More random radio adds and redirects

[lakutist]

I am at my wits end here. This virus has implimented playing random radio ads and browser redirects. I have used just about every anti-virus I can get my hands on and it just won't go away. This thing also appears to be able to block execution of TDSS Root Toolkit.

Thank you for your time and effort.

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by lakutist at 20:47:32 on 2012-07-29

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.1577 [GMT -7:00]

.

AV: Avanquest Fix-It *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Avanquest Fix-It *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\Program Files (x86)\PCPitstop\PC MaticRT\PCPitstopRTService.exe

C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\FSP\FspUip.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files (x86)\TechSmith\Jing2\Jing.exe

C:\Program Files (x86)\PCPitstop\Download Nitro\pcpitstop-nitro.exe

C:\Program Files (x86)\Brownie\BrStsW64.exe

C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe

C:\Program Files (x86)\PCPitstop\PC MaticRT\PCMaticRT.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files (x86)\Brownie\Brnipmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\windows\system32\DllHost.exe

C:\windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Office2K\OFFICE11\OUTLOOK.EXE

C:\Program Files (x86)\Office2K\OFFICE11\WINWORD.EXE

C:\windows\splwow64.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\windows\system32\nvvsvc.exe

C:\windows\SysWOW64\NOTEPAD.EXE

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = 192.168.*.*;*.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: PDFXChange 4.0: {42dfa04f-0f16-418e-b80c-ab97a5afad39} - C:\Program Files\Tracker Software\PDF-XChange 4 Pro\pdfSaver\PXCIEAddin4.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO: QuickNet BHO: {ea5ca8b6-9b9c-4994-a7a1-947b6c631be7} - C:\Program Files (x86)\RegTweaker\key.dll

TB: PDFXChange 4.0: {42dfa04f-0f16-418e-b80c-ab97a5afad39} - C:\Program Files\Tracker Software\PDF-XChange 4 Pro\pdfSaver\PXCIEAddin4.dll

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing2\Jing.exe

uRun: [Download Nitro] "C:\Program Files (x86)\PCPitstop\Download Nitro\pcpitstop-nitro.exe" -autorun

mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun

mRun: [brStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe

mRun: [PC MaticRT] C:\Program Files (x86)\PCPitstop\PC MaticRT\PCMaticRT.exe

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Office2K\Office\OSA9.EXE

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\Office2K\OFFICE11\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\Office2K\OFFICE11\REFIEBAR.DLL

LSP: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 8.8.8.8 8.8.4.4

TCP: Interfaces\{1459ED19-D8F8-4F08-8CFC-D816E06C655B} : NameServer = 10.177.0.34 10.166.71.132

TCP: Interfaces\{29CF362E-5005-4B95-B713-547AD19C913C}\6796379647F627 : DhcpNameServer = 205.171.2.65 4.2.2.1

TCP: Interfaces\{29CF362E-5005-4B95-B713-547AD19C913C}\E4544574541425 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4917F466-D163-4974-8A27-B454EC480671} : DhcpNameServer = 8.8.8.8 8.8.4.4

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: PDFXChange 4.0: {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4 Pro\pdfSaver\PXCIEAddin4.dll

BHO-X64: PXCIEaddin - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO-X64: QuickNet BHO: {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - C:\Program Files (x86)\RegTweaker\key.dll

BHO-X64: QuickNet - No File

TB-X64: PDFXChange 4.0: {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4 Pro\pdfSaver\PXCIEAddin4.dll

mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun

mRun-x64: [brStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe

mRun-x64: [PC MaticRT] C:\Program Files (x86)\PCPitstop\PC MaticRT\PCMaticRT.exe

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\lakutist\AppData\Roaming\Mozilla\Firefox\Profiles\jtpkj1m9.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\lakutist\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Users\lakutist\AppData\Roaming\Mozilla\plugins\npatgpc.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll

FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2010-5-13 98392]

R1 SbTis;SbTis;C:\windows\system32\drivers\sbtis.sys --> C:\windows\system32\drivers\sbtis.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2011-6-5 296808]

R2 PCPitstop Realtime;PCPitstop Realtime;C:\Program Files (x86)\PCPitstop\PC MaticRT\PCPitstopRTService.exe [2012-7-27 3827896]

R2 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2012-7-27 91848]

R2 sbapifs;sbapifs;C:\windows\system32\DRIVERS\sbapifs.sys --> C:\windows\system32\DRIVERS\sbapifs.sys [?]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]

R3 fspad_wlh64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh64;C:\windows\system32\DRIVERS\fspad_wlh64.sys --> C:\windows\system32\DRIVERS\fspad_wlh64.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\system32\DRIVERS\netr28x.sys --> C:\windows\system32\DRIVERS\netr28x.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]

R3 tmobile_mf691_dc_enum;T-Mobile MF691 DC Enumerator;C:\windows\system32\DRIVERS\tmobile_mf691_dc_enum.sys --> C:\windows\system32\DRIVERS\tmobile_mf691_dc_enum.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-27 655944]

S3 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 250056]

S3 AQFileRestore;AQFileRestore;C:\windows\system32\DRIVERS\AQFileRestore.sys --> C:\windows\system32\DRIVERS\AQFileRestore.sys [?]

