I think I am infected with the FBI ransomeware

[chemboy]

Will someone please help me?

I can only run in safe mode, otherwise my main screen is filled with a warning from the FBI, saying my computer is locked, and to get it unlocked, I pay $100. The task manager won't run. All the icons on my 2nd screen are gone, so my only option is to reboot into safe mode. When I run MalwareBytes Pro, I can't enable the protection module, or do anything in the Scheduler Settings... because I'm in safe mode (?)... When I do a full scan, nothing is found. When I run McAfee, nothing is found. When I reboot normally, I get the FBI warning again. How am I supposed to remove this?! Its maddening, I tell ya! Anyway, here are the DDS and Attach files, respectively:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Bob at 22:24:09 on 2012-07-02

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.11036 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\mfevtps.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uWindow Title = Internet Explorer provided by Milwaukee PC

uDefault_Page_URL = hxxp://www.MilwaukeePC.com

uInternet Settings,ProxyOverride = *.local;192.168.*.*

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120625082435.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode

uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

uRun: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk"

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [<NO NAME>]

mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"

mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\Bob\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ctfmon.lnk - C:\Windows\System32\rundll32.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NOSTRO~1.LNK - C:\Windows\Installer\{548C7B77-8B04-427E-ACD0-D0E6E6E59BCF}\NewShortcut2_548C7B778B04427EACD0D0E6E6E59BCF.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files (x86)\Logitech\SetPoint II\SetPointII.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{32F60A8D-6084-4324-B608-FAAFA2352B8C} : DhcpNameServer = 192.168.42.129

TCP: Interfaces\{DFE77860-ECF4-4435-BB0A-FA2A3CC6711E} : DhcpNameServer = 209.18.47.61 209.18.47.62

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO-X64: RoboForm BHO - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120625082435.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [(Default)]

mRun-x64: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"

mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\5pou6eg6.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://my.myway.com/index.jsp?speedbarconfigchanged

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll

FF - plugin: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

FF - plugin: d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-5-26 249936]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-5-26 210584]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R3 bcgame;Nostromo HID Device Minidriver;C:\Windows\system32\drivers\bcgame.sys --> C:\Windows\system32\drivers\bcgame.sys [?]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 rzudd;Razer Mouse Driver;C:\Windows\system32\DRIVERS\rzudd.sys --> C:\Windows\system32\DRIVERS\rzudd.sys [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

S2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-6-5 87400]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-2 654408]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-5-26 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-5-26 249936]

S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-5-26 249936]

S2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-5-26 199272]

S2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-6-4 116632]

S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-24 2253120]

S2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-6-23 65657]

S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]

S2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

S3 CompFilter64;UVCCompositeFilter;C:\Windows\system32\DRIVERS\lvbflt64.sys --> C:\Windows\system32\DRIVERS\lvbflt64.sys [?]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-8-17 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-8-17 79360]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 XENfiltv;XENfiltv;C:\Windows\system32\drivers\XENfiltv.sys --> C:\Windows\system32\drivers\XENfiltv.sys [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-07-03 02:46:08 -------- d-----w- C:\Program Files (x86)\stinger

2012-07-03 00:42:34 -------- d-----w- C:\Users\Bob\AppData\Roaming\Malwarebytes

2012-07-03 00:42:32 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-03 00:42:32 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-03 00:42:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-02 20:06:18 -------- d-----w- C:\Users\Bob\AppData\Local\{E0F948EB-8D93-4998-A5E5-4CC0B9C5A701}

2012-07-02 20:06:08 -------- d-----w- C:\Users\Bob\AppData\Local\{E17657C6-475D-4228-807F-188796F0D8A1}

2012-07-01 16:24:04 -------- d-----w- C:\Users\Bob\AppData\Local\{8B0AD660-6738-4B97-86D2-9287608D8A27}

2012-07-01 16:23:54 -------- d-----w- C:\Users\Bob\AppData\Local\{EDBF9178-EC2C-42C1-866B-26B6BDA1AEE0}

2012-06-30 14:42:34 -------- d-----w- C:\Users\Bob\AppData\Local\{A859776A-599B-45EB-93C4-6C6FA0CCC983}

2012-06-30 14:42:24 -------- d-----w- C:\Users\Bob\AppData\Local\{1CB9F78E-14CC-4EA8-9DC5-C24146994E06}

2012-06-29 20:14:03 -------- d-----w- C:\Users\Bob\AppData\Local\{E9482E3E-49FF-4614-882D-CD54CC99A44F}

2012-06-29 20:13:54 -------- d-----w- C:\Users\Bob\AppData\Local\{8D1D7DC5-AD89-4926-9FDC-6DBA8B124BF2}

