and Shutdown Monitor service service terminated unexpectedly. It has done this 1 time(s).

8/20/2012 5:53:49 PM, Error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).

8/20/2012 5:53:45 PM, Error: Service Control Manager [7034] - The RamSoft PACS 4 Cache (LocalCache20090226114) service terminated unexpectedly. It has done this 1 time(s).

8/20/2012 5:53:44 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

8/20/2012 5:53:43 PM, Error: Service Control Manager [7031] - The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

8/20/2012 5:00:03 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

8/20/2012 4:55:31 PM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: The system cannot find the file specified.

8/20/2012 4:43:49 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: A privilege that the service requires to function properly does not exist in the service account configuration. You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.

8/20/2012 4:42:49 PM, Error: Service Control Manager [7030] - The ForceWare IP service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

8/20/2012 4:42:49 PM, Error: Service Control Manager [7030] - The ForceWare Intelligent Application Manager (IAM) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

8/20/2012 4:42:46 PM, Error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

8/20/2012 3:06:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

8/20/2012 3:06:16 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/20/2012 3:06:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/20/2012 2:43:34 PM, Error: Service Control Manager [7000] - The McciServiceHost service failed to start due to the following error: The system cannot find the file specified.

8/20/2012 10:19:00 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt

.

==== End Of File ===========================

MrCharlie · August 27, 2012

Welcome to the forum.

Please uninstall:

ArcadeCandy

This entry is classified as malware, spyware, adware, or other potentially unwanted software.

http://www.systemloo...andyEX_dll.html

------------------------------

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer :

http://russelltexas....re/teatimer.htm

Enable it when we are done.

~~~~~~~~~~~~~~~~~

Then.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

ANers · August 27, 2012

Thank you MrC

This is the report:

RogueKiller V8.0.0 [08/26/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Sonia [Admin rights]

Mode : Scan -- Date : 08/27/2012 13:45:37

¤¤¤ Bad processes : 1 ¤¤¤

[RESIDUE] chrome_frame_helper.exe -- C:\Users\Sonia\AppData\Local\Google\Chrome\Application\21.0.1180.83\chrome_frame_helper.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 7 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : ChromeFrameHelper ("C:\Users\Sonia\AppData\Local\Google\Chrome\Application\21.0.1180.83\chrome_frame_helper.exe" --startup) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1629988354-2990066850-1571589466-1000[...]\Run : ChromeFrameHelper ("C:\Users\Sonia\AppData\Local\Google\Chrome\Application\21.0.1180.83\chrome_frame_helper.exe" --startup) -> FOUND

[services][bLACKLIST] HKLM\[...]\ControlSet001\Services\int15 (\??\C:\Windows\SysWOW64\drivers\int15_64.sys) -> FOUND

[services][bLACKLIST] HKLM\[...]\ControlSet002\Services\int15 (\??\C:\Windows\SysWOW64\drivers\int15_64.sys) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: NVIDIA STRIPE 596.17G0100 +++++

--- User ---

[MBR] 38bf3b5ccd323e4a3a3330a44b872e7e

[bSP] 163a8fc96ec12137c2ef74d220b6b582 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 15005 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30734336 | Size: 595472 Mo

Error reading LL1 MBR!

Error reading LL2 MBR!

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

MrCharlie · August 27, 2012

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassoci...T-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

ANers · August 27, 2012

I get an error at the end of the scan:

List index out of bounds (27)

I ran it twice and same thing both times.

Thanks

MrCharlie · August 27, 2012

Try this........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

ANers · August 27, 2012

Here is the combofix report

ComboFix 12-08-25.04 - Sonia 08/27/2012 15:28:25.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.6080 [GMT -7:00]

Running from: c:\users\Sonia\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Images

c:\images\DirCfg.ini

c:\users\Sonia\AppData\Local\.#

c:\users\Sonia\AppData\Local\.#\MBX@CF8@3F1BF8.###

c:\users\Sonia\AppData\Local\.#\MBX@CF8@3F1C08.###

c:\users\Sonia\AppData\Local\.#\MBX@CF8@3F1C18.###

c:\users\Sonia\AppData\Local\.#\MBX@CF8@3F1C28.###

c:\users\Sonia\AppData\Local\Temp\{0206645A-85CF-4377-92C1-2841A9712277}\fpb.tmp

c:\users\Sonia\clib_jiio.dll

c:\users\Sonia\g2mdlhlpx.exe

c:\users\Sonia\GoToAssistDownloadHelper.exe

c:\users\Sonia\jni_wavelet.dll

c:\users\Sonia\PicOpRTL.dll

c:\windows\msvcr71.dll

c:\windows\SysWow64\URTTemp

c:\windows\SysWow64\URTTemp\regtlib.exe

.

((((((((((((((((((((((((( Files Created from 2012-07-27 to 2012-08-27 )))))))))))))))))))))))))))))))

.

2012-08-27 18:57 . 2012-08-27 18:57 -------- d-----w- c:\programdata\Malwarebytes

2012-08-27 18:57 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-27 18:57 . 2012-08-27 18:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-27 17:03 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{106565BD-084F-4B07-80AC-4F477BCD1AD1}\mpengine.dll

2012-08-24 18:18 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-22 18:02 . 2012-08-22 20:19 24952 ----a-w- c:\windows\system32\vntmon64.dll

2012-08-22 18:02 . 2012-08-22 18:02 -------- d-----w- c:\programdata\Venta

2012-08-22 18:02 . 2012-08-22 18:02 -------- d-----w- c:\program files (x86)\Venta

2012-08-22 02:11 . 2012-08-22 02:11 -------- d-----w- c:\program files (x86)\Oberon Media SIDR

2012-08-22 02:10 . 2012-08-22 02:10 -------- d-----w- c:\program files (x86)\Common Files\Oberon Media

2012-08-22 02:05 . 2012-08-22 02:11 -------- d-----w- c:\programdata\Oberon Media

2012-08-22 02:04 . 2012-08-22 02:05 -------- d-----w- c:\program files (x86)\Ask.com

2012-08-21 01:19 . 2012-08-03 11:27 62134624 ----a-w- c:\windows\system32\MRT.exe

2012-08-21 00:52 . 2012-08-21 00:52 -------- d-----w- c:\windows\SysWow64\Wat

2012-08-21 00:52 . 2012-08-21 00:52 -------- d-----w- c:\windows\system32\Wat

2012-08-21 00:42 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-08-21 00:42 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-08-21 00:42 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-08-21 00:42 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-08-21 00:42 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-08-21 00:42 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-08-21 00:42 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-08-21 00:25 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll

2012-08-21 00:24 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-08-21 00:23 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-08-21 00:20 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-08-21 00:20 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-08-21 00:20 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-08-21 00:20 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-08-21 00:10 . 2012-08-21 00:10 -------- d-----w- C:\Recovery

2012-08-21 00:08 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-08-21 00:08 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-08-21 00:08 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-08-21 00:03 . 2012-08-21 00:10 -------- d-----w- c:\windows\Panther

2012-08-20 23:51 . 2012-08-20 23:49 -------- d-----w- C:\$WINDOWS.~Q

2012-08-20 23:45 . 2012-08-20 23:48 -------- d-----w- C:\$INPLACE.~TR

2012-08-20 23:43 . 2012-08-20 23:43 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2012-08-20 23:12 . 2012-08-27 22:34 -------- d-----w- c:\users\Sonia

2012-08-20 23:09 . 2012-08-20 23:22 -------- d-----w- c:\programdata\NVIDIA

2012-08-20 23:08 . 2012-08-22 18:51 -------- d-sh--w- c:\windows\Installer

2012-08-20 23:08 . 2012-08-20 23:14 -------- d-----w- c:\program files\NVIDIA Corporation

2012-08-20 23:07 . 2012-08-20 23:07 -------- d-----w- c:\windows\SysWow64\RTCOM

2012-08-20 23:07 . 2012-08-20 23:07 -------- d-----w- c:\program files\LSI SoftModem

2012-08-20 23:05 . 2010-04-04 05:55 658536 ----a-w- c:\windows\system32\nvuninst.exe

2012-08-20 21:40 . 2012-08-20 23:21 -------- d-----w- c:\program files (x86)\PowerISO

2012-08-20 21:40 . 2012-08-17 04:41 126944 ----a-w- c:\windows\system32\drivers\scdemu.sys

