My DDS Log

MyComputerIsTerrible · June 18, 2012

RougeKiller \/

RogueKiller V7.5.4 [06/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User: Alex [Admin rights]

Mode: Scan -- Date: 06/17/2012 22:54:42

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545025B9A300 +++++

--- User ---

[MBR] 52152b16ebf12f145f8b09d11ed9ae94

[bSP] 33e4c5a7d6f06a377f9a22bda41cf4b6 : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 218855 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 448624640 | Size: 19316 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 488183808 | Size: 103 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

TDSSKiller is attached file. TDSSKiller.2.7.40.0_17.06.2012_22.19.03_log.txt

Maniac · June 18, 2012

Hello MyComputerIsTerrible and :welcome: ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Please follow the instructions here and post the log files from DDS:

http://forums.malwarebytes.org/index.php?showtopic=9573

MyComputerIsTerrible · June 18, 2012

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

Run by Alex at 13:40:20 on 2012-06-18

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1979.576 [GMT -5:00]

.

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\QuickTime\QTTask.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe

C:\Program Files\Realtek\RtVOsd\RtVOsd.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Users\Alex\jagexcache\jagexlauncher\bin\JagexLauncher.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFmsgr.exe

C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.youtube.com/

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll

TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

TB: {37483B40-C254-4A72-BDA4-22EE90182C1E} - No File

TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [Google Update] "C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{3619647D-DEBF-4CDD-A2E6-A6F8425AAE6A} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{3619647D-DEBF-4CDD-A2E6-A6F8425AAE6A}\35072796E64702D49664962323030302836364 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{3619647D-DEBF-4CDD-A2E6-A6F8425AAE6A}\46F67636164746F676A7 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{3619647D-DEBF-4CDD-A2E6-A6F8425AAE6A}\77F6F64677F627B637 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{3619647D-DEBF-4CDD-A2E6-A6F8425AAE6A}\D41434A2163636563737 : DhcpNameServer = 192.168.20.225

TCP: Interfaces\{3619647D-DEBF-4CDD-A2E6-A6F8425AAE6A}\E45445745414250393 : DhcpNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll

TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

TB-X64: {37483B40-C254-4A72-BDA4-22EE90182C1E} - No File

TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120126.003\IDSviA64.sys [2012-1-27 488568]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-11 98208]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]

R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [2011-7-18 130008]

R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-6-10 1153368]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2012-1-23 1157240]

S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-8-5 681528]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-11 257224]

S3 CASprint;Sprint Con App Svc;"C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe" /n "CASprint" --> C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [?]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

.

=============== Created Last 30 ================

.

2012-06-18 03:56:20 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3F8968BB-40B7-4535-A56E-5676B8BD48EC}\mpengine.dll

2012-06-18 03:25:36 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-17 15:11:05 20480 ----a-w- C:\Windows\svchost.exe

2012-06-17 03:42:09 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-17 03:42:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-17 03:27:26 8955792 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-14 18:51:18 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C84AC2B3-A4D4-41E5-AAED-196DFC8A8612}\gapaengine.dll

2012-06-14 16:54:06 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-14 16:54:05 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-14 05:52:13 76288 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-06-14 05:52:13 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-06-14 05:52:12 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-06-14 05:52:09 208896 ----a-w- C:\Windows\System32\profsvc.dll

2012-06-14 05:51:56 3144192 ----a-w- C:\Windows\System32\win32k.sys

2012-06-14 05:51:52 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-06-14 05:51:16 182272 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-06-14 05:51:16 1460224 ----a-w- C:\Windows\System32\crypt32.dll

2012-06-14 05:51:16 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-06-14 05:51:15 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-06-14 05:51:15 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-06-14 05:51:15 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-06-14 05:50:18 3213824 ----a-w- C:\Windows\System32\msi.dll

2012-06-14 05:50:17 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-06-11 17:08:21 -------- d-----w- C:\Users\Alex\jagexcache1

2012-06-11 17:08:06 -------- d-----w- C:\Users\Alex\.jagex_cache_32

2012-06-11 15:57:15 -------- d-----w- C:\.jagex_cache_32

2012-06-11 15:20:45 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-11 04:55:56 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-06-11 04:06:47 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-06-11 04:05:07 -------- d-----w- C:\Program Files\Microsoft Security Client

2012-06-11 04:02:02 374664 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-06-11 03:50:13 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-06-11 03:50:13 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-06-11 03:42:51 -------- d-----w- C:\Users\Alex\jagexcache

2012-06-08 17:08:11 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EC4C2F03-CE02-4625-8021-E1ECBC95118C}\mpengine.dll

2012-06-08 04:02:42 -------- d-----w- C:\RecklessPk

2012-06-07 01:14:10 -------- d-----w- C:\Users\Alex\AppData\Local\PMB Files

2012-06-07 01:14:07 -------- d-----w- C:\ProgramData\PMB Files

2012-06-03 04:25:02 -------- d-----w- C:\Users\Alex\AppData\Local\{0B7159FF-9391-4C1A-83DF-FF2962FB635C}