S3 AQFileRestoreSrv;AQFileRestoreSrv;"C:\Program Files (x86)\Avanquest\Fix-It\AQFileRestoreSrv.exe" --> C:\Program Files (x86)\Avanquest\Fix-It\AQFileRestoreSrv.exe [?]

S3 BTCFilterService;USB Networking Driver Filter Service;C:\windows\system32\DRIVERS\motfilt.sys --> C:\windows\system32\DRIVERS\motfilt.sys [?]

S3 CATmobile;T-Mobile Con App Svc;C:\Program Files (x86)\T-Mobile\webConnect Manager\conappssvc.exe [2010-6-11 118784]

S3 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2011-9-19 87368]

S3 fspad_xp64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_xp64;C:\windows\system32\DRIVERS\fspad_xp64.sys --> C:\windows\system32\DRIVERS\fspad_xp64.sys [?]

S3 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\System Control Manager\MSIService.exe [2010-5-27 160768]

S3 motccgp;Motorola USB Composite Device Driver;C:\windows\system32\DRIVERS\motccgp.sys --> C:\windows\system32\DRIVERS\motccgp.sys [?]

S3 motccgpfl;MotCcgpFlService;C:\windows\system32\DRIVERS\motccgpfl.sys --> C:\windows\system32\DRIVERS\motccgpfl.sys [?]

S3 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]

S3 Motousbnet;Motorola USB Networking Driver Service;C:\windows\system32\DRIVERS\Motousbnet.sys --> C:\windows\system32\DRIVERS\Motousbnet.sys [?]

S3 motusbdevice;Motorola USB Dev Driver;C:\windows\system32\DRIVERS\motusbdevice.sys --> C:\windows\system32\DRIVERS\motusbdevice.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-27 113120]

S3 NMgamingmsFltr;USB Optical Mouse;C:\windows\system32\drivers\NMgamingms.sys --> C:\windows\system32\drivers\NMgamingms.sys [?]

S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;\??\C:\windows\system32\PCTINDIS5X64.SYS --> C:\windows\system32\PCTINDIS5X64.SYS [?]

S3 Revoflt;Revoflt;C:\windows\system32\DRIVERS\revoflt.sys --> C:\windows\system32\DRIVERS\revoflt.sys [?]

S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

S3 tmobile_mf691_cdc_acm;T-Mobile MF691 CDC-ACM driver;C:\windows\system32\DRIVERS\tmobile_mf691_cdc_acm.sys --> C:\windows\system32\DRIVERS\tmobile_mf691_cdc_acm.sys [?]

S3 tmobile_mf691_cdc_ecm;tmobile_mf691_cdc_ecm;C:\windows\system32\DRIVERS\tmobile_mf691_cdc_ecm.sys --> C:\windows\system32\DRIVERS\tmobile_mf691_cdc_ecm.sys [?]

S3 tmobile_mf691_cpo;T-Mobile webConnect CPO device;C:\windows\system32\DRIVERS\tmobile_mf691_cpo.sys --> C:\windows\system32\DRIVERS\tmobile_mf691_cpo.sys [?]

S3 TMobileRcAppSvc;T-Mobile RcApp Svc;C:\Program Files (x86)\T-Mobile\webConnect Manager\RcAppSvc.exe [2010-6-11 114688]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S4 SBAMSvc;Fix-It;C:\Program Files (x86)\Common Files\Antivirus\SBAMSvc.exe [2010-10-11 2763080]

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2012-07-27 20:42:28 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll

2012-07-27 20:42:28 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll

2012-07-27 20:13:58 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-07-27 20:13:57 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-06 05:06:20 687544 ----a-w- C:\windows\SysWow64\deployJava1.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll

2012-06-02 22:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll

2012-06-02 22:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe

2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll

2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll

2012-05-31 19:25:12 279656 ------w- C:\windows\System32\MpSigStub.exe

2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll

.

============= FINISH: 20:56:59.52 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 9/24/2010 7:58:46 PM

System Uptime: 7/29/2012 2:49:37 PM (6 hours ago)

.

Motherboard: Micro-Star International | | MS-1683

Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz | CPU 1 | 2300/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 134 GiB total, 34.393 GiB free.

D: is FIXED (NTFS) - 87 GiB total, 86.998 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP290: 7/24/2012 5:43:09 PM - Installed Microsoft Fix it 50388

RP292: 7/27/2012 11:38:51 AM - Revo Uninstaller Pro's restore point - Fix-It Utilities

RP293: 7/27/2012 8:04:41 PM - Installed SpyHunter

RP294: 7/28/2012 6:54:34 AM - Windows Update

RP295: 7/28/2012 10:16:14 PM - Installed HiJackThis

RP296: 7/29/2012 7:55:31 AM - Removed SpyHunter

.

==== Installed Programs ======================

.

