Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

windows security center disabled & site redirects

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

windows security center disabled & site redirects

Unread postby jonathan12 » September 23rd, 2012, 5:14 am

Hi,

My laptop's Windows security center service's flag came out with a red X saying that it is turned off. When i open the Action Center and try to turn it on, i get an error msg saying it can't be started. Furthermore, i notice that my windows defender is also disabled and i whenever i tried to enable them at Services, it will turn off back by itself after awhile. Besides that, when i google and click on a link, it will sometimes redirected me to wrong site, usually advertisement site.

I saw post with similar case as like mine here at this forum and i hope that someone can help me. Your help is very much appreciated, thanks in advance!

Here's the contents of DDS.txt and attach.txt:

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by SK at 16:56:33 on 2012-09-23
Microsoft Windows 7 Home Premium 6.1.7601.1.936.86.1033.18.4074.1793 [GMT 8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe
C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinDaemon.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
D:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\mmc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.my/
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = local
mWinlogon: Userinit=userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - D:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - D:\Program Files (x86)\Adobe cs5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {3A0F1319-748A-A0FF-34DC-BA5F3640A2F9} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - D:\Program Files (x86)\Adobe cs5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [IDMan] D:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all links with IDM - D:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - D:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com/lib/staffordshir ... aryRdr.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{155F7B47-75DA-42B9-A74E-BB67BFA101BE} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7B177651-0660-499B-9EA5-4554E1CFF083} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7B177651-0660-499B-9EA5-4554E1CFF083}\355435B4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7B177651-0660-499B-9EA5-4554E1CFF083}\44C696E6B6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7B177651-0660-499B-9EA5-4554E1CFF083}\55344596 : DhcpNameServer = 202.129.160.2 202.188.0.133 202.129.160.3 202.188.1.5 10.17.10.25
TCP: Interfaces\{7B177651-0660-499B-9EA5-4554E1CFF083}\55E234E245E294 : DhcpNameServer = 202.129.160.2 202.129.160.3 202.9.108.180 202.9.99.9
TCP: Interfaces\{7B177651-0660-499B-9EA5-4554E1CFF083}\C696567783530457E6966696 : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO-X64: IDM Helper - No File
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files (x86)\Adobe cs5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {3A0F1319-748A-A0FF-34DC-BA5F3640A2F9} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO-X64: Google Dictionary Compression sdch - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files (x86)\Adobe cs5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\SK\AppData\Roaming\Mozilla\Firefox\Profiles\g8p6pr31.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\browser\nppdf32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-12 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-28 63960]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe [2011-3-20 151552]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Atheros\Bluetooth Suite\AdminService.exe [2010-11-26 52896]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-9-22 44808]
R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-13 2253120]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-20 135664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-11 250288]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-20 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-23 114144]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?]
S3 SdoKeyCrypt;SdoKeyCrypt;C:\Windows\SysWOW64\SdoKeyCrypt_x64.sys [2012-8-29 69560]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-09-23 08:27:20 -------- d-----w- C:\_OTL
2012-09-23 06:26:04 -------- d-----w- C:\Users\SK\AppData\Roaming\SUPERAntiSpyware.com
2012-09-23 06:25:57 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-09-23 06:25:57 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-09-22 15:04:09 -------- d-----w- C:\ProgramData\VS
2012-09-22 14:50:42 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-09-22 14:50:40 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-09-22 14:50:40 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-09-22 14:50:22 41224 ----a-w- C:\Windows\avastSS.scr
2012-09-22 14:50:05 -------- d-----w- C:\ProgramData\AVAST Software
2012-09-22 14:50:05 -------- d-----w- C:\Program Files\AVAST Software
2012-09-22 13:46:09 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-09-22 13:46:09 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-09-22 13:26:38 114688 --sha-r- C:\Windows\SysWow64\dot3msmz.dll
2012-09-21 13:47:13 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1C1D4B4D-5473-461A-AB72-0A3A6CF2D534}\mpengine.dll
2012-09-12 14:46:32 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 14:46:32 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 14:46:28 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 14:46:28 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 14:46:24 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 14:46:24 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 14:46:24 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-12 14:32:25 -------- d-----w- C:\Users\SK\AppData\Local\{2A1701CB-2865-465B-A01C-667FEC22A151}
2012-08-29 15:32:25 5191704 ----a-w- C:\Windows\System32\GooglePinyin2.ime
2012-08-29 15:32:24 3460120 ----a-w- C:\Windows\SysWow64\GooglePinyin2.ime
2012-08-29 14:14:01 69560 ----a-w- C:\Windows\SysWow64\SdoKeyCrypt_x64.sys
2012-08-29 12:36:31 -------- d-----w- C:\ProgramData\SNDA
2012-08-28 11:32:28 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-08-25 10:54:00 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
==================== Find3M ====================
.
2012-09-23 08:30:21 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2012-09-21 14:48:35 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 14:48:35 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-07 09:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-24 18:05:06 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 16:57:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 15:59:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 15:20:39 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-06 20:07:42 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
.
============= FINISH: 16:57:14.65 ===============



Attach.txt


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 29/5/2011 4:24:12 PM
System Uptime: 23/9/2012 4:29:38 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K43SV
Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz | CPU 1 | 2301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 90.471 GiB free.
D: is FIXED (NTFS) - 426 GiB total, 295.733 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP130: 23/9/2012 10:02:30 AM - test
RP131: 23/9/2012 10:07:22 AM - Windows Backup
RP132: 23/9/2012 11:19:23 AM - Removed Dragon Nest SEA
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
???? ??? Windows Live
???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????
???? Windows Live
????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???)
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Master Collection
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader X (10.1.4)
ASUS AI Recovery
ASUS FancyStart
ASUS LifeFrame3
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Video Magic
ASUS Virtual Camera
ASUS WebStorage
AsusVibe2.0
Atheros WLAN and Bluetooth Client Installation Program
ATK Package
avast! Free Antivirus
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Complément Messenger
Contr?le ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Controle ActiveX do Windows Live Mesh para Conex?es Remotas
CyberLink LabelPrint
CyberLink MediaShow Espresso
CyberLink PhotoNow
CyberLink Power2Go
CyberLink PowerDirector
CyberLink PowerDVD 9
D3DX10
Galería fotográfica de Windows Live
Galerie de photos Windows Live
Garena - Heroes of Newerth
Garena Plus
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Internet Download Manager
Junk Mail filter update
K-Lite Mega Codec Pack 8.0.0
Malwarebytes Anti-Malware version 1.65.0.1400
Mesh Runtime
Messenger Companion
Messenger 分享元件
Messenger 浏览器插件
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Project 2007 Service Pack 3 (SP3)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Service Pack 1
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
PDF Settings CS5
Pro Evolution Soccer 2012
PxMergeModule
QvodPlayer(QVOD) v3.5
Real Alternative 2.0.2
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Skype Click to Call
Skype? 5.10
Sonic Focus
UltraISO Premium V9.3
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Script Editor Help (KB963671)
Uzak Ba?lant?lar ??in Windows Live Mesh ActiveX Denetimi
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
WampServer 2.2
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Foto?raf Galerisi
Windows Live Galeria de Fotos
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Par?alar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Live 影像中心
Windows Live 照片库
Windows Live 程式集
Windows Live 软件包
WinFlash
Wireless Console 3
Zoo Tycoon 2 - Marine Mania
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)
適用遠端連線的 Windows Live Mesh ActiveX 控制項
.
==== Event Viewer Messages From Past Week ========
.
23/9/2012 2:29:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
23/9/2012 2:29:07 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
23/9/2012 2:28:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
23/9/2012 2:28:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
23/9/2012 2:28:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
23/9/2012 2:28:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
23/9/2012 2:28:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
23/9/2012 2:28:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
23/9/2012 2:28:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
23/9/2012 2:28:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
23/9/2012 2:27:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi ATKWMIACPIIO DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf
23/9/2012 2:27:58 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
23/9/2012 2:27:58 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
23/9/2012 2:27:58 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
23/9/2012 2:27:58 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
23/9/2012 2:27:58 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
23/9/2012 2:27:58 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
23/9/2012 2:27:58 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
23/9/2012 2:27:58 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
23/9/2012 2:27:58 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
23/9/2012 2:27:58 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
23/9/2012 12:01:46 AM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
22/9/2012 11:51:10 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
22/9/2012 11:51:10 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
22/9/2012 10:57:12 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
.
==== End Of File ===========================
jonathan12
Active Member
 
Posts: 5
Joined: September 23rd, 2012, 4:50 am
Advertisement
Register to Remove

Re: windows security center disabled & site redirects

Unread postby Gary R » September 24th, 2012, 11:17 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: windows security center disabled & site redirects

Unread postby Gary R » September 24th, 2012, 11:32 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Malware Removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi jonathan12

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.

  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...
    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


  • Download FRST64 to a USB flash drive.
  • Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment

  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...

Image

  • Select the Command Prompt option.
  • A command window will open.
    • Type notepad then hit Enter.
    • Notepad will open.
      • Click File > Open then select Computer.
      • Note down the drive letter for your USB Drive.
      • Close Notepad.
  • Back in the command window ....
    • Type e:/frst64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
    • FRST will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press Scan button.
      • When finished scanning it will make a log FRST.txt on the flash drive.
  • Next
    • Type services.exe;explorer.exe into the Search: box in FRST
    • Click the Search Files button.
    • FRST will scan your machine once more, this time looking for files.
    • When finished scanning it will make a log Search.txt on the flash drive.
  • Close the command window.
  • Boot back into normal mode and post me the FRST.txt log and the Search.txt log please.

