1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Issues after removing Windows 7 anti spyware virus

Discussion in 'Virus & Other Malware Removal' started by opeacemakero, Dec 13, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. opeacemakero

    opeacemakero Thread Starter

    Joined:
    Dec 13, 2011
    Messages:
    13
    I had this virus last night. Just popped up with the antivirus screen, telling me I had viruses and wanting me to download it. I've seen this before. Ran avast in safemode and it didn't find anything. Istalled ad-aware and ran it in safemode. It found the virus and deleted it. Now when I try to run peerblock I get an error "One or more services are not running: Basefiltering engine, ipsec policy agent, ike and authip ipsec keyring modules". Basefiltering is not in the list, and if I go to manually start the other two services I recieve "error 1075: the dependecy service does not exist or has been marked for deletion." These services seem to have been deleted with the virus. Can these services be reinstalled somehow? I'm really tryin to avoid a complete restore of my system. Please help. I have already attempted a restore to an earlier point and my windows 7 repair disk.


    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Ultimate, 64 bit
    Processor: AMD Phenom(tm) II X4 920 Processor, AMD64 Family 16 Model 4 Stepping 2
    Processor Count: 4
    RAM: 4094 Mb
    Graphics Card: NVIDIA GeForce GTX 560 Ti, -2048 Mb
    Hard Drives: C: Total - 70808 MB, Free - 16264 MB; D: Total - 476936 MB, Free - 165493 MB;
    Motherboard: ASUSTeK Computer INC., M3N72-D
    Antivirus: None

    Don't know why antivirus is none, avast was running when I did this.
     
  2. opeacemakero

    opeacemakero Thread Starter

    Joined:
    Dec 13, 2011
    Messages:
    13
    I should mention that I have the files quarentined. I suppose I could restore the files and attempt to remove the virus a different way. I saw some directions on editing the registry to remove this virus. What do you guys think?
     
  3. opeacemakero

    opeacemakero Thread Starter

    Joined:
    Dec 13, 2011
    Messages:
    13
    So I found this link: https://answers.microsoft.com/en-us...-running/d440bf07-e9fa-40e4-9344-4651a2214cdf

    I followed the instructions for taking the dll and exported reg file from a working windows 7 computer. I had to take ownership of the dll and change permissions to copy and replace the dll. After doing this for BFE, IPsec, and IKE... I now get error 5: access denied when I attempt to start BFE and error 1068: The dependency service or group failed to start for the other two. BFE is now in the registry and services list at least.... I guess. Don't know if this is progress or another nail in the coffin.
     
  4. opeacemakero

    opeacemakero Thread Starter

    Joined:
    Dec 13, 2011
    Messages:
    13
    Happy, happy, joy, joy, problem solved. Came across a forum talking about the BFE not working and someone mentioned tweaking.com and their windows repair all in one. Simply put, this program is tits, ****ing brilliant. It re-wrote the registry keys for me, along with a long list of other things it does. Once installed, and on the last step, you will want to do the custom repair, because thats the only way you have the option to tick register system files. This way it will reset the BFE. I would untick the unhide non system files, don't believe its needed. Plus, out of the 13 minutes the repair took 10 were spent on this. After the repair, restart, and joy... problem solved.
     
  5. opeacemakero

    opeacemakero Thread Starter

    Joined:
    Dec 13, 2011
    Messages:
    13
    Well I spoke too soon. It appears that windows firewall and windows defender are also missing from the services. When trying to run them I get error 0x80070424. I tried looking up the firewall registry entry, so I could transfer it like BFE. I believe it is the sharedaccess folder in the registry, which was already in my registry. Even though it was still there I tried transferring like before, but its still not in the services. I would like to have it back the way it was before, but I've never used windows defender and I can download a firewall equal to or better than windows firewall. If there is a solution I would like to hear it, but as of right now I think I'm okay. Any insight would be appreaciated?
     
  6. opeacemakero

    opeacemakero Thread Starter

    Joined:
    Dec 13, 2011
    Messages:
    13
    Well I have found that the service computer browser is not working. Its in the services list, but I recieve error 1060 does not exist as an installed service. Please help me figure out all the services that are missing and determine if they can be repaired. I really don't wanna loose to this virus and have to do a restore.
     
  7. opeacemakero

    opeacemakero Thread Starter

    Joined:
    Dec 13, 2011
    Messages:
    13
    From reading some other posts it looks like this is one of the first things your gonna ask, so here is the hijack log, and the dds log will be in the next post.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:37:30 PM, on 12/16/2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Me\Desktop\dds.com
    C:\Windows\SysWOW64\cmd.exe
    C:\Users\Me\Desktop\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://accounts.google.com/Service...le.com/mail/&scc=1&ltmpl=default&ltmplcache=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-21-218471158-3349218228-113681537-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-218471158-3349218228-113681537-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
    O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D6B6111D-54AD-4B59-8014-3C5A1B5D2206}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 9119 bytes
     
  8. opeacemakero

    opeacemakero Thread Starter

    Joined:
    Dec 13, 2011
    Messages:
    13
    Here's the DDS reports, and from the looks of the attach log I have alot of services not working. Gmer will be in the next post.

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
    Run by Me at 21:44:49 on 2011-12-16
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2422 [GMT -8:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\COMODO\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
    C:\Program Files\COMODO\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\dllhost.exe
    C:\Windows\System32\msdtc.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\vssvc.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://accounts.google.com/Service...le.com/mail/&scc=1&ltmpl=default&ltmplcache=2
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    uPolicies-explorer: NoResolveTrack = 1 (0x1)
    mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
    IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    Trusted Zone: battlefield.com\battlelog
    DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    TCP: Interfaces\{D6B6111D-54AD-4B59-8014-3C5A1B5D2206} : NameServer = 208.67.222.222,208.67.220.220
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-X64: 0x1 - No File
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: SmartSelect - No File
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    IE-X64: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
    IE-X64: {925DAB62-F9AC-4221-806A-057BFB1014AA}
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\7bd1dycp.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.icefilms.info/
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en-GB&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Users\Me\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-15 44768]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-22 2253120]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 rt61x64;Linksys Wireless-G PCI Adapter Driver;C:\Windows\system32\DRIVERS\WMP54Gv41x64.sys --> C:\Windows\system32\DRIVERS\WMP54Gv41x64.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-13 136176]
    S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-13 136176]
    S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
    S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-7 381248]
    S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    .
    =============== Created Last 30 ================
    .
    2011-12-16 10:00:02 -------- d-----w- C:\Users\Me\AppData\Local\Adobe
    2011-12-16 03:27:36 -------- d-----w- C:\Users\Me\AppData\Roaming\Malwarebytes
    2011-12-16 03:27:31 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-12-16 03:27:27 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-12-16 03:27:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-12-16 02:52:29 -------- d-----w- C:\ProgramData\Comodo
    2011-12-16 02:52:24 -------- d-----w- C:\Program Files\COMODO
    2011-12-16 02:50:46 -------- d-----w- C:\ProgramData\Comodo Downloader
    2011-12-16 02:34:03 83096 ----a-w- C:\Windows\SysWow64\SSSensor.dll
    2011-12-16 02:34:01 -------- d-----w- C:\Program Files (x86)\Sygate
    2011-12-16 02:08:10 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2011-12-16 02:08:08 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2011-12-16 02:07:52 41184 ----a-w- C:\Windows\avastSS.scr
    2011-12-16 02:07:46 -------- d-----w- C:\Program Files\AVAST Software
    2011-12-16 01:38:26 -------- d-----w- C:\Windows\System32\SPReview
    2011-12-16 01:37:45 -------- d-----w- C:\Windows\System32\EventProviders
    2011-12-16 01:33:59 571904 ----a-w- C:\Windows\System32\mspbda.dll
    2011-12-16 01:32:59 70656 ----a-w- C:\Windows\SysWow64\amstream.dll
    2011-12-16 01:30:49 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
    2011-12-16 01:30:49 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2011-12-16 01:30:49 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
    2011-12-16 01:30:44 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
    2011-12-16 01:30:42 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
    2011-12-16 01:30:36 422912 ----a-w- C:\Windows\System32\drvstore.dll
    2011-12-16 01:30:36 399872 ----a-w- C:\Windows\System32\dpx.dll
    2011-12-16 00:57:34 -------- d-----w- C:\Users\Me\AppData\Roaming\PC Cleaners
    2011-12-16 00:57:29 5122320 ----a-w- C:\Windows\uninst.exe
    2011-12-16 00:57:29 -------- d-----w- C:\ProgramData\PC1Data
    2011-12-16 00:06:30 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-12-15 23:55:47 208896 ----a-w- C:\Windows\MBR.exe
    2011-12-15 23:55:46 98816 ----a-w- C:\Windows\sed.exe
    2011-12-15 23:55:46 518144 ----a-w- C:\Windows\SWREG.exe
    2011-12-15 23:55:46 256000 ----a-w- C:\Windows\PEV.exe
    2011-12-15 02:48:50 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2011-12-15 02:48:50 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2011-12-15 02:48:50 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2011-12-15 02:48:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-12-15 02:48:38 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-12-15 02:48:27 3145216 ----a-w- C:\Windows\System32\win32k.sys
    2011-12-15 02:48:26 723456 ----a-w- C:\Windows\System32\EncDec.dll
    2011-12-15 02:48:26 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2011-12-15 02:33:58 -------- d-----w- C:\ProgramData\Tweaking.com
    2011-12-15 01:50:05 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
    2011-12-15 01:49:44 379 ----a-w- C:\temp140.bat
    2011-12-15 01:49:30 290304 ----a-w- C:\subinacl.exe
    2011-12-15 01:27:09 -------- d-----w- C:\Program Files (x86)\Tweaking.com
    2011-12-13 22:45:36 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
    2011-12-13 22:35:24 -------- d-----w- C:\MGADiagToolOutput
    2011-12-13 18:55:05 -------- d-----w- C:\Program Files (x86)\Lavasoft
    2011-12-12 02:14:31 -------- d-----w- C:\Windows\System32\wbem\repository
    2011-12-07 03:08:08 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C7562C90-F99C-4A59-BD31-97918075EC96}\mpengine.dll
    2011-12-04 19:24:27 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-12-04 02:55:56 -------- d-----w- C:\Users\Me\AppData\Local\The Witcher 2
    2011-12-02 01:34:48 -------- d-----w- C:\ProgramData\WEBREG
    2011-12-02 01:34:22 -------- d-----w- C:\Users\Me\AppData\Local\HP
    2011-12-02 01:33:56 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
    2011-12-02 01:30:59 -------- d-----w- C:\Program Files (x86)\Common Files\HP
    2011-12-02 01:30:36 -------- d-----w- C:\Program Files (x86)\HP
    2011-12-01 02:15:31 -------- d-----w- C:\ProgramData\Solidshield
    2011-12-01 01:56:32 279616 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
    2011-12-01 01:47:40 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
    2011-11-27 18:32:47 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-11-27 18:32:46 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2011-11-27 18:32:45 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2011-11-27 18:18:13 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
    2011-11-27 18:16:40 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2011-11-25 21:53:40 -------- d-----w- C:\Users\Me\AppData\Roaming\Ubisoft
    2011-11-24 11:00:34 -------- d-----w- C:\Users\Me\AppData\Roaming\PunkBuster
    2011-11-22 17:09:51 -------- d-----w- C:\Program Files (x86)\AMD
    2011-11-22 17:09:49 -------- d-----w- C:\Users\Me\AppData\Local\Downloaded Installations
    2011-11-17 06:43:40 -------- d-----w- C:\Users\Me\AppData\Roaming\TS3Client
    2011-11-17 06:42:21 -------- d-----w- C:\Program Files\TeamSpeak 3 Client
    .
    ==================== Find3M ====================
    .
    2011-12-16 09:22:09 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2011-12-16 09:22:09 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2011-12-16 09:19:47 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2011-12-16 01:42:33 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-12-16 01:42:33 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-12-07 03:07:58 270720 ----a-w- C:\Windows\System32\MpSigStub.exe
    2011-12-07 00:47:29 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2011-11-08 02:53:44 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
    2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-10-31 20:04:29 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
    2011-10-22 11:21:42 71680 ----a-w- C:\Windows\System32\frapsv64.dll
    2011-10-22 11:21:38 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll
    2011-10-10 07:35:26 22408 ----a-w- C:\Windows\System32\drivers\LGBusEnum.sys
    2011-10-10 07:35:26 16008 ----a-w- C:\Windows\System32\drivers\LGVirHid.sys
    2011-10-08 02:47:58 574216 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
    2011-10-08 02:47:58 43248 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
    2011-10-08 02:47:56 16528 ----a-w- C:\Windows\System32\drivers\cmderd.sys
    2011-10-08 02:47:14 41200 ----a-w- C:\Windows\System32\cmdcsr.dll
    2011-10-08 02:47:12 300200 ----a-w- C:\Windows\SysWow64\guard32.dll
    2011-10-08 02:47:10 388280 ----a-w- C:\Windows\System32\guard64.dll
    2011-09-29 01:45:42 15453832 ----a-w- C:\Windows\SysWow64\xlive.dll
    2011-09-29 01:45:42 13642888 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
    .
    ============= FINISH: 21:45:15.26 ===============
     

    Attached Files:

  9. opeacemakero

    opeacemakero Thread Starter

    Joined:
    Dec 13, 2011
    Messages:
    13
    Here is Gmer

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-16 22:08:55
    Windows 6.1.7601 Service Pack 1
    Running: j11rz499.exe

    ---- Files - GMER 1.0.15 ----
    File C:\Users\Me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HILYKWM9\1031098-issues-after-removing-windows-7-a[1].htm 107027 bytes
    File C:\## aswSnx private storage 0 bytes
    File C:\## aswSnx private storage\r9 0 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f} 0 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\attrib 0 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image 0 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users 0 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me 0 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData 0 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local 0 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft 0 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows 0 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Explorer 0 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db 24 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db 1048576 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db 24 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db 24 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db 3256 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db 24 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\History 0 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\History\History.IE5 0 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 16384 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Temporary Internet Files 0 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 0 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8BM2OQQH 0 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8BM2OQQH\desktop.ini 67 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A56Y397M 0 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A56Y397M\desktop.ini 67 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 32768 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K029EWLF 0 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K029EWLF\desktop.ini 67 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KJ4HIC8T 0 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KJ4HIC8T\desktop.ini 67 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Temp 0 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Temp\Attach.txt 19767 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Temp\DDS.txt 19914 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Roaming 0 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Roaming\Microsoft 0 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Roaming\Microsoft\Windows 0 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Roaming\Microsoft\Windows\Cookies 0 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 16384 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Windows 0 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Windows\Prefetch 0 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Windows\Prefetch\CMD.EXE-AC113AA8.pf 17280 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf 20754 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Windows\Prefetch\CSCRIPT.EXE-0FB3F22C.pf 52520 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Windows\Prefetch\FIND.EXE-9AADDA11.pf 11384 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Windows\Prefetch\FINDSTR.EXE-6C611AA6.pf 15110 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Windows\Prefetch\NOTEPAD.EXE-1605FA5B.pf 26366 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Windows\Prefetch\PEV.DAT-9D926FFB.pf 19918 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Windows\Prefetch\REG.EXE-4978446A.pf 16762 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Windows\Prefetch\SED.DAT-C48A0040.pf 12136 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Windows\Prefetch\SORT.EXE-522F521C.pf 12296 bytes
    File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Windows\Prefetch\SWREG.DAT-42BE8CD4.pf 15868 bytes
    File C:\## aswSnx private storage\snx_rhive 262144 bytes
    File C:\## aswSnx private storage\snx_rhive.LOG1 37888 bytes
    File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
    File C:\## aswSnx private storage\snx_rhive{9ae9aa4c-2868-11e1-bd19-00248c14fa6f}.TM.blf 65536 bytes
    File C:\## aswSnx private storage\snx_rhive{9ae9aa4c-2868-11e1-bd19-00248c14fa6f}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
    File C:\## aswSnx private storage\snx_rhive{9ae9aa4c-2868-11e1-bd19-00248c14fa6f}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
    ---- EOF - GMER 1.0.15 ----
     
  10. opeacemakero

    opeacemakero Thread Starter

    Joined:
    Dec 13, 2011
    Messages:
    13
    Here's the combo fix log. I didn't check all the services, but computer browser still gives error 1060 service not installed after running combo fix.
     

    Attached Files:

  11. opeacemakero

    opeacemakero Thread Starter

    Joined:
    Dec 13, 2011
    Messages:
    13
    Thank you in advance for taking the time to look at my issue and offering assistance.
     
  12. opeacemakero

    opeacemakero Thread Starter

    Joined:
    Dec 13, 2011
    Messages:
    13
    Please respond to me. Its been a week since my first post. I'm starting to notice other things acting up. I've had the system freeze up a couple times. Some of my save games on skyrim simply won't load (lost like 10 hours of play), sometimes the game won't start. BF3 was acting funny, proxifier won't even start. I'm on the verge of doing a complete restore. I don't even wanna think about the time that will take... so many programs to reinstall. Skyrim alone has countless mods added. Adobe CS5 takes forever. It'll be an all day project, and after that days later I'll go to do something and realize I didn't reinstall it and have to take more time. I haven't lost to a virus in two years. Please help me.
     
  13. opeacemakero

    opeacemakero Thread Starter

    Joined:
    Dec 13, 2011
    Messages:
    13
    In a diffent forum I saw how someone fixed the problem by bringing the services that were missing over from a working computer's registry. The same way I did with the bfe service. Well I got impatient and started to bring the registry items over from my friends computer. After bringing the two listed in the other forum, I had almost everything working. The services that still weren't working were security center, windows defender, and a couple net.adapter services. I looked around for awhile and couldn't find the registry keys for them. I decided to export the working computers entire services list. I figured I could go through and remove the services that weren't for my computer or my registy cleaner would do it for me.... Here is were I began making mistakes that lead to me having to do a reinstall. 1. Always make a backup of your registry files before you go messing with them. 2. I still can't believe I did this... instead of taking the services folder, I took the entire hkey local machine folder. After running that my custom build desktop thought it was a toshiba laptop. I did make a restore point beforehand, but doing that screwd the restore functions. Had I had a back up of the registry I was replacing I would have been fine. So I had to do a reinstall. Once everything was backup and running, with the basics, I exported a copy of the services in the registry and exported a copy of the hkey local machine folder.... should something like this happen again, I'll have it fixed in 5 min.
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Issues removing Windows
  1. FusionTecg
    Replies:
    25
    Views:
    2,678
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1031098

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice