HijackThis Log: Please help Diagnose

[Scorpio900]

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 1:51:49 PM, on 5/29/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16450)

Boot mode: Safe mode with network support

Running processes:

C:\PROGRA~2\SAAZOD\zRealTime\SAAZappr.exe

C:\PROGRA~2\SAAZOD\zRealTime\SAAZapsc.exe

C:\PROGRA~2\SAAZOD\zRealTime\rtHlpDk.exe

C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe

C:\PROGRA~2\SAAZOD\zRealTime\rtdrHlpDk.exe

C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe

C:\Users\ETS\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [eCopy Scan Inbox Monitor] "C:\Program Files (x86)\eCopy\PaperWorks\Bin\InboxMonitor.exe" -run

O4 - HKLM\..\Run: [eCopyPWPrntHlpr] "C:\Program Files (x86)\eCopy\PaperWorks\Bin\eCopyPWPrntHlpr.exe"

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

O4 - HKLM\..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user')

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.apple.com/qtactivex/qtplugin.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{8DD159EC-BE03-4D1F-9F58-C71B0941ED72}: NameServer = 66.174.92.14 69.78.96.14

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

O23 - Service: Kodak AiO Status Monitor Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

O23 - Service: Livedrive VSS Service (LivedriveVSSService) - Unknown owner - C:\Program Files (x86)\Livedrive\VSSService.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: Local Print Agent - PrintFleet Inc - C:\Program Files (x86)\Local Print Agent\Local Print Agent.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PTUML290 Connection Manager Service (ptumlcmsvc) - Unknown owner - C:\Windows\system32\ptumlcmsvc64.exe (file missing)

O23 - Service: Qualcomm Gobi Download Service (QDLService) - QUALCOMM, Inc. - C:\QUALCOMM\QDLService\QDLService.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: SAAZ RMM Agent Presence-PR (SAAZappr) - Continuum Managed Services LLC. - C:\PROGRA~2\SAAZOD\zRealTime\SAAZappr.exe

O23 - Service: SAAZ RMM Agent Presence-SC (SAAZapsc) - Continuum Managed Services LLC. - C:\PROGRA~2\SAAZOD\zRealTime\SAAZapsc.exe

O23 - Service: SAAZDPMACTL - Continuum Managed Services LLC. - C:\PROGRA~2\SAAZOD\SAAZDPMACTL.exe

O23 - Service: SAAZScheduler - Continuum Managed Service LLC. - C:\PROGRA~2\SAAZOD\SAAZScheduler.exe

O23 - Service: SAAZServerPlus - Continuum Managed Services LLC. - C:\PROGRA~2\SAAZOD\SAAZServerPlus.exe

O23 - Service: SAAZWatchDog - Continuum Managed Services LLC. - C:\PROGRA~2\SAAZOD\SAAZWatchDog.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: VIPRE Antivirus (SBAMSvc) - GFI Software - C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe

O23 - Service: SB Recovery Service (SBPIMSvc) - GFI Software - C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 15024 bytes

[Maurice Naggar]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

NEXT:

Download Security Check by screen317 from >>here<<.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

By-the-way, we do not use Hijackthis. We ask that you get and run DDS

Also, be very clear and describe to me in detail why you think you have a malware infection, and when it started, and if you have done a scan of your system with your Antivirus.

Edited May 29, 2013 by Maurice Naggar

[Scorpio900]

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.29.07

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

ETS :: BRITTANY-PC [administrator]

Protection: Disabled

5/29/2013 2:34:41 PM

mbam-log-2013-05-29 (14-34-41).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 238353

Time elapsed: 3 minute(s), 22 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[Scorpio900]

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK

Internet Explorer: 9.0.8112.16450

Run by ETS at 14:37:48 on 2013-05-29

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4000.2992 [GMT -7:00]

.

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

C:\PROGRA~2\SAAZOD\zRealTime\SAAZappr.exe

C:\PROGRA~2\SAAZOD\zRealTime\SAAZapsc.exe

C:\PROGRA~2\SAAZOD\zRealTime\rtHlpDk.exe

C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe

C:\PROGRA~2\SAAZOD\zRealTime\rtdrHlpDk.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe

C:\Users\ETS\Downloads\HijackThis.exe

C:\Users\ETS\Downloads\procexp.exe

C:\Users\ETS\AppData\Local\Temp\procexp64.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://asus.msn.com

uDefault_Page_URL = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [eCopy Scan Inbox Monitor] "C:\Program Files (x86)\eCopy\PaperWorks\Bin\InboxMonitor.exe" -run

mRun: [eCopyPWPrntHlpr] "C:\Program Files (x86)\eCopy\PaperWorks\Bin\eCopyPWPrntHlpr.exe"

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"

dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoViewOnDrive = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: DisableLocalMachineRun = dword:0

mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0

mPolicies-Explorer: DisableCurrentUserRun = dword:0

mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:0

mPolicies-Explorer: NoFile = dword:0

mPolicies-Explorer: HideClock = dword:0

mPolicies-Explorer: NoDevMgrUpdate = dword:0

mPolicies-Explorer: NoDFSTab = dword:0

mPolicies-Explorer: NoWindowsUpdate = dword:0

mPolicies-Explorer: NoEncryptOnMove = dword:0

mPolicies-Explorer: NoRunasInstallPrompt = dword:0

mPolicies-Explorer: NoResolveTrack = dword:0

mPolicies-Explorer: NoStartMenuSubFolders = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: NoDispAppearancePage = dword:0

mPolicies-System: NoDispSettingsPage = dword:0

mPolicies-Explorer: NoViewOnDrive = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: DisableLocalMachineRun = dword:0

mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0

mPolicies-Explorer: DisableCurrentUserRun = dword:0

mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:0

mPolicies-Explorer: NoFile = dword:0

mPolicies-Explorer: HideClock = dword:0

mPolicies-Explorer: NoDevMgrUpdate = dword:0

mPolicies-Explorer: NoDFSTab = dword:0

mPolicies-Explorer: NoWindowsUpdate = dword:0

mPolicies-Explorer: NoEncryptOnMove = dword:0

mPolicies-Explorer: NoRunasInstallPrompt = dword:0

mPolicies-Explorer: NoResolveTrack = dword:0

mPolicies-Explorer: NoStartMenuSubFolders = dword:0

mPolicies-System: NoDispAppearancePage = dword:0

mPolicies-System: NoDispSettingsPage = dword:0

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

LSP: mswsock.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab

TCP: NameServer = 8.8.8.8 4.2.2.2

TCP: Interfaces\{3E23B18F-6C4D-496A-9413-2E7ABFDFC7FE} : DHCPNameServer = 8.8.8.8 4.2.2.2

TCP: Interfaces\{3E23B18F-6C4D-496A-9413-2E7ABFDFC7FE}\0596E6B635973616D6F62756 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

TCP: Interfaces\{3E23B18F-6C4D-496A-9413-2E7ABFDFC7FE}\0596E6B635973616D6F62756D27657563747 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

TCP: Interfaces\{3E23B18F-6C4D-496A-9413-2E7ABFDFC7FE}\34963736F63363537373 : DHCPNameServer = 8.8.8.8 4.2.2.2

TCP: Interfaces\{3E23B18F-6C4D-496A-9413-2E7ABFDFC7FE}\77962756C6563737 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{3E23B18F-6C4D-496A-9413-2E7ABFDFC7FE}\D496649643632303C402A45647071636B6025343542302355636572756 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{3E23B18F-6C4D-496A-9413-2E7ABFDFC7FE}\D496649643632303C402A45647071636B6027363032402355636572756 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{8DD159EC-BE03-4D1F-9F58-C71B0941ED72} : NameServer = 66.174.92.14 69.78.96.14

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

IFEO: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect

x64-mStart Page = hxxp://asus.msn.com

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: BrowserHelper Class: {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files (x86)\Livedrive\ExplorerExtensions.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3

x64-Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll

x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll

x64-IFEO: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect

.

============= SERVICES / DRIVERS ===============

.

R2 SAAZappr;SAAZ RMM Agent Presence-PR;C:\PROGRA~2\SAAZOD\zRealTime\SAAZappr.exe [2012-6-26 85296]

R2 SAAZapsc;SAAZ RMM Agent Presence-SC;C:\PROGRA~2\SAAZOD\zRealTime\SAAZapsc.exe [2012-6-26 85296]

R2 SBAMSvc;VIPRE Antivirus;C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-10-29 3677000]

R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-10-29 175496]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-22 130024]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-22 395752]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-8-16 138024]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\rtsuvstor.sys [2011-10-17 311400]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-10-17 471144]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]

S1 CbFs;CbFs;C:\Windows\System32\drivers\cbfs.sys [2012-4-27 191960]

