Issues after removing Windows 7 anti spyware virus

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

opeacemakero

Thread Starter
Joined
Dec 13, 2011
Messages
13
I had this virus last night. Just popped up with the antivirus screen, telling me I had viruses and wanting me to download it. I've seen this before. Ran avast in safemode and it didn't find anything. Istalled ad-aware and ran it in safemode. It found the virus and deleted it. Now when I try to run peerblock I get an error "One or more services are not running: Basefiltering engine, ipsec policy agent, ike and authip ipsec keyring modules". Basefiltering is not in the list, and if I go to manually start the other two services I recieve "error 1075: the dependecy service does not exist or has been marked for deletion." These services seem to have been deleted with the virus. Can these services be reinstalled somehow? I'm really tryin to avoid a complete restore of my system. Please help. I have already attempted a restore to an earlier point and my windows 7 repair disk.


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, 64 bit
Processor: AMD Phenom(tm) II X4 920 Processor, AMD64 Family 16 Model 4 Stepping 2
Processor Count: 4
RAM: 4094 Mb
Graphics Card: NVIDIA GeForce GTX 560 Ti, -2048 Mb
Hard Drives: C: Total - 70808 MB, Free - 16264 MB; D: Total - 476936 MB, Free - 165493 MB;
Motherboard: ASUSTeK Computer INC., M3N72-D
Antivirus: None

Don't know why antivirus is none, avast was running when I did this.
 

opeacemakero

Thread Starter
Joined
Dec 13, 2011
Messages
13
I should mention that I have the files quarentined. I suppose I could restore the files and attempt to remove the virus a different way. I saw some directions on editing the registry to remove this virus. What do you guys think?
 

opeacemakero

Thread Starter
Joined
Dec 13, 2011
Messages
13
So I found this link: https://answers.microsoft.com/en-us...-running/d440bf07-e9fa-40e4-9344-4651a2214cdf

I followed the instructions for taking the dll and exported reg file from a working windows 7 computer. I had to take ownership of the dll and change permissions to copy and replace the dll. After doing this for BFE, IPsec, and IKE... I now get error 5: access denied when I attempt to start BFE and error 1068: The dependency service or group failed to start for the other two. BFE is now in the registry and services list at least.... I guess. Don't know if this is progress or another nail in the coffin.
 

opeacemakero

Thread Starter
Joined
Dec 13, 2011
Messages
13
Happy, happy, joy, joy, problem solved. Came across a forum talking about the BFE not working and someone mentioned tweaking.com and their windows repair all in one. Simply put, this program is tits, ****ing brilliant. It re-wrote the registry keys for me, along with a long list of other things it does. Once installed, and on the last step, you will want to do the custom repair, because thats the only way you have the option to tick register system files. This way it will reset the BFE. I would untick the unhide non system files, don't believe its needed. Plus, out of the 13 minutes the repair took 10 were spent on this. After the repair, restart, and joy... problem solved.
 

opeacemakero

Thread Starter
Joined
Dec 13, 2011
Messages
13
Well I spoke too soon. It appears that windows firewall and windows defender are also missing from the services. When trying to run them I get error 0x80070424. I tried looking up the firewall registry entry, so I could transfer it like BFE. I believe it is the sharedaccess folder in the registry, which was already in my registry. Even though it was still there I tried transferring like before, but its still not in the services. I would like to have it back the way it was before, but I've never used windows defender and I can download a firewall equal to or better than windows firewall. If there is a solution I would like to hear it, but as of right now I think I'm okay. Any insight would be appreaciated?
 

opeacemakero

Thread Starter
Joined
Dec 13, 2011
Messages
13
Well I have found that the service computer browser is not working. Its in the services list, but I recieve error 1060 does not exist as an installed service. Please help me figure out all the services that are missing and determine if they can be repaired. I really don't wanna loose to this virus and have to do a restore.
 