Next

Download CKScanner to your Desktop.
  • Doubleclick CKScanner.exe to launch it.
  • Click Search For Files.
  • After a couple minutes a list will appear in the panel to the right.
  • Click Save List To File.
  • A message box will verify the file saved.
  • Close CKScanner.
  • Copy/paste the contents of ckfiles.txt in your next reply please (it will be on your Desktop).
  • Please run the program once only.

Summary of the logs I need from you in your next post:
  • FRST.txt
  • Search.txt
  • CKFiles.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: windows security center disabled & site redirects

Unread postby jonathan12 » September 24th, 2012, 12:32 pm

Hi Gary R,
Here are the logs that you requested:

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-09-2012
Ran by SYSTEM at 25-09-2012 00:14:14
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-15] ()
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-04-16] ()
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2186856 2010-12-10] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe" [613536 2010-11-25] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe" [379040 2010-11-25] (Atheros Commnucations)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2587944 2010-12-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-12] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon [767312 2009-09-03] (CANON INC.)
HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2010-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-16] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-06] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-18] (ASUS)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4282728 2012-08-21] (AVAST Software)
HKU\SK\...\Run: [IDMan] D:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot [x]
HKU\SK\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5663616 2012-09-06] (SUPERAntiSpyware.com)
HKU\UpdatusUser\...\Run: [IDMan] D:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()

==================== Services (Whitelisted) ===================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-07-11] (SUPERAntiSpyware.com)
3 1394hub; C:\Windows\System32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
3 1394hub; C:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe [151552 2010-05-24] (Atheros)
2 AtherosSvc; C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe [52896 2010-11-25] (Atheros Commnucations)
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-14] (ASUS)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-08-21] (AVAST Software)
3 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [244904 2010-04-05] ()
3 SDGame; C:\Windows\System32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
3 SDGame; C:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
3 wampapache; "C:\wamp\bin\apache\apache2.2.21\bin\httpd.exe" -k runservice [x]
3 wampmysqld; C:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe wampmysqld [x]