2012-08-20 20:01 . 2012-08-20 20:01 -------- d-----w- c:\users\New Folder

2012-08-17 21:45 . 2012-08-18 17:23 -------- d-----w- C:\win7upgrade

2012-08-17 18:33 . 2012-08-20 23:23 -------- d-----w- c:\users\Public\TO BE FAXED

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-15 17:18 . 2012-04-03 15:51 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-15 17:18 . 2011-05-18 17:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-21 19:58 . 2012-07-03 15:52 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F5EBFBC-FD66-465C-91F6-5842A7ADA5A8}\gapaengine.dll

2012-06-21 19:58 . 2012-06-21 20:01 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-06-07 03:59 . 2012-06-07 03:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-06-02 02:22 . 2012-06-02 02:22 28672 ----a-r- c:\users\Sonia\AppData\Roaming\Microsoft\Installer\{7221A606-D163-4BE9-8FEA-6AE596277FCB}\_B79ECC9F97C2_4826_B531_C884816C737A.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]

.

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-06-07 04:33 1519304 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-21 163328]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-23 5661056]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-10 68856]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]

"ChromeFrameHelper"="c:\users\Sonia\AppData\Local\Google\Chrome\Application\21.0.1180.83\chrome_frame_helper.exe" [2012-08-17 81432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"P2Go_Menu"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-08-17 336992]

"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-03-21 103896]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-4-20 1207312]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"wave1"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-28 135664]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-28 135664]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-21 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 nvamacpi;Nvidia Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys [2005-08-27 28192]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 ETService;Empowering Technology Service;c:\program files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-06-11 24576]

S2 LocalCache20090226114;RamSoft PACS 4 Cache (LocalCache20090226114);c:\program files (x86)\RamSoft\PowerReader4\CacheServers\LocalCache20090226114\prcacheservice.exe LocalCache20090226114 [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-11-08 517632]

S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-22 341296]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-03-21 793048]

S2 RSUpdateService;RamSoft PACS4 Update Service;c:\program files (x86)\RamSoft\PowerReader4\UpdateService\RSUpdateServiceApplication.exe [2011-01-29 560864]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\system32\drivers\AVer88xHD64.sys [2007-04-10 432256]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys [2008-06-04 204288]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - SCDEMU

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 17:18]

.

2012-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-28 22:53]

.

2012-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-28 22:53]

.

2012-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1629988354-2990066850-1571589466-1000Core.job

- c:\users\Sonia\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 02:30]

.

2012-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1629988354-2990066850-1571589466-1000UA.job

- c:\users\Sonia\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 02:30]

.

2012-08-27 c:\windows\Tasks\RMAutoUpdate.job

- c:\program files (x86)\Registry Mechanic\SULauncher.exe [2012-06-14 19:23]

.

2012-08-25 c:\windows\Tasks\RMSchedule.job

- c:\program files (x86)\Registry Mechanic\RegMech.exe [2010-05-02 19:22]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264]

"Skytel"="Skytel.exe" [2008-09-18 1833504]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]

"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-08-19 333344]

"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

Trusted Zone: google.com\www

TCP: DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36

DPF: {C4FC3447-2531-4BBB-A589-516ABADD93CF} - hxxps://www.petlinq.com/PETLinQ/DicomViewer.CAB

DPF: {CD372BF2-87E4-4291-9F49-E0A09A9FDF11} - hxxps://pacs.archrad.com/powerreader4/PRInstall.cab

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-eRecoveryService - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\RamSoft\PowerReader4\CacheServers\LocalCache20090226114\prcacheservice.exe

c:\program files (x86)\Common Files\Motive\McciCMService.exe

c:\program files (x86)\Visioneer\OneTouch 4.0\OtService.exe

.

**************************************************************************

.

Completion time: 2012-08-27 15:56:09 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-27 22:56

.

Pre-Run: 433,646,505,984 bytes free

Post-Run: 433,507,831,808 bytes free

.

- - End Of File - - 6D2EF979E622CA004953AC98D83EFEDB

MrCharlie · August 28, 2012

PC Tools Registry Mechanic 11.0

It's not recommended to use registry cleaners > they do no good and only can cause harm to the system.

~~~~~~~~~~~~~~~~~~~~~

Using ComboFix......

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

DDS::
BHO: ArcadeCandy Games: {ab6bd08c-db6b-4f02-8a22-4bd343e990ff} - C:\Users\Sonia\AppData\Local\ArcadeCandy\candyEX.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun: [<NO NAME>]
Trusted Zone: google.com\www
BHO-X64: AcroIEHelperStub - No File
BHO-X64: ArcadeCandy Games: {AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - C:\Users\Sonia\AppData\Local\ArcadeCandy\candyEX.dll
BHO-X64: ArcadeCandy Games - No File
BHO-X64: Ask Toolbar BHO - No File
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
ClearJavaCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

ANers · August 28, 2012

Hi again MrC., thanks for your help.

This is the report.

ComboFix 12-08-28.01 - Sonia 08/28/2012 9:51.2.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.6016 [GMT -7:00]

Running from: c:\users\Sonia\Desktop\ComboFix.exe

Command switches used :: c:\users\Sonia\Desktop\cfscript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-28 )))))))))))))))))))))))))))))))

.

2012-08-28 17:00 . 2012-08-28 17:00 -------- d-----w- c:\users\Default\AppData\Local\temp