PDA

View Full Version : Windows security center keeps getting disabled/brower redirect



peeby1
2011-05-27, 03:14
hello, I have an error on my windows 7 OS. My action center icon in the super bar keeps saying windows security center is disabled. When i go to services to start it again it goes back to the disabled state. Also my browser redirects to sites i did not tell it too and it annoys me. I've ran malware antibytes multiple times as well as scans from CCleaner Spybot, webroot antivirus, avast free, windows defender they have found files and deleted them but it still remains. here is my dds and spybot log. Oh and spybot reports these lines
(SBI $2E20C9A9) SETTINGS
Hkey_local_machine/system/currentcontrolset/services/wscsvc/start (is not) w= 2
(SBI $2E20C9A9) SETTINGS
Hkey_local_machine/system/currentcontrolset/services/wscsvc/start (is not) w= 2 (64 bit)


dds.TXT
DDS (Ver_2011-05-26.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Owner at 19:53:58 on 2011-05-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1779 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\IObit\Game Booster\gbtray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=MAGW
uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mStart Page = hxxp://www.bing.com/?pc=MAGW
uURLSearchHooks: H - No File
BHO: MRI_DISABLED - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [SpybotSD TeaTimer] "C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
dRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: Interfaces\{6D33C709-1887-4AAD-8109-0B563C56E879}: DhcpNameServer = 208.48.253.106 208.48.253.110
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xhkg1xnn.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\System32\npmproxy.dll
FF - plugin: C:\Windows\System32\npOGPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-3-17 55280]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2011-3-14 17720]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-5-26 600920]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-5-26 287576]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-3-9 254528]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 188928]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-26 202752]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-1-26 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-5-26 22360]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-5-26 64344]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-5-26 42184]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-9-23 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-10-30 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-6-28 255744]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-9-23 243232]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-3-13 46136]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-9-23 6405632]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-9-23 188928]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-15 384040]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-10-24 40832]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-10-30 38456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-13 136176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-5-25 1153368]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-13 136176]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-23 246376]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-9 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-19 1255736]
.
=============== Created Last 30 ================
.
2073-10-27 15:55:34 1835008 ----a-w- C:\Program Files (x86)\Microsoft Games\Halo Custom Edition\haloceded.exe
2073-10-27 15:55:34 1118208 ----a-w- C:\Program Files (x86)\Microsoft Games\Halo Custom Edition\Strings.dll
2011-05-26 21:13:03 601424 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{63819DEC-18C3-465C-A97B-EA1D9C0995E2}\gapaengine.dll
2011-05-26 21:12:58 8718160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{78487232-7ECB-4C36-BEA8-19F995389171}\mpengine.dll
2011-05-26 19:28:09 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-05-26 19:28:08 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-05-26 19:28:02 40112 ----a-w- C:\Windows\avastSS.scr
2011-05-26 19:27:56 -------- d-----w- C:\ProgramData\AVAST Software
2011-05-26 19:27:56 -------- d-----w- C:\Program Files\AVAST Software
2011-05-26 19:15:52 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-05-26 19:15:47 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-05-26 19:15:26 -------- d-----w- C:\ProgramData\Webroot
2011-05-26 15:25:45 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-05-26 15:17:27 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-26 15:17:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-26 05:08:25 0 ---ha-w- C:\Users\Owner\AppData\Local\BIT4B03.tmp
2011-05-26 05:00:54 -------- d-----w- C:\Users\Owner\AppData\Roaming\GlarySoft
2011-05-26 04:58:44 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2011-05-26 04:58:43 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-26 04:58:43 20952 ----a-w- C:\Windows\SysWow64\drivers\mbam.sys
2011-05-26 04:58:43 -------- d-----w- C:\ProgramData\Malwarebytes
2011-05-25 20:00:48 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-05-25 20:00:48 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-05-25 14:27:13 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-05-24 15:16:24 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DACB70D5-9896-48FC-A943-1890394C86D0}\mpengine.dll
2011-05-21 22:38:04 -------- d-----w- C:\Users\Owner\AppData\Roaming\Movie DVD Copy
2011-05-21 22:37:28 -------- d-----w- C:\Program Files (x86)\Movie DVD Copy
2011-05-21 22:33:23 5600 ----a-w- C:\Windows\system\WINASPI.DLL
2011-05-21 22:33:23 4672 ----a-w- C:\Windows\system\WOWPOST.EXE
2011-05-21 22:33:23 45056 ----a-w- C:\Windows\SysWow64\WNASPI32.DLL
2011-05-21 22:33:23 25244 ----a-w- C:\Windows\SysWow64\drivers\ASPI32.SYS
2011-05-21 22:33:20 -------- d-----w- C:\Program Files (x86)\XviD
2011-05-21 22:33:16 641021 ----a-w- C:\Windows\unins000.exe
2011-05-21 22:33:16 187904 ----a-w- C:\Windows\SysWow64\Lame.exe
2011-05-21 22:33:16 166912 ----a-w- C:\Windows\SysWow64\Lame_enc.dll
2011-05-21 22:33:03 -------- d-----w- C:\Program Files (x86)\EasyDVDRip
2011-05-18 17:09:40 -------- d-----w- C:\ProgramData\Solidshield
2011-05-16 03:40:36 -------- d-----w- C:\Users\Owner\AppData\Local\Ubisoft Game Launcher
2011-05-16 02:54:25 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-05-16 02:54:24 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-05-16 02:54:22 -------- d-----w- C:\Users\Owner\AppData\Roaming\PunkBuster
2011-05-16 02:52:43 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2011-05-16 02:52:43 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2011-05-16 02:52:43 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2011-05-16 02:52:43 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2011-05-16 02:52:37 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2011-05-16 02:52:37 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2011-05-14 04:15:25 -------- d-----w- C:\Users\Owner\AppData\Local\FalloutNV
2011-05-13 04:13:53 -------- d-----w- C:\Program Files (x86)\Bethesda Softworks
2011-05-13 04:12:59 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-05-13 04:04:21 -------- d-----w- C:\Users\Owner\AppData\Local\Oblivion
2011-05-13 02:01:38 -------- d-----w- C:\Program Files (x86)\Siber Systems
2011-05-12 15:19:25 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-12 15:19:25 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-11 06:47:03 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-11 06:47:01 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-11 06:47:01 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-11 06:26:00 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-11 06:26:00 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-11 06:26:00 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-11 06:26:00 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-11 06:26:00 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-05-11 06:25:59 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-07 23:35:21 -------- d-----w- C:\Program Files (x86)\uTorrent
2011-05-07 23:34:25 -------- d-----w- C:\Users\Owner\AppData\Roaming\uTorrent
2011-04-28 04:51:24 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-04-28 04:51:24 31232 ----a-w- C:\Windows\System32\prevhost.exe
.
==================== Find3M ====================
.
2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:23:45 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-09 21:30:30 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-03-09 21:30:29 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-03-09 20:47:11 254528 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-02-28 08:00:00 80896 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
.
============= FINISH: 19:57:39.64 ===============

shelf life
2011-06-01, 00:49
hi peeby1,

Your post is a few days old. If you still need help simply reply back.

peeby1
2011-06-01, 04:12
it seems to be ok now thank you

shelf life
2011-06-01, 23:32
it seems to be ok now thank you

Ok, no redirects?

peeby1
2011-06-02, 06:26
nope :D i downloaded like 5 programs and one of them seemed to have worked.

shelf life
2011-06-02, 23:40
hi,

Ok then. Here are some tips to help you stay malware free:

10 Tips for Prevention and Avoidance of Malware:

There is no reason why your computer can not stay malware free.
No software can think for you. Help yourself. In no special order:


1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update (http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us) frequently or use the Windows auto-update feature. (http://www.microsoft.com/windows/downloads/windowsupdate/automaticupdate.mspx) Staying updated is also essential for web based applications, browser plugins and addons like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here. (http://secunia.com/vulnerability_scanning/online/)



2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs (http://www.malwarevault.com/signs.html)that you may have malware on your computer.



3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.



4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. Do you trust the source? See also E-mail phishing Tricks (http://www.fraud.org/tips/internet/phishing.htm).



5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.



6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?



7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.



8) Install and understand the *limitations* of a software firewall.



9) A slide show how to for securing Internet Explorer 8.0 (http://threatpost.com/en_us/slideshow/How%20to%20configure%20Internet%20Explorer%20for%20secure%20surfing) for safer surfing. How to harden FireFox. (http://threatpost.com/en_us/slideshow/How-to-configure-Mozilla-Firefox-for-secure-surfing?utm_source=Second+Sidebar&utm_medium=Featured+Slideshows&utm_campaign=Configure+Mozilla+Firefox) for safer surfing.



10) Warez, cracks etc are very popular for carrying malware payloads. If you download/install files via p2p networks you will encounter malware. A file can be named anything, be nothing but malware or have malware bundled in it. Can you really trust the source of the file?

More info/tips with pictures, links below
Happy Safe Surfing.