1&1 EasyLogin

ACA Systems FileBulldog Toolbar

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Help Center 2.1

Adobe Photoshop Elements 5.0

Adobe Reader X (10.1.3)

Amazon Kindle

AnswerWorks Runtime

Apple Application Support

Apple Software Update

ArcSoft Magic-i Visual Effects 2

ArcSoft Print Creations

ArcSoft Print Creations - Album Page

ArcSoft Print Creations - Brochures & Flyers

ArcSoft Print Creations - Funhouse

ArcSoft Print Creations - Funhouse II

ArcSoft Print Creations - Greeting Card

ArcSoft Print Creations - Photo Book

ArcSoft Print Creations - Photo Calendar

ArcSoft Print Creations - Photo Prints

ArcSoft Print Creations - Poster Creator

ArcSoft Print Creations - Scrapbook

ArcSoft Print Creations - Slimline Card

ArcSoft WebCam Companion 3

AutoCAD 2000i

AVS Image Converter 2.2.1.209

AVS Media Player 4.1.9.95

AVS Screen Capture version 2.0.1

AVS Update Manager 1.0

AVS Video Converter 8

AVS Video Editor 6

AVS Video Recorder 2.5

AVS4YOU Software Navigator 1.4

Brother HL-4040CN

Brother MFL-Pro Suite MFC-665CW

BurnRecovery

Compatibility Pack for the 2007 Office system

Crystal Button 2008 InMotion! (v.3.2)

D3DX10

Data Feed Domain Digger

Dragon NaturallySpeaking 11

FileZilla Client 3.5.3

Free Monitor for Google 2.5

Google Chrome

GoToMeeting 5.1.0.880

HiJackThis

Internet TV for Windows Media Center

Java Auto Updater

Java 6 Update 29

Java 7 Update 5

JavaFX 2.1.1

Jing

Junk Mail filter update

Keyword Blaze

KeywordAdvantage

Landscaping and Deck Designer 9

Logo Design Studio Pro

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft Office 2000 SR-1 Premium

Microsoft Office File Validation Add-In

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Edition 2003

Microsoft Office Suite Activation Assistant

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Web Publishing Wizard 1.52

Microsoft Works

MotoHelper 2.1.32 Driver 5.4.0

MotoHelper MergeModules

MOTOROLA MEDIA LINK

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

msi Software Install

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Norton Security Scan

NVIDIA ForceWare Network Access Manager

PC Matic 1.1.0.48

PC Pitstop Download Nitro 1.5.0.0

PC Pitstop Info Center 1.0.0.13

PC Pitstop SuperShield 1.0.0.27

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

RealUpgrade 1.1

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Seesmic Ping

SEO Equalizer 1.35

Serif PhotoPlus X4

SmartFTP Client Setup Files 4.0 (x64) (remove only)

Snagit 11

Stealth Keyword Competition Analyzer 2.3.1

Stealth Keyword Digger 1.3

Suggestion Keyword Generator

System Control Manager

The Print Shop 23

The Web Graphics Creator v3

Trackback Ninja 1.1

Traffic Travis 3.3.31

Traffic Travis 4.1.0

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Vid-Saver

Visual Studio 2008 x64 Redistributables

WebEx

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Center Add-in for Flash

WinRAR archiver

Wondershare Flash Gallery Factory Deluxe 5.1.0.5

.

==== Event Viewer Messages From Past Week ========

.

7/29/2012 9:26:55 AM, Error: Application Popup [1060] - \??\C:\username123\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

7/29/2012 7:40:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

7/29/2012 7:40:10 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.

7/29/2012 7:40:10 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/29/2012 2:52:19 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.

7/29/2012 2:52:19 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.

7/29/2012 2:51:28 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.

7/29/2012 2:51:28 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/29/2012 2:49:04 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

7/29/2012 2:20:40 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

7/29/2012 12:35:28 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

7/29/2012 12:13:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}

7/29/2012 11:41:54 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000035 (0xfffffa8003a31a10, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\windows\Minidump\072912-31293-01.dmp. Report Id: 072912-31293-01.

7/29/2012 1:43:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

7/29/2012 1:35:28 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

7/29/2012 1:35:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

7/29/2012 1:35:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

7/29/2012 1:35:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

7/29/2012 1:35:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

7/29/2012 1:35:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

7/29/2012 1:35:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

7/29/2012 1:34:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/29/2012 1:34:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

7/29/2012 1:34:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SbTis spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl

7/29/2012 1:34:20 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/29/2012 1:34:20 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

7/29/2012 1:34:20 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/29/2012 1:34:20 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/29/2012 1:34:20 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/29/2012 1:34:20 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/29/2012 1:34:19 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/29/2012 1:34:19 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

7/29/2012 1:34:19 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/29/2012 1:34:19 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

7/29/2012 1:34:19 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/28/2012 9:47:05 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000035 (0xfffffa80038d2720, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\windows\Minidump\072812-22698-01.dmp. Report Id: 072812-22698-01.

7/28/2012 9:36:18 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000035 (0xfffffa8003d82010, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\windows\Minidump\072812-22292-01.dmp. Report Id: 072812-22292-01.

7/28/2012 7:57:54 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SbTis spldr tdx vwififlt Wanarpv6 WfpLwf

7/28/2012 6:19:20 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.

