NO Audio and no system restore

[DLG7]

Ok will do. Should I install an anti-virus program after the scan is completed? Or should I wait until I see your response to the scan results?

[Jintan]

Wait please. We don't want any added factors involved right now.

[DLG7]

OK here we go. Results of Combofix

ComboFix 12-07-18.04 - Charlies 07/18/2012 21:28:07.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3839.2555 [GMT -4:00]
Running from: c:\users\Charlies\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\CouponAlert_2pEI
c:\program files (x86)\CouponAlert_2pEI\Installr\1.bin\2pEIPlug.dll
c:\program files (x86)\CouponAlert_2pEI\Installr\1.bin\2pEZSETP.dll
c:\program files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll
c:\program files (x86)\TelevisionFanaticEI
c:\program files (x86)\TelevisionFanaticEI\Installr\1.bin\64EIPlug. dll
c:\program files (x86)\TelevisionFanaticEI\Installr\1.bin\64EZSETP. dll
c:\program files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISb. dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\users\Administrator\WINDOWS
c:\users\Default\WINDOWS
c:\users\Guest.Charlies-HP\WINDOWS
c:\users\KIDS.Charlies-HP.001\WINDOWS
c:\users\Kids.Charlies-HP\WINDOWS
c:\windows\SysWow64\Cache
c:\windows\SysWow64\Cache\25df237061219e63.fb
c:\windows\SysWow64\Cache\272512937d9e61a4.fb
c:\windows\SysWow64\Cache\287204568329e189.fb
c:\windows\SysWow64\Cache\28bc8f716fd76a47.fb
c:\windows\SysWow64\Cache\2c53092c95605355.fb
c:\windows\SysWow64\Cache\31a0997e9a5b5eb3.fb
c:\windows\SysWow64\Cache\32c84fe32bb74d60.fb
c:\windows\SysWow64\Cache\3917078cb68ec657.fb
c:\windows\SysWow64\Cache\590ba23ce359fd0c.fb
c:\windows\SysWow64\Cache\610289e025a3ee9a.fb
c:\windows\SysWow64\Cache\651c5d3cdbfb8bd1.fb
c:\windows\SysWow64\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\SysWow64\Cache\6d03dad1035885d3.fb
c:\windows\SysWow64\Cache\a8556537add6dfc5.fb
c:\windows\SysWow64\Cache\ad10a52aff5e038d.fb
c:\windows\SysWow64\Cache\c1fa887b03019701.fb
c:\windows\SysWow64\Cache\c4d28dca2e7648be.fb
c:\windows\SysWow64\Cache\d201ef9910cd39de.fb
c:\windows\SysWow64\Cache\d2e94710a5708128.fb
c:\windows\SysWow64\Cache\d79b9dfe81484ec4.fb
c:\windows\SysWow64\Cache\de8d88a0b6974c90.fb
c:\windows\SysWow64\Cache\f998975c9cc711ee.fb
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\Lagoon.resources.dll
c:\windows\WindowsUpdate.log . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-06-19 to 2012-07-19 )))))))))))))))))))))))))))))))
.
.
2012-07-12 07:07 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 11:27 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-07 01:14 . 2012-07-07 01:14 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-05 12:03 . 2012-07-05 12:03 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-05 12:03 . 2012-07-05 12:03 -------- d-----w- c:\program files (x86)\Java
2012-07-05 12:02 . 2012-07-05 12:02 -------- d-----w- c:\programdata\McAfee
2012-07-03 00:32 . 2012-07-03 00:32 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2012-06-30 11:35 . 2012-06-30 11:35 -------- d--h--w- c:\programdata\CanonIJEGV
2012-06-29 15:32 . 2012-06-29 15:32 -------- d-----w- c:\users\Charlies\AppData\Roaming\AVG
2012-06-29 14:27 . 2012-07-19 01:14 -------- d-----w- c:\programdata\AVG2012
2012-06-29 14:27 . 2012-06-29 15:31 -------- d-----w- c:\program files (x86)\AVG
2012-06-29 14:24 . 2012-06-29 14:24 -------- d--h--w- c:\programdata\Common Files
2012-06-29 14:24 . 2012-07-19 01:13 -------- d-----w- c:\programdata\MFAData
2012-06-29 14:16 . 2012-06-29 14:16 -------- d-----w- c:\users\Charlies\AppData\Local\HuluDesktop
2012-06-29 13:37 . 2012-06-29 13:37 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7D03280-DCCB-43F6-BFB1-87CB5D768F2B}\offreg.dll
2012-06-29 13:34 . 2012-06-18 07:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7D03280-DCCB-43F6-BFB1-87CB5D768F2B}\mpengine.dll
2012-06-27 01:50 . 2010-05-05 08:26 332320 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2012-06-27 01:50 . 2010-05-05 08:26 1959456 ----a-w- c:\windows\system32\RtPgEx64.dll
2012-06-27 01:50 . 2010-05-05 08:26 1146912 ----a-w- c:\windows\system32\RTSnMg64.cpl
2012-06-27 01:50 . 2010-05-05 08:21 2364576 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2012-06-27 01:50 . 2010-05-04 02:08 2601816 ----a-w- c:\windows\system32\WavesGUILib.dll
2012-06-27 01:50 . 2010-05-05 08:26 2602016 ----a-w- c:\windows\system32\RtkAPO64.dll
2012-06-27 01:50 . 2010-05-05 08:26 149536 ----a-w- c:\windows\system32\RtkCfg64.dll
2012-06-27 01:50 . 2010-05-05 08:26 93216 ----a-w- c:\windows\system32\RCoRes64.dat
2012-06-27 01:50 . 2010-05-05 08:26 70176 ----a-w- c:\windows\system32\RCoInst64.dll
2012-06-27 01:50 . 2010-05-05 08:26 476192 ----a-w- c:\windows\system32\RtkApi64.dll
2012-06-27 01:50 . 2010-05-05 08:26 1210912 ----a-w- c:\windows\system32\RTCOM64.dll
