Sys Security, Defender,svchost.. yes ALL

[Yahoo1serious]

Started about 2 weeks ago.1st sign was problems with windows defender and the other Microsoft built in defense. Also I was not able to start firewall services and still can not. Downloaded Malwarebytes and 20 rootkits were detected. I clicked through about 7 times hoped for the best but found my pc was fubar.

Here are cut/paste given to me through instruction of a sticky topic leading one of your forums.

Thank you in advance!!

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30

Run by SYSTEM-LORD at 7:17:47 on 2012-01-09

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4030.2621 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe

C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe

C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\HighPoint Technologies, Inc\HighPoint RAID Management Software\service\hptsvr.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\HighPoint Technologies, Inc\HighPoint RAID Management Software\service\drvinst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\conhost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Users\SYSTEM-LORD\AppData\Local\Programs\Google\MusicManager\MusicManager.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Users\SYSTEM-LORD\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\SearchIndexer.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page =

BHO: {15C9938F-CB96-496D-800A-B827F2E34EA1} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

uRun: [MusicManager] "C:\Users\SYSTEM-LORD\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\SYSTEM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\SYSTEM-LORD\AppData\Roaming\Dropbox\bin\Dropbox.exe

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: Add to Evernote 4.0

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{AFF7421B-C872-4971-8C66-AB8F5A4E26C7} : DhcpNameServer = 192.168.1.1

BHO-X64: {15C9938F-CB96-496D-800A-B827F2E34EA1} - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\SYSTEM-LORD\AppData\Roaming\Mozilla\Firefox\Profiles\ug3e7pme.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=

FF - prefs.js: network.proxy.gopher -

FF - prefs.js: network.proxy.gopher_port - 0

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Video Capture Master\Filters\QuickTime\Plugins\npqtplugin.dll

FF - plugin: C:\Program Files (x86)\Video Capture Master\Filters\QuickTime\Plugins\npqtplugin2.dll

FF - plugin: C:\Program Files (x86)\Video Capture Master\Filters\QuickTime\Plugins\npqtplugin3.dll

FF - plugin: C:\Program Files (x86)\Video Capture Master\Filters\QuickTime\Plugins\npqtplugin4.dll

FF - plugin: C:\Program Files (x86)\Video Capture Master\Filters\QuickTime\Plugins\npqtplugin5.dll

FF - plugin: C:\Users\SYSTEM-LORD\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Users\SYSTEM-LORD\AppData\Roaming\Mozilla\Firefox\Profiles\ug3e7pme.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll

FF - plugin: C:\Users\SYSTEM-LORD\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\SYSTEM-LORD\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 rr62x;rr62x;C:\Windows\system32\drivers\rr62x.sys --> C:\Windows\system32\drivers\rr62x.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/12/11 05:37:09];C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-9-2 148976]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-12-11 83240]

R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-12-11 75048]

R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-12-11 292136]

R2 hptsvr;Newer Technology Management Service;C:\Program Files (x86)\HighPoint Technologies, Inc\HighPoint RAID Management Software\Service\hptsvr.exe [2011-11-19 57344]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-31 652872]

R2 ntk_PowerDVD;ntk_PowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-12-11 75248]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-6-8 2214504]

R2 supersafer64;supersafer64;C:\Windows\SysWOW64\drivers\supersafer64.sys [2011-8-2 238072]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MirayVirtualDisk;MirayVirtualDisk;C:\Windows\system32\DRIVERS\mvd.sys --> C:\Windows\system32\DRIVERS\mvd.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 DACBDALG;Ultima ATSC-LGMT Digital TV Tuner;C:\Windows\system32\DRIVERS\dacbdalg.sys --> C:\Windows\system32\DRIVERS\dacbdalg.sys [?]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-01-08 09:40:25 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2012-01-06 13:48:11 -------- d-sh--w- C:\$RECYCLE.BIN

2012-01-06 12:48:57 -------- d-----w- C:\ComboFix

2012-01-06 06:49:10 -------- d-----w- C:\Users\SYSTEM-LORD\AppData\Roaming\SUPERAntiSpyware.com

2012-01-06 06:48:27 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-01-06 06:48:27 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-01-04 23:25:08 98816 ----a-w- C:\Windows\sed.exe

2012-01-04 23:25:08 518144 ----a-w- C:\Windows\SWREG.exe

2012-01-04 23:25:08 256000 ----a-w- C:\Windows\PEV.exe

2012-01-04 23:25:08 208896 ----a-w- C:\Windows\MBR.exe

2012-01-03 14:21:34 462 ----a-w- C:\FixitRegBackup.reg

2012-01-03 10:10:21 525544 ----a-w- C:\Windows\System32\deployJava1.dll

2012-01-03 10:08:43 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll

2012-01-02 15:26:28 -------- d-sh--w- C:\Windows\SysWow64\%USERPROFILE%

2011-12-31 14:16:35 -------- d-----w- C:\Windows\Microsoft Antimalware

2011-12-31 14:16:26 -------- d-----w- C:\Windows\Windows Defender Offline

2011-12-31 10:21:58 20480 ------w- C:\Windows\svchost.exe

2011-12-31 09:20:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-12-17 23:57:28 -------- d--h--w- C:\Windows\msdownld.tmp

2011-12-13 23:18:43 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-12-13 23:18:41 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-12-13 23:18:38 723456 ----a-w- C:\Windows\System32\EncDec.dll

2011-12-13 23:18:38 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-12-13 23:18:35 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-12-13 23:18:35 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-12-13 11:22:18 -------- d-----w- C:\Users\SYSTEM-LORD\AppData\Local\Diagnostics

2011-12-11 12:48:50 -------- d-----w- C:\Users\SYSTEM-LORD\AppData\Local\CyberLink

2011-12-11 12:37:09 -------- d-----w- C:\ProgramData\PDVD

2011-12-11 12:37:00 -------- d-----w- C:\Users\SYSTEM-LORD\AppData\Local\MediaServer

2011-12-11 12:34:17 -------- d-----w- C:\ProgramData\install_clap

2011-12-11 12:04:14 -------- d-----w- C:\Program Files (x86)\CoreCodec

.

==================== Find3M ====================

.

2011-12-28 02:23:55 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2011-12-10 22:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-11-22 02:45:25 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-10 12:54:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-11-02 04:21:00 8107 ----a-w- C:\Windows\w7dsd.reg

2011-11-02 04:21:00 8089 ----a-w- C:\Windows\w7dse.reg

2011-10-19 20:37:05 1917416 ----a-w- C:\Windows\System32\WdfCoInstaller01005.dll

.

============= FINISH: 7:23:33.56 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 6/7/2011 11:53:50 PM

System Uptime: 1/9/2012 7:14:03 AM (0 hours ago)

.

Motherboard: Dell Inc. | | 0CT017

Processor: Intel® Core2 Quad CPU @ 2.40GHz | Microprocessor | 2400/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 75 GiB total, 24.501 GiB free.

D: is FIXED (NTFS) - 596 GiB total, 305.195 GiB free.

I: is FIXED (NTFS) - 1863 GiB total, 120.634 GiB free.

M: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP216: 1/8/2012 10:53:58 AM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

µTorrent

Adobe AIR

Adobe Reader X (10.0.1)

Adobe Reader X (10.1.1)

Adobe Shockwave Player 11.6

Adobe® CreatePDF Desktop

Android Sync Manager WiFi

AutoHotkey 1.0.48.05

AviSynth 2.5

Brad Smith Easy SFV Creator

Chinese Simplified Fonts Support For Adobe Reader X

CoreAVC Professional Edition (remove only)

CyberLink PowerDVD 11

D3DX10

DAEMON Tools Lite

Dell Driver Download Manager

Dropbox

DVD Architect Pro 5.2

eReg

erLT

ffdshow v1.1.3984 [2011-09-22]