==================== Drivers (Whitelisted) =====================

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-08-21] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-08-21] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [969200 2012-08-21] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [359464 2012-08-21] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-08-21] (AVAST Software)
1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17024 2010-07-25] (ASUS)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-21] ( )
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SdoKeyCrypt; \??\C:\Windows\SysWOW64\SdoKeyCrypt_x64.sys [69560 2012-07-24] (????)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13832 2010-04-16] ()
3 GGSAFERDriver; \??\D:\Program Files (x86)\Garena\safedrv.sys [x]
1 ISODrive; \??\D:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [x]
3 tmlwf; [x]
3 tmwfp; [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-09-25 00:14 - 2012-09-25 00:14 - 00000000 ____D C:\FRST
2012-09-24 07:54 - 2012-09-24 07:54 - 00000021 ____A C:\Users\SK\Desktop\chrome download location.txt
2012-09-23 00:58 - 2012-09-23 00:58 - 00028562 ____A C:\Users\SK\Desktop\DDS.txt
2012-09-23 00:58 - 2012-09-23 00:58 - 00014084 ____A C:\Users\SK\Desktop\Attach.txt
2012-09-23 00:55 - 2012-09-23 00:55 - 00607260 ____R (Swearware) C:\Users\SK\Desktop\dds.scr
2012-09-23 00:27 - 2012-09-23 00:27 - 00000000 ____D C:\_OTL
2012-09-23 00:07 - 2012-09-23 00:07 - 00601600 ____A (OldTimer Tools) C:\Users\SK\Downloads\OTL.exe
2012-09-22 22:26 - 2012-09-24 06:26 - 00000504 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b5890bf2-6df5-4d68-833d-12fe490f1b5e.job
2012-09-22 22:26 - 2012-09-23 00:04 - 00003750 ____A C:\Users\SK\Desktop\Rkill.txt
2012-09-22 22:26 - 2012-09-22 23:58 - 00000504 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 4b2fa417-e49f-4778-8e1e-f89406acfbdf.job
2012-09-22 22:26 - 2012-09-22 22:26 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-09-22 22:26 - 2012-09-22 22:26 - 00000000 ____D C:\Users\SK\Desktop\rkill
2012-09-22 22:26 - 2012-09-22 22:26 - 00000000 ____D C:\Users\SK\AppData\Roaming\SUPERAntiSpyware.com
2012-09-22 22:25 - 2012-09-22 22:26 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\SK\Downloads\rkill.exe
2012-09-22 22:25 - 2012-09-22 22:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-09-22 22:25 - 2012-09-22 22:25 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-09-22 22:17 - 2012-09-22 22:17 - 00010902 ____A C:\Users\SK\Documents\cc_20120923_141751.reg
2012-09-22 22:15 - 2012-09-22 22:18 - 20591728 ____A (SUPERAntiSpyware.com) C:\Users\SK\Downloads\SUPERAntiSpyware.exe
2012-09-22 08:18 - 2012-09-22 08:18 - 00328164 ____A C:\Users\SK\Downloads\idmmzcc.xpi
2012-09-22 08:12 - 2012-09-22 08:12 - 00001136 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-09-22 08:12 - 2012-09-22 08:12 - 00000000 ____D C:\Users\SK\AppData\Roaming\Mozilla
2012-09-22 08:12 - 2012-09-22 08:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-09-22 08:09 - 2012-09-22 08:11 - 17790056 ____A (Mozilla) C:\Users\SK\Downloads\Firefox Setup 15.0.1.exe
2012-09-22 07:24 - 2012-09-22 07:24 - 00003374 ____A C:\Users\SK\Documents\cc_20120922_232445.reg
2012-09-22 07:13 - 2012-09-22 07:13 - 00000000 ____D C:\Windows\symbols
2012-09-22 07:04 - 2012-09-22 07:04 - 00000000 ____D C:\Users\All Users\VS
2012-09-22 06:50 - 2012-09-22 06:50 - 00001924 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-09-22 06:50 - 2012-09-22 06:50 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-09-22 06:50 - 2012-09-22 06:50 - 00000000 ____D C:\Program Files\AVAST Software
2012-09-22 06:50 - 2012-09-22 06:50 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-09-22 06:50 - 2012-08-21 01:13 - 00969200 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-09-22 06:50 - 2012-08-21 01:13 - 00359464 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-09-22 06:50 - 2012-08-21 01:13 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-09-22 06:50 - 2012-08-21 01:13 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-09-22 06:50 - 2012-08-21 01:13 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-09-22 06:50 - 2012-08-21 01:13 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-09-22 06:50 - 2012-08-21 01:12 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-09-22 06:50 - 2012-08-21 01:12 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-09-22 06:50 - 2012-08-21 01:12 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-09-22 06:35 - 2012-09-22 06:35 - 00000000 ____D C:\Users\SK\Desktop\Desmume