2012-06-27 01:50 . 2006-02-07 19:44 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\ISBEW64.exe
2012-06-26 11:38 . 2012-06-26 11:38 -------- d-----w- c:\users\Charlies\AppData\Roaming\WinBatch
2012-06-24 01:39 . 2012-07-19 01:33 -------- d-----w- c:\users\KIDS.Charlies-HP.001
2012-06-24 00:08 . 2012-06-24 01:56 -------- d-----w- c:\users\Charlies\AppData\Local\ElevatedDiagnostic s
2012-06-23 00:51 . 2012-06-24 01:33 -------- d-----w- c:\users\KIDS.Charlies-HP.000
2012-06-22 23:55 . 2012-07-19 01:33 -------- d-----w- c:\users\Guest.Charlies-HP
2012-06-19 11:07 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 11:07 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 11:07 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 11:07 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 11:06 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 11:06 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 11:06 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 11:06 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 11:06 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-07-12 07:02 . 2012-01-09 02:44 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-07 01:14 . 2012-01-10 21:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-05 12:03 . 2012-02-08 02:45 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 11:06 . 2012-06-15 20:55 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-15 20:55 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-15 20:55 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-28 03:55 . 2012-06-15 01:25 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-15 01:26 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-15 01:26 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-15 01:26 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-12-06 04:41 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-12-06 04:41 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-12-06 04:41 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2012-01-11 39408]
"eFax 4.4"="c:\program files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" [2010-07-02 95744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"DT HPO"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-06-23 121456]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-12-06 1059472]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Charlies\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files (x86)\eFax Messenger 4.4\J2GTray.exe [2010-7-2 656896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-06 1255736]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-17 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-12 203264]
S2 CalendarSynchService;CalendarSynchService;c:\progr am files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.ex e [2010-07-14 22072]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atik mdag.sys [2010-05-12 6790656]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atik mpag.sys [2010-05-12 221184]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-06-18 32880]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-14 69736]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-12-19 852256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-03 331880]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd62d 422c6d7db.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 20:38]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 20:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ca rbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-12-06 04:34 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ca rbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-12-06 04:34 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ca rbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-12-06 04:34 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-05 10804768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.27.35.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Charlies\AppData\Roaming\Mozilla\Firefox\ Profiles\rlt7d7d9.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B3b0a6221-4c56-4f39-82c3-4e2f24ea7309%7D&mid=7fc32f45f40c47d08c981943ef19f7 57-429095f078670472d66d0e23af04a2b1259b24d1&ds=AVG&v= 11.1.0.12&lang=en&pr=pr&d=2012-06-29%2010%3A28%3A54&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe SVG Viewer - c:\windows\System32\Adobe\SVG Viewer\Uninst.isu
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\p dfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
.
************************************************** ************************
.
Completion time: 2012-07-18 22:17:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-19 02:17
.
Pre-Run: 649,937,870,848 bytes free
Post-Run: 649,721,040,896 bytes free
.
- - End Of File - - 0819869D28824FEE251764140EBF9178