S1 cbfs3;cbfs3;C:\Windows\System32\drivers\cbfs3.sys [2013-5-6 352008]

S2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200]

S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200]

S2 LivedriveVSSService;Livedrive VSS Service;C:\Program Files (x86)\Livedrive\VSSService.exe [2013-5-15 210584]

S2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-7-5 376144]

S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-6-8 16056]

S2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-12-12 72216]

S2 Local Print Agent;Local Print Agent;C:\Program Files (x86)\Local Print Agent\Local Print Agent.exe [2011-4-27 112896]

S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-29 418376]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-29 701512]

S2 ptumlcmsvc;PTUML290 Connection Manager Service;C:\Windows\System32\ptumlcmsvc64.exe [2012-8-23 184320]

S2 QDLService;Qualcomm Gobi Download Service;C:\QUALCOMM\QDLService\QDLService.exe [2009-12-7 345336]

S2 SAAZDPMACTL;SAAZDPMACTL;C:\PROGRA~2\SAAZOD\SAAZDPMACTL.exe [2012-6-26 89392]

S2 SAAZScheduler;SAAZScheduler;C:\PROGRA~2\SAAZOD\SAAZScheduler.exe [2012-12-12 85296]

S2 SAAZServerPlus;SAAZServerPlus;C:\PROGRA~2\SAAZOD\SAAZServerPlus.exe [2012-6-26 85296]

S2 SAAZWatchDog;SAAZWatchDog;C:\PROGRA~2\SAAZOD\SAAZWatchDog.exe [2012-6-26 89392]

S2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2012-10-24 82872]

S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-3-1 161384]

S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-17 2656280]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-20 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2012-12-13 39504]

S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-16 317440]

S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-29 25928]

S3 PTUMLBUS;PTUML USB Composite Device Driver;C:\Windows\System32\drivers\PTUMLBUS.sys [2012-8-23 105632]

S3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;C:\Windows\System32\drivers\PTUMLCVsp.sys [2012-8-23 183456]

S3 PTUMLMBMP;PANTECH UML290 Mobile Broadband;C:\Windows\System32\drivers\PTUMLMBMP.sys [2012-8-23 240416]

S3 PTUMLMdm;PANTECH UML290;C:\Windows\System32\drivers\PTUMLMdm.sys [2012-8-23 183456]

S3 PTUMLNET61;PANTECH UML290 WWAN (NDIS6.1);C:\Windows\System32\drivers\PTUMLNET61.sys [2012-8-23 115488]

S3 PTUMLNVsp;PANTECH UML290 NMEA Port;C:\Windows\System32\drivers\PTUMLNVsp.sys [2012-8-23 184480]

S3 PTUMLRMNET;PANTECH UML290 RMNET Service;C:\Windows\System32\drivers\PTUMLRMNET.sys [2012-8-23 63776]

S3 PTUMLVsp;PANTECH UML290 Diagnostic Port;C:\Windows\System32\drivers\PTUMLVsp.sys [2012-8-23 183456]

S3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2012-10-24 86816]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 TsUsb2;Driver for TellerScan Device;C:\Windows\System32\drivers\TSUSB2.SYS [2012-2-2 53760]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-18 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-18 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-29 1255736]

S4 SAAZRemoteSupport;SAAZRemoteSupport;C:\PROGRA~2\SAAZOD\SAAZRemoteSupport.exe [2012-6-26 81200]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

S4 ZEvtSVC;ZEvtSVC;C:\PROGRA~2\SAAZOD\zSCC\zEvtSVC.exe [2012-6-26 232752]

.

=============== File Associations ===============

.

FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1

FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1

FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2013-05-29 20:31:13 -------- d-----w- C:\TDSSKiller_Quarantine

2013-05-29 19:49:29 -------- d-----w- C:\Users\ETS\AppData\Local\Eastman Kodak Company

2013-05-29 18:21:08 -------- d-----w- C:\Users\ETS\AppData\Roaming\Malwarebytes

2013-05-29 18:21:03 -------- d-----w- C:\ProgramData\Malwarebytes

2013-05-29 18:21:02 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-05-29 18:21:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-29 18:20:48 -------- d-----w- C:\Users\ETS\AppData\Local\Programs

2013-05-29 18:20:29 -------- d-----w- C:\ProgramData\HitmanPro

2013-05-29 18:15:04 -------- d-----w- C:\Users\ETS\AppData\Local\LogMeIn

2013-05-29 16:23:41 -------- d-----w- C:\ProgramData\hmqu

2013-05-16 17:26:25 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin

2013-05-16 17:26:18 -------- d-----w- C:\Program Files (x86)\Livedrive

2013-05-06 15:35:20 190312 ----a-w- C:\Windows\System32\CbFsMntNtf3.dll

2013-05-06 15:35:19 352008 ----a-w- C:\Windows\System32\drivers\cbfs3.sys

2013-05-06 15:35:19 223592 ----a-w- C:\Windows\SysWow64\CbFsNetRdr3.dll

2013-05-06 15:35:19 158056 ----a-w- C:\Windows\SysWow64\CbFsMntNtf3.dll

2013-05-06 15:35:19 141672 ----a-w- C:\Windows\System32\CbFsNetRdr3.dll

.

==================== Find3M ====================

.

2013-05-23 14:48:55 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll

2013-05-23 14:48:53 35656 ----a-w- C:\Windows\System32\LMIport.dll

2013-05-23 14:48:52 100680 ----a-w- C:\Windows\System32\LMIinit.dll

2013-05-13 15:09:14 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-13 15:09:14 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-04-11 18:06:54 39504 ----a-w- C:\Windows\System32\drivers\gfiark.sys

.

============= FINISH: 14:38:48.89 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 12/28/2011 10:01:54 PM

System Uptime: 5/29/2013 1:06:33 PM (1 hours ago)

.

Motherboard: ASUSTeK Computer Inc. | | K84L

Processor: Intel® Core i3-2330M CPU @ 2.20GHz | CPU 1 | 2195/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 198 GiB total, 115.829 GiB free.

D: is FIXED (NTFS) - 243 GiB total, 240.663 GiB free.

E: is CDROM (CDFS)

F: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP118: 2/22/2013 8:37:24 AM - Scheduled Checkpoint

RP119: 3/1/2013 11:34:37 AM - Scheduled Checkpoint

RP120: 3/8/2013 2:26:44 PM - Scheduled Checkpoint

RP121: 3/18/2013 2:35:21 PM - Scheduled Checkpoint

RP122: 5/2/2013 12:29:33 PM - Installed Livedrive

RP123: 5/6/2013 8:33:54 AM - Installed Livedrive

RP124: 5/15/2013 8:38:23 AM - Scheduled Checkpoint

RP125: 5/16/2013 10:23:40 AM - Installed Livedrive

RP126: 5/24/2013 11:26:50 AM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

??????? Windows Live Mesh ActiveX ??(????)

??????? Windows Live Mesh ActiveX ???

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.6)

aioprnt

aioscnnr

Apple Application Support

Apple Software Update

Ask Toolbar

Asmedia ASM104x USB 3.0 Host Controller Driver

ASUS FancyStart

ASUS LifeFrame3

ASUS Live Update

ASUS Power4Gear Hybrid

ASUS Splendid Video Enhancement Technology

ASUS Virtual Camera

ASUS WebStorage

ASUS_Screensaver

AsusVibe2.0

Atheros Driver Installation Program

ATK Package

Avery Template

Bing Bar

C4USelfUpdater

center

Compatibility Pack for the 2007 Office system

Complemento Messenger

Complément Messenger

Contrôle ActiveX Windows Live Mesh pour connexions à distance

Control ActiveX de Windows Live Mesh para conexiones remotas

Controlo ActiveX do Windows Live Mesh para Ligações Remotas

CutePDF Writer 2.8

CyberLink LabelPrint

CyberLink Power2Go

D3DX10

Definition update for Microsoft Office 2010 (KB982726)

eCopy PaperWorks

essentials

ETDWare PS/2-X64 8.0.5.1_WHQL

Galeria de Fotografias do Windows Live

Galerie de photos Windows Live

Galería fotográfica de Windows Live

Google Toolbar for Internet Explorer

Google Update Helper

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

ITSupport247-DPMA

Java Auto Updater

Java 6 Update 39

Junk Mail filter update

Kodak AIO Printer

KODAK AiO Software

Kyocera Product Library

Livedrive

Local Print Agent

LogMeIn

Malwarebytes Anti-Malware version 1.75.0.1300

Mesh Runtime

Messenger ????

Messenger ?????

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft IntelliPoint 8.2

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Excel MUI (English) 2010

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office Home and Business 2010

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2007

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2007

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2007

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (English) 2010

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2007

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Store Download Manager

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft XML Parser

MSVCRT

MSVCRT_amd64

NetCapture Business

Nuance PDF Reader

ocr

PANTECH UML290

PreReq

PrintProjects

Qualcomm Gobi Single Installer Package for ZTE

QuickTime

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Realtek USB 2.0 Reader Driver

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition

Skype Click to Call

Skype™ 6.3

Snapshot Viewer

Sonic Focus

syncables desktop SE

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Verizon Wireless UML290 Firmware Updates

VIPRE Antivirus

VLC media player 2.0.1

VZAccess Manager

Windows Live

Windows Live ???

Windows Live ????

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinFlash

WinRAR 4.01 (64-bit)

Wireless Console 3

.

==== Event Viewer Messages From Past Week ========

.

5/29/2013 12:58:27 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

5/29/2013 12:58:27 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

5/29/2013 11:05:29 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/29/2013 11:05:29 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/29/2013 11:05:29 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

5/29/2013 11:05:17 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the DHCP Client service to connect.

5/29/2013 11:05:17 AM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

5/29/2013 11:05:17 AM, Error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/29/2013 11:05:15 AM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/29/2013 11:05:15 AM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

5/29/2013 11:05:15 AM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/29/2013 11:05:15 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TCP/IP NetBIOS Helper service to connect.

5/29/2013 11:05:15 AM, Error: Service Control Manager [7000] - The TCP/IP NetBIOS Helper service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/29/2013 1:09:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

5/29/2013 1:09:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

5/29/2013 1:09:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/29/2013 1:08:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

5/29/2013 1:07:08 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21

5/29/2013 1:07:02 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATKWMIACPIIO CbFs cbfs3 discache spldr Wanarpv6

5/29/2013 1:07:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service LMIGuardianSvc with arguments "" in order to run the server: {D4258A22-CF85-489D-83AE-49FCD0DFAD29}

5/29/2013 1:06:56 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

5/29/2013 1:06:50 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

5/29/2013 1:06:50 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

5/29/2013 1:00:48 PM, Error: Service Control Manager [7000] - The sbwtis service failed to start due to the following error: There are no more endpoints available from the endpoint mapper.

5/28/2013 7:18:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Local Print Agent service to connect.

5/28/2013 7:18:48 AM, Error: Service Control Manager [7000] - The Local Print Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/24/2013 7:23:20 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.1.58.102 with the system having network hardware address 44-37-E6-5B-E4-DF. Network operations on this system may be disrupted as a result.

.

==== End Of File ===========================

[Maurice Naggar]

Please see this article by Grinler

http://www.bleepingcomputer.com/virus-removal/remove-police-central-e-crime-unit-reveton-ransomware

Go down to the section titled "Automated Removal Instructions for Police Central e-crime Unit Ransomware using the Emsisoft Emergency Kit:"

Do only bullet points 1 thru 12

Then report back with the results.

If you have questions please stop & ask.

Please do not do any other fixes or changes, without checking with me first.

[Maurice Naggar]

Please STOP, look, and heed

You have also post on TSF forum with the same problem, also asking for help

http://www.techsupportforum.com/forums/f50/hijackthis-log-please-help-diagnose-696593.html

Why?

Posting in more than 1 forum is a waste of community resources. I will be reporting this to TSF

Have you posted anywhere else?

[Scorpio900]

Under the users profile the desktop is shown for a second, then goes to white screen. I switched profiles and logged back in as the user, clicked on IE. it opened but went back to white screen.

[Scorpio900]

I have stopped posting elswhere

[Maurice Naggar]

Are you the owner of this computer? or does it belong to someone else?

[Scorpio900]

I'm a service tech doing work for a friend, but have not dealt with viruses in quite some time.

[Maurice Naggar]

You should have stated that early on.

This is not a "virus". This is ransomware.

If you have different user logins open. Logout of all of them and try to restart the system fresh. Ideally we want to login with an administrator rights account.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Disconnect any external storage drives from the computer.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select English as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.

OR If you have the Windows o.s. DVD, then To enter System Recovery Options, by using Windows installation disc:

• Insert the installation disc.
  
• Restart your computer.
  
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  
• Click Repair your computer.
  
• Select English as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    
  • Startup Repair
    
  • System Restore
    
  • Windows Complete PC Restore
    
  • Windows Memory Diagnostic Tool
    
  • Command Prompt

[*]Select Command Prompt

Now, Plug the flashdrive with FRST tool into the PC.

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!