2012-09-22 06:24 - 2012-09-22 06:27 - 04411736 ____A (AVG Technologies) C:\Users\SK\Downloads\avg_free_stb_all_2013_2677_cnet.exe
2012-09-22 05:46 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-09-22 05:46 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-09-22 05:29 - 2012-09-22 05:29 - 00061206 ____A C:\Users\SK\Documents\cc_20120922_212918.reg
2012-09-22 05:26 - 2012-09-24 03:45 - 00000306 ____A C:\Windows\Tasks\Zqqztmktj.job
2012-09-22 05:26 - 2012-09-22 05:26 - 00114688 _RASH C:\Windows\SysWOW64\dot3msmz.dll
2012-09-21 23:57 - 2012-08-24 10:05 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-21 23:57 - 2012-08-24 10:05 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-21 23:57 - 2012-08-24 10:05 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-21 23:57 - 2012-08-24 10:03 - 09056256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-21 23:57 - 2012-08-24 10:03 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-21 23:57 - 2012-08-24 10:03 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-21 23:57 - 2012-08-24 10:03 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-21 23:57 - 2012-08-24 10:02 - 12295680 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-21 23:57 - 2012-08-24 10:02 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-21 23:57 - 2012-08-24 10:02 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-21 23:57 - 2012-08-24 08:57 - 06028800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-21 23:57 - 2012-08-24 08:57 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-21 23:57 - 2012-08-24 08:57 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-21 23:57 - 2012-08-24 08:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-09-21 23:57 - 2012-08-24 08:57 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-21 23:57 - 2012-08-24 08:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-21 23:57 - 2012-08-24 08:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-21 23:57 - 2012-08-24 08:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-21 23:57 - 2012-08-24 08:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-21 23:57 - 2012-08-24 08:56 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-21 23:57 - 2012-08-24 07:59 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-21 23:57 - 2012-08-24 07:20 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-20 05:38 - 2012-09-20 05:39 - 03927560 ____A (Piriform Ltd) C:\Users\SK\Downloads\ccsetup322.exe
2012-09-17 03:19 - 2012-09-17 03:19 - 00001206 ____A C:\Users\SK\Documents\cc_20120917_191938.reg
2012-09-15 08:41 - 2012-09-24 08:09 - 00883006 ____A C:\Windows\WindowsUpdate.log
2012-09-12 06:46 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-09-12 06:46 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-09-12 06:46 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-09-12 06:46 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-09-12 06:46 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-12 06:46 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-09-12 06:46 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-09-12 06:32 - 2012-09-12 06:32 - 00000000 ____D C:\Users\SK\AppData\Local\{2A1701CB-2865-465B-A01C-667FEC22A151}
2012-09-08 02:55 - 2012-09-08 02:55 - 00000000 ____D C:\Users\SK\Documents\kuok
2012-09-08 02:35 - 2012-09-08 02:36 - 01160280 ____A C:\Users\SK\Downloads\BlackMarket_.v2.6.6.apk
2012-09-08 02:16 - 2012-09-08 02:17 - 05628958 ____A C:\Users\SK\Downloads\Game Dev Story v1.0.8c.apk
2012-09-04 05:23 - 2012-09-04 05:24 - 04519053 ____A C:\Users\SK\Downloads\The_Sushi_Spinnery_v1.0.3.apk
2012-08-29 08:45 - 2012-08-29 08:45 - 00023722 ____A C:\Users\SK\Documents\cc_20120830_004535.reg
2012-08-29 07:32 - 2012-08-29 07:32 - 05191704 ____A (Google Inc.) C:\Windows\System32\GooglePinyin2.ime
2012-08-29 07:32 - 2012-08-29 07:32 - 03460120 ____A (Google Inc.) C:\Windows\SysWOW64\GooglePinyin2.ime
2012-08-29 07:30 - 2012-08-29 07:30 - 00000000 ____D C:\Users\SK\AppData\Roaming\Google
2012-08-29 07:02 - 2012-08-29 07:04 - 15075864 ____A (Google Inc.) C:\Users\SK\Downloads\GooglePinyinInstaller.exe
2012-08-29 06:14 - 2012-07-24 22:48 - 00069560 ____A (????) C:\Windows\SysWOW64\SdoKeyCrypt_x64.sys
2012-08-29 06:09 - 2012-08-13 10:04 - 01640040 ____A C:\Users\SK\Desktop\u1203.exe
2012-08-29 06:05 - 2012-08-29 06:09 - 00000600 ____A C:\Users\SK\PUTTY.RND
2012-08-29 04:36 - 2012-09-22 19:21 - 00000000 ____D C:\Users\All Users\SNDA
2012-08-26 02:23 - 2012-08-13 04:01 - 06705869 ____A C:\Users\SK\Downloads\Kairobotica.1.0.5.apk

==================== 3 Months Modified Files ==================

2012-09-24 08:09 - 2012-09-15 08:41 - 00883006 ____A C:\Windows\WindowsUpdate.log
2012-09-24 08:05 - 2011-03-20 05:49 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-24 07:54 - 2012-09-24 07:54 - 00000021 ____A C:\Users\SK\Desktop\chrome download location.txt
2012-09-24 07:47 - 2012-04-10 20:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-24 06:26 - 2012-09-22 22:26 - 00000504 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b5890bf2-6df5-4d68-833d-12fe490f1b5e.job
2012-09-24 03:53 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-24 03:53 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-24 03:46 - 2011-06-02 18:39 - 00000035 ____A C:\Users\Public\Documents\AtherosServiceConfig.ini
2012-09-24 03:45 - 2012-09-22 05:26 - 00000306 ____A C:\Windows\Tasks\Zqqztmktj.job
2012-09-24 03:45 - 2011-05-29 00:24 - 00045056 ____A C:\Windows\System32\acovcnt.exe
2012-09-24 03:45 - 2011-03-20 05:49 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-24 03:45 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-23 05:24 - 2009-07-13 21:13 - 00794686 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-23 00:58 - 2012-09-23 00:58 - 00028562 ____A C:\Users\SK\Desktop\DDS.txt
2012-09-23 00:58 - 2012-09-23 00:58 - 00014084 ____A C:\Users\SK\Desktop\Attach.txt
2012-09-23 00:55 - 2012-09-23 00:55 - 00607260 ____R (Swearware) C:\Users\SK\Desktop\dds.scr
2012-09-23 00:07 - 2012-09-23 00:07 - 00601600 ____A (OldTimer Tools) C:\Users\SK\Downloads\OTL.exe
2012-09-23 00:04 - 2012-09-22 22:26 - 00003750 ____A C:\Users\SK\Desktop\Rkill.txt
2012-09-22 23:59 - 2011-03-20 06:29 - 00001378 ____A C:\Windows\System32\ServiceFilter.ini
2012-09-22 23:58 - 2012-09-22 22:26 - 00000504 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 4b2fa417-e49f-4778-8e1e-f89406acfbdf.job
2012-09-22 23:58 - 2011-03-20 06:29 - 00002246 ____A C:\Windows\System32\AutoRunFilter.ini
2012-09-22 22:26 - 2012-09-22 22:26 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-09-22 22:26 - 2012-09-22 22:25 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\SK\Downloads\rkill.exe
2012-09-22 22:18 - 2012-09-22 22:15 - 20591728 ____A (SUPERAntiSpyware.com) C:\Users\SK\Downloads\SUPERAntiSpyware.exe
2012-09-22 22:17 - 2012-09-22 22:17 - 00010902 ____A C:\Users\SK\Documents\cc_20120923_141751.reg
2012-09-22 08:18 - 2012-09-22 08:18 - 00328164 ____A C:\Users\SK\Downloads\idmmzcc.xpi
2012-09-22 08:12 - 2012-09-22 08:12 - 00001136 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-09-22 08:11 - 2012-09-22 08:09 - 17790056 ____A (Mozilla) C:\Users\SK\Downloads\Firefox Setup 15.0.1.exe
2012-09-22 07:24 - 2012-09-22 07:24 - 00003374 ____A C:\Users\SK\Documents\cc_20120922_232445.reg
2012-09-22 06:50 - 2012-09-22 06:50 - 00001924 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-09-22 06:50 - 2012-09-22 06:50 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-09-22 06:49 - 2012-01-10 23:26 - 00000790 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-22 06:27 - 2012-09-22 06:24 - 04411736 ____A (AVG Technologies) C:\Users\SK\Downloads\avg_free_stb_all_2013_2677_cnet.exe
2012-09-22 05:29 - 2012-09-22 05:29 - 00061206 ____A C:\Users\SK\Documents\cc_20120922_212918.reg
2012-09-22 05:26 - 2012-09-22 05:26 - 00114688 _RASH C:\Windows\SysWOW64\dot3msmz.dll
2012-09-21 23:13 - 2009-07-13 21:08 - 00032652 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-21 06:48 - 2012-04-10 20:25 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-21 06:48 - 2011-08-07 19:13 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-20 05:43 - 2011-05-29 07:30 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-09-20 05:39 - 2012-09-20 05:38 - 03927560 ____A (Piriform Ltd) C:\Users\SK\Downloads\ccsetup322.exe
2012-09-17 03:19 - 2012-09-17 03:19 - 00001206 ____A C:\Users\SK\Documents\cc_20120917_191938.reg
2012-09-13 04:06 - 2011-05-30 15:10 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-08 02:36 - 2012-09-08 02:35 - 01160280 ____A C:\Users\SK\Downloads\BlackMarket_.v2.6.6.apk
2012-09-08 02:17 - 2012-09-08 02:16 - 05628958 ____A C:\Users\SK\Downloads\Game Dev Story v1.0.8c.apk
2012-09-07 01:04 - 2011-12-18 05:35 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-05 04:01 - 2011-05-29 03:28 - 00002346 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-09-04 05:24 - 2012-09-04 05:23 - 04519053 ____A C:\Users\SK\Downloads\The_Sushi_Spinnery_v1.0.3.apk
2012-08-29 08:45 - 2012-08-29 08:45 - 00023722 ____A C:\Users\SK\Documents\cc_20120830_004535.reg
2012-08-29 07:32 - 2012-08-29 07:32 - 05191704 ____A (Google Inc.) C:\Windows\System32\GooglePinyin2.ime
2012-08-29 07:32 - 2012-08-29 07:32 - 03460120 ____A (Google Inc.) C:\Windows\SysWOW64\GooglePinyin2.ime
2012-08-29 07:04 - 2012-08-29 07:02 - 15075864 ____A (Google Inc.) C:\Users\SK\Downloads\GooglePinyinInstaller.exe
2012-08-29 06:09 - 2012-08-29 06:05 - 00000600 ____A C:\Users\SK\PUTTY.RND
2012-08-24 10:05 - 2012-09-21 23:57 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 10:05 - 2012-09-21 23:57 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 10:05 - 2012-09-21 23:57 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 10:03 - 2012-09-21 23:57 - 09056256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 10:03 - 2012-09-21 23:57 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 10:03 - 2012-09-21 23:57 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 10:03 - 2012-09-21 23:57 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 10:02 - 2012-09-21 23:57 - 12295680 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 10:02 - 2012-09-21 23:57 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 10:02 - 2012-09-21 23:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-24 08:57 - 2012-09-21 23:57 - 06028800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-24 08:57 - 2012-09-21 23:57 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-24 08:57 - 2012-09-21 23:57 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-24 08:57 - 2012-09-21 23:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-24 08:57 - 2012-09-21 23:57 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-24 08:57 - 2012-09-21 23:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-24 08:56 - 2012-09-21 23:57 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-24 08:56 - 2012-09-21 23:57 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-24 08:56 - 2012-09-21 23:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-24 08:56 - 2012-09-21 23:57 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-24 07:59 - 2012-09-21 23:57 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 07:20 - 2012-09-21 23:57 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-24 04:11 - 2012-08-24 04:08 - 18148413 ____A C:\Users\SK\Downloads\GreedySpiders2.apk
2012-08-22 10:12 - 2012-09-12 06:46 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-12 06:46 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-12 06:46 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-12 06:46 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 01:13 - 2012-09-22 06:50 - 00969200 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-08-21 01:13 - 2012-09-22 06:50 - 00359464 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-08-21 01:13 - 2012-09-22 06:50 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-08-21 01:13 - 2012-09-22 06:50 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-08-21 01:13 - 2012-09-22 06:50 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-08-21 01:13 - 2012-09-22 06:50 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-08-21 01:12 - 2012-09-22 06:50 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-08-21 01:12 - 2012-09-22 06:50 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-08-21 01:12 - 2012-09-22 06:50 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-08-16 05:39 - 2009-07-13 20:45 - 04982872 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-13 10:04 - 2012-08-29 06:09 - 01640040 ____A C:\Users\SK\Desktop\u1203.exe
2012-08-13 04:01 - 2012-08-26 02:23 - 06705869 ____A C:\Users\SK\Downloads\Kairobotica.1.0.5.apk
2012-08-10 05:33 - 2012-08-10 05:33 - 00000464 ____A C:\Users\SK\Desktop\Zoo Tycoon 2 Marine Mania.lnk
2012-08-09 21:29 - 2012-08-09 21:29 - 00000714 ____A C:\Users\SK\Desktop\DeSmuME_x64 - Shortcut.lnk
2012-08-02 09:58 - 2012-09-12 06:46 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 08:57 - 2012-09-12 06:46 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-07-24 22:48 - 2012-08-29 06:14 - 00069560 ____A (????) C:\Windows\SysWOW64\SdoKeyCrypt_x64.sys
2012-07-18 10:15 - 2012-08-15 04:23 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-09 04:04 - 2011-05-29 00:25 - 00114496 ____A C:\Users\SK\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-06 12:07 - 2012-08-15 07:15 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-07-04 14:16 - 2012-08-15 04:24 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-15 04:24 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-15 04:24 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-15 04:24 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-15 04:24 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-04 12:26 - 2012-09-12 06:46 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-22 18:02:49
Restore point made on: 2012-09-22 18:07:29
Restore point made on: 2012-09-22 19:19:31
Restore point made on: 2012-09-24 03:50:10
Restore point made on: 2012-09-24 07:52:29