GmoteServer

Google Talk Plugin

Haali Media Splitter

HDClone 4 Professional Edition

HighPoint Web RAID Management Service

HiJackThis

Internet TV for Windows Media Center

Java Auto Updater

Java 6 Update 30

K-Lite Codec Pack 7.2.0 (Full)

Malwarebytes Anti-Malware version 1.60.0.1800

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 8.0 (x86 en-US)

MSVCRT

MSVCRT Redists

Music Manager

myiHome v5.2.0

NVIDIA PhysX

QuickTime

Samsung Kies

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Spotify

Steam

swMSM

TuneUp Utilities Language Pack (en-US)

TxtReaderXpress

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Vegas Pro 10.0

Visual Studio 2008 x64 Redistributables

VLC media player 1.1.11

VLC Setup Helper

VOB2MPG v3

VT-Bridget-M16-SAPI5

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Center Add-in for Flash

Windows Media Center Add-in for Silverlight

XBMC

.

==== Event Viewer Messages From Past Week ========

.

1/9/2012 7:17:10 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

1/9/2012 7:15:20 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

1/9/2012 7:15:09 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SABKUTIL

1/6/2012 7:31:47 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.

1/6/2012 7:31:47 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

1/6/2012 6:29:22 AM, Error: Service Control Manager [7000] - The SABKUTIL service failed to start due to the following error: The system cannot find the file specified.

1/6/2012 5:58:30 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

1/6/2012 5:57:11 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

1/6/2012 5:50:14 AM, Error: Service Control Manager [7034] - The Newer Technology Management Service service terminated unexpectedly. It has done this 1 time(s).

1/5/2012 12:47:26 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.

1/5/2012 1:44:49 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

1/4/2012 4:45:19 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

1/4/2012 4:16:12 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.

1/4/2012 4:16:11 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

1/4/2012 4:16:08 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

1/3/2012 7:11:35 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

1/3/2012 7:11:35 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

1/3/2012 7:11:35 AM, Error: Service Control Manager [7001] - The HomeGroup Listener service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

1/3/2012 7:10:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

1/3/2012 7:10:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

1/3/2012 7:10:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/3/2012 7:09:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

1/3/2012 7:09:35 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache spldr Wanarpv6

1/3/2012 7:09:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

1/3/2012 7:09:27 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002d01b5a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010312-85020-01.

1/3/2012 7:09:26 AM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

1/3/2012 7:09:26 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

1/3/2012 7:08:54 AM, Error: MirayVirtualDisk [4] -

1/3/2012 4:14:23 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

1/3/2012 4:13:49 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002cb1f6b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010312-101790-01.

1/3/2012 3:58:21 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

1/3/2012 3:53:07 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.

1/3/2012 3:52:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TunerFreeMCEService service to connect.

1/3/2012 3:52:34 AM, Error: Service Control Manager [7000] - The TunerFreeMCEService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

Yeah I am a hard head and holidays made for time scarcity so I clicked like a zombie within the

add remove programs and maybe a few other spots that I have NO business going into and for that I am

sorry..Especially sorry if it makes this little walk in the park unpleasant.

Kel

up late working on my pc and I decided to password protect your program.. before I threw in the towel and posted here for help.Not a good thing because now I literally have NO idea what i made for my password. I havnt been using my normal passwords since the infections. I have already uninstalled and reinstalled hoping it would clear the pass but it didnt.

Please when a volunteer choose to aid me in the probs I am having please know I will need help with that too now.

UGH!

thanks in advance

I managed to strip it out of myy PC and have a fresh install again with full access. Will wait patiently for assistance.

2 post merged

[screen317]

Hi and welcome to Malwarebytes.

I notice that you are using more than one antivirus program (Microsoft and AVG). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Please update MBAM, run a Quick Scan, and post its log.

Run DDS again and post DDS.txt in your reply.

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!