FBI MONEYPAK VIRUS

ANGELIC_MIRACLE · August 29, 2013

I recently aquired the FBI moneypak virus and I used a video on youtube to get rid of it. I don't have the screen popping up saying my computer is locked anymore but that doesn't mean the virus is completely gone, how can I be positive that the virus won't comeback and that I got rid of it completely?

MrCharlie · August 29, 2013

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

ANGELIC_MIRACLE · August 30, 2013

DDS.txt :

.

=============== Created Last 30 ================

.

2013-08-29 22:25:52 699536 ----a-w- C:\Program Files (x86)\4aUninstall Astrology.dll

2013-08-29 22:25:52 172448 ----a-w- C:\Program Files (x86)\4ares.dll

2013-08-29 06:07:01 -------- d-----w- C:\FRST

2013-08-29 00:39:16 201216 ----a-w- C:\ProgramData\qfpgsrv.exe

2013-08-28 22:12:39 -------- d-----w- C:\ProgramData\sipi

2013-08-21 06:07:24 -------- d-----w- C:\Users\Laura\AppData\Local\ElevatedDiagnostics

2013-08-19 10:40:11 -------- d-----w- C:\Users\Laura\AppData\Roaming\PowerISO

2013-08-19 09:18:48 -------- d-----w- C:\Users\Laura\AppData\Local\ATI

2013-08-19 08:12:05 -------- d-----w- C:\Users\Laura\AppData\Local\Performersoft

2013-08-19 08:11:45 -------- d-----w- C:\ProgramData\IBUpdaterService

2013-08-19 07:54:43 -------- d-----w- C:\Users\Laura\AppData\Local\TopArcadeHits

2013-08-19 07:49:30 -------- d-----w- C:\Users\Laura\AppData\Roaming\Systweak

2013-08-19 07:49:06 -------- d-----w- C:\Users\Laura\AppData\Roaming\DSite

2013-08-16 01:52:08 -------- d-----w- C:\Program Files (x86)\VideoLAN

2013-08-16 01:50:53 -------- d-----w- C:\ProgramData\Tarma Installer

2013-08-16 00:05:35 -------- d-----w- C:\Users\Laura\AppData\Roaming\Nico Mak Computing

2013-08-16 00:05:19 20312 ----a-w- C:\Windows\System32\roboot64.exe

2013-08-16 00:04:41 -------- d-----w- C:\Program Files (x86)\WinZip Registry Optimizer

2013-08-14 02:42:09 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-08-14 02:42:09 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-08-14 02:42:06 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll

2013-08-14 02:42:05 356864 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll

2013-08-14 02:42:03 236032 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll

2013-08-14 02:42:02 218112 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll

2013-08-14 02:42:01 279040 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll

2013-08-14 02:42:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-08-14 02:25:21 -------- d-----w- C:\Windows\System32\MRT

2013-08-14 01:00:38 1472512 ----a-w- C:\Windows\System32\crypt32.dll

2013-08-14 01:00:37 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-08-14 01:00:34 224256 ----a-w- C:\Windows\System32\wintrust.dll

2013-08-14 01:00:33 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll

2013-08-14 01:00:30 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-08-14 01:00:29 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-08-14 01:00:28 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-08-14 01:00:28 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-08-14 00:59:52 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-08-14 00:59:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-08-14 00:59:37 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-08-14 00:59:35 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-08-14 00:59:29 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll

2013-08-14 00:59:26 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll

2013-07-31 20:32:58 0 ----a-w- C:\Windows\SysWow64\sho83BA.tmp

.

==================== Find3M ====================

.

2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll

2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll

2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-07-01 16:49:06 325920 ----a-w- C:\Windows\SysWow64\Sendori.dll

2013-06-29 22:48:54 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-06-29 22:48:53 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-06-29 22:48:53 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys

2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll

2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

.

============= FINISH: 18:59:48.83 ===============

attach.txt :

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 12/1/2011 4:53:22 PM

System Uptime: 8/29/2013 5:31:16 PM (1 hours ago)

.

Motherboard: eMachines | | HM50-BZ

Processor: AMD E-300 APU with Radeon HD Graphics | Socket FT1 | 1300/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 283 GiB total, 232.572 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Ethernet Controller

Device ID: PCI\VEN_1969&DEV_1083&SUBSYS_05201025&REV_C0\4&1F5B09F0&0&00AA

Manufacturer:

Name: Ethernet Controller

PNP Device ID: PCI\VEN_1969&DEV_1083&SUBSYS_05201025&REV_C0\4&1F5B09F0&0&00AA

Service:

.

==== System Restore Points ===================

.

RP106: 8/1/2013 8:08:53 AM - Scheduled Checkpoint

RP107: 8/11/2013 12:14:37 AM - Scheduled Checkpoint

RP108: 8/13/2013 9:22:23 PM - Windows Update

RP109: 8/19/2013 8:54:09 PM - Windows Update

RP110: 8/20/2013 8:13:49 AM - Installed DAEMON Tools

RP111: 8/20/2013 8:23:46 AM - Installed DAEMON Tools

RP112: 8/29/2013 5:15:31 PM - Removed Adobe Reader X (10.1.7) MUI.

RP113: 8/29/2013 5:26:37 PM - Removed Atheros Communications Inc.® AR81Family Gigabit/Fast E™=ÿ

RP114: 8/29/2013 5:28:34 PM - Removed Skype™ 6.7

RP115: 8/29/2013 6:41:56 PM - Removed Adobe Reader X (10.1.7) MUI.

.

==== Installed Programs ======================

.

Agatha Christie - Death on the Nile

AMD APP SDK Runtime

AMD VISION Engine Control Center

ATI Catalyst Install Manager

Bejeweled 2 Deluxe

Build-a-lot 4 - Power Source

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Chronicles of Albian

Chuzzle Deluxe

Cisco Connect

Conexant HD Audio

Cradle of Rome 2

D3DX10

DefaultTab

DomaIQ

Dora's World Adventure

eBay Worldwide

eMachines Games

eMachines Power Management

eMachines Recovery Management

eMachines Registration

eMachines ScreenSaver

eMachines Updater

ETDWare PS/2-X64 8.0.6.0_WHQL

Facebook Video Calling 1.2.0.287

FATE: The Cursed King

Final Drive: Nitro

FlashPlayer

Galerie de photos Windows Live

Google Chrome

Google Update Helper

Governor of Poker 2 Premium Edition

Identity Card

InternetHelper3 Firefox Toolbar

Java 7 Update 25

Java Auto Updater

Jewel Match 3

Junk Mail filter update

Launch Manager

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery of Mortlake Mansion

NTI Media Maker 9

Pando Media Booster

Penguins!

Plants vs. Zombies - Game of the Year

Polar Bowler

Polar Golfer

PricePeep for Internet Explorer

RadioHoops Toolbar

Realtek USB 2.0 Card Reader

Search Protect by conduit

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Sendori

Skype™ 6.7

Strongvault Online Backup

Supreme Savings

swMSM

TelevisionFanatic Toolbar

Times Reader

Torchlight

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2836939)

Update Installer for WildTangent Games App

Video Web Camera

VIPRE Internet Security

Virtual Villagers 5 - New Believers

Visual Studio 2008 x64 Redistributables

Welcome Center

WildTangent Games App (eMachines Games)

Windows Live

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zuma's Revenge

.

==== Event Viewer Messages From Past Week ========

.

8/29/2013 5:41:40 PM, Error: Service Control Manager [7034] - The TelevisionFanaticService service terminated unexpectedly. It has done this 1 time(s).

8/29/2013 5:41:34 PM, Error: Service Control Manager [7034] - The Search Protect by Conduit Updater service terminated unexpectedly. It has done this 1 time(s).