7/27/2012 11:45:35 AM, Error: Service Control Manager [7000] - The AQFileRestoreSrv service failed to start due to the following error: The system cannot find the file specified.

7/26/2012 6:22:56 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000035 (0xfffffa80038c5600, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\windows\Minidump\072612-23368-01.dmp. Report Id: 072612-23368-01.

7/25/2012 5:55:47 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000035 (0xfffffa80039d8e10, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\windows\Minidump\072512-25927-01.dmp. Report Id: 072512-25927-01.

7/24/2012 9:05:19 AM, Error: Service Control Manager [7034] - The PCPitstop Realtime service terminated unexpectedly. It has done this 1 time(s).

7/24/2012 8:30:53 AM, Error: Service Control Manager [7034] - The Fix-It service terminated unexpectedly. It has done this 1 time(s).

7/23/2012 5:55:04 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000035 (0xfffffa8003b18010, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\windows\Minidump\072312-22230-01.dmp. Report Id: 072312-22230-01.

7/22/2012 7:28:43 AM, Error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.

7/22/2012 2:13:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d4 (0xfffff8800adde338, 0x0000000000000002, 0x0000000000000000, 0xfffff8000309cad9). A dump was saved in: C:\windows\Minidump\072212-42011-01.dmp. Report Id: 072212-42011-01.

7/22/2012 2:08:20 PM, Error: Service Control Manager [7030] - The Fix-It Utilities Task Manager service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

7/22/2012 12:17:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Fix-It Utilities Task Manager service to connect.

7/22/2012 12:17:19 PM, Error: Service Control Manager [7000] - The Fix-It Utilities Task Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/22/2012 12:02:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.

7/22/2012 12:02:58 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/22/2012 10:46:18 AM, Error: Service Control Manager [7030] - The Fix-It Utilities Process Monitor service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

.

==== End Of File ===========================

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

[lakutist]

Here is the report from RogueKiller

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: lakutist [Admin rights]

Mode: Scan -- Date: 07/30/2012 09:05:22

¤¤¤ Bad processes: 1 ¤¤¤

[sUSP PATH] DTUpdate.exe -- C:\Users\lakutist\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 4 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{1459ED19-D8F8-4F08-8CFC-D816E06C655B} : NameServer (10.177.0.34 10.166.71.132) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{1459ED19-D8F8-4F08-8CFC-D816E06C655B} : NameServer (10.177.0.34 10.166.71.132) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD25 00BEVT-22A23 SCSI Disk Device +++++

--- User ---

[MBR] e4ccd71c91191206689fe5001d371410

[bSP] b867132ef42bbb0928de3f8e6199a971 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12288 Mo

1 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 25167872 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25372672 | Size: 136880 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 305702912 | Size: 89191 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

[MrCharlie]

Not much showing...lets run some scans............

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[lakutist]

TDSS Killer will not run. It looks like it gets shut down after allowing it to run.

[MrCharlie]

Try this....

Cut and paste TDSSKiller.exe into Malwarebytes Chameleon folder:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon

Install the Chameleon driver by doing the following:

Press the Windows key + R and in the Run box, copy and paste the following command then press Enter.

"%programfiles (x86)\%\Malwarebytes' Anti-Malware\Chameleon/mbam-chameleon.com" /o

A black DOS prompt will appear with a prompt to press any key to continue, please do until the Dos prompt disappears.

Execute TDSSKiller.exe by doubleclicking on it in the Chameleon folder.

See if it runs.

Let me know, MrC

[lakutist]

Nope, but I did get one more flicker out of the hour glass before it died.

[MrCharlie]

Try it in safe mode, you can also rename it to explorer.exe, explorer.com or explorer.scr, etc.

MrC

[lakutist]

Still a no go.

Oh and I forgot to mention that about every 4 boots I get the blue screen of death on login.

[MrCharlie]

Try this..........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

-----------------------------

If ComboFix won't run, please try this: (make sure ComboFix is on your desktop)

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown: (copy and paste)

"%userprofile%\desktop\combofix.exe" /nombr

See if it will run successfully now. MrC

MrC

[lakutist]

Sorry it took so long here you go.

ComboFix 12-07-30.01 - lakutist 07/30/2012 12:40:30.3.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2278 [GMT -7:00]

Running from: c:\users\lakutist\Desktop\username123.exe

AV: Avanquest Fix-It *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}

SP: Avanquest Fix-It *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\lakutist\AppData\Roaming\DefaultTab\DefaultTab

c:\users\lakutist\AppData\Roaming\DefaultTab\DefaultTab\addon.ico

c:\users\lakutist\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico

c:\users\lakutist\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg

c:\users\lakutist\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll

c:\users\lakutist\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe

c:\users\lakutist\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll

c:\users\lakutist\AppData\Roaming\DefaultTab\DefaultTab\DT.ico

c:\users\lakutist\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe

c:\users\lakutist\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico

c:\users\lakutist\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico

c:\users\lakutist\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico

c:\users\lakutist\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico

c:\users\lakutist\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe

c:\users\lakutist\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico

c:\users\lakutist\AppData\Roaming\DefaultTab\DefaultTab\youtube_ie.ico

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_DefaultTabUpdate

-------\Service_DefaultTabUpdate

.