2012-06-28 17:59:15 -------- d-----w- C:\Users\Bob\AppData\Local\{6197C4E2-937B-4807-B21B-68BDB5D84D40}

2012-06-28 17:59:05 -------- d-----w- C:\Users\Bob\AppData\Local\{1D46D62B-D139-42B2-B63E-59274A211698}

2012-06-26 20:03:24 -------- d-----w- C:\Users\Bob\AppData\Local\{B86E666B-9C65-4D9F-984D-FCD93EA75892}

2012-06-26 20:03:14 -------- d-----w- C:\Users\Bob\AppData\Local\{2768A806-2296-4647-86D0-FC737C3899C8}

2012-06-26 04:18:11 -------- d-----w- C:\Users\Bob\AppData\Local\{0E6A9315-B67C-4151-9AB5-1D31FB8770C4}

2012-06-26 04:18:01 -------- d-----w- C:\Users\Bob\AppData\Local\{AC698324-6CCF-4FAE-9550-2EC9AE8603D0}

2012-06-25 13:24:34 29312 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll

2012-06-24 13:48:12 -------- d-----w- C:\Users\Bob\AppData\Local\{433E8352-52E1-4E16-84D1-522A63C6A855}

2012-06-24 13:48:02 -------- d-----w- C:\Users\Bob\AppData\Local\{214605B3-59F3-4069-83A3-0BF04731A0B3}

2012-06-23 18:38:49 -------- d-----w- C:\Users\Bob\.gstreamer-0.10

2012-06-23 18:38:28 -------- d-----w- C:\Users\Bob\AppData\Local\Motorola

2012-06-23 18:38:17 -------- d-----w- C:\ProgramData\Motorola

2012-06-23 18:38:17 -------- d-----w- C:\Program Files (x86)\Motorola Media Link

2012-06-23 18:37:52 -------- d-----w- C:\Users\Bob\AppData\Roaming\Motorola Mobility

2012-06-23 18:37:52 -------- d-----w- C:\Temp

2012-06-23 18:37:38 -------- d-----w- C:\Program Files (x86)\Motorola Mobility

2012-06-23 18:37:38 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap

2012-06-23 18:37:20 -------- d-----w- C:\Program Files\Motorola Inc

2012-06-23 18:37:20 -------- d-----w- C:\Program Files\Common Files\Motorola Shared

2012-06-23 18:36:59 -------- d-----w- C:\Users\Bob\AppData\Roaming\Motorola

2012-06-23 18:36:59 -------- d-----w- C:\Program Files (x86)\Motorola

2012-06-23 15:36:25 -------- d-----w- C:\Users\Bob\AppData\Roaming\MotoCast

2012-06-22 22:09:00 -------- d-----w- C:\Users\Bob\AppData\Local\{84C1A9E8-C1C1-4A53-93E7-283FF7C69171}

2012-06-22 22:08:51 -------- d-----w- C:\Users\Bob\AppData\Local\{1F221266-24E6-46A9-90CD-4FAFFB34FEEC}

2012-06-22 12:09:42 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-22 12:09:40 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-22 12:09:38 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-22 12:09:38 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-22 11:20:43 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-22 11:20:43 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-21 17:04:51 -------- d-----w- C:\Users\Bob\AppData\Local\{EF31A6C8-D866-4BB0-902B-ECE56E44E082}

2012-06-21 17:04:41 -------- d-----w- C:\Users\Bob\AppData\Local\{5AD4A9BD-4309-43DF-B100-57FD524A0422}

2012-06-20 20:07:08 -------- d-----w- C:\Users\Bob\AppData\Local\{53B96CE7-92EE-4E18-AC33-0D02C789CCE9}

2012-06-20 20:06:58 -------- d-----w- C:\Users\Bob\AppData\Local\{32E8BE91-5E1E-4C85-99E5-964C90E0DC4A}

2012-06-19 20:33:05 -------- d-----w- C:\Users\Bob\AppData\Local\{7F0995A9-E82F-43DA-963B-E577965281AF}

2012-06-19 20:32:56 -------- d-----w- C:\Users\Bob\AppData\Local\{BEA9053E-6698-4517-99B9-96E9FEC3FF6A}

2012-06-18 19:53:24 -------- d-----w- C:\Users\Bob\AppData\Local\{B2961985-88EE-4DE2-B6A6-731D70D760F8}

2012-06-16 02:18:06 -------- d-----w- C:\Users\Bob\AppData\Local\{A99F2836-48D8-4FEA-99D6-53EB8731CEAC}

2012-06-14 20:10:38 -------- d-----w- C:\Users\Bob\AppData\Local\{18810F75-E630-44F0-AF35-B8045E21F17E}