8/29/2013 4:58:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

8/29/2013 4:58:12 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

8/29/2013 4:56:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service sndappv2 with arguments "-Service" in order to run the server: {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

8/29/2013 4:48:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

8/29/2013 4:48:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/29/2013 4:48:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

8/29/2013 4:48:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

8/29/2013 4:48:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/29/2013 4:48:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

8/29/2013 4:47:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SbFw SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl

8/29/2013 4:47:10 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

8/29/2013 4:47:03 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/29/2013 4:47:03 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/29/2013 4:47:03 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

8/29/2013 4:47:03 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/29/2013 4:47:03 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/29/2013 4:47:03 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

8/29/2013 4:47:03 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/29/2013 4:47:03 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/29/2013 4:47:03 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

8/29/2013 4:47:03 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/29/2013 4:47:03 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/29/2013 4:47:03 PM, Error: Service Control Manager [7001] - The Conexant Audio Message Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.

8/29/2013 3:50:14 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21

8/29/2013 3:49:53 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Responder service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.

8/29/2013 3:49:53 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.

8/29/2013 12:17:43 AM, Error: Service Control Manager [7038] - The PNRPsvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

8/29/2013 12:17:43 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: The service did not start due to a logon failure.

8/29/2013 12:17:43 AM, Error: Service Control Manager [7000] - The Peer Name Resolution Protocol service failed to start due to the following error: The service did not start due to a logon failure.

8/29/2013 12:15:30 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

8/29/2013 12:15:12 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SCDEmu spldr Wanarpv6

8/29/2013 12:14:04 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243

8/29/2013 12:11:39 AM, Error: Service Control Manager [7034] - The sndappv2 service terminated unexpectedly. It has done this 1 time(s).

8/29/2013 12:11:38 AM, Error: Service Control Manager [7022] - The Service Sendori service hung on starting.

8/28/2013 9:24:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Application Sendori service.

8/28/2013 8:58:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.

8/28/2013 8:56:57 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{8A26AE4B-2908-4865-BD73-04959FB9E6AF} because another computer on the network has the same name. The server could not start.

8/28/2013 8:55:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

8/28/2013 8:45:07 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

8/28/2013 12:48:29 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

8/28/2013 11:11:09 AM, Error: Service Control Manager [7031] - The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/27/2013 12:00:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

.

==== End Of File ===========================

MrCharlie · August 30, 2013

I need to see the complete DDS log and you're missing the log from RogueKiller.

MrC

ANGELIC_MIRACLE · August 30, 2013

I apologize I am using a laptop mouse it didnt allow me to select all I right clicked select all this time here is the dds.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2

Run by Laura at 18:58:36 on 2013-08-29

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2795.1453 [GMT -5:00]

.

AV: GFI Software VIPRE *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: GFI Software VIPRE *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}

FW: GFI Software VIPRE *Enabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\CxAudMsg64.exe

C:\Users\Laura\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe

C:\Program Files (x86)\Launch Manager\LMutilps32.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe

C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe

C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\Sendori\sndappv2.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Sendori\SendoriSvc.exe

C:\Program Files (x86)\Sendori\Sendori.Service.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Sendori\SendoriUp.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe

C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\Mantle.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe

C:\Program Files (x86)\Strongvault Online Backup\BackupAgent.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Sendori\SendoriTray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchIndexer.exe

C:\Users\Laura\Downloads\RogueKillerX64.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: <No Name>: {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll

uURLSearchHooks: RadioHoops Toolbar: {0c3110f6-a2e6-4b6f-9516-6dc345e1f7ef} -

mURLSearchHooks: RadioHoops Toolbar: {0c3110f6-a2e6-4b6f-9516-6dc345e1f7ef} -

mWinlogon: Userinit = userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: RadioHoops Toolbar: {0c3110f6-a2e6-4b6f-9516-6dc345e1f7ef} -

BHO: Supreme Savings: {11111111-1111-1111-1111-110111991162} -

BHO: Drop Pad Web Backup: {25DA541F-6ACF-4052-A8AA-1D58284729C7} -

BHO: Search Assistant BHO: {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Laura\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Toolbar BHO: {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: RadioHoops Toolbar: {0C3110F6-A2E6-4B6F-9516-6DC345E1F7EF} -