.

((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))

.

.

2012-07-30 20:15 . 2012-07-30 20:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-30 15:07 . 2012-07-30 17:12 -------- d-----w- c:\program files (x86)\hpmonitor

2012-07-30 15:07 . 2012-07-30 15:07 -------- d-----w- c:\program files (x86)\DefaultTab

2012-07-30 15:05 . 2012-07-30 20:13 -------- d-----w- c:\users\lakutist\AppData\Roaming\DefaultTab

2012-07-30 15:04 . 2011-02-18 01:26 81920 ----a-w- c:\windows\eSellerateControl350.dll

2012-07-30 15:04 . 2011-02-18 01:26 356352 ----a-w- c:\windows\eSellerateEngine.dll

2012-07-30 15:04 . 2012-07-30 16:38 -------- d-----w- c:\program files (x86)\Audio Ads Virus Removal Tool

2012-07-30 02:48 . 2012-07-30 02:49 -------- d-----w- C:\Rooter$

2012-07-29 17:06 . 2012-07-30 01:38 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared

2012-07-29 15:46 . 2012-07-29 16:53 -------- d-----w- C:\username123

2012-07-29 06:38 . 2012-07-29 15:45 -------- d-----w- C:\ComboFix

2012-07-29 05:32 . 2012-07-29 05:32 -------- d-----w- c:\users\lakutist\AppData\Roaming\SpeedMaxPc

2012-07-29 05:32 . 2012-07-29 14:59 -------- d-----w- c:\programdata\SpeedMaxPc

2012-07-29 05:17 . 2012-07-29 05:17 388096 ----a-r- c:\users\lakutist\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-29 05:17 . 2012-07-29 05:17 -------- d-----w- c:\program files (x86)\Trend Micro

2012-07-28 13:55 . 2012-07-16 09:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDFD47DB-C084-416F-9A9D-C4FB6EDAA83A}\mpengine.dll

2012-07-28 03:43 . 2012-07-28 03:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-28 03:05 . 2012-07-28 03:05 -------- d-----w- c:\program files\Enigma Software Group

2012-07-28 03:04 . 2012-07-29 14:56 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP

2012-07-28 03:04 . 2012-07-28 03:04 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-07-27 22:41 . 2012-07-30 04:36 -------- d-----w- c:\programdata\Symantec

2012-07-27 20:42 . 2012-07-27 20:42 -------- d-----w- c:\program files (x86)\Common Files\xing shared

2012-07-27 20:42 . 2012-07-27 20:43 -------- d-----w- c:\program files (x86)\Real

2012-07-27 20:41 . 2012-07-27 20:41 -------- d-----w- c:\users\lakutist\AppData\Local\Real

2012-07-27 20:25 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys

2012-07-27 19:16 . 2012-07-27 20:13 9821896 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-07-27 19:10 . 2012-07-30 20:40 -------- d-----w- c:\users\lakutist\AppData\Roaming\Free Download Manager

2012-07-27 18:52 . 2012-07-30 20:45 -------- d-----w- c:\programdata\PCPitstopDat

2012-07-27 18:52 . 2011-05-12 00:26 72280 ----a-w- c:\windows\system32\drivers\sbapifs.sys

2012-07-27 18:33 . 2012-07-27 18:33 -------- d-----w- c:\users\lakutist\AppData\Local\VS Revo Group

2012-07-27 18:33 . 2009-12-30 18:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys

2012-07-27 18:33 . 2012-07-27 18:33 -------- d-----w- c:\program files\VS Revo Group

2012-07-23 14:50 . 2012-07-23 14:50 -------- d-----w- c:\program files (x86)\Stealth Keyword Competition Analyzer2

2012-07-23 14:13 . 2011-09-17 01:00 11137024 ----a-w- c:\windows\SysWow64\libmfxsw32.dll

2012-07-23 00:20 . 2012-07-23 00:20 -------- d-----w- c:\program files (x86)\Oracle

2012-07-23 00:19 . 2012-07-06 05:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-07-22 21:09 . 2012-02-09 20:58 35000 ----a-w- c:\windows\system32\mxntdfg.exe

2012-07-22 21:09 . 2010-07-27 11:48 94296 ----a-w- c:\windows\system32\drivers\sbtis.sys

2012-07-22 21:09 . 2011-03-01 00:48 27472 ----a-w- c:\windows\system32\sbbd.exe

2012-07-22 21:09 . 2010-03-22 19:11 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2012-07-22 21:07 . 2012-07-22 21:14 -------- d-----w- c:\program files (x86)\Common Files\Antivirus

2012-07-22 20:59 . 2012-07-22 20:59 -------- d-----w- c:\program files (x86)\Avanquest

2012-07-22 17:46 . 2012-07-27 17:40 -------- d-----w- C:\_Backup

2012-07-22 17:45 . 2012-06-08 16:32 21120 ------w- c:\windows\system32\drivers\AQFileRestore.sys

2012-07-22 17:44 . 2012-07-22 17:44 -------- d-----w- c:\users\lakutist\AppData\Roaming\Avanquest

2012-07-22 17:44 . 2012-07-22 21:14 -------- d-----w- c:\programdata\Avanquest

2012-07-22 16:49 . 2012-07-22 16:49 -------- d-----w- c:\users\lakutist\AppData\Local\ElevatedDiagnostics

2012-07-22 13:59 . 2012-07-22 14:00 -------- d-----w- c:\users\lakutist\AppData\Roaming\AVG

2012-07-22 02:57 . 2012-07-22 19:26 -------- d-----w- C:\$AVG

2012-07-22 02:57 . 2012-07-22 19:31 -------- d-----w- c:\programdata\AVG2012

2012-07-22 02:56 . 2012-07-22 19:07 -------- d-----w- c:\program files (x86)\AVG

2012-07-22 02:48 . 2012-07-22 19:30 -------- d-----w- c:\programdata\MFAData

2012-07-22 02:48 . 2012-07-22 02:48 -------- d-----w- c:\programdata\Common Files

2012-07-22 02:14 . 2012-07-22 02:14 -------- d-----w- c:\users\lakutist\AppData\Local\CRE

2012-07-22 02:13 . 2012-07-22 02:13 -------- d-----w- c:\program files (x86)\Conduit

2012-07-22 02:13 . 2012-07-22 02:14 3993600 ----a-w- c:\program files (x86)\GUTF46A.tmp

2012-07-22 02:13 . 2012-07-22 02:13 -------- d-----w- c:\program files (x86)\GUMF469.tmp

2012-07-22 02:13 . 2012-07-22 16:34 -------- d-----w- c:\users\lakutist\AppData\Local\Conduit

2012-07-22 02:13 . 2012-07-22 02:13 -------- d-----w- c:\users\lakutist\AppData\Local\Vid-Saver

2012-07-22 02:13 . 2012-07-25 05:19 -------- d-----w- c:\program files (x86)\Vid-Saver

2012-07-21 15:13 . 2012-07-21 15:13 -------- d-----w- c:\users\lakutist\AppData\Roaming\PC Utility Kit

2012-07-21 15:13 . 2012-07-21 15:13 -------- d-----w- c:\users\lakutist\AppData\Roaming\DriverCure

2012-07-21 15:13 . 2012-07-22 16:00 -------- d-----w- c:\programdata\PC Utility Kit

2012-07-12 04:25 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 17:51 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-07-11 17:50 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-11 17:50 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll

2012-07-11 17:50 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2012-07-11 17:50 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2012-07-11 17:50 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-07-11 17:50 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2012-07-11 17:50 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll

2012-07-11 17:50 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll

2012-07-11 17:50 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll

2012-07-11 17:50 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll

2012-07-11 17:50 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll

2012-07-11 17:50 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll

2012-07-11 17:50 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-27 20:42 . 2010-05-28 01:49 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-07-27 20:42 . 2010-05-28 01:49 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-07-27 20:13 . 2012-04-01 14:01 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-27 20:13 . 2011-06-21 13:16 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-06 05:06 . 2010-10-02 01:12 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-07-03 10:19 . 2010-09-25 14:32 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-06-02 22:19 . 2012-06-22 13:35 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 13:36 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-22 13:36 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 13:36 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 13:34 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 22:19 . 2012-06-22 13:35 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-22 13:36 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-22 13:34 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 22:15 . 2012-06-22 13:35 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-05-31 19:25 . 2010-09-25 03:41 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-05-04 11:06 . 2012-06-14 02:46 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 10:03 . 2012-06-14 02:46 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03 . 2012-06-14 02:46 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-29_16.32.39 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 04:54 . 2012-07-30 20:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-07-29 14:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-07-29 14:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-30 20:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-29 14:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-30 20:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-02-03 14:05 . 2012-07-30 14:56 59674 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-07-30 20:44 48778 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-09-25 03:27 . 2012-07-30 20:44 22110 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1896597390-1714452406-3335924612-1000_UserData.bin

- 2010-06-18 20:49 . 2012-07-28 18:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-06-18 20:49 . 2012-07-30 18:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-06-18 20:49 . 2012-07-30 18:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-06-18 20:49 . 2012-07-28 18:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-28 18:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-30 18:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-07-29 14:38 . 2012-07-29 14:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-07-30 20:42 . 2012-07-30 20:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-07-30 20:42 . 2012-07-30 20:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-07-29 14:38 . 2012-07-29 14:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 02:36 . 2012-07-30 16:12 660530 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-07-29 01:20 660530 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-07-30 16:12 121426 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-07-29 01:20 121426 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2012-07-29 07:41 929432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-07-30 20:40 929432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-08-08 04:37 . 2012-07-29 18:29 4285748 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1896597390-1714452406-3335924612-1000-12288.dat

+ 2011-05-10 04:17 . 2012-07-30 20:40 22183232 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1896597390-1714452406-3335924612-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7}]

c:\program files (x86)\RegTweaker\key.dll [bU]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-06-06 222496]

"Jing"="c:\program files (x86)\TechSmith\Jing2\Jing.exe" [2012-02-01 2918224]

"Download Nitro"="c:\program files (x86)\PCPitstop\Download Nitro\pcpitstop-nitro.exe" [2011-06-30 3597520]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]

"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2010-10-27 328992]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]

"Info Center"="c:\program files (x86)\PCPitstop\Info Center\InfoCenter.exe" [2012-05-16 26816]

"PC MaticRT"="c:\program files (x86)\PCPitstop\PC MaticRT\PCMaticRT.exe" [2012-07-17 670392]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-07-27 296096]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files (x86)\Office2K\Office\OSA9.EXE [2000-1-20 65588]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]

R3 AQFileRestore;AQFileRestore;c:\windows\system32\DRIVERS\AQFileRestore.sys [2012-06-08 21120]

R3 AQFileRestoreSrv;AQFileRestoreSrv;c:\program files (x86)\Avanquest\Fix-It\AQFileRestoreSrv.exe [x]

R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-30 6144]

R3 CATmobile;T-Mobile Con App Svc;c:\program files (x86)\T-Mobile\webConnect Manager\conappssvc.exe [2010-06-12 118784]

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-04-09 47616]

R3 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2011-09-19 87368]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 fspad_xp64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_xp64;c:\windows\system32\DRIVERS\fspad_xp64.sys [2009-12-17 53248]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 MGHwCtrl;MGHwCtrl;c:\program files (x86)\msi\msi Software Install\MGHwCtrl.sys [x]

R3 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-30 9216]

R3 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]

R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]

R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]

R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2009-07-24 11264]

R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [2010-06-12 43032]

R3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;c:\windows\system32\PLCMPR5.SYS [x]

R3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [x]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 tmobile_mf691_cdc_acm;T-Mobile MF691 CDC-ACM driver;c:\windows\system32\DRIVERS\tmobile_mf691_cdc_acm.sys [2010-04-10 78336]

R3 tmobile_mf691_cdc_ecm;tmobile_mf691_cdc_ecm;c:\windows\system32\DRIVERS\tmobile_mf691_cdc_ecm.sys [2010-04-10 88064]

R3 tmobile_mf691_cpo;T-Mobile webConnect CPO device;c:\windows\system32\DRIVERS\tmobile_mf691_cpo.sys [2010-04-10 13824]

R3 TMobileRcAppSvc;T-Mobile RcApp Svc;c:\program files (x86)\T-Mobile\webConnect Manager\RcAppSvc.exe [2010-06-12 114688]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-25 1255736]

R4 SBAMSvc;Fix-It;c:\program files (x86)\Common Files\Antivirus\SBAMSvc.exe [2010-10-11 2763080]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-03-22 49752]

S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-07-27 94296]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 DefaultTabSearch;DefaultTabSearch;c:\program files (x86)\DefaultTab\DefaultTabSearch.exe [2012-07-17 562688]

S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2011-06-06 296808]

S2 PCPitstop Realtime;PCPitstop Realtime;c:\program files (x86)\PCPitstop\PC MaticRT\PCPitstopRTService.exe [2012-07-17 3827896]

S2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [2012-05-16 91848]

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-05-12 72280]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]

S3 fspad_wlh64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh64;c:\windows\system32\DRIVERS\fspad_wlh64.sys [2009-12-17 53248]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-11-15 1813056]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]

S3 tmobile_mf691_dc_enum;T-Mobile MF691 DC Enumerator;c:\windows\system32\DRIVERS\tmobile_mf691_dc_enum.sys [2010-04-10 75776]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 20:13]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-28 12459112]

"fspuip"="c:\program files (x86)\FSP\fspuip.exe" [bU]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]

"combofix"="c:\username1236604u\CF18419.3XE" [2010-11-20 345088]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.mysearchresults.com/?c=8000&t=12

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = 192.168.*.*;*.local

IE: E&xport to Microsoft Excel - c:\progra~2\Office2K\OFFICE11\EXCEL.EXE/3000

LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll

TCP: DhcpNameServer = 8.8.8.8 8.8.4.4

TCP: Interfaces\{1459ED19-D8F8-4F08-8CFC-D816E06C655B}: NameServer = 10.177.0.34 10.166.71.132

FF - ProfilePath - c:\users\lakutist\AppData\Roaming\Mozilla\Firefox\Profiles\jtpkj1m9.default\

FF - prefs.js: browser.search.selectedEngine - Search Here

FF - prefs.js: browser.startup.homepage - hxxp://www.mysearchresults.com/?c=8000&t=12

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\lakutist\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll

Toolbar-Locked - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

AddRemove-DefaultTab - c:\users\lakutist\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Brother\ControlCenter3\brccMCtl.exe

c:\program files (x86)\Brownie\Brnipmon.exe

.

**************************************************************************

.

Completion time: 2012-07-30 14:08:48 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-30 21:08

ComboFix2.txt 2012-07-29 21:40

ComboFix3.txt 2012-07-29 16:53

.

Pre-Run: 36,962,983,936 bytes free

Post-Run: 36,625,408,000 bytes free

.