[Jintan]

Some adware removed then. We're starting to lean towards these issues being a non-malware problem (sound and System Restore). Some items removed just then, and I admit it's odd that ComboFix even targeted, and couldn't remove, that legit Update log.


The logs show you have both Carbonite Backup (pre-installed by the vendor as a sales promo) and Norton Online Backup installed. If you use neither of these, which usually require $$, you may want to just uninstall them.

--------

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text in the codebox below into it:

Code:

KillAll::
File::
c:\windows\WindowsUpdate.log

Save this to your desktop as CFScript.txt


You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan.

ComboFix will now run as it did before. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

---------

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Download the latest version of Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup-1.62.0.1300.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

----------

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications

Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Post that log, the C:\ComboFix.txt log and the Malwarebytes log please.

[DLG7]

I uninstalled Norton's Online Backup. I Don't use that. I kept Carbonite as I do use that one. I created the CFScript file and dragged it into the Combofix and here is the results.


ComboFix 12-07-18.04 - Charlies 07/19/2012 22:02:50.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3839.2527 [GMT -4:00]
Running from: c:\users\Charlies\Desktop\ComboFix.exe
Command switches used :: c:\users\Charlies\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\WindowsUpdate.log"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\WindowsUpdate.log
.
.
((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 )))))))))))))))))))))))))))))))
.
.
2012-07-20 02:08 . 2012-07-20 02:08 -------- d-----w- c:\users\Home\AppData\Local\temp
2012-07-20 02:08 . 2012-07-20 02:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-20 02:08 . 2012-07-20 02:08 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-20 01:51 . 2012-07-20 01:51 -------- d-----w- c:\windows\system32\appmgmt
2012-07-12 07:07 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 11:27 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-07 01:14 . 2012-07-07 01:14 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-05 12:03 . 2012-07-05 12:03 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-05 12:03 . 2012-07-05 12:03 -------- d-----w- c:\program files (x86)\Java
2012-07-05 12:02 . 2012-07-05 12:02 -------- d-----w- c:\programdata\McAfee
2012-07-03 00:32 . 2012-07-03 00:32 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2012-06-30 11:35 . 2012-06-30 11:35 -------- d--h--w- c:\programdata\CanonIJEGV
2012-06-29 15:32 . 2012-06-29 15:32 -------- d-----w- c:\users\Charlies\AppData\Roaming\AVG
2012-06-29 14:27 . 2012-07-19 01:14 -------- d-----w- c:\programdata\AVG2012
2012-06-29 14:27 . 2012-06-29 15:31 -------- d-----w- c:\program files (x86)\AVG
2012-06-29 14:24 . 2012-06-29 14:24 -------- d--h--w- c:\programdata\Common Files
2012-06-29 14:24 . 2012-07-19 01:13 -------- d-----w- c:\programdata\MFAData
2012-06-29 14:16 . 2012-06-29 14:16 -------- d-----w- c:\users\Charlies\AppData\Local\HuluDesktop
2012-06-29 13:37 . 2012-06-29 13:37 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7D03280-DCCB-43F6-BFB1-87CB5D768F2B}\offreg.dll
2012-06-29 13:34 . 2012-06-18 07:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7D03280-DCCB-43F6-BFB1-87CB5D768F2B}\mpengine.dll
2012-06-27 01:50 . 2010-05-05 08:26 332320 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2012-06-27 01:50 . 2010-05-05 08:26 1959456 ----a-w- c:\windows\system32\RtPgEx64.dll
2012-06-27 01:50 . 2010-05-05 08:26 1146912 ----a-w- c:\windows\system32\RTSnMg64.cpl
2012-06-27 01:50 . 2010-05-05 08:21 2364576 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2012-06-27 01:50 . 2010-05-04 02:08 2601816 ----a-w- c:\windows\system32\WavesGUILib.dll
2012-06-27 01:50 . 2010-05-05 08:26 2602016 ----a-w- c:\windows\system32\RtkAPO64.dll
2012-06-27 01:50 . 2010-05-05 08:26 149536 ----a-w- c:\windows\system32\RtkCfg64.dll
2012-06-27 01:50 . 2010-05-05 08:26 93216 ----a-w- c:\windows\system32\RCoRes64.dat
2012-06-27 01:50 . 2010-05-05 08:26 70176 ----a-w- c:\windows\system32\RCoInst64.dll
2012-06-27 01:50 . 2010-05-05 08:26 476192 ----a-w- c:\windows\system32\RtkApi64.dll
2012-06-27 01:50 . 2010-05-05 08:26 1210912 ----a-w- c:\windows\system32\RTCOM64.dll
2012-06-27 01:50 . 2006-02-07 19:44 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\ISBEW64.exe
2012-06-26 11:38 . 2012-06-26 11:38 -------- d-----w- c:\users\Charlies\AppData\Roaming\WinBatch
2012-06-24 01:39 . 2012-07-19 01:33 -------- d-----w- c:\users\KIDS.Charlies-HP.001
2012-06-24 00:08 . 2012-06-24 01:56 -------- d-----w- c:\users\Charlies\AppData\Local\ElevatedDiagnostic s
2012-06-23 00:51 . 2012-06-24 01:33 -------- d-----w- c:\users\KIDS.Charlies-HP.000
2012-06-22 23:55 . 2012-07-19 01:33 -------- d-----w- c:\users\Guest.Charlies-HP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-07-12 07:02 . 2012-01-09 02:44 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-07 01:14 . 2012-01-10 21:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-05 12:03 . 2012-02-08 02:45 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-02 22:19 . 2012-06-19 11:06 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 11:07 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 11:07 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 11:07 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 11:06 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 11:07 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 11:06 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 11:06 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 11:06 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-04 11:06 . 2012-06-15 20:55 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-15 20:55 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-15 20:55 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-28 03:55 . 2012-06-15 01:25 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-15 01:26 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-15 01:26 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-15 01:26 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-19_02.15.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-07-20 01:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-19 01:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-19 01:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-20 01:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-19 01:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-07-14 04:54 . 2012-07-20 01:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-07-14 05:10 . 2012-07-20 01:56 40180 c:\windows\system32\wdi\BootPerformanceDiagnostics _SystemData.bin
+ 2012-01-06 17:48 . 2012-07-20 01:56 10994 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-55732289-379393075-64320319-1000_UserData.bin
+ 2012-01-08 06:18 . 2012-07-19 10:11 339938 c:\windows\system32\wdi\SuspendPerformanceDiagnost ics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-07-19 01:40 660068 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-20 01:57 660068 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-20 01:57 120996 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-19 01:40 120996 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-07 01:36 319684 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-20 02:08 319684 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-System.dat
- 2012-01-06 17:38 . 2012-07-17 22:24 1316544 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache3.0.0.0.dat
+ 2012-01-06 17:38 . 2012-07-20 02:08 1316544 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache3.0.0.0.dat
+ 2012-01-06 17:38 . 2012-07-20 02:08 1633924 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-55732289-379393075-64320319-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-12-06 04:41 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-12-06 04:41 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-12-06 04:41 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2012-01-11 39408]
"eFax 4.4"="c:\program files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" [2010-07-02 95744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"DT HPO"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-06-23 121456]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-12-06 1059472]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Charlies\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files (x86)\eFax Messenger 4.4\J2GTray.exe [2010-7-2 656896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 136176]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-06 1255736]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-17 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-12 203264]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 CalendarSynchService;CalendarSynchService;c:\progr am files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.ex e [2010-07-14 22072]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atik mdag.sys [2010-05-12 6790656]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atik mpag.sys [2010-05-12 221184]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-06-18 32880]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-14 69736]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-12-19 852256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-03 331880]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd62d 422c6d7db.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 20:38]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 20:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ca rbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-12-06 04:34 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ca rbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-12-06 04:34 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ca rbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-12-06 04:34 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-05 10804768]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.27.35.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Charlies\AppData\Roaming\Mozilla\Firefox\ Profiles\rlt7d7d9.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B3b0a6221-4c56-4f39-82c3-4e2f24ea7309%7D&mid=7fc32f45f40c47d08c981943ef19f7 57-429095f078670472d66d0e23af04a2b1259b24d1&ds=AVG&v= 11.1.0.12&lang=en&pr=pr&d=2012-06-29%2010%3A28%3A54&sap=ku&q=
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\p dfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
.
************************************************** ************************
.
Completion time: 2012-07-19 22:14:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-20 02:14
ComboFix2.txt 2012-07-19 02:17
.
Pre-Run: 649,613,996,032 bytes free
Post-Run: 649,147,957,248 bytes free
.
- - End Of File - - B4221858242BEFFF38F095C64940B256


THIS IS THE MALWAREBYTES LOG

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.20.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Charlies :: CHARLIES-HP [administrator]

7/20/2012 8:22:19 AM
mbam-log-2012-07-20 (08-22-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 283574
Time elapsed: 1 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Charlies\Downloads\PDFReaderSetup_V3.exe (PUP.Adware.InstallCore) -> Quarantined and deleted successfully.

(end)


THIS IS THE ESETRESULTS


C:\Documents and Settings\Charlies\AppData\LocalLow\CouponAlert_2pE I\Installr\Cache\0B9043A0.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\2pEIPlug.dll .vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\2pEZSETP.dll .vir Win32/Toolbar.MyWebSearch.Q application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll .vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\64EIPlug. dll.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\64EZSETP. dll.vir Win32/Toolbar.MyWebSearch.Q application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISb. dll.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

[Jintan]

Hmm - really nothing so far related to your originating issues of no audio, and no System Restore access. I assume those are still problems there?

[DLG7]

The last scan pretty much hosed my computer. My touch screen didn't work, Carbonite was gone, desktop theme was gone and I couldn't choose another one as well as other things too numerous to mention. However system restore did work and I was able to restore to yesterday's point before I ran the last 2 scan tools.

I tried to install security essentials again, but it would not install as before, but I did get Avast Free to install and am using that now. My Audio still does not work.

My thought is to bite the bullet and re-install system software back to original.

Thanks for all your help.


I think I hear the song of a jubjub somewhere. Go to Go!

[Jintan]

Eset "hosed your system"? It only located some adware-bundled installers. If you continue to have problems, you may want to consider a new request in the CTH Hardware forum, to discuss potential hard drive problems.