Infected for sure, ASAP help please :/

[BensonTheNoob]

My friend has been using my laptop quite often lately, and today i decided to clean it up for him. There were a number of infections i removed but I can't seem to get rid of this one :/ it won't let me update MBW, and apparently I don't have permission to edit the files were the infection is located (im admin etc) I'm pretty sure the infection is coming from adware called "welovesmilies"

 

Anyway, I'm usually ok with basic infection removal, but this has me stuck and I could use some help BIG TIME. Any info im missing please let me know, thanks!

 

DDS

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_26

Run by Admin at 6:07:04 on 2013-09-13

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.6092.3156 [GMT 8:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\ProgramData\DatacardService\HWDeviceService64.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe

C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\ProgramData\DatacardService\DCSHelper.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Admin\Downloads\RogueKiller.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: {D8278076-BC68-4484-9233-6E7F1628B56C} - <orphaned>

BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - 

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\ipsbho.dll

BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll

TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} - 

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: NameServer = 10.0.0.138

TCP: Interfaces\{08143167-50A7-4924-9E3C-DB03C5C3A9E7} : DHCPNameServer = 192.168.0.1 192.168.0.1

TCP: Interfaces\{1D28985E-5CD3-43D3-935E-C984D79EA088} : NameServer = 125.168.254.14 61.88.88.88

TCP: Interfaces\{20B1E166-0A41-414A-90D5-646EFDD443D0} : DHCPNameServer = 10.0.0.138

TCP: Interfaces\{20B1E166-0A41-414A-90D5-646EFDD443D0}\14E64627F696461405E2 : DHCPNameServer = 192.168.43.1

TCP: Interfaces\{20B1E166-0A41-414A-90D5-646EFDD443D0}\34964797023547169702331323D2332323 : DHCPNameServer = 216.146.35.35 216.146.36.36

TCP: Interfaces\{20B1E166-0A41-414A-90D5-646EFDD443D0}\34964797023547169702431323D2432323 : DHCPNameServer = 216.146.35.35 216.146.36.36

TCP: Interfaces\{20B1E166-0A41-414A-90D5-646EFDD443D0}\56070797A61697 : DHCPNameServer = 192.168.43.1

TCP: Interfaces\{20B1E166-0A41-414A-90D5-646EFDD443D0}\77163737570702 : DHCPNameServer = 192.168.43.1

TCP: Interfaces\{20B1E166-0A41-414A-90D5-646EFDD443D0}\D4F6E61627F6744535332373 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{49DE15CC-6226-4A55-B117-418E4BAF8C57} : NameServer = 125.168.254.14 61.88.88.88

TCP: Interfaces\{50BE00EE-8C62-4A64-867A-D7EFFED498E3} : DHCPNameServer = 10.0.0.138

TCP: Interfaces\{E8BF945E-5091-4D42-BC95-9131D74D4F97} : NameServer = 125.168.254.14 61.88.88.88

TCP: Interfaces\{EAF30024-F1B1-4635-91C8-D7084C484154} : NameServer = 125.168.254.14 61.88.88.88

TCP: Interfaces\{EECF7929-B511-4A31-BE8F-3028B648212F} : DHCPNameServer = 10.4.182.22 10.4.81.105

TCP: Interfaces\{EED03D5B-1DDE-4A12-9DAB-BF53CE87CD82} : DHCPNameServer = 198.142.0.51 61.88.88.88

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs=     

SSODL: WebCheck - <orphaned>

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - 

x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} - 

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden

x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z0asxgvh.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

FF - ExtSQL: 2013-07-24 04:12; 69ffxtbr@PackageTracer_69.com; C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z0asxgvh.default\extensions\69ffxtbr@PackageTracer_69.com

FF - ExtSQL: 2013-09-09 12:31; jid1-vW9nopuIAJiRHw@jetpack; C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z0asxgvh.default\extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

.

.

.

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\SymDS64.sys [2013-8-5 493656]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\SymEFA64.sys [2013-8-5 1139800]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130903.002\BHDrvx64.sys [2013-9-4 1525336]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccSetx64.sys [2013-8-5 169048]

R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [2013-8-5 169048]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130911.001\IDSviA64.sys [2013-9-12 520280]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\Ironx64.sys [2013-8-5 224416]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-8-5 433752]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-3-11 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-3-11 203776]

R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]

R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-7 249672]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-22 103992]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-6 291896]

R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-10 26680]

R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe -/service --> C:\ProgramData\DatacardService\HWDeviceService64.exe -/service [?]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-11 13336]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-7-28 2413056]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [2013-8-5 144368]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-11 2656280]

R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-12-11 31088]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-8-29 140376]

R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2011-9-2 86016]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-3-11 317440]

R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-3-11 12256512]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2013-7-28 91648]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2013-7-28 208896]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-3-11 338536]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-28 428136]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [2013-8-5 144368]

S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]

S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-3-11 344616]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-3-11 39464]

S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2011-9-2 117248]

S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2011-9-2 256000]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-8-25 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-20 1255736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-11 389120]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]

.

=============== Created Last 30 ================

.

2013-09-12 21:54:08 712264 ----a-w- C:\Windows\isRS-000.tmp

2013-09-09 14:14:29 -------- d-----w- C:\Users\Admin\AppData\Local\{0196062B-2235-4AC9-8C2F-F82D33CCC8A4}

2013-09-09 09:49:02 -------- d-----w- C:\Users\Admin\AppData\Local\libimobiledevice

2013-09-09 09:29:41 -------- d-----w- C:\Users\Admin\AppData\Roaming\SmileysWeLove

2013-09-09 09:28:50 -------- d-----w- C:\Users\Admin\AppData\Local\Smartbar

2013-09-09 09:27:27 -------- d-----w- C:\Users\Admin\AppData\Local\DealPlyLive

2013-09-09 09:27:27 -------- d-----w- C:\ProgramData\DealPlyLive

2013-09-09 09:27:27 -------- d-----w- C:\Program Files (x86)\DealPlyLive

2013-09-09 09:27:23 -------- d-----w- C:\Users\Admin\AppData\Roaming\Dealply

2013-09-09 09:27:19 -------- d-----w- C:\Program Files (x86)\DealPly

2013-09-09 04:31:55 -------- d-----w- C:\Program Files (x86)\SqueakyChocolate

2013-09-07 13:19:31 -------- d-----w- C:\Users\Admin\AppData\Roaming\PacificPoker

2013-09-07 13:19:25 -------- d-----w- C:\Program Files (x86)\PacificPoker

2013-09-07 12:50:15 -------- d-----w- C:\Poker

2013-09-05 19:30:27 -------- d-----w- C:\Users\Admin\AppData\Local\{2F5054F8-EBD9-4D3F-98FB-60EC991F9E10}

2013-09-05 15:42:13 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2013-09-05 15:41:18 -------- d-----w- C:\Program Files\iPod

2013-09-05 15:41:17 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-09-05 15:41:17 -------- d-----w- C:\Program Files\iTunes

2013-09-05 15:34:32 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2013-09-05 15:34:32 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2013-09-05 15:34:32 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2013-09-05 15:34:32 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2013-09-05 15:34:32 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2013-09-02 14:23:17 -------- d-----w- C:\Users\Admin\AppData\Local\CrashRpt

2013-09-02 14:16:48 -------- d-----w- C:\Users\Admin\AppData\Local\BingoCafe

2013-09-02 11:32:15 -------- d-----w- C:\Users\Admin\AppData\Roaming\DownLite

2013-08-28 19:39:28 -------- d-----w- C:\ProgramData\McAfee Security Scan

2013-08-28 19:39:25 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan

2013-08-26 18:08:08 -------- d-----w- C:\Program Files (x86)\Belkin

2013-08-23 19:42:58 -------- d-----w- C:\Users\Admin\AppData\Local\{18FF6120-4C4B-437C-919A-C5ADA6F1EC73}

2013-08-22 23:29:43 -------- d-----w- C:\Users\Admin\AppData\Local\{8FED27FD-B992-4402-BFD0-CBE7F6A9BCFE}

2013-08-20 17:43:39 -------- d-----w- C:\Users\Admin\AppData\Local\{F6703B17-FC43-446A-94D4-EDED6B30D6CE}

2013-08-14 07:02:49 -------- d-----w- C:\Windows\pss

2013-08-14 04:26:48 -------- d-----w- C:\Program Files (x86)\Movies Toolbar

2013-08-14 04:14:34 -------- d-----w- C:\Program Files (x86)\Free Video Converter

2013-08-14 00:55:24 -------- d-----w- C:\Users\Admin\VLC

.

==================== Find3M  ====================

.

2013-09-12 19:04:35 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-09-12 19:04:35 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-08-04 17:16:12 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2013-07-28 02:21:44 8507392 ----a-w- C:\Windows\System32\drivers\NETwNs64.sys

2013-07-28 02:10:27 9888360 ----a-w- C:\Windows\SysWow64\RtsPStorIcon.dll

2013-07-28 02:10:27 338536 ----a-w- C:\Windows\System32\drivers\RtsPStor.sys

2013-07-28 01:34:24 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll

2013-07-28 01:34:24 428136 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

2013-07-28 01:34:24 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

2013-07-28 01:23:08 91648 ----a-w- C:\Windows\System32\drivers\nusb3hub.sys

2013-07-28 01:23:08 81920 ----a-w- C:\Windows\System32\nusb3co2.dll

2013-07-28 01:23:08 208896 ----a-w- C:\Windows\System32\drivers\nusb3xhc.sys

2013-07-28 01:18:52 66856 ----a-w- C:\Windows\SysWow64\SynTPEnhPS.dll

2013-07-28 01:18:52 226600 ----a-w- C:\Windows\System32\SynTPAPI.dll

2013-07-28 01:18:52 148264 ----a-w- C:\Windows\System32\SynTPCo9.dll

2013-07-28 01:18:52 1451056 ----a-w- C:\Windows\System32\drivers\SynTP.sys

2013-07-28 01:18:52 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll

2013-07-28 01:18:50 411944 ----a-w- C:\Windows\System32\SynCOM.dll

2013-07-28 01:18:50 276264 ----a-w- C:\Windows\System32\SynCtrl.dll

2013-07-28 01:18:50 222504 ----a-w- C:\Windows\SysWow64\SynCtrl.dll

2013-07-28 01:18:50 177448 ----a-w- C:\Windows\SysWow64\SynCOM.dll

.

============= FINISH:  6:07:49.23 ===============

 

 

I also saw most helpers recommended to download roguekiller and do a scan with that, so ive done that also.

 

RogueKiller V8.6.11 [sep 11 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Admin [Admin rights]

Mode : Scan -- Date : 09/13/2013 06:11:55

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 14 ¤¤¤

[DNS] HKLM\[...]\CCSet\[...]\{1D28985E-5CD3-43D3-935E-C984D79EA088} : NameServer (125.168.254.14 61.88.88.88) -> FOUND

[DNS] HKLM\[...]\CCSet\[...]\{49DE15CC-6226-4A55-B117-418E4BAF8C57} : NameServer (125.168.254.14 61.88.88.88) -> FOUND

[DNS] HKLM\[...]\CCSet\[...]\{E8BF945E-5091-4D42-BC95-9131D74D4F97} : NameServer (125.168.254.14 61.88.88.88) -> FOUND

[DNS] HKLM\[...]\CCSet\[...]\{EAF30024-F1B1-4635-91C8-D7084C484154} : NameServer (125.168.254.14 61.88.88.88) -> FOUND

[DNS] HKLM\[...]\CS001\[...]\{1D28985E-5CD3-43D3-935E-C984D79EA088} : NameServer (125.168.254.14 61.88.88.88) -> FOUND

[DNS] HKLM\[...]\CS001\[...]\{49DE15CC-6226-4A55-B117-418E4BAF8C57} : NameServer (125.168.254.14 61.88.88.88) -> FOUND

[DNS] HKLM\[...]\CS001\[...]\{E8BF945E-5091-4D42-BC95-9131D74D4F97} : NameServer (125.168.254.14 61.88.88.88) -> FOUND

[DNS] HKLM\[...]\CS001\[...]\{EAF30024-F1B1-4635-91C8-D7084C484154} : NameServer (125.168.254.14 61.88.88.88) -> FOUND

[DNS] HKLM\[...]\CS002\[...]\{1D28985E-5CD3-43D3-935E-C984D79EA088} : NameServer (125.168.254.14 61.88.88.88) -> FOUND

[DNS] HKLM\[...]\CS002\[...]\{49DE15CC-6226-4A55-B117-418E4BAF8C57} : NameServer (125.168.254.14 61.88.88.88) -> FOUND

[DNS] HKLM\[...]\CS002\[...]\{E8BF945E-5091-4D42-BC95-9131D74D4F97} : NameServer (125.168.254.14 61.88.88.88) -> FOUND

[DNS] HKLM\[...]\CS002\[...]\{EAF30024-F1B1-4635-91C8-D7084C484154} : NameServer (125.168.254.14 61.88.88.88) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: TOSHIBA MK7559GSXP +++++

--- User ---

[MBR] 6ae5f4eca2ebf42ffb7104b6709fddbf

[bSP] 03ad46c2950a0b0190b8fce2dcbbce34 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 700087 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1434187776 | Size: 15014 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] fa39b793e433e475341b591834d0f0c1

[bSP] 03ad46c2950a0b0190b8fce2dcbbce34 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo

1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 159793152 | Size: 400 Mo

 

Finished : << RKreport[0]_S_09132013_061155.txt >>

 

 

 

Hoping someone has a fix to this, and soon (i go away for work today and dont really want to leave my friend with an infected laptop)

 

attach.txt

[Maniac]

Hello BensonTheNoob and ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, FrostWire or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

When you are ready, generate a new fresh DDS log files and post them in your next reply.

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!