Author Topic: Google re-direct and Security Center disabling malware (Read 15309 times)

Andey · « **on:** July 30, 2011, 12:56:09 PM »

Hi,
I'm having some trouble with some malware (obviously) that appears to have come from a Keygen (I'd like to add that my sister downloaded this to make it clear I understand that pirating software can be dangerous).
According to download history the keygen came from 'multimedia-superbe.net' although I have no intention of going there to find out.
While not appearing to have caused any significant problems, some google links (mostly microsoft related) are redirecting to obvious scam pages and Microsoft Security essentials won't run for more than a few seconds.
The service for MSE appears to be disabled, any attempt at re-enabling the service results in it being automatically disabled shortly after.
Additionally, MSE runs in safe mode, but will not update and showed no scan results.
I have precautionaly un-installed MSE in case it became infected in some way.
I would really appreciate any help or advice on this matter, mostly to ensure I can safely continue working and transferring files to other computers.
Below are the logs requested, as-per the forum read-me, additionally I am currently running a full system scan with ESET Online Scanner.

Malwarebytes 1

Quote

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7323

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

30/07/2011 6:50:09 PM
mbam-log-2011-07-30 (18-50-09).txt

Scan type: Quick scan
Objects scanned: 190162
Time elapsed: 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\8DDYX0ZBPZ (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8DDYX0ZBPZ (Trojan.FakeAlert.SA) -> Value: 8DDYX0ZBPZ -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

Malwarebytes 2

Quote

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7323

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

30/07/2011 8:13:14 PM
mbam-log-2011-07-30 (20-13-14).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 776895
Time elapsed: 1 hour(s), 20 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
e:\Games\red alert 2\ra2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

SUPERAntiSpyware 1

Quote

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/31/2011 at 01:36 AM

Application Version : 4.56.1000

Core Rules Database Version : 7490
Trace Rules Database Version: 5302

Scan type : Complete Scan
Total Scan Time : 00:05:43

Memory items scanned : 746
Memory threats detected : 0
Registry items scanned : 15404
Registry threats detected : 0
File items scanned : 6208
File threats detected : 0

SUPERAntiSpyware 2

Quote

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/31/2011 at 02:45 AM

Application Version : 4.56.1000

Core Rules Database Version : 7490
Trace Rules Database Version: 5302

Scan type : Complete Scan
Total Scan Time : 01:05:49

Memory items scanned : 724
Memory threats detected : 0
Registry items scanned : 15405
Registry threats detected : 0
File items scanned : 65323
File threats detected : 0

HiJackThis

Quote

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:09:26 AM, on 31/07/2011
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
E:\Program Files (x86)\Steam\Steam.exe
C:\Users\Andey\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
C:\Users\Andey\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
C:\Program Files (x86)\Logitech\G35\G35.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
E:\Program Files (x86)\Sound Switch v2.03\sound_switch_v2.03.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
E:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
O4 - HKLM\..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKCU\..\Run: [Steam] "E:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Andey\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [PC Remote Controller] E:\Program Files (x86)\SilicMobile\PC Remote Controller\PC Remote Controller.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SuperAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2192342847-1759636489-2174246189-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2192342847-1759636489-2174246189-1005\..\Run: [DAEMON Tools Lite] "E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2192342847-1759636489-2174246189-1005\..\Run: [PC Remote Controller] E:\Program Files (x86)\SilicMobile\PC Remote Controller\PC Remote Controller.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2192342847-1759636489-2174246189-1005\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Dropbox.lnk = Andey\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - E:\Program Files\SuperAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14907 bytes

Once again, any help is greatly appreciated,
I hear you guys are extremely supportive,
Regards,
Andrew.

SuperDave · « **Reply #1 on:** July 30, 2011, 06:03:00 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
****************************************************

Quote

I have precautionaly un-installed MSE in case it became infected in some way.

Please download and install MSE again. It's too dangerous to run without an AV in place.

P2P - I see you have P2P software installed on your machine (uTorrent). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
***************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.
*****************************************************
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

Andey · « **Reply #2 on:** July 30, 2011, 07:49:38 PM »

Thanks for the reply Dave,
I have started by un-installing uTorrent and re-downloading and installing MSE, however its is still acting the same as it was before.
As I can not start the MSE interface, I can't disable it's 'real time protection' and as such have not run ComboFix due to the warnings given.
I have had no problems running DDS, here are the logs:

DDS

Quote

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Andey at 11:22:08 on 2011-07-31
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.8172.5650 [GMT 10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
E:\Program Files\SuperAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
E:\Program Files (x86)\PCRemote\PCRemote.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
E:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Users\Andey\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
C:\Windows\system32\SearchIndexer.exe
E:\Program Files\SuperAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Andey\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
C:\Program Files (x86)\Logitech\G35\G35.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\splwow64.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\mmc.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Andey\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andey\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andey\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Steam] "E:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Google Update] "C:\Users\Andey\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [PC Remote Controller] E:\Program Files (x86)\SilicMobile\PC Remote Controller\PC Remote Controller.exe
uRun: [ASUS SmartDoctor] C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe /start
uRun: [SUPERAntiSpyware] E:\Program Files\SuperAntiSpyware\SUPERAntiSpyware.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
mRun: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
StartupFolder: C:\Users\Andey\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Andey\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Andey\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 10.1.1.1
TCP: Interfaces\{80B747E0-D8CD-4D5E-BEE6-09A4495D9F27} : DhcpNameServer = 10.1.1.1
TCP: Interfaces\{80B747E0-D8CD-4D5E-BEE6-09A4495D9F27}\C456779637026416D696C6970294E6475627E65647 : DhcpNameServer = 10.1.1.1
TCP: Interfaces\{A5AB6362-AA13-4EBA-A5A4-8C09164FA1B5} : DhcpNameServer = 10.1.1.1
TCP: Interfaces\{A5AB6362-AA13-4EBA-A5A4-8C09164FA1B5}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F52E7B8B-AC68-417E-9066-E78526615B95} : DhcpNameServer = 10.1.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
BHO-X64: SMTTB2009 - No File
TB-X64: HyperCam Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
mRun-x64: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Andey\AppData\Roaming\Mozilla\Firefox\Profiles\chg4ssdr.default\
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Andey\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Users\Andey\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 EIO64;EIO Driver;C:\Windows\system32\DRIVERS\EIO64.sys --> C:\Windows\system32\DRIVERS\EIO64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;E:\Program Files\SuperAntiSpyware\sasdifsv64.sys [2011-7-13 14928]
R1 SASKUTIL;SASKUTIL;E:\Program Files\SuperAntiSpyware\saskutil64.sys [2011-7-13 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;E:\Program Files\SuperAntiSpyware\SASCore64.exe [2011-5-5 128384]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-3 918144]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-2 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-3-27 586880]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-5-25 2275720]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-30 366640]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-4-14 2214504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-4-7 378472]
R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2011-5-14 5716848]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?]
R3 IOMap;IOMap;\??\C:\Windows\system32\drivers\IOMap64.sys --> C:\Windows\system32\drivers\IOMap64.sys [?]
R3 LADF_DHP2;G35 DHP2 Filter Driver;C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys --> C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys [?]
R3 LADF_SBVM;G35 SBVM Filter Driver;C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys --> C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-3-30 1436424]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-07-31 01:18:33   --------   d-----w-   C:\Program Files (x86)\Microsoft Security Client
2011-07-31 01:18:32   --------   d-----w-   C:\Program Files\Microsoft Security Client
2011-07-30 19:16:04   2560616   ----a-w-   C:\Windows\System32\nvsvcr.dll
2011-07-30 17:50:47   --------   d-----w-   C:\Program Files (x86)\ESET
2011-07-30 15:27:07   96768   ----a-w-   C:\Windows\System32\fsutil.exe
2011-07-30 15:27:07   74240   ----a-w-   C:\Windows\SysWow64\fsutil.exe
2011-07-30 15:27:07   410496   ----a-w-   C:\Windows\System32\drivers\iaStorV.sys
2011-07-30 15:27:07   27008   ----a-w-   C:\Windows\System32\drivers\amdxata.sys
2011-07-30 15:27:07   2565632   ----a-w-   C:\Windows\System32\esent.dll
2011-07-30 15:27:07   189824   ----a-w-   C:\Windows\System32\drivers\storport.sys
2011-07-30 15:27:07   1699328   ----a-w-   C:\Windows\SysWow64\esent.dll
2011-07-30 15:27:07   166272   ----a-w-   C:\Windows\System32\drivers\nvstor.sys
2011-07-30 15:27:07   1659776   ----a-w-   C:\Windows\System32\drivers\ntfs.sys
2011-07-30 15:27:07   148352   ----a-w-   C:\Windows\System32\drivers\nvraid.sys
2011-07-30 15:27:07   107904   ----a-w-   C:\Windows\System32\drivers\amdsata.sys
2011-07-30 15:26:00   80384   ----a-w-   C:\Windows\System32\drivers\BTHUSB.SYS
2011-07-30 15:26:00   552960   ----a-w-   C:\Windows\System32\drivers\bthport.sys
2011-07-30 15:25:54   52736   ----a-w-   C:\Windows\System32\drivers\usbehci.sys
2011-07-30 15:25:53   98816   ----a-w-   C:\Windows\System32\drivers\usbccgp.sys
2011-07-30 15:25:53   7936   ----a-w-   C:\Windows\System32\drivers\usbd.sys
2011-07-30 15:25:53   343040   ----a-w-   C:\Windows\System32\drivers\usbhub.sys
2011-07-30 15:25:53   325120   ----a-w-   C:\Windows\System32\drivers\usbport.sys
2011-07-30 15:25:53   30720   ----a-w-   C:\Windows\System32\drivers\usbuhci.sys
2011-07-30 15:25:53   25600   ----a-w-   C:\Windows\System32\drivers\usbohci.sys
2011-07-30 12:22:01   --------   d-----w-   C:\Users\Andey\AppData\Roaming\SUPERAntiSpyware.com
2011-07-30 12:22:01   --------   d-----w-   C:\ProgramData\SUPERAntiSpyware.com
2011-07-30 12:21:56   --------   d-----w-   C:\ProgramData\!SASCORE
2011-07-30 11:54:02   --------   d-----w-   C:\Rooter$
2011-07-30 08:48:00   --------   d-----w-   C:\Users\Andey\AppData\Roaming\Malwarebytes
2011-07-30 08:47:58   41272   ----a-w-   C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-30 08:47:58   --------   d-----w-   C:\ProgramData\Malwarebytes
2011-07-30 08:47:55   25912   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2011-07-30 08:47:55   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-30 07:30:28   --------   d--h--w-   C:\$AVG
2011-07-30 07:09:22   --------   d-----w-   C:\Users\Andey\AppData\Roaming\AVG10
2011-07-30 07:08:59   --------   d--h--w-   C:\ProgramData\Common Files
2011-07-30 07:08:41   --------   d-----w-   C:\Windows\System32\drivers\AVG
2011-07-30 07:08:41   --------   d-----w-   C:\ProgramData\AVG10
2011-07-30 07:08:36   --------   d-----w-   C:\Program Files (x86)\AVG
2011-07-30 06:59:44   --------   d-----w-   C:\ProgramData\MFAData
2011-07-30 03:27:29   --------   d-----w-   C:\Windows\pss
2011-07-30 02:43:02   63488   --sha-r-   C:\Windows\SysWow64\mlangy.dll
2011-07-28 12:24:11   --------   d-----w-   C:\Users\Andey\AppData\Roaming\Processing
2011-07-27 10:51:59   4608   ---ha-w-   C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-22 08:02:03   --------   d-----w-   C:\Program Files\iPod
2011-07-22 08:02:02   --------   d-----w-   C:\Program Files\iTunes
2011-07-22 08:02:02   --------   d-----w-   C:\Program Files (x86)\iTunes
2011-07-22 08:01:38   --------   d-----w-   C:\Program Files\Bonjour
2011-07-22 08:01:38   --------   d-----w-   C:\Program Files (x86)\Bonjour
2011-07-19 10:49:09   --------   d-----w-   C:\Users\Andey\AppData\Local\CrashRpt
2011-07-19 10:49:09   --------   d-----w-   C:\Users\Andey\AppData\Local\Arktos
2011-07-19 08:13:30   404640   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-17 07:13:20   --------   d-----w-   C:\Users\Andey\AppData\Local\Microsoft_Corporation
2011-07-17 07:13:19   --------   d-----w-   C:\Program Files (x86)\Pixel Mine
2011-07-17 07:08:34   --------   d-----w-   C:\Program Files (x86)\Microsoft SQL Server
2011-07-17 07:08:01   --------   d-----w-   C:\Windows\SysWow64\1033
2011-07-17 07:06:09   --------   d-----w-   C:\Program Files (x86)\Common Files\Merge Modules
2011-07-17 07:05:41   --------   d-----w-   C:\Program Files (x86)\Microsoft Web Designer Tools
2011-07-15 07:08:47   --------   d-----w-   C:\Program Files (x86)\Microsoft Works Suite 2005
2011-07-15 05:55:16   --------   d-----w-   C:\Users\Andey\AppData\Local\Microsoft Help
2011-07-12 01:34:00   96104   ----a-w-   C:\Windows\System32\dns-sd.exe
2011-07-12 01:34:00   85864   ----a-w-   C:\Windows\System32\dnssd.dll
2011-07-12 01:34:00   61288   ----a-w-   C:\Windows\System32\jdns_sd.dll
2011-07-12 01:34:00   212840   ----a-w-   C:\Windows\System32\dnssdX.dll
2011-07-12 01:20:54   83816   ----a-w-   C:\Windows\SysWow64\dns-sd.exe
2011-07-12 01:20:54   73064   ----a-w-   C:\Windows\SysWow64\dnssd.dll
2011-07-12 01:20:54   50536   ----a-w-   C:\Windows\SysWow64\jdns_sd.dll
2011-07-12 01:20:54   178536   ----a-w-   C:\Windows\SysWow64\dnssdX.dll
2011-07-10 07:01:09   511328   ----a-w-   C:\Windows\System32\d3dx10_43.dll
2011-07-10 07:01:09   470880   ----a-w-   C:\Windows\SysWow64\d3dx10_43.dll
2011-07-05 16:41:39   --------   d-----w-   C:\Users\Andey\AppData\Local\Aspyr
2011-07-05 04:11:05   --------   d-----w-   C:\Users\Andey\AppData\Local\ArmA 2 OA
2011-07-03 05:23:30   102400   ----a-w-   C:\Windows\SysWow64\tsccvid.dll
.
==================== Find3M ====================
.
2011-07-14 12:24:48   280768   ----a-w-   C:\Windows\SysWow64\PnkBstrB.xtr
2011-07-14 12:24:48   280768   ----a-w-   C:\Windows\SysWow64\PnkBstrB.exe
2011-07-14 12:23:06   215128   ----a-w-   C:\Windows\SysWow64\PnkBstrB.ex0
2011-06-22 08:17:21   419840   ----a-w-   C:\Windows\System32\wrap_oal.dll
2011-06-22 08:17:21   413696   ----a-w-   C:\Windows\SysWow64\wrap_oal.dll
2011-06-22 08:17:21   133632   ----a-w-   C:\Windows\System32\OpenAL32.dll
2011-06-22 08:17:21   110592   ----a-w-   C:\Windows\SysWow64\OpenAL32.dll
2011-06-19 09:09:06   472808   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2011-06-16 03:52:24   16384   ----a-w-   C:\Windows\SysWow64\drivers\EIO64_xp.sys
2011-06-11 03:07:25   3137536   ----a-w-   C:\Windows\System32\win32k.sys
2011-06-05 06:04:52   75136   ----a-w-   C:\Windows\SysWow64\PnkBstrA.exe
2011-06-04 06:02:22   2337865   ----a-w-   C:\Windows\SysWow64\pbsvc.exe
2011-06-03 06:57:45   362496   ----a-w-   C:\Windows\System32\wow64win.dll
2011-06-03 06:57:45   243200   ----a-w-   C:\Windows\System32\wow64.dll
2011-06-03 06:57:45   13312   ----a-w-   C:\Windows\System32\wow64cpu.dll
2011-06-03 06:57:44   214528   ----a-w-   C:\Windows\System32\winsrv.dll
2011-06-03 06:57:38   16384   ----a-w-   C:\Windows\System32\ntvdm64.dll
2011-06-03 06:56:38   421888   ----a-w-   C:\Windows\System32\KernelBase.dll
2011-06-03 06:53:33   338944   ----a-w-   C:\Windows\System32\conhost.exe
2011-06-03 06:00:53   14336   ----a-w-   C:\Windows\SysWow64\ntvdm64.dll
2011-06-03 05:57:52   44032   ----a-w-   C:\Windows\apppatch\acwow64.dll
2011-06-03 05:57:33   25600   ----a-w-   C:\Windows\SysWow64\setup16.exe
2011-06-03 05:56:12   5120   ----a-w-   C:\Windows\SysWow64\wow32.dll
2011-06-03 05:56:11   272384   ----a-w-   C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:53:31   7680   ----a-w-   C:\Windows\SysWow64\instnm.exe
2011-06-03 03:53:31   2048   ----a-w-   C:\Windows\SysWow64\user.exe
2011-06-03 03:48:32   3584   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31   6144   ---ha-w-   C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31   4608   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31   3072   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 12:56:26   71680   ----a-w-   C:\Windows\System32\frapsv64.dll
2011-05-28 12:56:24   65536   ----a-w-   C:\Windows\SysWow64\frapsvid.dll
2011-05-24 11:42:55   404480   ----a-w-   C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05   64512   ----a-w-   C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05   44544   ----a-w-   C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38   145920   ----a-w-   C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54   252928   ----a-w-   C:\Windows\SysWow64\drvinst.exe
2011-05-09 22:06:08   51712   ----a-w-   C:\Windows\System32\drivers\usbaapl64.sys
2011-05-09 22:06:08   4517664   ----a-w-   C:\Windows\System32\usbaaplrc.dll
2011-05-04 05:25:03   2315776   ----a-w-   C:\Windows\System32\tquery.dll
2011-05-04 05:22:25   778752   ----a-w-   C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25   2223616   ----a-w-   C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24   75264   ----a-w-   C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24   491520   ----a-w-   C:\Windows\System32\mssph.dll
2011-05-04 05:22:24   288256   ----a-w-   C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28   591872   ----a-w-   C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28   249856   ----a-w-   C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28   113664   ----a-w-   C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43   1549312   ----a-w-   C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02   666624   ----a-w-   C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01   337408   ----a-w-   C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01   197120   ----a-w-   C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01   1401344   ----a-w-   C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00   59392   ----a-w-   C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31   86528   ----a-w-   C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31   427520   ----a-w-   C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31   164352   ----a-w-   C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-03 05:29:29   976896   ----a-w-   C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02   741376   ----a-w-   C:\Windows\SysWow64\inetcomm.dll
.
============= FINISH: 11:22:18.65 ===============

Attach

Quote

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 26/03/2011 4:43:19 PM
System Uptime: 31/07/2011 11:07:54 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P8P67 EVO
Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz | LGA1155 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 107 GiB total, 39.789 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 293.9 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {5458011f-08d4-4605-93a2-f03e61bedba3}
Description: Enhanced Display Driver Helper Service
Device ID: ROOT\ASUSOTHERDEVICES\0000
Manufacturer: ASUSTeK
Name: Enhanced Display Driver Helper Service
PNP Device ID: ROOT\ASUSOTHERDEVICES\0000
Service: asuskbnt
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
Adobe After Effects CS5.5
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Design Premium
Adobe Download Assistant
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Story
AI Suite II
Amnesia: The Dark Descent
Apple Application Support
Apple Software Update
ARMA 2
ARMA 2: British Armed Forces
ARMA 2: British Armed Forces - Data cache removal
ARMA 2: Operation Arrowhead
ARMA 2: Private Military Company
ARMA 2: Private Military Company - Data cache removal
Assassin's Creed II
ASUS E-Green Uninstall
ASUS nVidia Driver
ASUS Smart Doctor
Audiosurf
Autodesk Backburner 2011.0.0
Batman: Arkham Asylum GOTY Edition
Battlefield: Bad Company™ 2
BattlEye for OA Uninstall
CamStudio OSS Desktop Recorder
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 4.0
Canon My Printer
Canon Solution Menu EX
Company of Heroes
Company of Heroes: Opposing Fronts
Company of Heroes: Tales of Valor
Counter-Strike: Source
Crysis Warhead
Crysis Wars
D3DX10
DAEMON Tools Lite
Deus Ex: Game of the Year Edition
Dropbox
E-Hammer
ESET Online Scanner v3
Far Cry
Far Cry 2
FileZilla Client 3.5.0
Fraps
GameSpy Comrade
Google Chrome
GPL Ghostscript Lite 8.70
HijackThis 2.0.2
Homeworld2
Hotfix for Microsoft Visual Studio 2008 Remote Debugger SP1 - ENU (KB944899)
Hotfix for Microsoft Visual Studio 2008 Remote Debugger SP1 - ENU (KB946344)
HyperCam 2
HyperCam Toolbar
Intel(R) Management Engine Components
Intel® Watchdog Timer Driver (Intel® WDT)
Java Auto Updater
Java(TM) 6 Update 26
JMicron JMB36X Driver
Junk Mail filter update
Just Great Software EditPad Pro 6 DEMO 6.7.0
Left 4 Dead 2
LogMeIn Hamachi
Malwarebytes' Anti-Malware version 1.51.1.1800
marvell 91xx console driver
Mass Effect
Mass Effect 2
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Management Objects
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2008 Remote Debugger SP1 - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 5.0 (x86 en-GB)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Movie ThemePack Basic
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
nFringe 1.1 (1.1.34.193)
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
OpenOffice.org 3.3
PDF Settings CS5
Portal 2
Prism Video File Converter
Project Reality
PunkBuster Services
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Sanctum
Section 8: Prejudice
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shutdown Timer 1.1
Spiral Knights
SQL Server System CLR Types
Star Wars Galactic Battlegrounds: Saga
Star Wars: The Force Unleashed
Steam
Switch Sound File Converter
System Requirements Lab
Thief: Deadly Shadows
Tom Clancy's Ghost Recon: Advanced Warfighter
Ubisoft Game Launcher
Unity
Unity Web Player
Unreal Development Kit
Unreal Tournament 3: Black Edition
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Utility
Visual Studio 2008 x64 Redistributables
VTFEdit 1.2.5
War Inc. Battlezone
WavePad Sound Editor
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Works Upgrade
Worms Reloaded
XviD MPEG-4 Video Codec
.
==== Event Viewer Messages From Past Week ========
.
31/07/2011 5:21:01 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
31/07/2011 12:59:35 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.109.724.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.7104.0    Error code: 0x8007043c    Error description: This service cannot be started in Safe Mode
31/07/2011 12:58:24 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.109.724.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.7104.0    Error code: 0x8007043c    Error description: This service cannot be started in Safe Mode
31/07/2011 12:55:00 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.109.724.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.7104.0    Error code: 0x8007043c    Error description: This service cannot be started in Safe Mode
31/07/2011 12:54:54 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.109.724.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.7104.0    Error code: 0x8007043c    Error description: This service cannot be started in Safe Mode
31/07/2011 12:54:35 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.109.724.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.7104.0    Error code: 0x8007043c    Error description: This service cannot be started in Safe Mode
31/07/2011 12:27:03 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 0.0.0.0    Update Source: Microsoft Malware Protection Center    Update Stage: Download    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiVirus    Update Type: Full    User: Andeys_Machine\Andey    Current Engine Version:     Previous Engine Version: 0.0.0.0    Error code: 0x80072ee2    Error description: The operation timed out
31/07/2011 12:27:03 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 0.0.0.0    Update Source: Microsoft Malware Protection Center    Update Stage: Download    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiVirus    Update Type: Full    User: Andeys_Machine\Andey    Current Engine Version:     Previous Engine Version: 0.0.0.0    Error code: 0x80072ee2    Error description: The operation timed out
31/07/2011 12:27:03 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 0.0.0.0    Update Source: Microsoft Malware Protection Center    Update Stage: Download    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiSpyware    Update Type: Full    User: Andeys_Machine\Andey    Current Engine Version:     Previous Engine Version: 0.0.0.0    Error code: 0x80072ee2    Error description: The operation timed out
31/07/2011 12:27:03 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 0.0.0.0    Update Source: Microsoft Malware Protection Center    Update Stage: Download    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiSpyware    Update Type: Full    User: Andeys_Machine\Andey    Current Engine Version:     Previous Engine Version: 0.0.0.0    Error code: 0x80072ee2    Error description: The operation timed out
31/07/2011 12:26:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
31/07/2011 12:24:17 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 0.0.0.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 0.0.0.0    Error code: 0x8007043c    Error description: This service cannot be started in Safe Mode
31/07/2011 12:23:24 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 0.0.0.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 0.0.0.0    Error code: 0x8007043c    Error description: This service cannot be started in Safe Mode
31/07/2011 1:35:33 AM, Error: Service Control Manager [7034] - The ASUS HM Com Service service terminated unexpectedly. It has done this 1 time(s).
31/07/2011 1:35:27 AM, Error: Service Control Manager [7034] - The ASUS Com Service service terminated unexpectedly. It has done this 1 time(s).
31/07/2011 1:34:23 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
31/07/2011 1:34:23 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
31/07/2011 1:19:49 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
31/07/2011 1:19:49 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.109.724.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.7104.0    Error code: 0x8007043c    Error description: This service cannot be started in Safe Mode
31/07/2011 1:19:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
31/07/2011 1:19:36 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
31/07/2011 1:19:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
31/07/2011 1:19:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
31/07/2011 1:19:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
31/07/2011 1:19:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
31/07/2011 1:00:32 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO AsUpIO discache MpFilter SASDIFSV SASKUTIL spldr Wanarpv6
30/07/2011 9:48:28 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
30/07/2011 1:28:55 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
30/07/2011 1:28:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
30/07/2011 1:28:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
30/07/2011 1:28:37 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AsUpIO CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
30/07/2011 1:28:37 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
30/07/2011 1:28:37 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
30/07/2011 1:28:37 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
30/07/2011 1:28:37 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
30/07/2011 1:28:37 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
30/07/2011 1:28:37 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
30/07/2011 1:28:37 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
30/07/2011 1:28:37 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
30/07/2011 1:28:37 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
30/07/2011 1:28:37 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
24/07/2011 2:50:29 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ANDREW-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4563BB48-7D07-4C21-97F6-DDC794A8DE87}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================

SuperDave · « **Reply #3 on:** July 31, 2011, 01:49:28 PM »

1. Download this diagnostics tool MGADiag.ext and save this to your Desktop.
2. Double-click on MGADiag.exe and click Continue
3. When the program has finished, click on Copy
4. Post the results in your next reply.
******************************************************

Quote

As I can not start the MSE interface, I can't disable it's 'real time protection' and as such have not run ComboFix due to the warnings given.

What happens when you try to open MSE?

Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL

BHO-X64:     Canon Easy-WebPrint EX BHO - No File
BHO-X64:     IESpeakDoc - No File
BHO-X64:     SMTTB2009 - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
********************************************************
Please run ComboFix even if you can't disable MSE and post the log.

Andey · « **Reply #4 on:** July 31, 2011, 03:23:50 PM »

MSE Problem
Whenever I try to start MSE, the interface opens, then closes immediately.
All the interface elements show up as red which seems to imply they have been disabled.
After trying to open MSE, Action Center tells me that the real time protection is turned off.
Any attempt to turn on the protection tells me the service can't be run, any attempt to enable the service results in it becoming disabled shortly after.[/quote]
The reason I added that bit in quotes is because as I was writing it, I ran MSE to check the error reports and it worked!
It seems ComboFix (at least, among other things) has fixed the MSE issue, MSE is updating now.
I can't thank you enough for the help in this matter, however I'm going to remain on the cautious side of things for a few days.
Your continued advice is always appreciated, below are the various logs.

OTL
All processes killed
========== OTL ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Andey
->Temp folder emptied: 84740161 bytes
->Temporary Internet Files folder emptied: 1039079 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 60584675 bytes
->Google Chrome cache emptied: 1937620 bytes
->Flash cache emptied: 1012 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 57944 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 13229 bytes

Total Files Cleaned = 142.00 mb

OTL by OldTimer - Version 3.2.26.1 log created on 08012011_064909

Files\Folders moved on Reboot...
C:\Users\Andey\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

MGADiag

QUOTE
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-XMWW8
Windows Product Key Hash: IgQQt/zx/fI2+pWLg8pOBCYneWA=
Windows Product ID: 55041-092-0219592-86080
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {3E211007-CA99-4232-87CD-656CFABEECB7}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.110408-1631
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_
025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-
765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_70AFE6BE-656-80070057_E2AD56EA-815-80070057

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: {3E211007-CA99-4232-87CD-656CFABEECB7}
1.9.0027.06.1.7601.2.00010100.1.0.048x6 4*****-
*****-*****-*****-BBBBB55041-092-0219592-860806S-1-5-
21-2192342847-1759636489-2174246189System manufacturer<
Model>System Product NameAmerican Megatrends Inc.130520110211000000.000000+000D9663D07018400FE0C09UserLCID>0409AUS Eastern Standard Time(GMT+10:00)03
100100Microsoft Office Home and Student 200712A27F00A03822DB4J5D0NGtp6sMCZqk7Iu 9ogm5pJ5c=81602-OEM-
6873022-486864

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, VOLUME_MAK channel
Activation ID: 9abf5984-9c16-46f2-ad1e-7fe15931a8dd
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 55041-00172-092-021959-03-3081-7600.0000-0892011
Installation ID: 021432526001643875756586908970123045213 285012730371796
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: XMWW8
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 1/08/2011 6:53:21 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 6:26:2011 12:51
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: PgAAAAIAAgABAAEAAgACAAAABgABAAEAln1C0Qz 7dxZ86RpdGA/2RqyLDqfMRbFsoLWiZs76rCs2qJpbLnM=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ALASKA A M I
FACP ALASKA A M I
HPET ALASKA A M I
MCFG ALASKA A M I
SSDT AMICPU PROC

ComboFix

Quote

ComboFix 11-07-31.04 - Andey 01/08/2011 6:57.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.8172.5971 [GMT 10:00]
Running from: c:\users\Andey\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
e:\program files (x86)\Steam\Steam.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-31 )))))))))))))))))))))))))))))))
.
.
2011-07-31 20:59 . 2011-07-31 20:59 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-07-31 20:59 . 2011-07-31 20:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-31 20:53 . 2011-07-31 20:53 -------- d-----w- C:\MGADiagToolOutput
2011-07-31 20:53 . 2011-07-31 20:53 -------- d-----w- c:\programdata\Office Genuine Advantage
2011-07-31 20:49 . 2011-07-31 20:49 -------- d-----w- C:\_OTL
2011-07-31 01:18 . 2011-07-31 01:18 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-07-31 01:18 . 2011-07-31 01:18 -------- d-----w- c:\program files\Microsoft Security Client
2011-07-30 19:16 . 2011-05-20 20:01 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-07-30 18:08 . 2011-07-30 18:08 -------- d-----w- c:\users\Guest
2011-07-30 17:50 . 2011-07-30 17:50 -------- d-----w- c:\program files (x86)\ESET
2011-07-30 15:27 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2011-07-30 15:27 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-07-30 15:27 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-07-30 15:27 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-07-30 15:27 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-07-30 15:27 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-07-30 15:27 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-07-30 15:27 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2011-07-30 15:27 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-07-30 15:27 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2011-07-30 15:27 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-07-30 15:26 . 2011-04-28 03:55 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-30 15:26 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-30 15:25 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-07-30 15:25 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-07-30 15:25 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-07-30 15:25 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-07-30 15:25 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-07-30 15:25 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-07-30 15:25 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-07-30 12:22 . 2011-07-30 12:22 -------- d-----w- c:\users\Andey\AppData\Roaming\SUPERAntiSpyware.com
2011-07-30 12:22 . 2011-07-30 12:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-30 12:21 . 2011-07-30 12:21 -------- d-----w- c:\programdata\!SASCORE
2011-07-30 11:54 . 2011-07-30 11:54 -------- d-----w- C:\Rooter$
2011-07-30 08:48 . 2011-07-30 08:48 -------- d-----w- c:\users\Andey\AppData\Roaming\Malwarebytes
2011-07-30 08:47 . 2011-07-30 08:47 -------- d-----w- c:\programdata\Malwarebytes
2011-07-30 08:47 . 2011-07-06 09:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-30 08:47 . 2011-07-30 08:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-30 08:47 . 2011-07-06 09:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-30 07:30 . 2011-07-30 07:30 -------- d-----w- C:\$AVG
2011-07-30 07:09 . 2011-07-30 07:09 -------- d-----w- c:\users\Andey\AppData\Roaming\AVG10
2011-07-30 07:08 . 2011-07-30 07:08 -------- d--h--w- c:\programdata\Common Files
2011-07-30 07:08 . 2011-07-30 10:17 -------- d-----w- c:\programdata\AVG10
2011-07-30 07:08 . 2011-07-30 08:30 -------- d-----w- c:\windows\system32\drivers\AVG
2011-07-30 07:08 . 2011-07-30 07:08 -------- d-----w- c:\program files (x86)\AVG
2011-07-30 06:59 . 2011-07-30 08:31 -------- d-----w- c:\programdata\MFAData
2011-07-30 02:43 . 2011-07-30 02:43 63488 --sha-r- c:\windows\SysWow64\mlangy.dll
2011-07-28 12:24 . 2011-07-28 12:24 -------- d-----w- c:\users\Andey\AppData\Roaming\Processing
2011-07-27 10:51 . 2011-06-03 06:44 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-22 08:02 . 2011-07-22 08:02 -------- d-----w- c:\program files\iPod
2011-07-22 08:02 . 2011-07-22 08:02 -------- d-----w- c:\program files\iTunes
2011-07-22 08:02 . 2011-07-22 08:02 -------- d-----w- c:\program files (x86)\iTunes
2011-07-22 08:01 . 2011-07-22 08:01 -------- d-----w- c:\program files\Bonjour
2011-07-22 08:01 . 2011-07-22 08:01 -------- d-----w- c:\program files (x86)\Bonjour
2011-07-19 10:49 . 2011-07-19 10:49 -------- d-----w- c:\users\Andey\AppData\Local\CrashRpt
2011-07-19 10:49 . 2011-07-19 10:49 -------- d-----w- c:\users\Andey\AppData\Local\Arktos
2011-07-19 08:13 . 2011-07-19 08:13 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-17 07:13 . 2011-07-17 07:13 -------- d-----w- c:\users\Andey\AppData\Local\Microsoft_Corporation
2011-07-17 07:13 . 2011-07-17 07:13 -------- d-----w- c:\program files (x86)\Pixel Mine
2011-07-17 07:08 . 2011-07-17 07:08 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2011-07-17 07:08 . 2011-07-17 07:08 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2011-07-17 07:08 . 2011-07-17 07:08 -------- d-----w- c:\windows\SysWow64\1033
2011-07-17 07:06 . 2011-07-17 07:06 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2011-07-17 07:06 . 2011-07-17 07:13 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2011-07-17 07:06 . 2011-07-17 07:06 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2011-07-17 07:05 . 2011-07-17 07:05 -------- d-----w- c:\program files (x86)\Microsoft Web Designer Tools
2011-07-15 07:08 . 2011-07-15 07:08 -------- d-----w- c:\program files (x86)\Microsoft Works Suite 2005
2011-07-15 05:56 . 2011-07-27 11:13 -------- d-----w- c:\program files (x86)\Microsoft Works
2011-07-15 05:55 . 2011-07-15 05:55 -------- d-----w- c:\users\Andey\AppData\Local\Microsoft Help
2011-07-15 05:55 . 2011-07-30 15:34 -------- d-----w- c:\programdata\Microsoft Help
2011-07-15 05:54 . 2011-07-15 05:54 -------- d-----r- C:\MSOCache
2011-07-12 01:34 . 2011-07-12 01:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 01:34 . 2011-07-12 01:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 01:34 . 2011-07-12 01:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 01:34 . 2011-07-12 01:34 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-12 01:20 . 2011-07-12 01:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 01:20 . 2011-07-12 01:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-12 01:20 . 2011-07-12 01:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-07-12 01:20 . 2011-07-12 01:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-07-10 07:01 . 2010-05-26 01:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-07-10 07:01 . 2010-05-26 01:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2011-07-08 12:57 . 2011-07-08 12:57 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-07-05 16:41 . 2011-07-05 16:41 -------- d-----w- c:\users\Andey\AppData\Local\Aspyr
2011-07-05 04:11 . 2011-07-05 04:11 -------- d-----w- c:\users\Andey\AppData\Local\ArmA 2 OA
2011-07-03 05:23 . 2005-06-14 17:00 102400 ----a-w- c:\windows\SysWow64\tsccvid.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-14 12:24 . 2011-03-29 07:32 280768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-07-14 12:24 . 2011-03-26 23:40 280768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-07-14 12:23 . 2011-03-26 23:40 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-06-22 08:17 . 2011-06-20 08:13 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2011-06-22 08:17 . 2011-06-20 08:13 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-06-22 08:17 . 2011-06-20 08:13 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2011-06-22 08:17 . 2011-06-20 08:13 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-06-19 09:09 . 2011-03-30 12:03 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-06-16 03:52 . 2011-06-16 03:52 16384 ----a-w- c:\windows\SysWow64\drivers\EIO64_xp.sys
2011-06-05 06:04 . 2011-03-26 23:40 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-06-04 06:02 . 2011-04-03 02:20 2337865 ----a-w- c:\windows\SysWow64\pbsvc.exe
2011-06-03 05:57 . 2011-07-27 10:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 12:56 . 2011-05-28 12:56 71680 ----a-w- c:\windows\system32\frapsv64.dll
2011-05-28 12:56 . 2011-05-28 12:56 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2011-05-20 20:01 . 2011-05-20 20:01 8863336 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-05-20 20:01 . 2011-05-20 20:01 7123560 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-20 20:01 . 2011-05-20 20:01 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-20 20:01 . 2011-05-20 20:01 6555240 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-05-20 20:01 . 2011-05-20 20:01 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-05-20 20:01 . 2011-05-20 20:01 5301352 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-05-20 20:01 . 2011-05-20 20:01 2943592 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-20 20:01 . 2011-05-20 20:01 2804328 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-05-20 20:01 . 2011-05-20 20:01 22286952 ----a-w- c:\windows\system32\nvoglv64.dll
2011-05-20 20:01 . 2011-05-20 20:01 2212968 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-20 20:01 . 2011-05-20 20:01 2082408 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-05-20 20:01 . 2011-05-20 20:01 18583144 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-20 20:01 . 2011-05-20 20:01 16456296 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-05-20 20:01 . 2011-05-20 20:01 15223912 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-05-20 20:01 . 2011-05-20 20:01 1496168 ----a-w- c:\windows\system32\nvdispco6420150.dll
2011-05-20 20:01 . 2011-05-20 20:01 1427048 ----a-w- c:\windows\system32\nvgenco642090.dll
2011-05-20 20:01 . 2011-05-20 20:01 13206120 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-20 20:01 . 2011-05-20 20:01 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-05-20 20:01 . 2011-05-20 20:01 11992680 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-05-20 20:01 . 2011-04-14 09:37 2644584 ----a-w- c:\windows\system32\nvapi64.dll
2011-05-20 20:01 . 2011-04-07 13:19 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-20 20:01 . 2011-04-07 13:19 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-05-20 20:01 . 2011-04-07 13:19 1016936 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-20 20:01 . 2011-04-07 13:19 6300776 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-20 20:01 . 2011-04-07 13:19 3040872 ----a-w- c:\windows\system32\nvsvc64.dll
2011-05-20 20:01 . 2011-03-25 16:35 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-05-20 20:01 . 2011-02-22 22:28 2335848 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-05-09 22:06 . 2011-05-09 22:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-05-09 22:06 . 2011-05-09 22:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-03 05:29 . 2011-06-19 02:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:30 . 2011-06-19 02:29 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Andey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Andey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Andey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="e:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"ASUS SmartDoctor"="c:\program files (x86)\ASUS\SmartDoctor\SmartDoctor.exe" [2002-01-05 1310720]
"SUPERAntiSpyware"="e:\program files\SuperAntiSpyware\SUPERAntiSpyware.exe" [2011-07-27 2988928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-09-28 252544]
"Logitech G35"="c:\program files (x86)\Logitech\G35\G35.exe" [2010-10-04 1811800]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
.
c:\users\Andey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Andey\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-26 24176560]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ASNDIS4;ASNDIS4 Protocol Driver;c:\windows\system32\ASNDIS4.SYS

R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-30 1436424]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys

R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys

S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys

S1 SASDIFSV;SASDIFSV;e:\program files\SuperAntiSpyware\SASDIFSV64.SYS [2011-07-12 14928]
S1 SASKUTIL;SASKUTIL;e:\program files\SuperAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S2 !SASCORE;SAS Core Service;e:\program files\SuperAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-20 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-11-15 5716848]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys

S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys

S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys

S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys

S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys

S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys

S4 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys

.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2192342847-1759636489-2174246189-1000Core.job
- c:\users\Andey\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-23 01:57]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2192342847-1759636489-2174246189-1000UA.job
- c:\users\Andey\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-23 01:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Andey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Andey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Andey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Andey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
"PcRemote"="e:\program files (x86)\PCRemote\PCRemote.exe" [2011-04-24 3480576]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Andey\AppData\Roaming\Mozilla\Firefox\Profiles\chg4ssdr.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Steam - e:\program files (x86)\Steam\steam.exe
Wow6432Node-HKCU-Run-PC Remote Controller - e:\program files (x86)\SilicMobile\PC Remote Controller\PC Remote Controller.exe
HKLM-Run-GamerOSD - c:\program files (x86)\ASUS\GamerOSD\GamerOSD.exe
AddRemove-BattlEye for OA - e:\program files (x86)\steam\steamapps\common\arma 2 operation arrowheadExpansion\BattlEye\UnInstallBE.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Steam App 107900 - e:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 12900 - e:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 13210 - e:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 13260 - e:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 13520 - e:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 13640 - e:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 17330 - e:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 17340 - e:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 17460 - e:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 19900 - e:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 20540 - e:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 240 - e:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 24980 - e:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 32430 - e:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 33230 - e:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 33910 - e:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 33930 - e:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 35140 - e:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 4560 - e:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 550 - e:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 57300 - e:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 620 - e:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 65700 - e:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 65720 - e:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 6910 - e:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 6980 - e:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 91600 - e:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 9340 - e:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 97100 - e:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 99900 - e:\program files (x86)\Steam\steam.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2192342847-1759636489-2174246189-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2192342847-1759636489-2174246189-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2192342847-1759636489-2174246189-1000\Software\SecuROM\License information*]
"datasecu"=hex:98,d6,93,2f,90,4a,e3,3a,85,7a,40,40,2f,8c,7b,fb,d4,33,35,c2,4d,
42,5b,dd,61,c1,29,fd,40,c8,d9,87,be,26,b1,20,69,7a,2a,18,3f,b5,85,63,9e,4f,\
"rkeysecu"=hex:36,3e,2f,6e,ee,68,fb,6c,0b,07,7a,20,a2,6f,fc,a6
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-01 07:01:01
ComboFix-quarantined-files.txt 2011-07-31 21:01
.
Pre-Run: 42,688,180,224 bytes free
Post-Run: 42,297,233,408 bytes free
.
- - End Of File - - 7A72DE538AE430D077AB4C892C552DCB

SuperDave · « **Reply #5 on:** July 31, 2011, 05:24:51 PM »

Do you have your OS disk with the activation codes?

Please download the Sophos Anti-Rootkit Scanner and save it to your desktop.

You will need to enter your name, e-mail address and location in order to access the download page.

Once you have downloaded the file, double click the sarsfx icon
Review the licence agreement and click on the Accept button
The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button
Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
Allow the program to scan your computer - please be patient as it may take some time
Once the scan has completed a window will pop-up with the results of the scan - click OK to this
In the main window, you will see each of the entries found by the scan (if any)

If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you

If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
To clean up these entries click on the Clean up checked items button
If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
When you have re-booted,and tell me how your computer is running now

Andey · « **Reply #6 on:** August 01, 2011, 04:36:14 PM »

Yes, I still have OS disk and codes.
A few things about about Sophos Anti-Rootkit Scannner:
The website also requires your phone number,
The exe was named sar_15_sfx,
The application asked to install to Program Files (x86) by default, that's where I installed it,
The application did not allow me to choose whether or not to scan running processes (however I think it may have been selected automatically),
The Anti-Rootkit is still scanning at the moment, I'll post results in a few hours.
Thanks again,
Andrew

Andey · « **Reply #7 on:** August 01, 2011, 05:09:11 PM »

66 Items found, none recommended for clean-up.
Most were Steam or other game related files.

SuperDave · « **Reply #8 on:** August 02, 2011, 04:47:38 PM »

What's the status of your computer now?
Could you please post the log from Sophos?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Andey · « **Reply #9 on:** August 02, 2011, 05:28:20 PM »

Everything appears to be running smoothly on my end,
MSE is working and I haven't had any re-directs, those were the major symptoms.
I couldn't find any logs from Sophos so I'm running the scan again.
Here are the ESET results:

ESET

Quote

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=703a07781002614abf28ff088a5e97f3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-07-30 08:17:09
# local_time=2011-07-31 06:17:09 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 8209210 63682086 0 0
# compatibility_mode=8192 67108863 100 0 3989 3989 0 0
# scanned=591547
# found=0
# cleaned=0
# scan_time=8414

SuperDave · « **Reply #10 on:** August 02, 2011, 07:26:11 PM »

ESET looks good. I would like to see the log from Sophos.

Andey · « **Reply #11 on:** August 03, 2011, 05:11:48 AM »

ahah!
Managed to find it under %TEMP%\sarscan.log

Sophos Anti-RootKit Scanner

Quote

Sophos Anti-Rootkit Version 1.5.20 (c) 2009 Sophos Plc
Started logging on 2/08/2011 at 7:39:53 AM
User "Andey" on computer "ANDEYS_MACHINE"
Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
Info:   Starting registry scan.
Info:   Starting disk scan of C: (NTFS).
Hidden:   file C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\data\4\osis\6\osi.exe
Hidden:   file C:\Program Files\Logitech\GamePanel Software\G-series Software\GPFlash\G19_Training.exe
Hidden:   file C:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\Plug-ins\File Formats\Dicom.8BI
Hidden:   file C:\Windows\SysWOW64\pbsvc.exe
Hidden:   file C:\Program Files\Adobe\Adobe Media Encoder CS5.5\MediaIO\codecs\de_DE\SurCode.vca
Hidden:   file C:\Program Files\Adobe\Adobe Media Encoder CS5.5\MediaIO\codecs\en_US\SurCode.vca
Hidden:   file C:\Program Files\Adobe\Adobe Media Encoder CS5.5\MediaIO\codecs\es_ES\SurCode.vca
Hidden:   file C:\Program Files\Adobe\Adobe Media Encoder CS5.5\MediaIO\codecs\fr_FR\SurCode.vca
Hidden:   file C:\Program Files\Adobe\Adobe Media Encoder CS5.5\MediaIO\codecs\it_IT\SurCode.vca
Hidden:   file C:\Program Files\Adobe\Adobe Media Encoder CS5.5\MediaIO\codecs\ja_JP\SurCode.vca
Hidden:   file C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\data\4\osis\7\osi.exe
Info:   Starting disk scan of E: (NTFS).
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\battlefield 2\PunkBuster\pbsvc.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\grand theft auto iv\Installers\vcredist_x86.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\monday night combat\Binaries\Win32\support\vc80redist_x86.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\saints row 2\SR2_pc.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\star wars empire at war\corruption\swfoc.exe
Hidden:   file E:\Games\Hero Fighter\HFT.exe
Hidden:   file E:\Games\Bioshock 2\Bioshock2-KaOs\Extras\vcredist_x86.exe
Hidden:   file E:\Games\Borderlands\Binaries\DLCSetup\DLCSetup.exe
Hidden:   file E:\Games\IJI\iji.exe
Hidden:   file E:\Games\Hero Fighter\HF.exe
Hidden:   file E:\Program Files\WinRAR\WinCon64.SFX
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\batman arkham asylum goty\redist\vcredist_x86.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\battlefield 2\mods\pr\readme\extras\pbsetup\pbsvc.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\star wars the force unleashed\SWTFU.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\star wars the force unleashed\Support\CRT\vcredist_x86.exe
Hidden:   file E:\Documents\Archived Files 2010\TAK_archive_10_12_10\2009_10_10_Stalker_Complete_2009_v1.4.4_Setup.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\mass effect\VC80_Redist\vcredist_x86.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\crysis warhead\installers\Pb\pbsvc.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\mass effect 2\Binaries\MassEffect2.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\assassin's creed 2\redist\VCRedist\vcredist_x86.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\crysis wars\installers\Pb\pbsvc.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\dead space\Dead Space.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\dead space\testapp.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\dead space\installers\VCRedistributable\vcredist_x86_en.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\frontlines fuel of war\Binaries\FFOW.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\frontlines fuel of war\PB\pbsvc_new_5-9-08.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\frontlines fuel of war\VCRedist\vcredist.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\red faction guerrilla\rfg.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\red faction guerrilla\VCRedist\vcredist_x86.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\arma 2\DirectX\dsetup32.dll
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\batman arkham asylum goty\Binaries\BmStartApp.exe
Hidden:   file E:\Downloads\OOo_3.3.0_Win_x86_install-wJRE_en-GB.exe
Hidden:   file E:\Downloads\setpoint620_x64.exe
Hidden:   file E:\Downloads\UnitySetup-3.3.0.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\assassin's creed 2\AssassinsCreedIIGame.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\tom clancy's splinter cell conviction\redist\vcsp1\vcredist_x86-sp1.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\rainbow six vegas 2\PB\pbsvc.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\rainbow six vegas 2\VCRedist\vcredist_x86.exe
Hidden:   file E:\Program Files (x86)\Fraps\fraps.exe
Hidden:   file E:\Downloads\Adobe After Effects CS5.5\Adobe After Effects CS5.5\payloads\AdobeStory1.0-mul\AdobeAIRInstaller.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\unreal tournament 3\VCRedist\vcredist.exe
Hidden:   file E:\Games\Worms Reloaded\WormsReloaded.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\far cry 2\installers\DotNetRedist\NetFx64.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\farcry\vcredist\vcredist_x86.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\far cry 2\installers\VCRedist\vcredist_x86.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\company of heroes\tovredist\vcredist\vcredist_x86.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\company of heroes\validators\gloc\gloc.dll
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\company of heroes\validators\dnrc\dnrc.dll
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\company of heroes\validators\toge\toge.dll
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\company of heroes\validators\mrty\mrty.dll
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\company of heroes\validators\tmgt\tmgt.dll
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\company of heroes\VCRedist\vcredist_x86.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\company of heroes\validators\togt\togt.dll
Stopped logging on 2/08/2011 at 9:05:08 AM

Sophos Anti-Rootkit Version 1.5.20 (c) 2009 Sophos Plc
Started logging on 3/08/2011 at 9:23:03 AM
User "Andey" on computer "ANDEYS_MACHINE"
Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
Info:   Starting registry scan.
Hidden:   registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DhcpNameServer
Info:   Starting disk scan of C: (NTFS).
Hidden:   file C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\data\4\osis\6\osi.exe
Hidden:   file C:\Program Files\Logitech\GamePanel Software\G-series Software\GPFlash\G13_Training.exe
Hidden:   file C:\Program Files\Logitech\GamePanel Software\G-series Software\GPFlash\G19_Training.exe
Hidden:   file C:\Program Files (x86)\Unity\Editor\Unity.exe
Hidden:   file C:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\Plug-ins\File Formats\Dicom.8BI
Hidden:   file C:\Windows\SoftwareDistribution\Download\6e8866d5ec8d6cd28ce260010e321d3c6c93d229
Hidden:   file C:\Windows\SysWOW64\pbsvc.exe
Hidden:   file C:\Program Files\Adobe\Adobe Media Encoder CS5.5\MediaIO\codecs\de_DE\SurCode.vca
Hidden:   file C:\Program Files\Adobe\Adobe Media Encoder CS5.5\MediaIO\codecs\en_US\SurCode.vca
Hidden:   file C:\Program Files\Adobe\Adobe Media Encoder CS5.5\MediaIO\codecs\es_ES\SurCode.vca
Hidden:   file C:\Program Files\Adobe\Adobe Media Encoder CS5.5\MediaIO\codecs\fr_FR\SurCode.vca
Hidden:   file C:\Program Files\Adobe\Adobe Media Encoder CS5.5\MediaIO\codecs\it_IT\SurCode.vca
Hidden:   file C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\Template\BG_Icon_F08_H.bmp
Hidden:   file C:\Program Files\Adobe\Adobe Media Encoder CS5.5\MediaIO\codecs\ja_JP\SurCode.vca
Hidden:   file C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\data\4\osis\7\osi.exe
Info:   Starting disk scan of E: (NTFS).
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\battlefield 2\PunkBuster\pbsvc.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\grand theft auto iv\Installers\vcredist_x86.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\monday night combat\Binaries\Win32\support\vc80redist_x86.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\saints row 2\SR2_pc.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\star wars empire at war\corruption\swfoc.exe
Hidden:   file E:\Games\Hero Fighter\HFT.exe
Hidden:   file E:\Games\Bioshock 2\Bioshock2-KaOs\Extras\vcredist_x86.exe
Hidden:   file E:\Games\Borderlands\Binaries\DLCSetup\DLCSetup.exe
Hidden:   file E:\Games\IJI\iji.exe
Hidden:   file E:\Games\Hero Fighter\HF.exe
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\-7wY0gGEzHMo8r07nvH7Lq2W1BsJ7-ffNCBi-OjIP3Q
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\3BCnWDa252IGVYBG2vwPFVIY8lGB2Bo6cHScmpFBYak
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\51e4dIl2GsC-DEE-JZAiEdtqOPsSJxuXnAO826noZhU
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\5Qw5nWnJAfbNATX4d0HyD-4Bs9xenWDeyUZJFzK7Wj0
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\5rLu55A83x5yFVAD1kFr1nd0oAeVescPoqmPKfLI1LM
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\-2-VdQb5Tp2L-zRY1R0mIBFHGTHyaD31Si5cShFsoTE
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\6om_oVafzbz4JsdwC063gl54O-8QwWh_bIDpfRKOC_I
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\7GbZBpoLdioZ4x4JBq9Wh_pWJM64qf1cWp8uUJ6lBk8
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\7QgmbkxYIaDsHdNtUTifAOsmTNTtJA7nONlUDUIV8Sw
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\9vs8d18zb8gE7a-mpME0pAo-HWE11NSOb6T6RUlAN44
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\CVkc8eMgvj-viP6ExD_MLrRalOfzHVhXGmsceopfeQc
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\CcfcR9OkuhqG2y-XhObrk48WRwjQFO01x5XB_zhowp4
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\E-zO6t-c0AOG-1lx-eUr-nXnZrzq299_t_LwochAEh4
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\EdRnX8sIiAvOTo5whZ5K89_7Ee16zfGUoudSjvwzb2c
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\FTx8nmiy8L1h3FqxqYM7Zpiw_XZFKzYPvfmb-8W__W8
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\GS2WOwrdPEdf86zFTVYEsD7wGH0VFvRrai_dKHi_eR0
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\Hvv7xIskZVLtvBXQA6-llQ8NNczWXFYUSCTrQ6zRCYw
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\MAeDH-JFkMtFae6f04JNwWGD8xyV9MCT10Bdo4gZd3k
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\Q5E3wGLT8az_qzgOvLZmbiis7hkyg--PYgRRmbeyJWs
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\QNEjI7a1NBIYuTgD8JVKGFEHDZ40dntkLiD08k3196E
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\RTNqcmCe8en1YgVfgMiE53BuQcAqOXPdVCvL-rftzY0
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\SfnVkg9zAbOjiJ6hYO_agQCo1iihlSQkE3n_3mevMTg
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\SxOhOIqDN7YQH5Np2KdKrePj2uT_ml1yBEu-ef41aMU
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\_NojnvQ8hm9E_AdEpFE6PkI4-yvjaqXthCjHdQUKVfs
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\cmVaoYjIeB9tzN0yOmiFP8JyFBYVH5eW2ZJqSMUqw6E
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\e6jDt-ptE1BVNjzbAbF0f5DsHQ5cqX-75oFYyKyT6Is
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\exhsYz4IcHagF5tkdFW-GGG9WHspqn22pBDtvriFjyk
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\g5p4XsCdyM-u9UtsmrfiwpunJs0U16BjXVndv5MhAhQ
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\h_XShERvDO3Ewgxe8Uo23cotk_3tUcgsv6MEWhHguiI
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\jQ_YnRUFvz-LbMvKYwJrcrfLXUqQZgb1Gk8OZWGAsBw
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\ksJpC4FbIBvQN1MjA1Q1E4MIRPLFIvT6DR8X3Hu9-g4
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\mhSSdRZgOc1g9yXwn1_gzRVPnb-Hn771-zSht5sMPB8
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\oZ8jf0hDMTiqfA1w26BroaSlrDD_32w14ovSonBYykk
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\ofP_ScjvGJauXsK0gV6Kt-FKI-Obpsvu-JWQ4aKREGQ
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\sS6h3ckGdIWVCbgYALSOtHf6USfiqzm9Xgbf9iNtT_k
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\sl7MjgDwBYz52cmL6fcCA_riNgGJy9Up5-BidNbidgE
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\u16rveqUoKZAU6Urd7BEybIutdJob0bPfm8zOJYSUMk
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\uTgZaol9RIbdZjsiLZEudb6K-bM1ZlYNJCdbSWA375g
Hidden:   file E:\Documents\Dropbox\.dropbox.cache\uzpCcBgBmcr_sO7u_Q8ERJEE7IzA4sO7dhEkstg3ww0
Hidden:   file E:\Program Files\WinRAR\WinCon64.SFX
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\batman arkham asylum goty\redist\vcredist_x86.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\battlefield 2\mods\pr\readme\extras\pbsetup\pbsvc.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\star wars the force unleashed\SWTFU.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\star wars the force unleashed\Support\CRT\vcredist_x86.exe
Hidden:   file E:\Downloads\jxpiinstall.exe
Hidden:   file E:\Downloads\RemoteMouse.exe
Hidden:   file E:\Documents\Archived Files 2010\TAK_archive_10_12_10\2009_10_10_Stalker_Complete_2009_v1.4.4_Setup.exe
Hidden:   file E:\Documents\Archived Files 2010\TAK_archive_10_12_10\iTunesSetup.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\mass effect\VC80_Redist\vcredist_x86.exe
Hidden:   file E:\Downloads\Dropbox 1.1.31.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\crysis warhead\installers\Pb\pbsvc.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\mass effect 2\Binaries\MassEffect2.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\assassin's creed 2\redist\VCRedist\vcredist_x86.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\crysis wars\installers\Pb\pbsvc.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\dead space\Dead Space.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\dead space\testapp.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\dead space\installers\VCRedistributable\vcredist_x86_en.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\frontlines fuel of war\Binaries\FFOW.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\frontlines fuel of war\Binaries\FFOW_NAT_IP.bat
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\frontlines fuel of war\PB\pbsvc_new_5-9-08.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\frontlines fuel of war\VCRedist\vcredist.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\red faction guerrilla\VCRedist\vcredist_x86.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\batman arkham asylum goty\Binaries\BmStartApp.exe
Hidden:   file E:\Downloads\OOo_3.3.0_Win_x86_install-wJRE_en-GB.exe
Hidden:   file E:\Downloads\UnitySetup-3.3.0.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\assassin's creed 2\AssassinsCreedIIGame.exe
Hidden:   file E:\Downloads\CamStudio_Setup_v2.6b_r294_(build_24Oct2010).exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\tom clancy's splinter cell conviction\redist\vcsp1\vcredist_x86-sp1.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\rainbow six vegas 2\PB\pbsvc.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\rainbow six vegas 2\VCRedist\vcredist_x86.exe
Hidden:   file E:\Program Files (x86)\Fraps\fraps.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\unreal tournament 3\VCRedist\vcredist.exe
Hidden:   file E:\Games\Worms Reloaded\WormsReloaded.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\far cry 2\installers\DotNetRedist\NetFx64.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\farcry\vcredist\vcredist_x86.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\far cry 2\installers\VCRedist\vcredist_x86.exe
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\company of heroes\validators\mrty\mrty.dll
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\company of heroes\validators\tmgt\tmgt.dll
Hidden:   file E:\Program Files (x86)\Steam\steamapps\common\company of heroes\VCRedist\vcredist_x86.exe
Stopped logging on 3/08/2011 at 10:23:36 AM

SuperDave · « **Reply #12 on:** August 03, 2011, 04:32:43 PM »

Ok. I'm satisfied. We can do some cleanup.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
**************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
***************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
***************************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Andey · « **Reply #13 on:** August 04, 2011, 09:26:45 AM »

Alright, everything is cleaned up and running as smoothly as ever.
I've installed most of the software you recommended as well.
I suppose the unfortunate circumstances of this forum is that if everything is running well, I wont be back.
Regardless, thank you for all the invaluable help,
there is no way I could have got my computer back in business anywhere near this quickly without it.

SuperDave · « **Reply #14 on:** August 04, 2011, 01:25:23 PM »

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Computer Hope Forum

News:

Author Topic: Google re-direct and Security Center disabling malware (Read 15309 times)

Andey

Google re-direct and Security Center disabling malware

SuperDave

Re: Google re-direct and Security Center disabling malware

Andey

Re: Google re-direct and Security Center disabling malware

SuperDave

Re: Google re-direct and Security Center disabling malware

Andey

Re: Google re-direct and Security Center disabling malware

SuperDave

Re: Google re-direct and Security Center disabling malware

Andey

Re: Google re-direct and Security Center disabling malware

Andey

Re: Google re-direct and Security Center disabling malware

SuperDave

Re: Google re-direct and Security Center disabling malware

Andey

Re: Google re-direct and Security Center disabling malware

SuperDave

Re: Google re-direct and Security Center disabling malware

Andey

Re: Google re-direct and Security Center disabling malware

SuperDave

Re: Google re-direct and Security Center disabling malware

Andey

Re: Google re-direct and Security Center disabling malware

SuperDave

Re: Google re-direct and Security Center disabling malware