2012-05-28 17:44:28 -------- d-----w- C:\Users\Alex\AppData\Local\{D0A79C1A-550A-42B3-A655-FA0FA2A99D52}

2012-05-28 07:06:01 -------- d-----w- C:\Program Files (x86)\Sony

2012-05-28 03:45:56 -------- d-----w- C:\Program Files (x86)\Cain

2012-05-27 20:50:40 -------- d-----w- C:\Users\Alex\AppData\Local\{CB065816-84D4-4515-9FEE-9932772DFA11}

2012-05-27 20:50:28 -------- d-----w- C:\Users\Alex\AppData\Local\{6AC54BA5-D743-4D5B-AD59-406AB3B0A229}

2012-05-21 20:37:16 -------- d-----w- C:\Users\Alex\AppData\Local\{839CDC9E-0AE1-4DB3-928B-9F7C4C109E98}

2012-05-21 20:37:00 -------- d-----w- C:\Users\Alex\AppData\Local\{97C197F2-BF15-44B7-8DAA-42C0F00EC3F8}

.

==================== Find3M ====================

.

2012-06-11 15:20:45 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-04-04 23:47:08 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-04-04 23:47:02 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-03-30 11:09:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-03-21 01:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2012-03-21 01:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

.

============= FINISH: 13:44:14.72 ===============

This is the Attached log or w.e

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 2/3/2011 10:18:48 AM

System Uptime: 6/17/2012 10:43:02 PM (15 hours ago)

.

Motherboard: Hewlett-Packard | | 1605

Processor: Intel® Celeron® CPU 900 @ 2.20GHz | CPU | 2194/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 214 GiB total, 148.174 GiB free.

D: is FIXED (NTFS) - 19 GiB total, 2.735 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Symantec Iron Driver

Device ID: ROOT\LEGACY_SYMIRON\0000

Manufacturer:

Name: Symantec Iron Driver

PNP Device ID: ROOT\LEGACY_SYMIRON\0000

Service: SymIRON

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: BHDrvx64

Device ID: ROOT\LEGACY_BHDRVX64\0000

Manufacturer:

Name: BHDrvx64

PNP Device ID: ROOT\LEGACY_BHDRVX64\0000

Service: BHDrvx64

.

==== System Restore Points ===================

.

RP281: 6/13/2012 9:32:56 PM - Windows Update

RP282: 6/14/2012 11:47:30 AM - Windows Update

RP283: 6/14/2012 1:43:25 PM - Windows Update

RP284: 6/15/2012 3:32:31 PM - Windows Update

RP285: 6/16/2012 2:35:28 PM - Windows Update

RP286: 6/16/2012 10:23:15 PM - Windows Update

RP287: 6/17/2012 10:16:10 AM - Windows Update

RP288: 6/17/2012 10:54:49 PM - Windows Update

RP289: 6/18/2012 10:57:32 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Shockwave Player 11.5

Agatha Christie - Peril at End House

Apple Application Support

Apple Software Update

Bejeweled 2 Deluxe

Bing Bar

Bing Bar Platform

Bing Rewards Client Installer

Blackhawk Striker 2

Blasterball 3

Blio

Bounce Symphony

Build-a-lot 2

Cake Mania

Chuzzle Deluxe

Compaq Setup Manager

CyberLink DVD Suite

CyberLink MediaShow

CyberLink PowerDVD 9

CyberLink YouCam

D3DX10

Diner Dash 2 Restaurant Rescue

DivX Setup

Dora's World Adventure

Energy Star Digital Logo

Escape Rosecliff Island

ESU for Microsoft Windows 7

Farm Frenzy

FATE

Final Drive Nitro

Google Chrome

Heroes of Hellas 2 - Olympia

Hewlett-Packard ACLM.NET v1.1.2.0

HP Customer Experience Enhancements

HP Documentation

HP Game Console

HP Games

HP MovieStore

HP Photo Creations

HP Power Manager

HP Quick Launch

HP Setup

HP Software Framework

HP Support Assistant

HyperCam 3

Intel® Graphics Media Accelerator Driver

Intel® Rapid Storage Technology

IZArc 4.1.6

Java Auto Updater

Java 7 Update 4

JavaFX 2.1.0

Jewel Quest Solitaire 2

Junk Mail filter update

LabelPrint

League of Legends

LightScribe System Software

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft Default Manager

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft PowerPoint Viewer

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WSE 3.0 Runtime

Microsoft XML Parser

MSVCRT

MSVCRT Redists

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery P.I. - The London Caper

Norton Security Suite

Pando Media Booster

Penguins!

PhotoNow!

Plants vs. Zombies

PlayReady PC Runtime x86

Poker Superstars III

Polar Bowler

Polar Golfer

Power2Go

PowerDirector

QuickTime

Ralink RT2860 Wireless LAN Card

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Recovery Manager

RuneScape Launcher 1.2

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Skype™ 5.9

Spybot - Search & Destroy

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VC80CRTRedist - 8.0.50727.6195

Vegas Pro 11.0

Virtual Families

Virtual Villagers 4 - The Tree of Life

Wheel of Fortune 2

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

6/18/2012 10:57:03 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

6/18/2012 10:57:03 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.

6/17/2012 9:25:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.

6/17/2012 8:29:05 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{3619647D-DEBF-4CDD-A2E6-A6F8425AAE6A} because another computer on the network has the same name. The server could not start.

6/17/2012 8:29:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

6/17/2012 8:16:09 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949 Name: Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_Alureon->Mbr::Alureon Detection Origin: Unknown Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.127.2148.0, AS: 1.127.2148.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8403.0, NIS: 2.0.8001.0

6/17/2012 6:59:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HP Wireless Assistant Service service.

6/17/2012 10:44:20 PM, Error: Service Control Manager [7034] - The HP Auto service terminated unexpectedly. It has done this 1 time(s).

6/17/2012 10:44:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 PCLEPCI SymIRON

6/17/2012 10:43:14 PM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\pclepci.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

6/17/2012 10:22:46 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2676562).

6/17/2012 10:19:32 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2709715).

6/17/2012 10:19:22 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2679255).

6/17/2012 10:10:21 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002cab703, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061712-35755-01.

6/16/2012 3:25:48 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.

6/16/2012 3:24:00 PM, Error: Service Control Manager [7024] - The HomeGroup Provider service terminated with service-specific error %%-2147467243.

6/16/2012 3:23:02 PM, Error: Service Control Manager [7023] - The Windows Audio service terminated with the following error: The RPC server is unavailable.

6/16/2012 3:22:05 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error: A system shutdown has already been scheduled.

6/16/2012 3:22:05 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: A system shutdown has already been scheduled.

6/16/2012 3:22:04 PM, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

6/16/2012 3:22:04 PM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

6/16/2012 3:22:04 PM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

6/16/2012 3:21:50 PM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/16/2012 3:21:50 PM, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/16/2012 3:21:50 PM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

6/16/2012 3:21:50 PM, Error: Service Control Manager [7031] - The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/16/2012 3:21:50 PM, Error: Service Control Manager [7031] - The HomeGroup Provider service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/16/2012 3:21:50 PM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/15/2012 11:25:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

6/15/2012 11:25:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RtVOsdService service.

6/14/2012 12:29:34 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.1726.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

6/14/2012 12:29:34 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.1726.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

6/14/2012 11:45:32 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

6/14/2012 11:41:41 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

6/14/2012 11:39:37 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c51703, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061412-40170-01.

6/14/2012 1:32:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPClientSvc service.

6/13/2012 10:02:05 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.1726.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80240022 Error description: The program can't check for definition updates.

6/13/2012 10:01:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

6/13/2012 10:01:07 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HP Support Assistant Service service.

6/12/2012 5:37:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

6/11/2012 9:15:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.

6/11/2012 9:15:53 PM, Error: Service Control Manager [7000] - The HP Software Framework Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/11/2012 9:15:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}

6/11/2012 9:14:19 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c69703, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061112-31247-01.

6/11/2012 12:26:04 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.1726.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.

6/11/2012 12:19:00 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Update Type: User: Alex-HP\Alex Current Engine Version: Previous Engine Version: Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

6/11/2012 12:18:54 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.127.1726.0).

6/11/2012 12:15:40 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070643 Error description: Fatal error during installation.

6/11/2012 12:15:24 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Update Type: User: Alex-HP\Alex Current Engine Version: Previous Engine Version: Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

6/11/2012 12:15:00 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Update Type: User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

.

==== End Of File ===========================

Maniac · June 19, 2012

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

Malwarebytes' Anti-Malware log
a new fresh DDS log file

MyComputerIsTerrible · June 19, 2012

MalwareBytes \/

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.19.05

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Alex :: ALEX-HP [administrator]

6/19/2012 11:14:14 AM

mbam-log-2012-06-19 (11-14-14).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 211018

Time elapsed: 6 minute(s), 51 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 5

C:\$Recycle.Bin\S-1-5-21-4102780625-3409721539-639911638-1000\$R4XGKQL.exe (PUP.PasswordTool) -> Quarantined and deleted successfully.

C:\$Recycle.Bin\S-1-5-21-4102780625-3409721539-639911638-1000\$R5YHZ5G.exe (PUP.PasswordTool) -> Quarantined and deleted successfully.

C:\$Recycle.Bin\S-1-5-21-4102780625-3409721539-639911638-1000\$RN0JB58.exe (PUP.PasswordTool) -> Quarantined and deleted successfully.

C:\$Recycle.Bin\S-1-5-21-4102780625-3409721539-639911638-1000\$RRMA2BF.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Fresh DDS Log \/ (theres 2 so im going to attach both)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

Run by Alex at 11:45:21 on 2012-06-19

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1979.682 [GMT -5:00]