2012-06-14 20:10:29 -------- d-----w- C:\Users\Bob\AppData\Local\{4561CFED-DD67-4763-AA74-A80B09D83B5B}

2012-06-13 19:49:21 -------- d-----w- C:\Users\Bob\AppData\Local\Macromedia

2012-06-13 19:47:10 -------- d-----w- C:\Users\Bob\AppData\Local\{274A1278-3CE3-45C9-95C7-3D93AB6D591B}

2012-06-13 19:47:01 -------- d-----w- C:\Users\Bob\AppData\Local\{B4532C23-B4ED-40E0-838A-5346FDB550B7}

2012-06-13 04:30:10 -------- d-----w- C:\Program Files\iTunes

2012-06-13 04:30:10 -------- d-----w- C:\Program Files\iPod

2012-06-13 03:22:10 -------- d-----w- C:\Users\Bob\AppData\Local\{0F159225-6947-4B1C-B88E-76B985926D5A}

2012-06-13 03:22:00 -------- d-----w- C:\Users\Bob\AppData\Local\{E3A2B564-18F8-4A58-A4DD-549FD6EA211C}

2012-06-11 14:05:54 -------- d-----w- C:\Users\Bob\AppData\Local\{F46856CB-D79E-409B-9231-9534A30BB409}

2012-06-11 14:05:44 -------- d-----w- C:\Users\Bob\AppData\Local\{B5C804D5-07A6-4C09-B15B-5A7541ACFACB}

2012-06-10 10:38:37 -------- d-----w- C:\Users\Bob\AppData\Local\{C6C797AB-2394-4AB3-AB0E-CDB74C8501BE}

2012-06-10 10:38:27 -------- d-----w- C:\Users\Bob\AppData\Local\{DB7D3556-3101-4BBF-931E-1E98D0EDBDAE}

2012-06-09 11:33:22 -------- d-----w- C:\Users\Bob\AppData\Local\{8017522F-029D-4E49-A6D9-7CDE2A4B89F3}

2012-06-09 11:33:12 -------- d-----w- C:\Users\Bob\AppData\Local\{305D33D0-0F2A-4EB7-A338-4BDD2E966B59}

2012-06-08 05:15:33 -------- d-----w- C:\Users\Bob\AppData\Local\{C3CE2368-45B6-431F-94D8-E9E72A1F8E34}

2012-06-08 05:15:22 -------- d-----w- C:\Users\Bob\AppData\Local\{D297B8AD-E06A-4D84-BA3B-1D86584264B1}

2012-06-07 09:34:28 -------- d-----w- C:\Users\Bob\AppData\Local\{BD76ACE4-C66B-4E11-B63F-23DC3653D8AF}

2012-06-07 09:34:18 -------- d-----w- C:\Users\Bob\AppData\Local\{A1FE234F-0B3D-44F1-B69D-0B48C0E6C923}

2012-06-05 15:52:31 -------- d-----w- C:\Users\Bob\AppData\Local\{C21D1764-9332-4D4B-AD3C-D44A08C7ABE6}

2012-06-05 15:52:21 -------- d-----w- C:\Users\Bob\AppData\Local\{B02BC922-07DC-4AB4-AB64-AF8D6784C7FA}

2012-06-04 18:32:08 -------- d-----w- C:\Users\Bob\AppData\Local\{FE6459C6-A9E6-486D-B31A-378ADC6354C0}

2012-06-04 18:31:59 -------- d-----w- C:\Users\Bob\AppData\Local\{1AC913A8-1843-4E7B-963D-DB357135EDE3}

2012-06-03 14:06:13 -------- d-----w- C:\Users\Bob\Tracing

2012-06-03 14:05:48 -------- d-----w- C:\Windows\en

2012-06-03 14:04:59 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys

2012-06-03 14:03:40 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ad87a20f1cd419103\DSETUP.dll

2012-06-03 14:03:40 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ad87a20f1cd419103\DXSETUP.exe

2012-06-03 14:03:40 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ad87a20f1cd419103\dsetup32.dll

2012-06-03 14:03:40 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\adaa45c11cd419104\MeshBetaRemover.exe

2012-06-03 14:03:15 -------- d-----w- C:\Users\Bob\AppData\Local\{AEA8B3DC-07B5-4211-924C-2D393611BF97}

2012-06-03 14:03:05 -------- d-----w- C:\Users\Bob\AppData\Local\{47439AED-CA6C-4C09-82FC-4A1D4F37B39A}

.

==================== Find3M ====================

.

2012-06-13 19:45:13 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-13 19:45:13 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-15 02:50:18 94208 ----a-w- C:\Windows\System32\drivers\rzudd.sys

2012-05-15 02:36:12 142848 ----a-w- C:\Windows\SysWow64\rztouchdll.dll

2012-05-15 02:36:02 354816 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll

2012-05-15 02:36:00 165888 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll

2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-05-05 02:56:06 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-04-19 01:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2012-04-19 01:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

.

============= FINISH: 22:24:16.38 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 5/24/2011 5:38:17 PM

System Uptime: 7/2/2012 9:21:59 PM (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P6X58D-E

Processor: Intel® Core i7 CPU X 980 @ 3.33GHz | LGA1366 | 3340/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 238 GiB total, 143.564 GiB free.

D: is FIXED (NTFS) - 932 GiB total, 801.895 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP70: 6/3/2012 9:03:46 AM - Windows Live Essentials

RP71: 6/3/2012 9:03:56 AM - Installed DirectX

RP72: 6/3/2012 9:04:22 AM - Installed DirectX

RP73: 6/3/2012 9:04:40 AM - WLSetup

RP74: 6/4/2012 2:12:04 PM - Windows Update

RP75: 6/14/2012 3:51:12 PM - Windows Update

RP76: 6/22/2012 7:09:22 AM - Windows Update

RP77: 6/23/2012 1:36:34 PM - Installed MotoCast

RP78: 6/24/2012 2:14:27 PM - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

Apple Application Support

Apple Software Update

CameraHelperMsi

Creative System Information

Curse Client

D3DX10

Diablo III

DivX Setup

erLT

Guild Wars

IrfanView (remove only)

Java Auto Updater

Java 6 Update 31

Junk Mail filter update

Logitech Vid HD

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Malwarebytes Anti-Malware version 1.61.0.1400

marvell 91xx driver

McAfee AntiVirus Plus

Mesh Runtime

Messenger Companion

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MotoCast

Motorola Device Manager

Motorola Device Software Update

MOTOROLA MEDIA LINK

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB973685)

Mumble 1.2.3

Naga Firmware Updater 1.13

Nero 8 Essentials

neroxml

Nostromo

NVIDIA 3D Vision Controller Driver

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

Plants vs. Zombies

QuickTime

Razer Synapse 2.0

Realtek High Definition Audio Driver

Renesas Electronics USB 3.0 Host Controller Driver

RoboForm 7-7-8-8 (All Users)

SecondLifeViewer (remove only)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Sound Blaster Tactic(3D) Alpha

SpeedFan (remove only)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

VC80CRTRedist - 8.0.50727.6195

VCRedistSetup

VLC media player 1.1.11

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

World of Warcraft

.

==== Event Viewer Messages From Past Week ========

.

7/2/2012 9:52:19 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

7/2/2012 9:28:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}

7/2/2012 9:28:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

7/2/2012 9:28:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

7/2/2012 9:26:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

7/2/2012 9:22:32 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

7/2/2012 9:22:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

7/2/2012 9:22:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

7/2/2012 9:22:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/2/2012 9:22:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

7/2/2012 9:22:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr vpcvmm Wanarpv6

7/2/2012 9:22:14 PM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.

7/2/2012 9:22:14 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

7/2/2012 9:15:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}

7/2/2012 9:14:08 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

7/2/2012 9:14:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

7/2/2012 9:14:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

7/2/2012 9:13:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vpcnfltr vpcvmm Wanarpv6 WfpLwf

7/2/2012 9:13:51 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/2/2012 9:13:51 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/2/2012 9:13:51 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

7/2/2012 9:13:51 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/2/2012 9:13:51 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/2/2012 9:13:51 PM, Error: Service Control Manager [7001] - The PST Service service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.

7/2/2012 9:13:51 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

7/2/2012 9:13:51 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/2/2012 9:13:51 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

7/2/2012 9:13:51 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

7/2/2012 9:13:51 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.

7/2/2012 9:13:51 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

7/2/2012 9:13:51 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

7/2/2012 9:13:51 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/2/2012 9:13:51 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

7/2/2012 9:13:51 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

.

==== End Of File ===========================

Thank you so much!

[MrCharlie]

opps!

[Maniac]

Hello chemboy and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

I'm so sorry about your system, but never pay these criminals thus finance their crime. When there is such a problem, contact us or directly with the FBI. FBI are aware of this particular case like yours. You can see what they offer on their official website: Scam Warning: Citadel Malware Delivers Reveton Ransomware in Attempts to Extort Money . Follow their advice and immediately contact your bank and explain the situation, because cyber criminals could "help you" for additional financial headaches. Furthermore, I must inform you of the following:

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

In your next reply, post the following log files:

• Malwarebytes' Anti-Malware log
  
• aswMBR log

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!