TB: TelevisionFanatic: {C98D5B61-B0EA-4D48-9839-1079D352D880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll

TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} -

TB: TelevisionFanatic: {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll

TB: RadioHoops Toolbar: {0c3110f6-a2e6-4b6f-9516-6dc345e1f7ef} -

uRun: [Facebook Update] "C:\Users\Laura\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [backupAgent] C:\Program Files (x86)\Strongvault Online Backup\BackupAgent.exe

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [TelevisionFanatic Search Scope Monitor] "C:\PROGRA~2\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h

mRun: [TelevisionFanatic Browser Plugin Loader] C:\PROGRA~2\TELEVI~2\bar\1.bin\64brmon.exe

mRun: [searchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe

mRun: [sMessaging] C:\Users\Laura\AppData\Local\Strongvault Online Backup\SMessaging.exe

mRun: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"

dRun: [searchProtect] \SearchProtect\bin\cltmng.exe

StartupFolder: C:\Users\Laura\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ZOOSKM~1.LNK - C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

LSP: C:\Windows\System32\Sendori.dll

TCP: NameServer = 24.159.193.40 24.205.224.36 68.190.192.35

TCP: Interfaces\{8A26AE4B-2908-4865-BD73-04959FB9E6AF} : DHCPNameServer = 24.159.193.40 24.205.224.36 68.190.192.35

TCP: Interfaces\{8A26AE4B-2908-4865-BD73-04959FB9E6AF}\24C65756341647 : DHCPNameServer = 24.159.193.40 24.205.224.36 68.190.192.35

TCP: Interfaces\{8A26AE4B-2908-4865-BD73-04959FB9E6AF}\34963736F60373131363 : DHCPNameServer = 24.159.193.40 24.205.224.36 68.190.192.35

TCP: Interfaces\{8A26AE4B-2908-4865-BD73-04959FB9E6AF}\6457E6029637E6470266275656 : DHCPNameServer = 24.159.193.40 24.205.224.36 68.190.192.35

TCP: Interfaces\{8A26AE4B-2908-4865-BD73-04959FB9E6AF}\7456470297F602F677E60277966696 : DHCPNameServer = 24.159.193.40 24.205.224.36 68.190.192.35

TCP: Interfaces\{8A26AE4B-2908-4865-BD73-04959FB9E6AF}\7656470297F602F677E60277966696 : DHCPNameServer = 24.159.193.40 24.205.224.36 68.190.192.35

TCP: Interfaces\{8A26AE4B-2908-4865-BD73-04959FB9E6AF}\B4F66716C616B6 : DHCPNameServer = 192.168.0.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs= c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe

x64-Run: [Power Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe

x64-Run: [sBRegRebootCleaner] "c:\users\laura\appdata\local\temp\Downloads\CartSdk\sbrc.exe"

x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2013-6-29 258848]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-31 204288]

R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-7-1 119072]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2011-9-29 198784]

R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Laura\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-4-2 107520]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-7-31 353360]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [2011-9-29 872552]

R2 gfi_lanss10_attservice;GFI LanGuard 10 Attendant Service;C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe [2012-10-24 115568]

R2 GREGService;GREGService;C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [2011-1-17 39528]

R2 Live Updater Service;Live Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2011-7-31 244624]

R2 SBAMSvc;VIPRE Internet Security;C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-10-25 3677000]

R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2012-10-24 82872]

R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-10-25 175496]

R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-7-1 22304]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-7-1 3623200]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-7-31 114704]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-7-31 138024]

R3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-6-29 39504]

R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2013-6-29 120608]

R3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2012-10-24 86816]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-9-29 47232]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe --> C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [?]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]

S2 TelevisionFanaticService;TelevisionFanaticService;C:\PROGRA~2\TELEVI~2\bar\1.bin\64barsvc.exe [2012-6-24 42504]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-7-31 246376]

S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2013-6-29 120608]

S3 sbhips;sbhips;C:\Windows\System32\drivers\sbhips.sys [2013-6-29 61216]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-3 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]