Rootkit/Redirect virus .. Help. :(!

[dordorkins]

Well, hey!

I'm new to this forum. I figure I actualyl needed EXPERT help since this is alot harder..

Um, well... my computer has been running very slow, CPU usage is about 95% all the time.

I followed the "I'm infected - What do I do thread"

Actually, I'm not even sure if I really have a virus, because... sometimes I get redirected on google, sometimes I don't.

Here are my DDS & Attach .txt's.

..

DDS txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.9.2

Run by DorothyN at 10:49:51 on 2013-03-02

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4085.1010 [GMT -6:00]

.

AV: BullGuard Antivirus *Enabled/Updated* {C3CCAC61-52F7-A056-1860-6406566E2578}

SP: BullGuard Antispyware *Enabled/Updated* {78AD4D85-74CD-AFD8-22D0-5F742DE96FC5}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: BullGuard Firewall *Enabled* {FBF72D44-1898-A10E-333F-CD33A8BD6203}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe

C:\Windows\System32\SvcHost.exe -k BullGuard_Backup

c:\program files\bullguard ltd\bullguard\BullGuardBhvScanner.exe

C:\Windows\System32\SvcHost.exe -k BullGuard_Proxy

C:\Windows\System32\SvcHost.exe -k BullGuard_Main

c:\program files\bullguard ltd\bullguard\BullGuardScanner.exe

c:\program files\bullguard ltd\bullguard\BullGuardUpdate.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\lxducoms.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\SvcHost.exe -k BullGuard

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\LogonUI.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe

C:\Program Files\BullGuard Ltd\BullGuard\files32\spamfilter\LittleHook.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

C:\Windows\System32\vds.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\explorer.exe

C:\Program Files (x86)\puush\puush.exe

C:\Users\DorothyN\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe

C:\Users\DorothyN\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler64.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

mStart Page = about:blank

uProxyOverride = local;*.local

BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {2804caed-1d99-4a3d-833c-c552f986b75c} - <orphaned>

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files (x86)\Lexmark Printable Web\bho.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll

TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

EB: <No Name>: {cccc7d2d-9a4c-4c9a-9bd4-cc4815b28ccc} - LocalServer32 - <no file>

uRun: [puush] C:\Program Files (x86)\puush\puush.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {BD68328E-1222-4A62-BA16-E6F42CA49A64} - hxxp://gf.wemade.com/comsso/active/WMInstallMgr.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: NameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{261700FD-EB14-4D51-B5B3-3E90D1F57859} : DHCPNameServer = 75.75.76.76 75.75.75.75

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs= c:\PROGRA~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll BgGamingMonitor.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [bullGuardUpdate2] c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe

x64-Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot

x64-IE: {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\DorothyN\AppData\Roaming\Mozilla\Firefox\Profiles\zk5tri7a.default\

FF - prefs.js: browser.search.defaulturl -

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npOGPPlugin.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Roblox\Versions\version-58bb25d673384171\NPRobloxProxy.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Users\DorothyN\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Users\DorothyN\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\DorothyN\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\DorothyN\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\Windows\System32\npDeployJava1.dll

FF - plugin: C:\Windows\System32\npmproxy.dll

FF - plugin: C:\Windows\System32\npOGPPlugin.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - plugin: C:\Windows\SysWOW64\npOGPPlugin.dll

FF - ExtSQL: 2013-01-15 20:57; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\DorothyN\AppData\Roaming\Mozilla\Firefox\Profiles\zk5tri7a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2013-02-09 10:19; {13b94fe3-3f62-4c44-bdf7-3663e3e9189d}; C:\Users\DorothyN\AppData\Roaming\Mozilla\Firefox\Profiles\zk5tri7a.default\extensions\{13b94fe3-3f62-4c44-bdf7-3663e3e9189d}.xpi

FF - ExtSQL: 2013-02-17 14:43; antiphishing@bullguard; C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard

FF - ExtSQL: 2013-02-23 18:20; {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}; C:\Users\DorothyN\AppData\Roaming\Mozilla\Firefox\Profiles\zk5tri7a.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi

FF - ExtSQL: 2013-02-27 06:58; {27182e60-b5f3-411c-b545-b44205977502}; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-11-6 55856]

R1 AFW;Agnitum Firewall Driver;C:\Windows\System32\drivers\afw.sys [2012-11-20 40544]

R1 BdSpy;BdSpy;C:\Windows\System32\drivers\BdSpy.sys [2012-6-26 68208]

R1 NovaShieldFilterDriver;NovaShieldFilterDriver;C:\Windows\System32\drivers\NSKernel.sys [2012-6-26 256072]

R1 NovaShieldTDIDriver;NovaShieldTDIDriver;C:\Windows\System32\drivers\NSNetmon.sys [2012-6-26 25160]

R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-11-25 814344]

R2 BsBackup;BullGuard backup service;C:\Windows\System32\SvcHost.exe -k BullGuard_Backup [2009-7-13 27136]

R2 BsBhvScan;BullGuard Behavioural Detection;C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [2013-1-17 366432]

R2 BsFileScan;BullGuard on-access service;C:\Windows\System32\SvcHost.exe -k BullGuard [2009-7-13 27136]

R2 BsFire;BullGuard firewall service;C:\Windows\System32\SvcHost.exe -k BullGuard [2009-7-13 27136]

R2 BsMailProxy;BullGuard e-mail monitoring service;C:\Windows\System32\SvcHost.exe -k BullGuard_Proxy [2009-7-13 27136]

R2 BsMain;BullGuard main service;C:\Windows\System32\SvcHost.exe -k BullGuard_Main [2009-7-13 27136]

R2 BsScanner;BullGuard scanning service;C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [2013-1-17 221536]

R2 BsUpdate;BullGuard update service;C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [2013-1-24 382816]

R2 lxdu_device;lxdu_device;C:\Windows\System32\lxducoms.exe -service --> C:\Windows\System32\lxducoms.exe -service [?]

R3 afwcore;afwcore;C:\Windows\System32\drivers\afwcore.sys [2012-11-20 464480]

R3 BdNet;BdNet;C:\Windows\System32\drivers\BdNet.sys [2012-10-4 34928]

R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2013-2-23 44928]

R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2013-1-31 28160]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-6 215040]

R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 lxduCATSCustConnectService;lxduCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxduserv.exe [2009-12-1 29184]

S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2013-2-17 21712]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-3-18 24176]

S3 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-6 398184]

S3 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-3 682344]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]

S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]

S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2012-11-14 40712]

S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\System32\drivers\vcsvad.sys [2010-12-26 21504]

S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-6 92160]

S4 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-11-24 14216]

S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-11-6 656624]

S4 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-1-4 3467768]

.

=============== Created Last 30 ================

.

2013-02-27 13:17:39 367104 ----a-w- C:\Windows\System32\wcncsvc.dll

2013-02-27 13:17:39 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll

2013-02-27 12:32:05 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2013-02-27 12:32:05 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2013-02-27 12:32:05 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2013-02-27 12:32:05 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2013-02-27 12:21:12 -------- d-----w- C:\Windows\en

2013-02-27 12:08:01 -------- d-----w- C:\Program Files (x86)\MSN Toolbar

2013-02-27 12:07:40 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer

2013-02-27 06:25:39 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\417ee4791ce14b32c\InstallManager_WLE_WLE.exe

2013-02-27 06:25:11 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\31e28c7c1ce14b321\MeshBetaRemover.exe

2013-02-27 06:24:37 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1cfda2121ce14b31a\DSETUP.dll

2013-02-27 06:24:37 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1cfda2121ce14b31a\DXSETUP.exe

2013-02-27 06:24:37 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1cfda2121ce14b31a\dsetup32.dll

2013-02-27 06:24:34 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1be01c351ce14b319\DSETUP.dll

2013-02-27 06:24:34 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1be01c351ce14b319\DXSETUP.exe

2013-02-27 06:24:34 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1be01c351ce14b319\dsetup32.dll

2013-02-27 06:21:49 -------- d-----w- C:\Users\DorothyN\AppData\Local\Windows Live

2013-02-27 06:00:56 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-27 06:00:56 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-27 05:36:36 46080 ----a-w- C:\Windows\System32\atmlib.dll

2013-02-27 05:36:36 367616 ----a-w- C:\Windows\System32\atmfd.dll

2013-02-27 05:36:36 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2013-02-27 05:36:36 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2013-02-27 05:34:53 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2013-02-27 05:34:53 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2013-02-27 05:34:52 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2013-02-27 05:34:52 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2013-02-27 05:34:51 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2013-02-27 05:34:51 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2013-02-27 05:34:51 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2013-02-27 05:08:28 80896 ----a-w- C:\Windows\System32\imagehlp.dll

2013-02-27 05:08:28 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2013-02-27 05:08:28 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2013-02-27 05:08:27 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2013-02-27 05:08:27 5120 ----a-w- C:\Windows\System32\wmi.dll

2013-02-27 04:43:45 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

2013-02-27 04:38:47 148992 ----a-w- C:\Windows\System32\t2embed.dll

2013-02-27 04:37:46 552960 ----a-w- C:\Windows\System32\msdri.dll

2013-02-27 04:36:59 46592 ----a-w- C:\Windows\SysWow64\fpb.rs

2013-02-27 04:35:52 464384 ----a-w- C:\Windows\System32\taskeng.exe

2013-02-27 04:30:59 1097216 ----a-w- C:\Windows\System32\mstsc.exe

2013-02-27 04:29:35 264192 ----a-w- C:\Windows\System32\upnp.dll

2013-02-27 04:28:10 84992 ----a-w- C:\Windows\System32\asycfilt.dll

2013-02-27 04:28:10 67584 ----a-w- C:\Windows\SysWow64\asycfilt.dll

2013-02-27 04:21:38 389632 ----a-w- C:\Windows\System32\winlogon.exe

2013-02-27 04:20:08 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2013-02-27 04:20:08 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2013-02-27 04:19:20 1739160 ----a-w- C:\Windows\System32\ntdll.dll

2013-02-27 04:19:20 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-02-27 04:16:00 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2013-02-27 04:16:00 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2013-02-27 04:15:59 461312 ----a-w- C:\Windows\System32\drivers\srv.sys

2013-02-27 04:15:59 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys

2013-02-27 04:15:59 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2013-02-27 04:15:36 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

2013-02-27 04:15:34 633856 ----a-w- C:\Windows\System32\comctl32.dll

2013-02-27 04:15:28 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2013-02-27 03:53:16 -------- d-----w- C:\Windows\CheckSur

2013-02-27 03:44:59 6144 ---ha-w- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2013-02-27 03:40:28 714752 ----a-w- C:\Windows\System32\kerberos.dll

2013-02-27 03:40:28 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll

2013-02-27 03:38:31 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2013-02-27 03:38:25 96664 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe

2013-02-27 03:38:25 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll

2013-02-27 03:38:25 74136 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll

2013-02-27 03:38:25 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll

2013-02-27 03:38:25 2954136 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2013-02-27 03:38:25 193576 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2013-02-27 03:38:25 170232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe

2013-02-27 03:38:25 131480 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll

2013-02-27 03:38:25 115608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe

2013-02-27 03:35:17 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe

2013-02-27 03:35:17 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

2013-02-27 03:35:14 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2013-02-27 03:35:14 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2013-02-27 03:35:07 956416 ----a-w- C:\Windows\System32\localspl.dll

2013-02-27 03:31:06 1656688 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-02-27 03:01:47 182272 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-02-27 03:01:47 1462784 ----a-w- C:\Windows\System32\crypt32.dll

2013-02-27 03:01:47 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2013-02-27 03:01:47 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-02-27 03:01:47 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-02-27 03:01:47 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-02-27 03:00:21 77312 ----a-w- C:\Windows\System32\packager.dll

2013-02-27 03:00:21 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2013-02-27 02:45:52 -------- d-----w- C:\Users\DorothyN\AppData\Local\LogMeIn Rescue Applet

2013-02-26 03:51:33 -------- d-----w- C:\AppDumps

2013-02-23 21:11:42 -------- d-----w- C:\Users\DorothyN\AppData\Local\ManyCam

2013-02-23 21:11:42 -------- d-----w- C:\ProgramData\ManyCam

2013-02-23 21:11:38 44928 ----a-w- C:\Windows\System32\drivers\mcvidrv_x64.sys

2013-02-23 18:38:24 -------- d-----w- C:\Program Files (x86)\VideoLAN

2013-02-23 17:23:10 -------- d-----w- C:\Users\DorothyN\AppData\Local\RapidSolution

2013-02-22 22:13:05 -------- d-----w- C:\ProgramData\boost_interprocess

2013-02-20 03:04:59 -------- d-sh--w- C:\$RECYCLE.BIN

2013-02-20 02:58:58 -------- d-s---w- C:\ComboFix

2013-02-17 20:43:27 -------- d-----w- C:\Users\DorothyN\AppData\Roaming\BullGuard

2013-02-17 20:43:26 -------- d-----w- C:\ProgramData\BullGuard

2013-02-17 20:42:35 -------- d-----w- C:\Program Files\Common Files\BullGuard Ltd

2013-02-17 20:42:33 -------- d-----w- C:\Program Files\BullGuard Ltd

2013-02-17 20:13:03 -------- d-----w- C:\Program Files\CCleaner

2013-02-17 18:29:22 98816 ----a-w- C:\Windows\sed.exe

2013-02-17 18:29:22 256000 ----a-w- C:\Windows\PEV.exe

2013-02-17 18:29:22 208896 ----a-w- C:\Windows\MBR.exe

2013-02-17 16:42:48 -------- d-----w- C:\Users\DorothyN\AppData\Local\TERA-Diagnostic

2013-02-17 15:00:27 -------- d-----w- C:\Users\DorothyN\AppData\Local\TERA

2013-02-17 14:35:14 21712 ----a-w- C:\Windows\SysWow64\drivers\DrvAgent64.SYS

2013-02-17 14:35:14 -------- d-----w- C:\Users\DorothyN\AppData\Local\eSupport.com

2013-02-17 14:35:11 -------- d-----w- C:\ProgramData\HappyCloud

2013-02-16 16:27:50 208216 ----a-w- C:\Windows\System32\drivers\22603015.sys

2013-02-10 01:12:41 -------- d-----w- C:\Users\DorothyN\AppData\Roaming\StepMania 5

2013-02-10 01:11:52 -------- d-----w- C:\Program Files (x86)\StepMania 5

2013-02-09 21:23:51 -------- d-----w- C:\Program Files (x86)\Magical Jelly Bean

2013-02-09 14:27:32 -------- d-----w- C:\ProgramData\80D320FEB3269569000080D2A0339CF3

2013-02-08 09:35:28 9161176 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AD9E8A69-5E83-4544-A904-D1401600CABF}\mpengine.dll

.

==================== Find3M ====================

.

2013-02-27 21:07:29 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-27 21:07:29 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-01-31 09:50:58 28160 ----a-w- C:\Windows\System32\drivers\mcaudrv_x64.sys

2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-25 13:33:16 350160 ----a-w- C:\Windows\System32\drivers\Trufos.sys

2013-01-17 07:59:32 63840 ----a-w- C:\Windows\System32\BGLsp.dll

2013-01-17 07:59:22 54624 ----a-w- C:\Windows\SysWow64\BGLsp.dll

2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-05 05:57:43 5500776 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-01-05 05:02:17 3957608 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:02:17 3902312 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-01-04 05:41:01 1893224 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-01-04 05:40:54 287576 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-01-04 05:37:01 362496 ----a-w- C:\Windows\System32\wow64win.dll

2013-01-04 05:37:00 243200 ----a-w- C:\Windows\System32\wow64.dll

2013-01-04 05:37:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2013-01-04 05:36:33 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-01-04 05:33:49 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2013-01-04 05:30:34 424960 ----a-w- C:\Windows\System32\KernelBase.dll

2013-01-04 05:27:03 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2013-01-04 05:27:03 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2013-01-04 05:27:02 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2013-01-04 05:27:02 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-01-04 05:27:02 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2013-01-04 05:27:01 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-01-04 05:27:01 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2013-01-04 05:27:00 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2013-01-04 05:27:00 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-01-04 05:27:00 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2013-01-04 04:51:09 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-01-04 04:51:08 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2013-01-04 03:22:49 3150848 ----a-w- C:\Windows\System32\win32k.sys

2013-01-04 03:19:55 338432 ----a-w- C:\Windows\System32\conhost.exe

2013-01-04 02:48:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-01-04 02:48:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-01-04 02:48:34 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-01-04 02:48:33 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-01-04 02:43:35 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2013-01-04 02:43:34 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2013-01-04 02:43:34 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2013-01-04 02:43:34 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-12-25 02:13:39 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2012-12-25 02:13:38 959976 ----a-w- C:\Windows\System32\deployJava1.dll

2012-12-25 02:13:38 1081320 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-12-10 03:30:33 93399 ----a-w- C:\Windows\Scan to PDF Uninstaller.exe

2012-12-07 05:41:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

2012-12-07 05:35:34 2745856 ----a-w- C:\Windows\System32\gameux.dll

2012-12-07 05:04:20 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 04:57:38 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 03:21:08 45568 ----a-w- C:\Windows\SysWow64\oflc-nz.rs

2012-12-07 03:21:08 44544 ----a-w- C:\Windows\SysWow64\pegibbfc.rs

2012-12-07 03:21:08 43520 ----a-w- C:\Windows\SysWow64\csrr.rs

2012-12-07 03:21:08 30720 ----a-w- C:\Windows\SysWow64\usk.rs

2012-12-07 03:21:08 23552 ----a-w- C:\Windows\SysWow64\oflc.rs

2012-12-07 03:21:07 20480 ----a-w- C:\Windows\SysWow64\pegi-pt.rs

2012-12-07 03:21:06 20480 ----a-w- C:\Windows\SysWow64\pegi.rs

2012-12-07 03:21:06 20480 ----a-w- C:\Windows\SysWow64\pegi-fi.rs

2012-12-07 03:21:05 55296 ----a-w- C:\Windows\SysWow64\cero.rs

2012-12-07 03:21:05 51712 ----a-w- C:\Windows\SysWow64\esrb.rs

2012-12-07 03:21:05 21504 ----a-w- C:\Windows\SysWow64\grb.rs

2012-12-07 03:21:04 40960 ----a-w- C:\Windows\SysWow64\cob-au.rs

2012-12-07 03:21:04 15360 ----a-w- C:\Windows\SysWow64\djctq.rs

2012-12-03 14:38:20 118256 ----a-w- C:\Windows\System32\BgGamingMonitor.dll

2012-12-03 14:38:20 106896 ----a-w- C:\Windows\SysWow64\BgGamingMonitor.dll

.

============= FINISH: 10:51:54.97 ===============

_________________________________________________

ATTACH.TXT:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 11/27/2009 7:29:23 AM

System Uptime: 2/27/2013 3:14:23 PM (67 hours ago)

.

Motherboard: Dell Inc. | | 0T287N

Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz | Socket 775 | 1196/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 581 GiB total, 108.938 GiB free.

E: is Removable

F: is Removable

G: is Removable

H: is Removable

L: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}

Description: CD-ROM Drive

Device ID: IDE\CDROMHL-DT-ST_DVD+-RW_GH50N__________________B101____\5&33E93E06&0&1.0.0

Manufacturer: (Standard CD-ROM drives)

Name: HL-DT-ST DVD+-RW GH50N ATA Device

PNP Device ID: IDE\CDROMHL-DT-ST_DVD+-RW_GH50N__________________B101____\5&33E93E06&0&1.0.0

Service: cdrom

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0000

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter

PNP Device ID: ROOT\*ISATAP\0000

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0001

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter #2

PNP Device ID: ROOT\*ISATAP\0001

Service: tunnel

.

Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}

Description: CD-ROM Drive

Device ID: SCSI\CDROM&VEN_MAGICISO&PROD_VIRTUAL_DVD-ROM&REV_1.0A\1&2AFD7D61&0&0000

Manufacturer: (Standard CD-ROM drives)

Name: MagicISO Virtual DVD-ROM0000

PNP Device ID: SCSI\CDROM&VEN_MAGICISO&PROD_VIRTUAL_DVD-ROM&REV_1.0A\1&2AFD7D61&0&0000

Service: cdrom

.

==== System Restore Points ===================

.

RP529: 2/28/2013 1:22:17 AM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

ABBYY FineReader 10 Professional Edition

AC Tool

Adobe AIR

Adobe Bridge 1.0

Adobe Community Help

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.4.1

Adobe Shockwave Player 11.6

Akamai NetSession Interface

Akamai NetSession Interface Service

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bing Bar

Bing Bar Platform

Bonjour

BullGuard

CCleaner

Cheat Engine 6.0

Clownfish for Skype

Compatibility Pack for the 2007 Office system

Consumer In-Home Service Agreement

D3DX10

DAEMON Tools Toolbar

DancingGorilla 1.1.4/1.06

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell Dock

Dell Edoc Viewer

Dell Getting Started Guide

Dell Support Center

DivX Setup

DivX Version Checker

Dragon Saga

DragonNest

EA Download Manager

FBDownloader IE Add-on

Flyff version V18

Fraps (remove only)

Gimp 2.6.2 Debug

Google Chrome

Google Talk Plugin

Google Update Helper

Google Updater

Grand Chase

Happy Cloud Client

Hi-Command

iCall

IMVU Avatar Chat Software

Intel® Graphics Media Accelerator Driver

iTunes

Java 7 Update 10 (64-bit)

Java 7 Update 9

Java Auto Updater

Java SE Development Kit 7 Update 10 (64-bit)

Java 6 Update 23 (64-bit)

Java 6 Update 31

Java SE Development Kit 6 Update 22 (64-bit)

Java SE Development Kit 6 Update 23 (64-bit)

jetAudio Basic

Junk Mail filter update

La Tale

LAME v3.99.3 (for Windows)

Latale GP

League of Legends

Lexmark 5600-6600 Series

LG USB Modem driver

Magic ISO Maker v5.5 (build 0276)

Magical Jelly Bean KeyFinder

MagicDisc 2.7.106

Malwarebytes Anti-Malware version 1.70.0.1100

ManyCam 3.1.43

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Excel Viewer

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

Microsoft WSE 3.0 Runtime

Microsoft XNA Framework Redistributable 4.0

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Microsoft_VC90_MFCLOC_x86

Microsoft_VC90_MFCLOC_x86_x64

Mozilla Firefox 19.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT Redists

MSVCRT_amd64

NewBlue 3D Explosions for Vegas

NewBlue 3D Transformations for Vegas

NewBlue Art Blends

NewBlue Art Effects

NewBlue Film Effects for Vegas

NewBlue Motion Blends

NewBlue Motion Effects

Nexon Game Manager

OGPlanet Game Launcher

Pando Media Booster

PowerDVD DX

Project64 1.6

puush

QuickTime

Realtek High Definition Audio Driver

ROBLOX Player

Roxio Burn

Roxio Update Manager

Rumble Fighter

S4 League_EU

Scan to PDF

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Skype™ 6.1

Snap.Do

StepMania 3.9a (remove only)

StepMania v5.0 beta 1a (remove only)

Super Smash Flash EXE Version 1.0

swMSM

System Requirements Lab CYRI

TeamViewer 8

TERA

The Sims™ 3

Topaz Clean 3

Topaz Clean 3 (64-bit)

Transformice

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VC80CRTRedist - 8.0.50727.6195

Vegas Pro 9.0

Ventrilo Client

VLC media player 2.0.5

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Movie Maker 2.6

WinRAR archiver

World of Warcraft

ZoomEx

.

==== Event Viewer Messages From Past Week ========

.

3/1/2013 8:26:11 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/1/2013 8:25:37 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).

3/1/2013 8:25:27 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

3/1/2013 8:25:02 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

3/1/2013 3:26:39 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Virtual Disk service, but this action failed with the following error: An instance of the service is already running.

3/1/2013 3:25:39 PM, Error: Service Control Manager [7031] - The Virtual Disk service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/27/2013 6:58:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).

2/27/2013 6:42:09 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error: An instance of the service is already running.

2/27/2013 6:40:48 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Audio Endpoint Builder service, but this action failed with the following error: An instance of the service is already running.

2/27/2013 6:40:48 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: An instance of the service is already running.

2/27/2013 6:40:48 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the HomeGroup Listener service, but this action failed with the following error: An instance of the service is already running.

2/27/2013 6:40:18 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Bing Bar 7.0 (KB2626807).

2/27/2013 6:40:09 AM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/27/2013 6:39:48 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/27/2013 6:39:48 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/27/2013 6:39:48 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/27/2013 6:39:48 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/27/2013 6:39:48 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/27/2013 6:39:48 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

2/27/2013 6:39:48 AM, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/27/2013 6:39:48 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/27/2013 6:39:48 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/27/2013 6:39:42 AM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/27/2013 6:39:42 AM, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/27/2013 6:39:42 AM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

2/27/2013 6:39:42 AM, Error: Service Control Manager [7031] - The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/27/2013 6:39:42 AM, Error: Service Control Manager [7031] - The HomeGroup Provider service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/27/2013 6:39:42 AM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/27/2013 3:37:45 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

2/27/2013 3:17:15 PM, Error: Service Control Manager [7023] -

2/27/2013 3:15:54 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom

2/27/2013 3:15:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService service to connect.

2/27/2013 3:15:46 PM, Error: Service Control Manager [7000] - The lxduCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/27/2013 3:13:34 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070020'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

2/27/2013 3:13:33 PM, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: The process cannot access the file because it is being used by another process.

2/27/2013 3:13:33 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The process cannot access the file because it is being used by another process.

2/27/2013 3:13:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

2/27/2013 3:13:17 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/26/2013 9:05:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

2/26/2013 9:05:10 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

2/26/2013 9:05:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

2/26/2013 9:05:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

2/26/2013 9:05:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2/26/2013 9:04:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

2/26/2013 9:04:25 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

2/26/2013 9:04:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BdSpy cdrom discache NovaShieldFilterDriver NovaShieldTDIDriver spldr Wanarpv6

2/26/2013 9:03:15 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.

2/26/2013 10:47:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

2/26/2013 10:47:59 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/23/2013 8:27:31 AM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

2/23/2013 8:24:07 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BsBhvScan service.

.

==== End Of File ===========================

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop. (please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

<+>

Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>

Please stick with me until I give you the "all clear".

<+>The removal of malware isn't instantaneous, please be patient.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[dordorkins]

Thanks! Glad to be here.

Weird, it shows nothing as been found. o.o?

I think it's cause I did the whole process few weeks ago.. lol

BUt anyway, here's the RogueKiller Log.

__________________________________________

RogueKiller V8.5.2 _x64_ [Feb 23 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : DorothyN [Admin rights]

Mode : Scan -- Date : 03/03/2013 07:45:59

| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤

[Microsoft][HJNAME] notepad.exe -- C:\Windows\System32\notepad.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD642JJ ATA Device +++++

--- User ---

[MBR] b6a50cad35c21f5d88752030e4c2267a

[bSP] 2f8722f9a86f009208ae8241a82a3fe9 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 595439 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[3]_S_03032013_02d0745.txt >>

RKreport[1]_S_03022013_02d0956.txt ; RKreport[2]_D_03022013_02d1012.txt ; RKreport[3]_S_03032013_02d0745.txt

[MrCharlie]

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Here's a video that explains how to run it if needed:

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
• Put a checkmark beside loaded modules.
  
  
• A reboot will be needed to apply the changes. Do it.
  
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  
• Then click on Change parameters in TDSSKiller.
  
• Check all boxes then click OK.
  
  
• Click the Start Scan button.
  
  
• The scan should take no longer than 2 minutes.
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
  If in doubt about an entry....please ask or choose Skip
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  
• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  
• Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.
  

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

New window that comes up.

MrC

[dordorkins]

Here are my TDSSKIller logs.

There are 3.

________________________

TDSSKiller.2.8.7.0_03.03.2013_13.35.08_log.txt

TDSSKiller.2.8.16.0_03.03.2013_13.38.20_log.txt

TDSSKiller.2.8.16.0_03.03.2013_13.41.42_log.txt

[MrCharlie]

Those logs don't look right, please do this:

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

Download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
  
• Open the folder where the contents were unzipped and run mbar.exe
  
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  
• Wait while the system shuts down and the cleanup process is performed.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
  

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

MrC

[dordorkins]

got an odd error..

not sure if i should hit hit yes or no?

here's the picture link

http://puu.sh/2byjv

Registry value "AppInit_Dlls" has been found, which may be caused by rootkit activity.

Note: Press "No"button if you're not sure. If the tool crahses or terminates unexpectedly during a system scan, restart the tool

and press "Yes" should this message appear again.

Do you want to remove this value and restsart the tool?

[MrCharlie]

Choose NO and see what happens...MrC

[dordorkins]

It crashed... re-running it again.

Or should I just stop it and delete that file ?

[MrCharlie]

Run it again and choose YES this time.

MrC

[dordorkins]

Okay, so I removed it the first time with clean up

But when I rebooted my computer.. I got this "debug.log" that popped up..

[1109/162528:WARNING:backend_impl.cc(1609)] Messed up entry found.

[1109/162528:WARNING:backend_impl.cc(1895)] Destroying invalid entry.

Then two MORE errors..??

RunDLL pop up:

There was a problem starting

C:\Users\DorothyN\AppData\Roaming\mcpcwi.dll

The specified module could not be found

MagicISO Virtual CD/DVD Manager pop up:

Error reading TrayIcon1 -> Visible: Cannon Create System Shell Notification Icon

Do I need to worry about these or just close?

[MrCharlie]

This one don't worry about, we can fix that.

RunDLL pop up:

There was a problem starting

C:\Users\DorothyN\AppData\Roaming\mcpcwi.dll

The specified module could not be found

If you reboot the computer will you still get the other two??

MrC

[dordorkins]

Not sure yet.

I'm re-running Malware Bytes Anti Rootkit thing for the second time to make sure it's gone.

I got a keylogger and a trojan, that's what it detected, the first time I ran it.

HKLM\SOFTWARE\Refog Software (Refog.Keylogger)

HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|rlapli (Trojan.RedirRdll2.Gen)

HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN| dbshvi (Trojan.RedirRdll2.Gen)

http://puu.sh/2bLES

^ Screenshot if you want to see.

[dordorkins]

Mbar logs

mbar-log-2013-03-03 (19-23-07).txt

mbar-log-2013-03-03 (23-11-30).txt

[MrCharlie]

Those are just registry enteries.

Just make sure these have been deleted:

C:\Users\DorothyN\AppData\Roaming\rlapli.dll

C:\Users\DorothyN\AppData\Roaming\dbshvi.dll

C:\Users\DorothyN\AppData\Roaming\mcpcwi.dll

You may have to enable hidden files to see them:

http://www.howtogeek...-windows-vista/

----------------------------------------

Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[dordorkins]

Here's the ComboFix log!

I got another error, by the way

It was this error.

Screenshot below.

http://puu.sh/2caOx

log.txt

[dordorkins]

Sigh.

Since I uninstalled my old virus scanner because of combo fix, I installed Microsoft Security Esstentials.

Shows I have ALOT of viruses..

http://puu.sh/2csQG

^ Screenshot once again.

Shall I hit remove or no?

[MrCharlie]

Yes you can have MSE delete them.

----------------------------------------

Using ComboFix......

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

Driver::

bdbipogf

hbilvndk

wkvwxvsg

File::

c:\windows\system32\drivers\bdbipogf.sys

c:\windows\system32\drivers\hbilvndk.sys

c:\windows\system32\drivers\wkvwxvsg.sys

ClearJavaCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

[dordorkins]

When I ran combo fix, it rebooted my PC automatically

then I got

[1109/162528:WARNING:backend_impl.cc(1609)] Messed up entry found.

[1109/162528:WARNING:backend_impl.cc(1895)] Destroying invalid entry.

AND

http://puu.sh/2cJwq

error

________

also I attached my log

________

combofixlog.txt

[MrCharlie]

Delete this file from the Startup folder:

c:\users\DorothyN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

debug.log

Then.................

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

[dordorkins]

Posts!

Extras.Txt

OTL.Txt

[MrCharlie]

Please do this:

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in bold:

:OTL

O2 - BHO: (no name) - {2804caed-1d99-4a3d-833c-c552f986b75c} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [mcpcwi] "C:\Windows\System32\rundll32.exe" "C:\Users\DorothyN\AppData\Roaming\mcpcwi.dll",GetItem File not found

O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found

O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\DorothyN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found

O4 - Startup: C:\Users\lolz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found

O4 - Startup: C:\Users\swagger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found

O9:64bit: - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll File not found

O13 - gopher Prefix: missing

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

[2012/01/11 11:08:15 | 000,010,850 | -HS- | C] () -- C:\Users\DorothyN\AppData\Local\mjy5fp0hswmdq07d48byp32

[2012/01/11 11:08:15 | 000,010,850 | -HS- | C] () -- C:\ProgramData\mjy5fp0hswmdq07d48byp32

[2012/01/06 16:50:28 | 000,009,638 | -HS- | C] () -- C:\Users\DorothyN\AppData\Local\76gblq31c635un4qi8hli75p5j5p64385spx6007w5jf46

[2012/01/06 16:50:28 | 000,009,638 | -HS- | C] () -- C:\ProgramData\76gblq31c635un4qi8hli75p5j5p64385spx6007w5jf46

[2011/12/24 19:04:40 | 000,005,712 | -HS- | C] () -- C:\Users\DorothyN\AppData\Local\uqhlveiq6t1v

[2011/12/24 19:04:40 | 000,005,712 | -HS- | C] () -- C:\ProgramData\uqhlveiq6t1v

[2011/11/30 10:35:37 | 000,010,204 | -HS- | C] () -- C:\Users\DorothyN\AppData\Local\j8iq06v0km8uox

[2011/11/30 10:35:37 | 000,010,204 | -HS- | C] () -- C:\ProgramData\j8iq06v0km8uox

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:AF2F4B57

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

:Commands

[EMPTYJAVA]

[emptytemp]

[EMPTYFLASH]

[*]Then click the Run Fix button at the top

[*]Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"

[*]Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

[dordorkins]

here are my logs

Extras.Txt

OTL.Txt

[dordorkins]

Sorry! Wrong post. I thought my original message didn't go through because I was on page 1!

03052013_200550.log

[MrCharlie]

How's the computer running now???

----------------------------------

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
   
2. Now click on the Search tab.
   
3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

MrC