opeacemakero

Thread Starter
Joined
Dec 13, 2011
Messages
13
From reading some other posts it looks like this is one of the first things your gonna ask, so here is the hijack log, and the dds log will be in the next post.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:37:30 PM, on 12/16/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Me\Desktop\dds.com
C:\Windows\SysWOW64\cmd.exe
C:\Users\Me\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://accounts.google.com/Service...le.com/mail/&scc=1&ltmpl=default&ltmplcache=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-21-218471158-3349218228-113681537-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-218471158-3349218228-113681537-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6B6111D-54AD-4B59-8014-3C5A1B5D2206}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9119 bytes
 

opeacemakero

Thread Starter
Joined
Dec 13, 2011
Messages
13
Here's the DDS reports, and from the looks of the attach log I have alot of services not working. Gmer will be in the next post.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Me at 21:44:49 on 2011-12-16
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2422 [GMT -8:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
C:\Program Files\COMODO\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\dllhost.exe
C:\Windows\System32\msdtc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://accounts.google.com/Service...le.com/mail/&scc=1&ltmpl=default&ltmplcache=2
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: battlefield.com\battlelog
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: Interfaces\{D6B6111D-54AD-4B59-8014-3C5A1B5D2206} : NameServer = 208.67.222.222,208.67.220.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
IE-X64: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE-X64: {925DAB62-F9AC-4221-806A-057BFB1014AA}
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\7bd1dycp.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.icefilms.info/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en-GB&q=
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Me\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-15 44768]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-22 2253120]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 rt61x64;Linksys Wireless-G PCI Adapter Driver;C:\Windows\system32\DRIVERS\WMP54Gv41x64.sys --> C:\Windows\system32\DRIVERS\WMP54Gv41x64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-13 136176]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-13 136176]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-7 381248]
S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2011-12-16 10:00:02 -------- d-----w- C:\Users\Me\AppData\Local\Adobe
2011-12-16 03:27:36 -------- d-----w- C:\Users\Me\AppData\Roaming\Malwarebytes
2011-12-16 03:27:31 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-16 03:27:27 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-16 03:27:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-16 02:52:29 -------- d-----w- C:\ProgramData\Comodo
2011-12-16 02:52:24 -------- d-----w- C:\Program Files\COMODO
2011-12-16 02:50:46 -------- d-----w- C:\ProgramData\Comodo Downloader
2011-12-16 02:34:03 83096 ----a-w- C:\Windows\SysWow64\SSSensor.dll
2011-12-16 02:34:01 -------- d-----w- C:\Program Files (x86)\Sygate
2011-12-16 02:08:10 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-12-16 02:08:08 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-12-16 02:07:52 41184 ----a-w- C:\Windows\avastSS.scr
2011-12-16 02:07:46 -------- d-----w- C:\Program Files\AVAST Software
2011-12-16 01:38:26 -------- d-----w- C:\Windows\System32\SPReview
2011-12-16 01:37:45 -------- d-----w- C:\Windows\System32\EventProviders
2011-12-16 01:33:59 571904 ----a-w- C:\Windows\System32\mspbda.dll
2011-12-16 01:32:59 70656 ----a-w- C:\Windows\SysWow64\amstream.dll
2011-12-16 01:30:49 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-12-16 01:30:49 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-12-16 01:30:49 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-12-16 01:30:44 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-12-16 01:30:42 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-12-16 01:30:36 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-12-16 01:30:36 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-12-16 00:57:34 -------- d-----w- C:\Users\Me\AppData\Roaming\PC Cleaners
2011-12-16 00:57:29 5122320 ----a-w- C:\Windows\uninst.exe
2011-12-16 00:57:29 -------- d-----w- C:\ProgramData\PC1Data
2011-12-16 00:06:30 -------- d-sh--w- C:\$RECYCLE.BIN
2011-12-15 23:55:47 208896 ----a-w- C:\Windows\MBR.exe
2011-12-15 23:55:46 98816 ----a-w- C:\Windows\sed.exe
2011-12-15 23:55:46 518144 ----a-w- C:\Windows\SWREG.exe
2011-12-15 23:55:46 256000 ----a-w- C:\Windows\PEV.exe
2011-12-15 02:48:50 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-15 02:48:50 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-12-15 02:48:50 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-12-15 02:48:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-15 02:48:38 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-15 02:48:27 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-15 02:48:26 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-15 02:48:26 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-15 02:33:58 -------- d-----w- C:\ProgramData\Tweaking.com
2011-12-15 01:50:05 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2011-12-15 01:49:44 379 ----a-w- C:\temp140.bat
2011-12-15 01:49:30 290304 ----a-w- C:\subinacl.exe
2011-12-15 01:27:09 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2011-12-13 22:45:36 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-12-13 22:35:24 -------- d-----w- C:\MGADiagToolOutput
2011-12-13 18:55:05 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-12-12 02:14:31 -------- d-----w- C:\Windows\System32\wbem\repository
2011-12-07 03:08:08 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C7562C90-F99C-4A59-BD31-97918075EC96}\mpengine.dll
2011-12-04 19:24:27 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-04 02:55:56 -------- d-----w- C:\Users\Me\AppData\Local\The Witcher 2
2011-12-02 01:34:48 -------- d-----w- C:\ProgramData\WEBREG
2011-12-02 01:34:22 -------- d-----w- C:\Users\Me\AppData\Local\HP
2011-12-02 01:33:56 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2011-12-02 01:30:59 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2011-12-02 01:30:36 -------- d-----w- C:\Program Files (x86)\HP
2011-12-01 02:15:31 -------- d-----w- C:\ProgramData\Solidshield
2011-12-01 01:56:32 279616 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-12-01 01:47:40 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2011-11-27 18:32:47 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-27 18:32:46 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-27 18:32:45 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-27 18:18:13 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2011-11-27 18:16:40 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-11-25 21:53:40 -------- d-----w- C:\Users\Me\AppData\Roaming\Ubisoft
2011-11-24 11:00:34 -------- d-----w- C:\Users\Me\AppData\Roaming\PunkBuster
2011-11-22 17:09:51 -------- d-----w- C:\Program Files (x86)\AMD
2011-11-22 17:09:49 -------- d-----w- C:\Users\Me\AppData\Local\Downloaded Installations
2011-11-17 06:43:40 -------- d-----w- C:\Users\Me\AppData\Roaming\TS3Client
2011-11-17 06:42:21 -------- d-----w- C:\Program Files\TeamSpeak 3 Client
.
==================== Find3M ====================
.
2011-12-16 09:22:09 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-12-16 09:22:09 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-12-16 09:19:47 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-12-16 01:42:33 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-12-16 01:42:33 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-12-07 03:07:58 270720 ----a-w- C:\Windows\System32\MpSigStub.exe
2011-12-07 00:47:29 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-11-08 02:53:44 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-31 20:04:29 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-10-22 11:21:42 71680 ----a-w- C:\Windows\System32\frapsv64.dll
2011-10-22 11:21:38 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll
2011-10-10 07:35:26 22408 ----a-w- C:\Windows\System32\drivers\LGBusEnum.sys
2011-10-10 07:35:26 16008 ----a-w- C:\Windows\System32\drivers\LGVirHid.sys
2011-10-08 02:47:58 574216 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2011-10-08 02:47:58 43248 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2011-10-08 02:47:56 16528 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2011-10-08 02:47:14 41200 ----a-w- C:\Windows\System32\cmdcsr.dll
2011-10-08 02:47:12 300200 ----a-w- C:\Windows\SysWow64\guard32.dll
2011-10-08 02:47:10 388280 ----a-w- C:\Windows\System32\guard64.dll
2011-09-29 01:45:42 15453832 ----a-w- C:\Windows\SysWow64\xlive.dll
2011-09-29 01:45:42 13642888 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
.
============= FINISH: 21:45:15.26 ===============
 

Attachments

opeacemakero

Thread Starter
Joined
Dec 13, 2011
Messages
13
Here is Gmer

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-16 22:08:55
Windows 6.1.7601 Service Pack 1
Running: j11rz499.exe

---- Files - GMER 1.0.15 ----
File C:\Users\Me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HILYKWM9\1031098-issues-after-removing-windows-7-a[1].htm 107027 bytes
File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\r9 0 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f} 0 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\attrib 0 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image 0 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users 0 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me 0 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData 0 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local 0 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft 0 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows 0 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Explorer 0 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db 24 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db 1048576 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db 24 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db 24 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db 3256 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db 24 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\History 0 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\History\History.IE5 0 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 16384 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Temporary Internet Files 0 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 0 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8BM2OQQH 0 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8BM2OQQH\desktop.ini 67 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A56Y397M 0 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A56Y397M\desktop.ini 67 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 32768 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K029EWLF 0 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K029EWLF\desktop.ini 67 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KJ4HIC8T 0 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KJ4HIC8T\desktop.ini 67 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Temp 0 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Temp\Attach.txt 19767 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Local\Temp\DDS.txt 19914 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Roaming 0 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Roaming\Microsoft 0 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Roaming\Microsoft\Windows 0 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Roaming\Microsoft\Windows\Cookies 0 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Users\Me\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 16384 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Windows 0 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Windows\Prefetch 0 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Windows\Prefetch\CMD.EXE-AC113AA8.pf 17280 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf 20754 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Windows\Prefetch\CSCRIPT.EXE-0FB3F22C.pf 52520 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Windows\Prefetch\FIND.EXE-9AADDA11.pf 11384 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Windows\Prefetch\FINDSTR.EXE-6C611AA6.pf 15110 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Windows\Prefetch\NOTEPAD.EXE-1605FA5B.pf 26366 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Windows\Prefetch\PEV.DAT-9D926FFB.pf 19918 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Windows\Prefetch\REG.EXE-4978446A.pf 16762 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Windows\Prefetch\SED.DAT-C48A0040.pf 12136 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Windows\Prefetch\SORT.EXE-522F521C.pf 12296 bytes
File C:\## aswSnx private storage\r9\dds.com_{9ae9aa4a-2868-11e1-bd19-00248c14fa6f}\image\Windows\Prefetch\SWREG.DAT-42BE8CD4.pf 15868 bytes
File C:\## aswSnx private storage\snx_rhive 262144 bytes
File C:\## aswSnx private storage\snx_rhive.LOG1 37888 bytes
File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
File C:\## aswSnx private storage\snx_rhive{9ae9aa4c-2868-11e1-bd19-00248c14fa6f}.TM.blf 65536 bytes
File C:\## aswSnx private storage\snx_rhive{9ae9aa4c-2868-11e1-bd19-00248c14fa6f}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\snx_rhive{9ae9aa4c-2868-11e1-bd19-00248c14fa6f}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
---- EOF - GMER 1.0.15 ----
 

opeacemakero

Thread Starter
Joined
Dec 13, 2011
Messages
13
Here's the combo fix log. I didn't check all the services, but computer browser still gives error 1060 service not installed after running combo fix.
 

Attachments

opeacemakero

Thread Starter
Joined
Dec 13, 2011
Messages
13
Please respond to me. Its been a week since my first post. I'm starting to notice other things acting up. I've had the system freeze up a couple times. Some of my save games on skyrim simply won't load (lost like 10 hours of play), sometimes the game won't start. BF3 was acting funny, proxifier won't even start. I'm on the verge of doing a complete restore. I don't even wanna think about the time that will take... so many programs to reinstall. Skyrim alone has countless mods added. Adobe CS5 takes forever. It'll be an all day project, and after that days later I'll go to do something and realize I didn't reinstall it and have to take more time. I haven't lost to a virus in two years. Please help me.
 

opeacemakero

Thread Starter
Joined
Dec 13, 2011
Messages
13
In a diffent forum I saw how someone fixed the problem by bringing the services that were missing over from a working computer's registry. The same way I did with the bfe service. Well I got impatient and started to bring the registry items over from my friends computer. After bringing the two listed in the other forum, I had almost everything working. The services that still weren't working were security center, windows defender, and a couple net.adapter services. I looked around for awhile and couldn't find the registry keys for them. I decided to export the working computers entire services list. I figured I could go through and remove the services that weren't for my computer or my registy cleaner would do it for me.... Here is were I began making mistakes that lead to me having to do a reinstall. 1. Always make a backup of your registry files before you go messing with them. 2. I still can't believe I did this... instead of taking the services folder, I took the entire hkey local machine folder. After running that my custom build desktop thought it was a toshiba laptop. I did make a restore point beforehand, but doing that screwd the restore functions. Had I had a back up of the registry I was replacing I would have been fine. So I had to do a reinstall. Once everything was backup and running, with the basics, I exported a copy of the services in the registry and exported a copy of the hkey local machine folder.... should something like this happen again, I'll have it fixed in 5 min.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top