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4073.94 MB
Available physical RAM: 3459.09 MB
Total Pagefile: 4072.09 MB
Available Pagefile: 3458.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:149.04 GB) (Free:90.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (Data) (Fixed) (Total:425.64 GB) (Free:295.32 GB) NTFS
4 Drive f: (SK) (Removable) (Total:3.68 GB) (Free:3.68 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 Online 3778 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 21 GB 32 KB
Partition 2 Primary 149 GB 21 GB
Partition 0 Extended 425 GB 170 GB
Partition 3 Logical 425 GB 170 GB

==================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 149 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Data NTFS Partition 425 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3771 MB 6480 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F SK FAT32 Removable 3771 MB Healthy

=========================================================

Last Boot: 2012-09-22 12:40

==================== End Of Log =============================
jonathan12
Active Member
 
Posts: 5
Joined: September 23rd, 2012, 4:50 am

Re: windows security center disabled & site redirects

Unread postby jonathan12 » September 24th, 2012, 12:33 pm

Search.txt

Farbar Recovery Scan Tool (x64) Version: 24-09-2012
Ran by SYSTEM at 2012-09-25 00:16:35
Running from F:\

================== Search: "services.exe;explorer.exe" ===================

C:\Windows\explorer.exe
[2011-05-30 14:46] - [2011-02-24 22:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011-05-30 14:46] - [2011-02-25 21:19] - 2616320 ____A (Microsoft Corporation) 0FB9C74046656D1579A64660AD67B746

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011-05-30 14:46] - [2011-02-24 21:30] - 2616320 ____A (Microsoft Corporation) 8B88EBBB05A0E56B7DCC708498C02B3E

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011-06-23 00:39] - [2010-11-20 04:17] - 2616320 ____A (Microsoft Corporation) 40D777B7A95E00593EB1568C68514493

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011-05-30 14:46] - [2011-02-25 21:51] - 2614784 ____A (Microsoft Corporation) 255CF508D7CFB10E0794D6AC93280BD8

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011-03-20 05:45] - [2011-03-20 05:45] - 2614272 ____A (Microsoft Corporation) C76153C7ECA00FA852BB0C193378F917

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2011-03-20 05:35] - [2011-03-20 05:35] - 2613248 ____A (Microsoft Corporation) 9FF6C4C91A3711C0A3B18F87B08B518D

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011-05-30 14:46] - [2011-02-25 21:33] - 2614784 ____A (Microsoft Corporation) 2AF58D15EDC06EC6FDACCE1F19482BBF

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011-03-20 05:45] - [2011-03-20 05:45] - 2614272 ____A (Microsoft Corporation) 2626FC9755BE22F805D3CFA0CE3EE727

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2011-03-20 05:35] - [2011-03-20 05:35] - 2613248 ____A (Microsoft Corporation) B95EEB0F4E5EFBF1038A35B3351CF047

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009-07-13 15:41] - [2009-07-13 17:14] - 2613248 ____A (Microsoft Corporation) 15BC38A7492BEFE831966ADB477CF76F

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011-05-30 14:46] - [2011-02-25 22:14] - 2871808 ____A (Microsoft Corporation) 3B69712041F3D63605529BD66DC00C48

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011-05-30 14:46] - [2011-02-24 22:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011-06-23 00:39] - [2010-11-20 05:24] - 2872320 ____A (Microsoft Corporation) AC4C51EB24AA95B77F705AB159189E24

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011-05-30 14:46] - [2011-02-25 22:26] - 2870784 ____A (Microsoft Corporation) E38899074D4951D31B4040E994DD7C8D

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011-03-20 05:45] - [2011-03-20 05:45] - 2870272 ____A (Microsoft Corporation) B8EC4BD49CE8F6FC457721BFC210B67F

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011-03-20 05:35] - [2011-03-20 05:35] - 2868224 ____A (Microsoft Corporation) 700073016DAC1C3D2E7E2CE4223334B6

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011-05-30 14:46] - [2011-02-25 22:23] - 2870272 ____A (Microsoft Corporation) 0862495E0C825893DB75EF44FAEA8E93

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011-03-20 05:45] - [2011-03-20 05:45] - 2870272 ____A (Microsoft Corporation) 9AAAEC8DAC27AA17B053E6352AD233AE

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2011-03-20 05:35] - [2011-03-20 05:35] - 2868224 ____A (Microsoft Corporation) F170B4A061C9E026437B193B4D571799

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009-07-13 15:56] - [2009-07-13 17:39] - 2868224 ____A (Microsoft Corporation) C235A51CB740E45FFA0EBFB9BAFCDA64

C:\Windows\SysWOW64\explorer.exe
[2011-05-30 14:46] - [2011-02-24 21:30] - 2616320 ____A (Microsoft Corporation) 8B88EBBB05A0E56B7DCC708498C02B3E

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======
jonathan12
Active Member
 
Posts: 5
Joined: September 23rd, 2012, 4:50 am

Re: windows security center disabled & site redirects

Unread postby jonathan12 » September 24th, 2012, 12:34 pm

CKFiles.txt

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\common files\adobe\adobe contribute cs5\app\configuration\browsers\mozilla run time libraries\dist\idl\nsikeygenthread.idl
c:\program files (x86)\common files\adobe\adobe contribute cs5\app\configuration\browsers\mozilla run time libraries\dist\include\nsikeygenthread.h
c:\users\sk\downloads\idm life by saurav saini\idm lifetime crack\facebook subcribe.url
c:\users\sk\downloads\idm life by saurav saini\idm lifetime crack\serial.txt
c:\users\sk\downloads\idm life by saurav saini\idm lifetime crack\subcribe me n get letest update.url
c:\users\sk\downloads\idm life by saurav saini\idm lifetime crack\watch idm latest udate.url
c:\users\sk\downloads\internet_download_manager_v6.11_build_5-li0nh3art\internet download manager v6.11 build 5-li0nh3art\crack\idman.exe
c:\users\sk\downloads\internet_download_manager_v6.11_build_5-li0nh3art\internet download manager v6.11 build 5-li0nh3art\crack\regkey windows 32-bit.reg
c:\users\sk\downloads\internet_download_manager_v6.11_build_5-li0nh3art\internet download manager v6.11 build 5-li0nh3art\crack\regkey windows 64-bit.reg
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 ereg.adobe.com
hosts 127.0.0.1 activate.wip3.adobe.com
hosts 127.0.0.1 wip3.adobe.com
hosts 127.0.0.1 3dns-3.adobe.com
hosts 127.0.0.1 3dns-2.adobe.com
hosts 127.0.0.1 adobe-dns.adobe.com
hosts 127.0.0.1 adobe-dns-2.adobe.com
hosts 127.0.0.1 adobe-dns-3.adobe.com
hosts 127.0.0.1 ereg.wip3.adobe.com
hosts 127.0.0.1 activate-sea.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 activate-sjc0.adobe.com
hosts 127.0.0.1 hl2rcv.adobe.com
scanner sequence 3.ZZ.11.JEAPBN
----- EOF -----
jonathan12
Active Member
 
Posts: 5
Joined: September 23rd, 2012, 4:50 am

Re: windows security center disabled & site redirects

Unread postby Gary R » September 24th, 2012, 5:12 pm

Cracked - Illegal Software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.
The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal software
  • Cracked software
  • illegal software key generators

Once the software and/or keygens have been removed, if you still need help, please start a new thread... include a link to your closed topic and include NEW DDS logs :
  • DDS.txt.
  • Attach.txt.
  • Details of the problems you're experiencing.
Wait for a new helper. Do not reply to your topic before a helper has replied.

This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 132 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware