Another Victim of Ad playing Trojan?

[wireless_one]

I'll start by saying that I read multiple topics which seem to have the same issue but to no avail (that includes malwarebytes, adwcleaner, junkremoval, combofix).  I was hoping that the steps provided in teh previous threads would solve mine as well, but no luck.  I want to add something that may or may not be relevant: yesterday when this started, I linked CNN to DirecTV through Google Chrome.  The ads I am hearing are legitimate companies (Toyota, Dannon Yogurt, etc) as well what sounds like news stories.  The appearance of the audio seems sporadic (right now all is quiet, but it has come and gone a few times).  

So, any help would be appreciated.  

 

 

 

Here is the DDS info:

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.45.2

Run by Kevin Barlay at 11:03:15 on 2014-01-10

Microsoft Windows 7 Professional   6.1.7600.0.1252.1.1033.18.2935.1046 [GMT -7:00]

.

AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe

C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2014\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe

C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe

C:\Windows\system32\HPSIsvc.exe

C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe

C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Plantronics\Morini\MoriniLocalServer.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe

C:\Program Files\AVG\AVG2014\avgui.exe

C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\Brother\Brmfcmon\BrMfimon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\AVG SafeGuard toolbar\vprot.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Kevin Barlay\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\WebGear\GO Contact Sync\GOContactSync.exe

C:\Windows\system32\SearchIndexer.exe

C:\Users\Kevin Barlay\AppData\Local\Akamai\netsession_win.exe

C:\Users\Kevin Barlay\Desktop\QuickTextPaste\QuickTextPaste.exe

C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe

C:\Users\Kevin Barlay\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\iPod\bin\iPodService.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Users\Kevin Barlay\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Zune\ZuneNss.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\taskmgr.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k Akamai

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\System32\svchost.exe -k WerSvcGroup

.

============== Pseudo HJT Report ===============

.

uProxyOverride = <local>

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 

TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [Akamai NetSession Interface] "c:\users\kevin barlay\appdata\local\akamai\netsession_win.exe"

uRun: [GoogleContactSync] c:\program files\webgear\go contact sync\GOContactSync.exe

uRun: [Xvid] "c:\program files\xvid\CheckUpdate.exe"

uRun: [QuickTextPasteAndCommand] "c:\users\kevin barlay\desktop\quicktextpaste\QuickTextPaste.exe" -bg

uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe

uRun: [GoogleChromeAutoLaunch_EE6525808C27305BE51C9F0976A376D5] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [Windows Mobile Device Center] c:\windows\windowsmobile\wmdc.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [b2C_AGENT] c:\programdata\lgmobileax\b2c_client\B2CNotiAgent.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Plantronics Morini Local Server] c:\program files\plantronics\morini\MoriniLocalServer.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup

mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY

mRun: [statusAlerts] "c:\program files\hp\statusalerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"

StartupFolder: c:\users\kevinb~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\kevin barlay\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

TCP: NameServer = 68.105.28.16 68.105.29.16

TCP: Interfaces\{1436EC0B-14B4-4992-A313-C28422377F31} : NameServer = 192.168.1.2

TCP: Interfaces\{591C9188-EBAC-4DAB-A734-4818488CB806}\25F49514C4022313 : DHCPNameServer = 10.192.168.254 10.192.168.254

TCP: Interfaces\{591C9188-EBAC-4DAB-A734-4818488CB806}\2657E6B60286F65737560277962756C656373713 : DHCPNameServer = 192.168.254.254 192.168.254.254

TCP: Interfaces\{591C9188-EBAC-4DAB-A734-4818488CB806}\34F687D234165637162737C465D225F6F6D637 : DHCPNameServer = 68.111.16.30 68.111.16.25

TCP: Interfaces\{591C9188-EBAC-4DAB-A734-4818488CB806}\455636863456E6475627548756365747966756355796475637 : DHCPNameServer = 68.105.28.12 68.105.28.11 4.2.2.1

TCP: Interfaces\{591C9188-EBAC-4DAB-A734-4818488CB806}\75D47596669625F657475627 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{591C9188-EBAC-4DAB-A734-4818488CB806}\8416274625F636B6D225F6F6D637D234F687 : DHCPNameServer = 68.111.16.30 68.111.16.25

TCP: Interfaces\{78062D9D-FFE9-4023-9831-51CC577595E0} : DHCPNameServer = 68.105.28.16 68.105.29.16

TCP: Interfaces\{78062D9D-FFE9-4023-9831-51CC577595E0}\14E64627F69646455647865627 : DHCPNameServer = 192.168.2.254

TCP: Interfaces\{78062D9D-FFE9-4023-9831-51CC577595E0}\16474777966696 : DHCPNameServer = 192.168.6.1 64.134.255.2 64.134.255.10

TCP: Interfaces\{78062D9D-FFE9-4023-9831-51CC577595E0}\33230333D214 : DHCPNameServer = 8.8.8.8 8.8.4.4

TCP: Interfaces\{78062D9D-FFE9-4023-9831-51CC577595E0}\33230333D224 : DHCPNameServer = 8.8.8.8 8.8.4.4

TCP: Interfaces\{78062D9D-FFE9-4023-9831-51CC577595E0}\341627F6573756C6 : DHCPNameServer = 10.0.0.1

TCP: Interfaces\{78062D9D-FFE9-4023-9831-51CC577595E0}\46963736F6E6E65636475646 : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

TCP: Interfaces\{78062D9D-FFE9-4023-9831-51CC577595E0}\64169627D6F6E647 : DHCPNameServer = 8.8.8.8 68.105.29.16 68.105.28.16

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.2.0\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\kevin barlay\appdata\roaming\mozilla\firefox\profiles\una71sz2.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: network.proxy.type - 0

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-10-24 147768]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 222520]

R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-10-1 102712]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-10 27448]

R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdflt.sys [2010-8-20 16176]

R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-5 120600]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-4 209176]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-17 22840]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-10-31 176952]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-1-10 37664]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe [2010-8-20 81920]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-24 348008]

R2 DraftSight API Service;DraftSight API Service;c:\program files\dassault systemes\draftsight\bin\dsHttpApiService.exe [2012-10-3 82944]

R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2011-8-4 164352]

R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-12-25 99896]

R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometer\InstallFilterService.exe [2010-8-20 60928]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-1-9 418376]

R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]

R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-8-20 2320920]

R2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\17.2.0\ToolbarUpdater.exe [2014-1-10 1771544]

R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Acceler.sys [2010-8-20 41648]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-8-20 29472]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-8-20 143968]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-8-20 125696]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-8-20 232960]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-1-9 22856]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-3-21 362600]

S?2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-11-11 3478544]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-1-9 701512]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-6-16 30312]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]

S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-8-20 134144]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-8-3 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-11-9 36640]

S3 HP DS Service;HP DS Service;c:\program files\hp\hpbdsservice\HPBDSService.exe [2010-10-27 13824]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]

S3 libusb0;LibUsb-Win32 - Kernel Driver 06/04/2010,1.12.1.1;c:\windows\system32\drivers\libusb0.sys [2011-8-21 35392]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-1-9 40776]

S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-5-8 42752]

S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2011-12-25 17408]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-8-20 171520]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-6-16 96488]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-6-16 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-6-16 121576]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-2 1343400]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== File Associations ===============

.

FileExt: .scr: DWGTrueViewScriptFile=c:\windows\system32\notepad.exe "%1"

.

=============== Created Last 30 ================

.

2014-01-10 17:22:20 -------- d-sh--w- C:\$RECYCLE.BIN

2014-01-10 17:06:35 -------- d-----w- C:\FRST

2014-01-10 16:20:11 98816 ----a-w- c:\windows\sed.exe

2014-01-10 16:20:11 256000 ----a-w- c:\windows\PEV.exe

2014-01-10 16:20:11 208896 ----a-w- c:\windows\MBR.exe

2014-01-10 16:17:23 -------- d-----w- c:\users\kevin barlay\appdata\local\AVG SafeGuard toolbar

2014-01-10 16:17:12 -------- d-----w- c:\programdata\AVG Security Toolbar

2014-01-10 16:16:48 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2014-01-10 16:16:38 -------- d-----w- c:\program files\common files\AVG Secure Search

2014-01-10 16:16:36 -------- d-----w- c:\programdata\AVG SafeGuard toolbar

2014-01-10 16:16:32 -------- d-----w- c:\program files\AVG SafeGuard toolbar

2014-01-10 15:51:35 -------- d-----w- c:\windows\ERUNT

2014-01-10 15:36:03 -------- d-----w- C:\AdwCleaner

2014-01-10 04:55:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2014-01-10 04:55:38 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-01-10 04:33:19 -------- d-sh--w- c:\windows\system32\%APPDATA%

.

==================== Find3M  ====================

.

2013-12-10 22:00:14 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-12-10 22:00:14 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-11-06 04:50:48 120600 ----a-w- c:\windows\system32\drivers\avgdiskx.sys

2013-11-05 04:57:30 209176 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2013-11-01 06:00:28 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2013-11-01 05:30:08 222520 ----a-w- c:\windows\system32\drivers\avglogx.sys

2013-10-30 16:08:45 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-10-25 05:28:32 147768 ----a-w- c:\windows\system32\drivers\avgidshx.sys

.

============= FINISH: 11:07:07.18 ===============

 

 

and attached is, well, the attach.zip . . . . I'll be watching for a response, and TIA!!

Attach.zip

[wireless_one]

I'd jump to RougeKiller and run the scan as advised in other threads.  Seems like audio no longer playing after another reboot, but the computer did a reboot on it's own while I was at lunch, so something is afoot . . .

 

here is the report from RogueKiller:

 

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 7 (6.1.7600 ) 32 bits version

Started in : Normal mode

User : Kevin Barlay [Admin rights]

Mode : Scan -- Date : 01/10/2014 12:51:58

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] QuickTextPaste.exe -- C:\Users\Kevin Barlay\Desktop\QuickTextPaste\QuickTextPaste.exe [-] -> KILLED [TermProc]

 

¤¤¤ Registry Entries : 6 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : QuickTextPasteAndCommand ("C:\Users\Kevin Barlay\Desktop\QuickTextPaste\QuickTextPaste.exe" -bg [-]) -> FOUND

[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Browser Addons : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD2500BEKT-75A25T0 +++++

--- User ---

[MBR] 1cb1bd34ff38e4a1d00097acbd6be981

[bSP] 60fc12e9eff6733c42f39fc56b49ce6d : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 12690 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 26071040 | Size: 225744 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_01102014_125158.txt >>

[MrCharlie]

Did you run ComboFix???

If so post the log.....MrC

[wireless_one]

I can't seem to get this to save as a copy/paste, so I attached it as a zip file , , ,hope that helps!

 

 

cflog.zip

[MrCharlie]

Using ComboFix......

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt, place it next to ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

[wireless_one]

OK, here you go!

ComboFix.txt

[MrCharlie]

How is it??? MrC

[wireless_one]

just did a reboot and seems better . . .for now. . . .will let run for awhile and give you a final update!

 

Thanks!

[MrCharlie]

OK....let me know....MrC

[wireless_one]

no reboot and ads gone bye bye . . .small donation sent for your time!   thanks again!!

[MrCharlie]

OK......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• If you get Unsupported operating system. Aborting now, just reboot and try again.
• A Notepad document should open automatically called checkup.txt.
• Please Post the contents of that document.
• Do Not Attach It!!!

MrC

[MrCharlie]

Are you still with me???  MrC

[wireless_one]

sorry, never saw that last msg, as I thought I was done.  But guess what?  Last night system randomly rebooted after I declined  some "Microsoft Windows" updates and then would not reboot!  Used my repair disc moments ago and did a restore, but not its back.  Planning on starting over from the beginning . . .

[MrCharlie]

OK...MrC

[wireless_one]

*now its back, not "not" . . .

[wireless_one]

do you need me to upload logs, or should I just run Rougue Killer and Combofix, then Combofix with Script?

[wireless_one]

RK log:

 

RogueKiller V8.8.1 [Jan 14 2014] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 7 (6.1.7600 ) 32 bits version

Started in : Normal mode

User : Kevin Barlay [Admin rights]

Mode : Scan -- Date : 01/14/2014 09:27:05

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 7 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : QuickTextPasteAndCommand ("C:\Users\Kevin Barlay\Desktop\QuickTextPaste\QuickTextPaste.exe" -bg [-]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-3505198377-27462483-240381639-1000\[...]\Run : QuickTextPasteAndCommand ("C:\Users\Kevin Barlay\Desktop\QuickTextPaste\QuickTextPaste.exe" -bg [-]) -> FOUND

[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Browser Addons : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

[Root.Zekos][File] rpcss.dll : C:\Windows\System32\rpcss.dll [-] --> FOUND

 

¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection : Root.Zekos ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD2500BEKT-75A25T0 +++++

--- User ---

[MBR] 1cb1bd34ff38e4a1d00097acbd6be981

[bSP] 60fc12e9eff6733c42f39fc56b49ce6d : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 12690 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 26071040 | Size: 225744 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_01142014_092705.txt >>

[MrCharlie]

Download a fresh copy of ComboFix and run it.

MrC

[wireless_one]

It updated automatically, but watching the scan results, seeing lots of "the system cannot finds .... "and "can't read...."....I'll post this log for sure....

[wireless_one]

trouble copy/pasting comments . . .file attached . . .

ComboFix.txt

[wireless_one]

should I use the CF script I DL'd last week?

[MrCharlie]

No, just run the scan first, MrC

[wireless_one]

scan results posted in previous post . . . other page . . .here they are again!  

ComboFix.txt

[MrCharlie]

Using ComboFix......

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt, place it next to ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

Then run AdwCleaner and MB.

MrC

[wireless_one]

CF log after running script . . .

ComboFix.txt