Can't remove rpeulaaql.exe

[bryan121]

Thanks in advance for your help!  DDS and Attach logs below:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 10.25.2
Run by Bryan at 20:32:32 on 2013-07-31
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8103.5920 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.



mWinlogon: Userinit = userinit.exe,
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Microsoft Webupdater] C:\ProgramData\Microsoft Webupdater0\rpeulaaql.exe
uRun: [RCHotKey] "C:\Program Files\RingCentral\RingCentral Softphone\RCHotKey.exe"
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [stopDefragment] Install\StopDefragment.exe
mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Microsoft Webupdater] C:\ProgramData\Microsoft Webupdater0\rpeulaaql.exe
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
StartupFolder: C:\Users\Bryan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Bryan\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe
uPolicies-Explorer: TaskbarNoNotification = dword:1
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{B5C1EB20-5420-4539-819A-3A0A30CE6563} : DHCPNameServer = 205.171.3.65 205.171.2.65 10.200.64.1
TCP: Interfaces\{C34896D3-4D12-4AF7-9496-3DFC7710AA39} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [setwallpaper] c:\programdata\SetWallpaper.cmd
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\fxrl5w90.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: keyword.URL -
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-07-30 15:06; avg@toolbar; C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.4.0.5
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 assd;assd;C:\Windows\System32\drivers\assd.sys [2012-10-5 27264]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-4-12 54480]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-7-30 45856]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2012-10-5 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-7 499200]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-4-16 13832]
R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]
R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [2013-7-30 1616048]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-7 869376]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2010-10-25 75264]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-10-25 173568]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\System32\drivers\bpusb.sys [2010-10-25 81408]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-5-26 138024]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2011-4-8 177152]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2011-4-8 56320]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-5-26 317440]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-3-24 25496]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-5-26 76912]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-3-24 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-4-12 1038088]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-4-11 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-3-24 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-18 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-18 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-8 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-07-30 20:45:19    --------    d-----w-    C:\ProgramData\Sophos
2013-07-30 20:45:14    73728    ----a-r-    C:\Users\Bryan\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-07-30 20:45:14    73728    ----a-r-    C:\Users\Bryan\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-07-30 20:45:14    73728    ----a-r-    C:\Users\Bryan\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-07-30 20:45:08    --------    d-----w-    C:\Program Files (x86)\Sophos
2013-07-30 19:07:09    --------    d-----w-    C:\Users\Bryan\FrostWire
2013-07-30 19:07:05    --------    d-----w-    C:\Users\Bryan\.frostwire5
2013-07-30 19:06:13    --------    d-----w-    C:\Users\Bryan\AppData\Local\AVG SafeGuard toolbar
2013-07-30 19:06:06    45856    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2013-07-30 19:06:04    --------    d-----w-    C:\ProgramData\AVG SafeGuard toolbar
2013-07-30 19:06:02    --------    d-----w-    C:\Program Files (x86)\Common Files\AVG Secure Search
2013-07-30 19:06:02    --------    d-----w-    C:\Program Files (x86)\AVG SafeGuard toolbar
2013-07-30 19:05:43    --------    d-----w-    C:\Users\Bryan\AppData\Roaming\OpenCandy
2013-07-19 14:31:04    --------    d-----w-    C:\Program Files\RingCentral
2013-07-09 17:04:52    --------    d-----w-    C:\e16485571d62f66181c8
2013-07-02 14:01:39    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M  ====================
.
2013-07-31 03:00:30    45056    ----a-w-    C:\Windows\System32\acovcnt.exe
2013-07-24 18:08:27    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-24 18:08:27    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-02 14:01:31    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-07-02 14:01:31    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-05-17 13:31:38    2560    ----a-w-    C:\Windows\_MSRSTRT.EXE
.
============= FINISH: 20:33:05.85 ===============
 

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/7/2013 1:05:47 AM
System Uptime: 7/31/2013 8:19:58 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer Inc. |  | U46E
Processor: Intel® Core i7-2640M CPU @ 2.80GHz | CPU 1 | 784/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 674 GiB total, 563.76 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP50: 7/17/2013 12:00:01 AM - Scheduled Checkpoint
RP51: 7/19/2013 10:30:28 AM - Installed RingCentral Softphone.
RP52: 7/24/2013 1:49:55 PM - Restore Operation
RP53: 7/30/2013 4:44:32 PM - Installed Sophos Virus Removal Tool.
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Anchor Service x64 CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe CMaps x64 CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Community Help
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe CSI CS4 x64
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Drive CS4 x64
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Fonts All x64
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe InDesign CS4 Icon Handler x64
Adobe Linguistics CS4
Adobe Linguistics CS4 x64
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe PDF Library Files x64 CS4
Adobe Photoshop 7.0
Adobe Photoshop CS4
Adobe Photoshop CS4 (64 Bit)
Adobe Photoshop CS4 Support
Adobe Photoshop CS5.1
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader XI (11.0.03)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player 12.0
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Type Support x64 CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe WinSoft Linguistics Plugin x64
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Alcor Micro USB Card Reader
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS AI Recovery
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS Secure Delete
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS U Series ScreenSaver
ASUS Virtual Camera
AsusVibe2.0
ATK Package
AVG SafeGuard toolbar
Best Buy pc app
Bonjour
Connect
CutePDF Writer 3.0
CyberLink LabelPrint
CyberLink Power2Go
D3DX10
Dropbox
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 630 Series Printer Uninstall
EpsonNet Print
EpsonNet Setup 3.3
ETDWare PS/2-X64 8.0.5.0_WHQL
Fast Boot
FileZilla Client 3.7.1
Fresco Logic USB3.0 Host Controller
ImgBurn
Intel PROSet Wireless
Intel WiMAX Tutorial
Intel® Control Center
Intel® Processor Graphics
Intel® PROSet/Wireless WiFi Software
Intel® Turbo Boost Technology Monitor
Intel® WiDi
Intel® Wireless Display
Intel® PROSet/Wireless WiMAX Software
iTunes
Java 7 Update 25
Java Auto Updater
Junk Mail filter update
kuler
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MozBackup 1.5.1
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.7 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 Parser and SDK
Nuance PDF Reader
PDF Settings CS4
Photoshop Camera Raw
Photoshop Camera Raw_x64
Pixel Bender Toolkit
Realtek High Definition Audio Driver
SABnzbd 0.7.11
SceneSwitch
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Sonic Focus
Sophos Virus Removal Tool
Suite Shared Configuration CS4
swMSM
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 2.0.5
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
Wireless Console 3
.
==== Event Viewer Messages From Past Week ========
.
7/31/2013 8:23:28 PM, Error: Service Control Manager [7024]  - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
.
==== End Of File ===========================
 

attach.txt

dds.txt

[MrCharlie]

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[bryan121]

RogueKiller V8.6.4 _x64_ [Jul 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Bryan [Admin rights]
Mode : Scan -- Date : 07/31/2013 21:35:37
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : Microsoft Webupdater (C:\ProgramData\Microsoft Webupdater0\rpeulaaql.exe [-]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1233712795-3455145925-3626492741-1000\[...]\Run : Microsoft Webupdater (C:\ProgramData\Microsoft Webupdater0\rpeulaaql.exe [-]) -> FOUND
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : Microsoft Webupdater (C:\ProgramData\Microsoft Webupdater0\rpeulaaql.exe [-]) -> FOUND
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V2][sUSP PATH] ASUS Patch 10430001 : C:\Windows\AsPatch10430001.exe - -e [7] -> FOUND
[V2][sUSP PATH] Windows Update Check - 0x1FE004EA : C:\ProgramData\Microsoft - Webupdater0\rpeulaaql.exe /task [-][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1   activate.adobe.com
127.0.0.1   practivate.adobe.com
127.0.0.1   ereg.adobe.com
127.0.0.1   activate.wip3.adobe.com
127.0.0.1   wip3.adobe.com
127.0.0.1   3dns-3.adobe.com
127.0.0.1   3dns-2.adobe.com
127.0.0.1   adobe-dns.adobe.com
127.0.0.1   adobe-dns-2.adobe.com
127.0.0.1   adobe-dns-3.adobe.com
127.0.0.1   ereg.wip3.adobe.com
127.0.0.1   activate-sea.adobe.com
127.0.0.1   wwis-dubc1-vip60.adobe.com
127.0.0.1   activate-sjc0.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK7559GSXP +++++
--- User ---
[MBR] bf75039f3d53d39d4bee661a6682959e
[bSP] d1768ac95e05808c83e23f105dfdbb46 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 689802 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07312013_213537.txt >>



 

[MrCharlie]

Did you read the policy on Piracy in my post??

Do you see what's in your host file?

 

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com

 

MrC

[AdvancedSetup]

This topic will now be closed due to evidence of cracked or pirated software on this system.

Piracy Policy
 

[AdvancedSetup]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.