- - End Of File - - 29F95834FBCC30CF88589442C9E185A8

[MrCharlie]

Please disable Windows Defender and leave it disabled, you shouldn't have 2 AVs running on a computer

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Here's how to do it:

http://www.simplehel...r-in-windows-7/

--------------------------------------

Now try to run TDSSKiller <-----this is the program we have to get to run!!

MrC

[lakutist]

That's funny because according to the services tab it is already stopped.

TDSSKiller still doesn't work.

[MrCharlie]

Lets do this.......

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

MrC

[lakutist]

My computer won't let me download it so I'm bringing it down on another machine. It will take a little while the file is 136Mb.

[MrCharlie]

OK, take your time....... MrC

[lakutist]

Ok it's scanning.The good news is that this one ran. Wooo Hooo!

[MrCharlie]

OK, hang in there...we'll get it......MrC

[lakutist]

The good news is that the tool found two infections and disinfected them. Both of the files were in the MBR.

The bad news is that now the computer is unbootable.

Immediately after the second file was deleted it did a reboot and it made to just about to the point where the different colored balls come together to form the Microsoft logo. Then blue screen and reboot.

The machine also can't do an automatic repair.

[MrCharlie]

OK, I'm just on my way out, be back in an hour or so, MrC

[MrCharlie]

OK, Did you try system restore?

please do this......

• Download ListParts to a USB flash drive.
  
• Download ListParts64 to a USB flash drive. <---this one!
  
• Plug the USB drive into the infected machine.
  

Boot your computer into Recovery Environment

• Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  
• Select Repair your computer.
  
• Select Language and click Next
  
• Enter password (if necessary) and click OK, you should now see the screen below ...
  

• Select the Command Prompt option.
  
• A command window will open.
  
  • Type notepad then hit Enter.
    
  • Notepad will open.
    
    • Click File > Open then select Computer.
      
    • Note down the drive letter for your USB Drive.
      
    • Close Notepad.
      

  [*]Back in the command window ....

  • Type e:/listparts.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
    
  • Type e:/listparts64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)<---this one
    
  • ListParts will start to run.
    
    • Press the Scan button.
      
    • When finished scanning it will make a log Result.txt on the flash drive.
      

  [*]Close the command window.

  [*]Boot back into normal mode and post me the Result.txt log please.

MrC

[lakutist]

Unfortunately it won't let me get to any command prompt. It immediately goes into repairing and then telling me it can't repair. This happens even when I boot from a Windows 7 installation disk.

[lakutist]

Sorry I didn't answer the first question.

System restore is an option but all of the save points are post virus attack.

[MrCharlie]

See if System restore works then...... MrC

[lakutist]

I take it all back I was having a senior moment.

Here is the report.

ListParts by Farbar Version: 25-07-2012

Ran by SYSTEM (administrator) on 31-07-2012 at 11:54:11

Windows 7 (X64)

Running From: I:\

Language: 0409

************************************************************

========================= Memory info ======================

Percentage of memory in use: 12%

Total physical RAM: 3839.24 MB

Available physical RAM: 3346.55 MB

Total Pagefile: 3837.44 MB

Available Pagefile: 3337.84 MB

Total Virtual: 8192 MB

Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS_Install) (Fixed) (Total:133.67 GB) (Free:32.58 GB) NTFS ==>[system with boot components (obtained from reading drive)]

2 Drive d: (Data) (Fixed) (Total:87.1 GB) (Free:87 GB) NTFS

3 Drive e: (BIOS_RVY) (Fixed) (Total:12 GB) (Free:4.92 GB) NTFS ==>[system with boot components (obtained from reading drive)]

4 Drive f: (System) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]

5 Drive g: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF

6 Drive h: (GEAR HEAD) (Removable) (Total:7.45 GB) (Free:4.33 GB) FAT32

7 Drive i: (ATIVA BLACK) (Removable) (Total:7.45 GB) (Free:5.03 GB) FAT32

8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 232 GB 0 B

Disk 1 Online 7639 MB 0 B

Disk 2 Online 7648 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Recovery 12 GB 1024 KB

Partition 2 Recovery 100 MB 12 GB

Partition 3 Primary 133 GB 12 GB

Partition 4 Primary 87 GB 145 GB

======================================================================================================

Disk: 0

Partition 1

Type : 27

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E BIOS_RVY NTFS Partition 12 GB Healthy Hidden

======================================================================================================

Disk: 0

Partition 2

Type : 27

Hidden: Yes

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 F System NTFS Partition 100 MB Healthy Hidden

======================================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C OS_Install NTFS Partition 133 GB Healthy

======================================================================================================

Disk: 0

Partition 4

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 D Data NTFS Partition 87 GB Healthy

======================================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 7635 MB 4096 KB

======================================================================================================

Disk: 1

Partition 1

Type : 0B

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 H GEAR HEAD FAT32 Removable 7635 MB Healthy

======================================================================================================

Partitions of Disk 2:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 7647 MB 40 KB

======================================================================================================

Disk: 2

Partition 1

Type : 0C

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 6 I ATIVA BLACK FAT32 Removable 7647 MB Healthy

======================================================================================================

==========================================================

TDL4: custom:26000022

****** End Of Log ******