# Cant download anything



## koyoupi (Sep 29, 2012)

Hi, suddenly,my computer cant download anything from the internet.i tried using various browsers and all wont work.i check the required settings and all are in order.I had a similar problem like this happen to my safari,however,i just switched to another browser and ignored the problem.I ran avg 2013 full scan and eset nod32 full scan and removed threats,it didnt solve the problems.im running windows 7 64bit.Not sure if this is related,about the same time,recently installed shortcuts on my desktop wont work.Hope someone can help asap.thanks.


----------



## Ent (Apr 11, 2009)

To provide the antimalware experts with the information that they require to diagnose and solve your problem, please follow the instructions in this sticky thread and post the logs requested.
http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html
If you're unable to download the programs from that machine, try to download them with another computer and copy them across on a USB flash drive.


----------



## koyoupi (Sep 29, 2012)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:08:49 PM, on 29/9/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
E:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
E:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
E:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
E:\Program Files\AVG Secure Search\vprot.exe
E:\Program Files (x86)\steam\Steam.exe
E:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Users\user\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = E:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - E:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: uTorrentControl_v2 - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - E:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - E:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - E:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - E:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - E:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [Razer Mamba Elite Driver] E:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [vProt] "E:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_ROC_NT] "E:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "E:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://E:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @E:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - E:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: e:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: e:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - E:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - E:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - E:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - E:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - E:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - Unknown owner - E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - E:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - E:\Windows\system32\srvany.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - E:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - E:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - E:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - E:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - E:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - E:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - E:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - E:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - E:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - E:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - E:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - E:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - E:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - E:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - E:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - E:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - E:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - E:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - E:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 10559 bytes


----------



## koyoupi (Sep 29, 2012)

DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.7.2
Run by user at 23:09:15 on 2012-09-29
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.65.1033.18.4078.2728 [GMT 8:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
E:\Windows\system32\wininit.exe
E:\Windows\system32\lsm.exe
E:\Windows\system32\svchost.exe -k DcomLaunch
E:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
E:\Windows\system32\svchost.exe -k RPCSS
E:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
E:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
E:\Windows\system32\svchost.exe -k netsvcs
E:\Windows\system32\svchost.exe -k LocalService
E:\Windows\system32\svchost.exe -k NetworkService
E:\Windows\System32\spoolsv.exe
E:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
E:\Windows\SysWOW64\PnkBstrA.exe
E:\Windows\system32\Dwm.exe
E:\Windows\system32\svchost.exe -k imgsvc
E:\Windows\system32\taskhost.exe
E:\Windows\Explorer.EXE
E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
E:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
E:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
E:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
E:\Program Files\AVG Secure Search\vprot.exe
E:\Windows\system32\SearchIndexer.exe
E:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
E:\Program Files (x86)\steam\Steam.exe
E:\Windows\system32\WUDFHost.exe
E:\Windows\system32\svchost.exe -k HPService
E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
E:\Windows\System32\svchost.exe -k secsvcs
E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
E:\Windows\system32\wuauclt.exe
E:\Program Files (x86)\Common Files\Steam\SteamService.exe
E:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Windows\system32\SearchProtocolHost.exe
E:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\Windows\system32\wbem\wmiprvse.exe
E:\Windows\system32\SearchFilterHost.exe
E:\Windows\system32\DllHost.exe
E:\Windows\SysWOW64\cmd.exe
E:\Windows\system32\conhost.exe
E:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.sg/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - E:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll
mURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - E:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - E:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - E:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - E:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - E:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - E:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - E:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - E:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - E:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - E:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - E:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - E:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [msnmsgr] "E:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "E:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Razer Mamba Elite Driver] E:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
mRun: [SunJavaUpdateSched] "E:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [vProt] "E:\Program Files\AVG Secure Search\vprot.exe"
mRun: [ROC_ROC_NT] "E:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - E:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - E:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - E:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - E:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - E:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254


----------



## Mark1956 (May 7, 2011)

Hi, my name is Mark and I will be helping you.

*IMPORTANT*:* Please take the time to read this first.*
For the *benefit of others* that are waiting for help please try to respond *as fast as you can *and make sure you *read all of the instructions* I will be giving you to follow. Time spent waiting for replies or having to repeat questions keeps *other people waiting in the queue* for help.

I am in Spain at GMT+1 hour, I check my emails several times a day so will usually reply to your responses within a few hours or less unless it is night time here. During the evening here I will usually reply within minutes. Please *try to do the same* for a swift clean up. Some Malware needs to be dealt with quickly or it will multiply and become deeply embedded in your system and *more difficult to find and remove*, so quick replies will have *more than one benefit.*

Keep in mind that *I cannot see your PC*, so please give as much detail as possible if something goes wrong or you receive any error messages.

Malware can be unpredictable and often time consuming to remove, on rare occasions something can go awry and your system may need to have Windows re-installed. Please make sure before we start that you have *copies of all your important data* saved to an external hard drive or CD/DVD's. Please make sure you *disconnect any external hard drives and/or Flash drives* during the clean up.

If you have run *any scans that found an infection* please let me know.

*DO NOT* run any scans or make any changes that I have not asked you to do as this can cause misleading results and make my job much harder in trying to help you. Please also uninstall *any file sharing software* i.e. uTorrent, BitTorrent, etc, if you insist on keeping it *do not use it* until we are finished. Use of file sharing software is one of the easiest ways to get your PC infected.

If I get *no reply from you for three days* I will mark the thread as Solved and move on to helping someone else. If you know you will be unable to reply for any length of time please let me know in advance.

Please* don't abandon the thread* as soon as your PC starts to work normally again as there will be other* important checks* to make to help protect your system from re-infection. It is also important to follow the correct procedure when removing the tools used to ensure *all quarantined infections are completely removed and infected Restore Points are safely deleted.*

Stick with me and we can quickly clean up your PC, if you *cannot dedicate the time* then a Reformat and Re-install will be your quickest option.
______________________________________________________________

Please uninstall uTorrent.

Thee is no indication that you have a resident and active Anti Virus on the system. Although you have run AVG2013 and Nod32 they don't appear in your logs, have you since uninstalled them.

To keep you protected please install this Microsoft Security Essentials, let it update and run a full system scan and allow it to remove anything it finds. Post the log produced.

You have not posted the complete DDS.txt log please post it again and make sure you copy the entire log.

Click on this link to download : ADWCleaner and save it to your desktop.

*NOTE:* If using Internet Explorer and you get an alert that stops the program downloading click on *Tools > Smartscreen Filter > Turn off Smartscreen Filter* then click on *OK* in the box that opens. Then click on the link again.
Close your browser and click on this icon on your desktop:









You will then see the screen below, click on the *Delete* button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post.










_________________________________________________________________________

Download RogueKiller (by tigzy) and save direct to your Desktop.

On the web page click on this:









Quit all running programs
Start RogueKiller.exe
Wait until Prescan has finished.
Ensure all boxes are ticked under "Report" tab.
Click on Scan.
Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
NOTE: *DO NOT attempt to remove anything that the scan detects.*


----------



## koyoupi (Sep 29, 2012)

yea.i uninstalled all the anti-virus as i was checking if it was blocking access to download.i also have uninstalled utorrent,i dun really use it at all.my side is GMT+8.running the scans now


----------



## koyoupi (Sep 29, 2012)

# AdwCleaner v2.003 - Logfile created 09/30/2012 at 11:40:43
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : user - USER-PC
# Boot Mode : Normal
# Running from : E:\Users\user\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : E:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : E:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : E:\Program Files (x86)\Conduit
Folder Deleted : E:\Program Files\AVG Secure Search
Folder Deleted : E:\Program Files\Conduit
Folder Deleted : E:\ProgramData\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

-\\ Google Chrome v22.0.1229.79

*************************

AdwCleaner[S1].txt - [6045 octets] - [30/09/2012 11:40:43]

########## EOF - E:\AdwCleaner[S1].txt - [6105 octets] ##########


----------



## koyoupi (Sep 29, 2012)

RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Scan -- Date : 09/30/2012 11:44:37

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> C:\windows\system32\config\SOFTWARE
-> C:\Documents and Settings\Default User\NTUSER.DAT
-> C:\Documents and Settings\LocalService\NTUSER.DAT
-> C:\Documents and Settings\NetworkService\NTUSER.DAT
-> C:\Documents and Settings\User\NTUSER.DAT
-> F:\windows\system32\config\SOFTWARE
-> F:\Documents and Settings\ACDC\NTUSER.DAT
-> F:\Documents and Settings\Administrator\NTUSER.DAT
-> F:\Documents and Settings\Alicia\NTUSER.DAT
-> F:\Documents and Settings\All Users\NTUSER.DAT
-> F:\Documents and Settings\Chia\NTUSER.DAT
-> F:\Documents and Settings\Default User\NTUSER.DAT
-> F:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
-> F:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
-> F:\Documents and Settings\user\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> E:\Windows\system32\drivers\etc\hosts

127.0.0.1 validation.sls.microsoft.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD800JD-08MSA1 ATA Device +++++
--- User ---
[MBR] 494dcdb27c48b2d5cbcc80a1bba3e22b
[BSP] 11bbfe2d8fa3ae7f1b2678dab72b5b51 : Lenovo tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 72543 Mo
1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 148569120 | Size: 3773 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Hitachi HDS721050CLA362 ATA Device +++++
--- User ---
[MBR] 117c2afda5b730687bd6599824553a9d
[BSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 240002 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 491524740 | Size: 236935 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


----------



## koyoupi (Sep 29, 2012)

Im aware of Ascpmonitor.i installed it before and deleted it alr.For net tools,i thot i deleted it a while ago.but it seems it there.im aware of it as well.the others i just found out after the scan.


----------



## Mark1956 (May 7, 2011)

Can you explain why this is on your system *Windows Loader v2.1.2*

There is also evidence of pirated software:
*
F:\Documents and Settings\ACDC\My Documents\IMPORTANT\New blue\New Pack NewBlueFX II\NewBlue.Plugins.Multikeygen.DI\Keygen.exe*


----------



## koyoupi (Sep 29, 2012)

those are in my old files.which i copied from my backup to my new PC after i got a new PC.i dun use them anymore.just didnt bother deleting them


----------



## Mark1956 (May 7, 2011)

Ok, please post a complete DDS.txt log as requested, best thing to do now that some items have been removed is to run it again and make sure you copy the entire log.

Please also run RogueKiller again and this time after the pre-scan finishes click on the Hosts Fix button. Then click on Report and post that log.

When done click on the Fix Shortcuts button and again click the Report button and post that log.

Tell me if that fixes the shortcuts and/or the download problem.

__________________________________________________________________________

Reboot the PC and continue with the following scans.

Please download *Farbar Service Scanner* and run it on the computer with the issue.

*Make sure the following options are checked:*


*Internet Services*
Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

___________________________________________________________________________________

Download Security Check by screen317 from Here or Here.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


----------



## koyoupi (Sep 29, 2012)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.7.2
Run by user at 23:09:15 on 2012-09-29
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.65.1033.18.4078.2728 [GMT 8:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
E:\Windows\system32\wininit.exe
E:\Windows\system32\lsm.exe
E:\Windows\system32\svchost.exe -k DcomLaunch
E:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
E:\Windows\system32\svchost.exe -k RPCSS
E:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
E:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
E:\Windows\system32\svchost.exe -k netsvcs
E:\Windows\system32\svchost.exe -k LocalService
E:\Windows\system32\svchost.exe -k NetworkService
E:\Windows\System32\spoolsv.exe
E:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
E:\Windows\SysWOW64\PnkBstrA.exe
E:\Windows\system32\Dwm.exe
E:\Windows\system32\svchost.exe -k imgsvc
E:\Windows\system32\taskhost.exe
E:\Windows\Explorer.EXE
E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
E:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
E:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
E:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
E:\Program Files\AVG Secure Search\vprot.exe
E:\Windows\system32\SearchIndexer.exe
E:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
E:\Program Files (x86)\steam\Steam.exe
E:\Windows\system32\WUDFHost.exe
E:\Windows\system32\svchost.exe -k HPService
E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
E:\Windows\System32\svchost.exe -k secsvcs
E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
E:\Windows\system32\wuauclt.exe
E:\Program Files (x86)\Common Files\Steam\SteamService.exe
E:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Windows\system32\SearchProtocolHost.exe
E:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\Windows\system32\wbem\wmiprvse.exe
E:\Windows\system32\SearchFilterHost.exe
E:\Windows\system32\DllHost.exe
E:\Windows\SysWOW64\cmd.exe
E:\Windows\system32\conhost.exe
E:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.sg/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - E:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll
mURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - E:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - E:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - E:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - E:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - E:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - E:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - E:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - E:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - E:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - E:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - E:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - E:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [msnmsgr] "E:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "E:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Razer Mamba Elite Driver] E:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
mRun: [SunJavaUpdateSched] "E:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [vProt] "E:\Program Files\AVG Secure Search\vprot.exe"
mRun: [ROC_ROC_NT] "E:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - E:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - E:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - E:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - E:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - E:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D2564DC7-3611-403B-A720-3CA3B2BDF719} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - E:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - E:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - E:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - E:\Windows\system32\cmd.exe /D /C start E:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - E:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll
BHO-X64: uTorrentControl_v2 - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - E:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - E:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - E:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - E:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
mRun-x64: [Razer Mamba Elite Driver] E:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
mRun-x64: [SunJavaUpdateSched] "E:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [vProt] "E:\Program Files\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_ROC_NT] "E:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - E:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pdflls2g.default-1348822183021\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - plugin: E:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: E:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: E:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: E:\Program Files (x86)\Adobe\Reader 10.0\Reader\browser\nppdf32.dll
FF - plugin: E:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: E:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: E:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
FF - plugin: E:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: E:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: E:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: E:\Users\user\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: E:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: E:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;\??\E:\Windows\system32\drivers\avgtpx64.sys --> E:\Windows\system32\drivers\avgtpx64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;E:\Windows\system32\DRIVERS\dtsoftbus01.sys --> E:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 TsVp;TsVp;E:\Windows\system32\DRIVERS\tsvp.sys --> E:\Windows\system32\DRIVERS\tsvp.sys [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;E:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 UNS;Intel(R) Management and Security Application User Notification Service;E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-1-31 2656280]
R3 MEIx64;Intel(R) Management Engine Interface;E:\Windows\system32\DRIVERS\HECIx64.sys --> E:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;E:\Windows\system32\drivers\nvhda64v.sys --> E:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;E:\Windows\system32\DRIVERS\Rt64win7.sys --> E:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RzSynapse;Razer Driver;E:\Windows\system32\DRIVERS\RzSynapse.sys --> E:\Windows\system32\DRIVERS\RzSynapse.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;E:\Windows\system32\Drivers\usbaapl64.sys --> E:\Windows\system32\Drivers\usbaapl64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;E:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;"E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s --> E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [?]
S2 KMService;KMService;E:\Windows\System32\srvany.exe [2012-3-28 8192]
S3 CV2K1;CommView Network Monitor;E:\Windows\system32\DRIVERS\cv2k1.sys --> E:\Windows\system32\DRIVERS\cv2k1.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;E:\Windows\system32\DRIVERS\lvrs64.sys --> E:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam C160(UVC);E:\Windows\system32\DRIVERS\lvuvc64.sys --> E:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;E:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 Netaapl;Apple Mobile Device Ethernet Service;E:\Windows\system32\DRIVERS\netaapl64.sys --> E:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 npggsvc;nProtect GameGuard Service;E:\Windows\system32\GameMon.des -service --> E:\Windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;E:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;E:\Windows\system32\drivers\rdpvideominiport.sys --> E:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;E:\Windows\system32\drivers\tsusbflt.sys --> E:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsVlb;TsVlb;E:\Windows\system32\DRIVERS\tsvlb.sys --> E:\Windows\system32\DRIVERS\tsvlb.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;E:\Windows\system32\Wat\WatAdminSvc.exe --> E:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;E:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 250288]
S4 gupdate;Google Update Service (gupdate);E:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-28 136176]
S4 gupdatem;Google Update Service (gupdatem);E:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-28 136176]
S4 MozillaMaintenance;Mozilla Maintenance Service;E:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-28 114144]
S4 nvUpdatusService;NVIDIA Update Service Daemon;E:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-23 1262400]
S4 SkypeUpdate;Skype Updater;E:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S4 UMVPFSrv;UMVPFSrv;E:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
S4 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;E:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-9-28 722528]
.
=============== Created Last 30 ================
.
2012-09-29 01:41:17	--------	d-----w-	E:\ProgramData\Cached Installations
2012-09-29 01:07:07	--------	d-----w-	E:\Users\user\AppData\Local\{7DEE9842-DF97-4858-8C68-6C87BE414DDC}
2012-09-28 10:13:20	--------	d-----w-	E:\Users\user\AppData\Roaming\AVG2013
2012-09-28 10:12:45	--------	d-----w-	E:\Users\user\AppData\Local\AVG Secure Search
2012-09-28 10:12:28	--------	d-----w-	E:\Users\user\AppData\Roaming\TuneUp Software
2012-09-28 10:12:21	--------	d-----w-	E:\ProgramData\AVG Secure Search
2012-09-28 10:12:02	31080	----a-w-	E:\Windows\System32\drivers\avgtpx64.sys
2012-09-28 10:11:58	--------	d-----w-	E:\Program Files (x86)\Common Files\AVG Secure Search
2012-09-28 10:11:57	--------	d-----w-	E:\Program Files\AVG Secure Search
2012-09-28 10:11:57	--------	d-----w-	E:\Program Files\AVG Secure Search
2012-09-28 10:10:48	--------	d--h--w-	E:\$AVG
2012-09-28 10:10:48	--------	d-----w-	E:\ProgramData\AVG2013
2012-09-28 09:58:24	--------	d--h--w-	E:\ProgramData\Common Files
2012-09-28 09:58:24	--------	d-----w-	E:\Users\user\AppData\Local\MFAData
2012-09-28 09:58:24	--------	d-----w-	E:\Users\user\AppData\Local\Avg2013
2012-09-28 09:58:24	--------	d-----w-	E:\ProgramData\MFAData
2012-09-28 08:54:01	--------	d-----w-	E:\Users\user\AppData\Local\Macromedia
2012-09-28 08:46:56	--------	d-----w-	E:\Users\user\AppData\Local\Mozilla
2012-09-28 08:37:47	--------	d-----w-	E:\Users\user\AppData\Local\{043D5191-9BDE-419B-BB96-8CE221648D10}
2012-09-28 07:48:12	--------	d-----w-	E:\Users\user\AppData\Local\{F226B396-F75F-4AAE-AC9D-B08639934633}
2012-09-24 08:32:43	--------	d-----w-	E:\Users\user\AppData\Local\{6548B56A-D078-4514-92D7-4A1517150845}
2012-09-22 13:49:43	--------	d-----w-	E:\ProgramData\RELOADED
2012-09-22 13:39:24	--------	d-----w-	E:\R.G. Catalyst
2012-09-22 02:11:20	--------	d-----w-	E:\Users\user\AppData\Local\{43047B45-5073-4F1B-86B4-E599E5358209}
2012-09-21 13:04:33	--------	d-----w-	E:\Users\user\AppData\Roaming\Windows Authenticator
2012-09-18 02:01:24	--------	d-----w-	E:\Users\user\AppData\Local\{ABA73235-CA9B-4512-B579-207D6205C0B5}
2012-09-17 14:01:01	--------	d-----w-	E:\Users\user\AppData\Local\{877F40E3-AEC8-4F1D-A3ED-EB613ABE71E5}
2012-09-15 02:09:00	--------	d-----w-	E:\Users\user\AppData\Local\{32D04296-C428-41E1-BA7C-68EA2C022224}
2012-09-14 07:14:56	574464	----a-w-	E:\Windows\System32\d3d10level9.dll
2012-09-14 07:14:55	490496	----a-w-	E:\Windows\SysWow64\d3d10level9.dll
2012-09-14 07:14:54	950128	----a-w-	E:\Windows\System32\drivers\ndis.sys
2012-09-14 07:14:54	41472	----a-w-	E:\Windows\System32\drivers\RNDISMP.sys
2012-09-14 07:14:52	376688	----a-w-	E:\Windows\System32\drivers\netio.sys
2012-09-14 07:14:52	1913200	----a-w-	E:\Windows\System32\drivers\tcpip.sys
2012-09-14 07:14:51	288624	----a-w-	E:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-14 06:57:52	--------	d-----w-	E:\Users\user\AppData\Local\{E4391A62-D9F3-46D7-800D-33102A5CF409}
2012-09-13 04:22:08	--------	d-----w-	E:\Users\user\AppData\Local\{3908EC96-A328-4D2C-AE48-5F3CC768609F}
2012-09-12 02:58:08	--------	d-----w-	E:\Users\user\AppData\Local\{B3F416FF-7B1F-457B-A0BF-6D041514C81D}
2012-09-11 04:38:37	--------	d-----w-	E:\Users\user\AppData\Local\{09402032-BCEE-4CC4-AFDC-7F38E0A6A935}
2012-09-10 04:28:10	--------	d-----w-	E:\Users\user\AppData\Local\{38D3D166-FEF4-43E8-AA48-56B96A39B319}
2012-09-09 03:39:43	--------	d-----w-	E:\Users\user\AppData\Local\{04831D50-26A1-43D7-B4AC-64CF993D8AEA}
2012-09-08 04:08:11	--------	d-----w-	E:\Users\user\AppData\Local\{8C5777EE-5416-44DA-B408-38F1D9529101}
2012-09-06 14:00:21	--------	d-----w-	E:\Users\user\AppData\Local\{E6E18900-9634-4BA4-88EE-CFBAC90FB4A2}
2012-09-05 01:49:33	--------	d-----w-	E:\Users\user\AppData\Local\{ECC53983-8986-419A-960E-7539D896669A}
2012-09-04 05:11:02	--------	d-----w-	E:\ProgramData\TamoSoft
2012-09-04 03:35:35	--------	d-----w-	E:\Users\user\AppData\Local\{5D84EF6B-755D-4520-89D3-6B3367696B98}
2012-09-03 12:39:36	95208	----a-w-	E:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-03 04:16:37	--------	d-----w-	E:\Users\user\AppData\Local\{038B4B38-FF53-401E-A9FF-4B3B4F29C9B5}
2012-09-02 02:15:35	956928	----a-w-	E:\Windows\System32\localspl.dll
2012-09-02 02:09:33	--------	d-----w-	E:\Users\user\AppData\Local\{A16B1AAC-F811-4099-BC9F-4E1806EF79DE}
2012-09-01 03:53:18	--------	d-----w-	E:\Users\user\AppData\Local\{04935C47-F26B-47E8-A0E4-A0CEE3165044}
2012-08-31 02:43:27	--------	d-----w-	E:\Users\user\AppData\Local\{C608EDD3-4867-44AD-8AED-1C3C013E47DA}
.
==================== Find3M ====================
.
2012-09-21 11:16:17	73136	----a-w-	E:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 11:16:17	696240	----a-w-	E:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-03 12:39:30	821736	----a-w-	E:\Windows\SysWow64\npDeployJava1.dll
2012-09-03 12:39:29	746984	----a-w-	E:\Windows\SysWow64\deployJava1.dll
2012-08-24 18:05:06	1188864	----a-w-	E:\Windows\System32\wininet.dll
2012-08-24 16:57:48	981504	----a-w-	E:\Windows\SysWow64\wininet.dll
2012-08-24 15:59:30	1638912	----a-w-	E:\Windows\System32\mshtml.tlb
2012-08-24 15:20:39	1638912	----a-w-	E:\Windows\SysWow64\mshtml.tlb
2012-08-24 14:13:36	281120	----a-w-	E:\Windows\SysWow64\PnkBstrB.xtr
2012-08-24 14:13:36	281120	----a-w-	E:\Windows\SysWow64\PnkBstrB.exe
2012-08-23 12:16:07	281120	----a-w-	E:\Windows\SysWow64\PnkBstrB.ex0
2012-08-21 21:01:00	245760	----a-w-	E:\Windows\System32\OxpsConverter.exe
2012-08-20 05:36:42	75136	----a-w-	E:\Windows\SysWow64\PnkBstrA.exe
2012-07-18 18:15:06	3148800	----a-w-	E:\Windows\System32\win32k.sys
2012-07-04 22:13:27	59392	----a-w-	E:\Windows\System32\browcli.dll
2012-07-04 22:13:27	136704	----a-w-	E:\Windows\System32\browser.dll
2012-07-04 21:14:34	41984	----a-w-	E:\Windows\SysWow64\browcli.dll
.
============= FINISH: 23:10:06.02 ===============


----------



## koyoupi (Sep 29, 2012)

sry.i didnt read clearl.the above dds log is old.i will scan for a new one and post it in nxt post


----------



## koyoupi (Sep 29, 2012)

RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : HOSTSFix -- Date : 09/30/2012 19:53:30

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> C:\windows\system32\config\SOFTWARE
-> C:\Documents and Settings\Default User\NTUSER.DAT
-> C:\Documents and Settings\LocalService\NTUSER.DAT
-> C:\Documents and Settings\NetworkService\NTUSER.DAT
-> C:\Documents and Settings\User\NTUSER.DAT
-> F:\windows\system32\config\SOFTWARE
-> F:\Documents and Settings\ACDC\NTUSER.DAT
-> F:\Documents and Settings\Administrator\NTUSER.DAT
-> F:\Documents and Settings\Alicia\NTUSER.DAT
-> F:\Documents and Settings\All Users\NTUSER.DAT
-> F:\Documents and Settings\Chia\NTUSER.DAT
-> F:\Documents and Settings\Default User\NTUSER.DAT
-> F:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
-> F:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
-> F:\Documents and Settings\user\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> E:\Windows\system32\drivers\etc\hosts

127.0.0.1 validation.sls.microsoft.com

¤¤¤ Resetted HOSTS: ¤¤¤

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


----------



## koyoupi (Sep 29, 2012)

after fix shortcuts:

RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Shortcuts HJfix -- Date : 09/30/2012 20:43:40

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> C:\windows\system32\config\SOFTWARE
-> C:\Documents and Settings\Default User\NTUSER.DAT
-> C:\Documents and Settings\LocalService\NTUSER.DAT
-> C:\Documents and Settings\NetworkService\NTUSER.DAT
-> C:\Documents and Settings\User\NTUSER.DAT
-> F:\windows\system32\config\SOFTWARE
-> F:\Documents and Settings\ACDC\NTUSER.DAT
-> F:\Documents and Settings\Administrator\NTUSER.DAT
-> F:\Documents and Settings\Alicia\NTUSER.DAT
-> F:\Documents and Settings\All Users\NTUSER.DAT
-> F:\Documents and Settings\Chia\NTUSER.DAT
-> F:\Documents and Settings\Default User\NTUSER.DAT
-> F:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
-> F:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
-> F:\Documents and Settings\user\NTUSER.DAT

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 6 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 107 / Fail 0
My documents: Success 90 / Fail 90
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 2 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 1492 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[F:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[G:] \Device\CdRom1 -- 0x5 --> Skipped

Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt


----------



## koyoupi (Sep 29, 2012)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.7.2
Run by user at 20:46:08 on 2012-09-30
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.65.1033.18.4078.2489 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
E:\Windows\system32\wininit.exe
E:\Windows\system32\lsm.exe
E:\Windows\system32\svchost.exe -k DcomLaunch
E:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
E:\Windows\system32\svchost.exe -k RPCSS
E:\Program Files\Microsoft Security Client\MsMpEng.exe
E:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
E:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
E:\Windows\system32\svchost.exe -k netsvcs
E:\Windows\system32\svchost.exe -k LocalService
E:\Windows\system32\svchost.exe -k NetworkService
E:\Windows\System32\spoolsv.exe
E:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
E:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\Windows\SysWOW64\PnkBstrA.exe
E:\Windows\system32\Dwm.exe
E:\Windows\system32\taskhost.exe
E:\Windows\system32\svchost.exe -k imgsvc
E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
E:\Windows\Explorer.EXE
E:\Program Files\Microsoft Security Client\NisSrv.exe
E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
E:\Program Files\Microsoft Security Client\msseces.exe
E:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
E:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
E:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
E:\Windows\system32\SearchIndexer.exe
E:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
E:\Windows\system32\svchost.exe -k HPService
E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
E:\Program Files (x86)\steam\Steam.exe
E:\Windows\system32\WUDFHost.exe
E:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Windows\system32\taskeng.exe
E:\Windows\system32\wbem\wmiprvse.exe
E:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Windows\system32\SearchProtocolHost.exe
E:\Windows\system32\SearchFilterHost.exe
E:\Windows\SysWOW64\cmd.exe
E:\Windows\system32\conhost.exe
E:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.sg/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - E:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - E:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - E:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - E:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - E:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - E:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - E:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No File
uRun: [msnmsgr] "E:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "E:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Razer Mamba Elite Driver] E:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
mRun: [SunJavaUpdateSched] "E:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [vProt] "E:\Program Files\AVG Secure Search\vprot.exe"
mRun: [ROC_ROC_NT] "E:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - E:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - E:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - E:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - E:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - E:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D2564DC7-3611-403B-A720-3CA3B2BDF719} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - E:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - E:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - E:\Windows\system32\cmd.exe /D /C start E:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - E:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No File
mRun-x64: [Razer Mamba Elite Driver] E:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
mRun-x64: [SunJavaUpdateSched] "E:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [vProt] "E:\Program Files\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_ROC_NT] "E:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - E:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pdflls2g.default-1348822183021\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - plugin: E:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: E:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: E:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: E:\Program Files (x86)\Adobe\Reader 10.0\Reader\browser\nppdf32.dll
FF - plugin: E:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: E:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: E:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
FF - plugin: E:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: E:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: E:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: E:\Users\user\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: E:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: E:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;E:\Windows\system32\DRIVERS\MpFilter.sys --> E:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 avgtp;avgtp;\??\E:\Windows\system32\drivers\avgtpx64.sys --> E:\Windows\system32\drivers\avgtpx64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;E:\Windows\system32\DRIVERS\dtsoftbus01.sys --> E:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 TsVp;TsVp;E:\Windows\system32\DRIVERS\tsvp.sys --> E:\Windows\system32\DRIVERS\tsvp.sys [?]
R2 NisDrv;Microsoft Network Inspection System;E:\Windows\system32\DRIVERS\NisDrvWFP.sys --> E:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;E:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 UNS;Intel(R) Management and Security Application User Notification Service;E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-1-31 2656280]
R3 MEIx64;Intel(R) Management Engine Interface;E:\Windows\system32\DRIVERS\HECIx64.sys --> E:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NisSrv;Microsoft Network Inspection;E:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;E:\Windows\system32\drivers\nvhda64v.sys --> E:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;E:\Windows\system32\DRIVERS\Rt64win7.sys --> E:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RzSynapse;Razer Driver;E:\Windows\system32\DRIVERS\RzSynapse.sys --> E:\Windows\system32\DRIVERS\RzSynapse.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;E:\Windows\system32\Drivers\usbaapl64.sys --> E:\Windows\system32\Drivers\usbaapl64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;E:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;"E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s --> E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [?]
S2 KMService;KMService;E:\Windows\System32\srvany.exe [2012-3-28 8192]
S3 CV2K1;CommView Network Monitor;E:\Windows\system32\DRIVERS\cv2k1.sys --> E:\Windows\system32\DRIVERS\cv2k1.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;E:\Windows\system32\DRIVERS\lvrs64.sys --> E:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam C160(UVC);E:\Windows\system32\DRIVERS\lvuvc64.sys --> E:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;E:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 Netaapl;Apple Mobile Device Ethernet Service;E:\Windows\system32\DRIVERS\netaapl64.sys --> E:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 npggsvc;nProtect GameGuard Service;E:\Windows\system32\GameMon.des -service --> E:\Windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;E:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;E:\Windows\system32\drivers\rdpvideominiport.sys --> E:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;E:\Windows\system32\drivers\tsusbflt.sys --> E:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsVlb;TsVlb;E:\Windows\system32\DRIVERS\tsvlb.sys --> E:\Windows\system32\DRIVERS\tsvlb.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;E:\Windows\system32\Wat\WatAdminSvc.exe --> E:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;E:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 250288]
S4 gupdate;Google Update Service (gupdate);E:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-28 136176]
S4 gupdatem;Google Update Service (gupdatem);E:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-28 136176]
S4 MozillaMaintenance;Mozilla Maintenance Service;E:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-28 114144]
S4 nvUpdatusService;NVIDIA Update Service Daemon;E:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-23 1262400]
S4 SkypeUpdate;Skype Updater;E:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S4 UMVPFSrv;UMVPFSrv;E:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
S4 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;E:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe --> E:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [?]
.
=============== Created Last 30 ================
.
2012-09-30 07:42:58	--------	d-----w-	E:\Windows\SysWow64\zh-CHT
2012-09-30 07:42:27	--------	d-----w-	E:\Windows\SysWow64\drivers\zh-TW
2012-09-30 07:42:23	--------	d-----w-	E:\Windows\SysWow64\wbem\zh-TW
2012-09-30 07:42:22	--------	d-----w-	E:\Windows\SysWow64\wbem\zh-HK
2012-09-30 07:42:19	--------	d-----w-	E:\Windows\zh-TW
2012-09-30 07:42:16	--------	d-----w-	E:\Windows\System32\zh-CHT
2012-09-30 07:41:34	--------	d-----w-	E:\Windows\System32\drivers\zh-TW
2012-09-30 07:41:34	--------	d-----w-	E:\Windows\System32\drivers\zh-HK
2012-09-30 07:41:34	--------	d-----w-	E:\Windows\System32\drivers\UMDF\zh-TW
2012-09-30 07:41:29	--------	d-----w-	E:\Windows\System32\wbem\zh-TW
2012-09-30 07:41:27	--------	d-----w-	E:\Windows\System32\wbem\zh-HK
2012-09-30 07:32:38	5120	----a-w-	E:\Windows\System32\drivers\zh-TW\tunnel.sys.mui
2012-09-30 07:32:38	3072	----a-w-	E:\Windows\System32\drivers\zh-TW\tsusbhub.sys.mui
2012-09-30 07:32:38	3072	----a-w-	E:\Windows\System32\drivers\zh-TW\tsusbflt.sys.mui
2012-09-30 07:32:38	23552	----a-w-	E:\Windows\System32\drivers\zh-TW\usbport.sys.mui
2012-09-30 07:32:38	11776	----a-w-	E:\Windows\System32\drivers\zh-TW\usbhub.sys.mui
2012-09-30 07:32:34	4608	----a-w-	E:\Windows\System32\drivers\zh-TW\rdvgkmd.sys.mui
2012-09-30 07:32:34	2560	----a-w-	E:\Windows\System32\drivers\zh-TW\rdpwd.sys.mui
2012-09-30 07:32:26	9728	----a-w-	E:\Windows\System32\drivers\zh-TW\battc.sys.mui
2012-09-30 03:40:48	972192	----a-w-	E:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD8387ED-7065-478E-B863-9D46AB93991D}\gapaengine.dll
2012-09-30 03:40:45	9308616	----a-w-	E:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68532D29-EE0A-4D5C-BCBB-9CAB666E01B3}\mpengine.dll
2012-09-30 03:39:28	--------	d-----w-	E:\Program Files\Microsoft Security Client
2012-09-30 03:39:28	--------	d-----w-	E:\Program Files\Microsoft Security Client
2012-09-30 03:39:23	--------	d-----w-	E:\Users\user\AppData\Local\{1469C013-A06A-4162-9C5C-BC75DE9FD3C0}
2012-09-29 01:41:17	--------	d-----w-	E:\ProgramData\Cached Installations
2012-09-29 01:07:07	--------	d-----w-	E:\Users\user\AppData\Local\{7DEE9842-DF97-4858-8C68-6C87BE414DDC}
2012-09-28 10:13:20	--------	d-----w-	E:\Users\user\AppData\Roaming\AVG2013
2012-09-28 10:12:45	--------	d-----w-	E:\Users\user\AppData\Local\AVG Secure Search
2012-09-28 10:12:28	--------	d-----w-	E:\Users\user\AppData\Roaming\TuneUp Software
2012-09-28 10:12:02	31080	----a-w-	E:\Windows\System32\drivers\avgtpx64.sys
2012-09-28 10:10:48	--------	d-----w-	E:\ProgramData\AVG2013
2012-09-28 10:10:48	--------	d-----w-	E:\$AVG
2012-09-28 09:58:24	--------	d-----w-	E:\Users\user\AppData\Local\MFAData
2012-09-28 09:58:24	--------	d-----w-	E:\Users\user\AppData\Local\Avg2013
2012-09-28 09:58:24	--------	d-----w-	E:\ProgramData\MFAData
2012-09-28 09:58:24	--------	d-----w-	E:\ProgramData\Common Files
2012-09-28 08:54:01	--------	d-----w-	E:\Users\user\AppData\Local\Macromedia
2012-09-28 08:46:56	--------	d-----w-	E:\Users\user\AppData\Local\Mozilla
2012-09-28 08:37:47	--------	d-----w-	E:\Users\user\AppData\Local\{043D5191-9BDE-419B-BB96-8CE221648D10}
2012-09-28 07:48:12	--------	d-----w-	E:\Users\user\AppData\Local\{F226B396-F75F-4AAE-AC9D-B08639934633}
2012-09-24 08:32:43	--------	d-----w-	E:\Users\user\AppData\Local\{6548B56A-D078-4514-92D7-4A1517150845}
2012-09-22 13:49:43	--------	d-----w-	E:\ProgramData\RELOADED
2012-09-22 13:39:24	--------	d-----w-	E:\R.G. Catalyst
2012-09-22 02:11:20	--------	d-----w-	E:\Users\user\AppData\Local\{43047B45-5073-4F1B-86B4-E599E5358209}
2012-09-21 13:04:33	--------	d-----w-	E:\Users\user\AppData\Roaming\Windows Authenticator
2012-09-18 02:01:24	--------	d-----w-	E:\Users\user\AppData\Local\{ABA73235-CA9B-4512-B579-207D6205C0B5}
2012-09-17 14:01:01	--------	d-----w-	E:\Users\user\AppData\Local\{877F40E3-AEC8-4F1D-A3ED-EB613ABE71E5}
2012-09-15 02:09:00	--------	d-----w-	E:\Users\user\AppData\Local\{32D04296-C428-41E1-BA7C-68EA2C022224}
2012-09-14 07:14:56	574464	----a-w-	E:\Windows\System32\d3d10level9.dll
2012-09-14 07:14:55	490496	----a-w-	E:\Windows\SysWow64\d3d10level9.dll
2012-09-14 07:14:54	950128	----a-w-	E:\Windows\System32\drivers\ndis.sys
2012-09-14 07:14:54	41472	----a-w-	E:\Windows\System32\drivers\RNDISMP.sys
2012-09-14 07:14:52	376688	----a-w-	E:\Windows\System32\drivers\netio.sys
2012-09-14 07:14:52	1913200	----a-w-	E:\Windows\System32\drivers\tcpip.sys
2012-09-14 07:14:51	288624	----a-w-	E:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-14 06:57:52	--------	d-----w-	E:\Users\user\AppData\Local\{E4391A62-D9F3-46D7-800D-33102A5CF409}
2012-09-13 04:22:08	--------	d-----w-	E:\Users\user\AppData\Local\{3908EC96-A328-4D2C-AE48-5F3CC768609F}
2012-09-12 02:58:08	--------	d-----w-	E:\Users\user\AppData\Local\{B3F416FF-7B1F-457B-A0BF-6D041514C81D}
2012-09-11 04:38:37	--------	d-----w-	E:\Users\user\AppData\Local\{09402032-BCEE-4CC4-AFDC-7F38E0A6A935}
2012-09-10 04:28:10	--------	d-----w-	E:\Users\user\AppData\Local\{38D3D166-FEF4-43E8-AA48-56B96A39B319}
2012-09-09 03:39:43	--------	d-----w-	E:\Users\user\AppData\Local\{04831D50-26A1-43D7-B4AC-64CF993D8AEA}
2012-09-08 04:08:11	--------	d-----w-	E:\Users\user\AppData\Local\{8C5777EE-5416-44DA-B408-38F1D9529101}
2012-09-06 14:00:21	--------	d-----w-	E:\Users\user\AppData\Local\{E6E18900-9634-4BA4-88EE-CFBAC90FB4A2}
2012-09-05 01:49:33	--------	d-----w-	E:\Users\user\AppData\Local\{ECC53983-8986-419A-960E-7539D896669A}
2012-09-04 05:11:02	--------	d-----w-	E:\ProgramData\TamoSoft
2012-09-04 03:35:35	--------	d-----w-	E:\Users\user\AppData\Local\{5D84EF6B-755D-4520-89D3-6B3367696B98}
2012-09-03 12:39:36	95208	----a-w-	E:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-03 04:16:37	--------	d-----w-	E:\Users\user\AppData\Local\{038B4B38-FF53-401E-A9FF-4B3B4F29C9B5}
2012-09-02 02:15:35	956928	----a-w-	E:\Windows\System32\localspl.dll
2012-09-02 02:09:33	--------	d-----w-	E:\Users\user\AppData\Local\{A16B1AAC-F811-4099-BC9F-4E1806EF79DE}
2012-09-01 03:53:18	--------	d-----w-	E:\Users\user\AppData\Local\{04935C47-F26B-47E8-A0E4-A0CEE3165044}
.
==================== Find3M ====================
.
2012-09-21 11:16:17	73136	----a-w-	E:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 11:16:17	696240	----a-w-	E:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-03 12:39:30	821736	----a-w-	E:\Windows\SysWow64\npDeployJava1.dll
2012-09-03 12:39:29	746984	----a-w-	E:\Windows\SysWow64\deployJava1.dll
2012-08-30 14:03:48	228768	----a-w-	E:\Windows\System32\drivers\MpFilter.sys
2012-08-30 14:03:48	128456	----a-w-	E:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-24 18:05:06	1188864	----a-w-	E:\Windows\System32\wininet.dll
2012-08-24 16:57:48	981504	----a-w-	E:\Windows\SysWow64\wininet.dll
2012-08-24 15:59:30	1638912	----a-w-	E:\Windows\System32\mshtml.tlb
2012-08-24 15:20:39	1638912	----a-w-	E:\Windows\SysWow64\mshtml.tlb
2012-08-24 14:13:36	281120	----a-w-	E:\Windows\SysWow64\PnkBstrB.xtr
2012-08-24 14:13:36	281120	----a-w-	E:\Windows\SysWow64\PnkBstrB.exe
2012-08-23 12:16:07	281120	----a-w-	E:\Windows\SysWow64\PnkBstrB.ex0
2012-08-21 21:01:00	245760	----a-w-	E:\Windows\System32\OxpsConverter.exe
2012-08-20 05:36:42	75136	----a-w-	E:\Windows\SysWow64\PnkBstrA.exe
2012-07-18 18:15:06	3148800	----a-w-	E:\Windows\System32\win32k.sys
2012-07-04 22:13:27	59392	----a-w-	E:\Windows\System32\browcli.dll
2012-07-04 22:13:27	136704	----a-w-	E:\Windows\System32\browser.dll
2012-07-04 21:14:34	41984	----a-w-	E:\Windows\SysWow64\browcli.dll
.
============= FINISH: 20:47:05.44 ===============


----------



## koyoupi (Sep 29, 2012)

shortcuts seems to be fixed.but the bigger problem for me,the downloads arent


----------



## koyoupi (Sep 29, 2012)

Farbar Service Scanner Version: 19-09-2012
Ran by user (administrator) on 30-09-2012 at 20:52:23
Running from "E:\Users\user\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Other Services:
==============


File Check:
========
E:\Windows\System32\nsisvc.dll => MD5 is legit
E:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
E:\Windows\System32\dhcpcore.dll => MD5 is legit
E:\Windows\System32\drivers\afd.sys => MD5 is legit
E:\Windows\System32\drivers\tdx.sys => MD5 is legit
E:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
E:\Windows\System32\dnsrslvr.dll => MD5 is legit
E:\Windows\System32\svchost.exe => MD5 is legit
E:\Windows\System32\rpcss.dll => MD5 is legit


**** E


----------



## koyoupi (Sep 29, 2012)

Results of screen317's Security Check version 0.99.51 
Windows 7 Service Pack 1 x86 *(UAC is disabled!)* 
Internet Explorer 8 *Out of date!* 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
Microsoft Security Essentials 
Antivirus up to date! 
*`````````Anti-malware/Other Utilities Check:`````````* 
JavaFX 2.1.1 
Java 7 Update 7 
Adobe Flash Player 11.4.402.265 
Adobe Reader X 10.1.3 *Adobe Reader out of Date!* 
Mozilla Firefox (15.0.1) 
Google Chrome 21.0.1180.83 
Google Chrome 21.0.1180.89 
Google Chrome 22.0.1229.79 
*````````Process Check: objlist.exe by Laurent````````* 
Microsoft Security Essentials MSMpEng.exe 
Microsoft Security Essentials msseces.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive E: 1% 
*````````````````````End of Log``````````````````````*


----------



## Mark1956 (May 7, 2011)

Please run the Farbar Service Scanner again and check these items.


*System Restore*
*Security Center*
*Windows Update*
Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


----------



## koyoupi (Sep 29, 2012)

Farbar Service Scanner Version: 19-09-2012
Ran by user (administrator) on 01-10-2012 at 10:38:50
Running from "E:\Users\user\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Other Services:
==============


File Check:
========
E:\Windows\System32\nsisvc.dll => MD5 is legit
E:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
E:\Windows\System32\dhcpcore.dll => MD5 is legit
E:\Windows\System32\drivers\afd.sys => MD5 is legit
E:\Windows\System32\drivers\tdx.sys => MD5 is legit
E:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
E:\Windows\System32\dnsrslvr.dll => MD5 is legit
E:\Windows\System32\SDRSVC.dll => MD5 is legit
E:\Windows\System32\vssvc.exe => MD5 is legit
E:\Windows\System32\wscsvc.dll => MD5 is legit
E:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
E:\Windows\System32\wuaueng.dll => MD5 is legit
E:\Windows\System32\qmgr.dll => MD5 is legit
E:\Windows\System32\es.dll => MD5 is legit
E:\Windows\System32\cryptsvc.dll => MD5 is legit
E:\Windows\System32\svchost.exe => MD5 is legit
E:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


----------



## Mark1956 (May 7, 2011)

That log has come up clean.

Please describe what happens when you try to download something, you haven't reported any problem downloading the tools we have used or are you transferring them from another PC?

Is it something specific that you are having a problem downloading?

Please run this tool:
AVG Removal tool

Also follow the uninstall instructions on this page Eset Uninstall instructions to make sure the remnants have gone.

Please run this scan, if you can.

*Eset online scan instructions.*
*IMPORTANT --->* Please make sure you follow the instruction to *uncheck* the box next to *Remove found threats*. Eset will detect anything that looks even remotely suspicious, this can include legitimate program files. If you do not uncheck the box, as instructed, Eset will automatically remove all suspect files which could leave some of your software inoperative. If you make a mistake these files can be restored from quarantine, but it would be preferable not to add any extra work to the clean up of your system.


Disable your existing Anti Virus following these instructions.
Please go here to use the Eset Online Scanner.
When the web page opens click on this button








If you are not using *Internet Explorer* you will see a message box open asking you to to download the *ESET Smart Installer*, click on the link and allow it to download and then run it. Accept the *Terms of use* and click on *Start*. The required components will download.
If using Internet Explorer the *Terms of use* box will open immediately, accept it and click on *Start*.
After the download is complete the *Computer scan settings* window will open, *IMPORTANT ---->* *uncheck* the box next to *Remove found threats* and click on *Start*. The virus signature database will then download which may take some time depending on the speed of your internet connection. The scan will automatically start when the download is complete.
This is a very thorough scan and may take several hours to complete depending on how much data you have on your hard drive. *Do not* interrupt it, be patient and let it finish.
A Scan Results window will appear at the end of the scan. If it lists any number of Infected Files click on List of found threats. Click on Copy to clipboard, come back to this thread and right click on the message box. Select *Paste* and the report will appear, add any comments you have and post the reply.
Back on the *Eset* window, click the *Back* button and then click on *Finish*.


----------



## koyoupi (Sep 29, 2012)

the downloads works ok.however once it finish,it would not show up in the desinated download location.tired different locations and checked the settings.this happens to any browser i use.yeah,i have been transfering from my phone the scanning files.


----------



## Mark1956 (May 7, 2011)

Once you have completed the above instructions try another download, if it still fails to save it please boot into "Safe Mode with Networking", start tapping the F8 key from the second you switch on and select it from the list and hit Enter. Then try a download and report back what happens.

Please also tell me of any other security software you have had installed in the past.

Please look again at the downloads location setting and make sure it is going to your system drive *E:*


----------



## koyoupi (Sep 29, 2012)

i only used avg and eset.nothing else


----------



## koyoupi (Sep 29, 2012)

sry. i can only run the scanner tmr.im currently outside for the whole day till tmr.


----------



## Mark1956 (May 7, 2011)

Ok, thanks for letting me know, just post back when you are done.


----------



## koyoupi (Sep 29, 2012)

E:\Users\user\AppData\Roaming\Uniblue\SpeedUpMyPC\_temp\sump.exe	Win32/SpeedUpMyPC application
F:\Documents and Settings\Chia\Local Settings\Temporary Internet Files\Content.IE5\MF0RNGQ0\7[1].htm	HTML/ScrInject.B.Gen virus
F:\Documents and Settings\user\Application Data\Uniblue\SpeedUpMyPC\_temp\sump.exe	Win32/SpeedUpMyPC application
F:\Program Files\IObit Toolbar\IE\4.7\iobitToolbarIE.dll	a variant of Win32/Toolbar.Widgi application


----------



## Mark1956 (May 7, 2011)

There is only one detection on your system drive, it relates to an optimizer program Uniblue which I would recommend you uninstall, these types of programs are not recommended and can damage your system.

I would recommend you give your system a thorough clean up. Save any important data, videos, music, documents, pictures, etc to DVD's or an external hard drive. Then delete everything else, click on Start > Right click on Computer and select Manage, in the right pane select Disk Management, right click on all the drives apart from E: and select format to wipe them clean.

Go into Programs and Features via the Control Panel and uninstall any programs you do not recognize or no longer need.

Run this tool to remove any temporary files:

Download Temporary file cleaner and save it to the desktop.
Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select *Run as Administrator*.
When the window opens click on* Start*. It will close all running programs and clear the desktop icons.
When complete you may be asked to reboot, if so accept the request and your PC will reboot automatically.

Once you have done all that try to download something and report back.

Can you explain why this new PC has the System installed on the E: drive? 
New systems have Windows installed on the C: drive by default.


----------



## koyoupi (Sep 29, 2012)

i upgraded my old pc to this new pc,when i went to the shop,i forgot to backup my files,so i bought a extra hardrive(it was partition into C and E drvie) and windows was installed there,thus,i could keep my remaining files in the old harddrive which is the current f drive.the shop owner helped me install it so im not sure why its on E and not C


----------



## koyoupi (Sep 29, 2012)

did the other steps already,still cant download.For formating,wont formating the drive that windows is on,break ur computer? and have to reinstall windows again?


----------



## koyoupi (Sep 29, 2012)

i forgot to do this step (Once you have completed the above instructions try another download, if it still fails to save it please boot into "Safe Mode with Networking", start tapping the F8 key from the second you switch on and select it from the list and hit Enter. Then try a download and report back what happens)i will try it now


----------



## koyoupi (Sep 29, 2012)

it doesnt download even in safe mode


----------



## Mark1956 (May 7, 2011)

I did not ask you to format the drive that Windows is installed on.

Have you cleaned up all the other drives?

If you have completed the clean up please run another scan with RogueKiller, ADWCleaner and your Anti Virus and post all three logs.

Please also run another scan with DDS and post both logs.


----------



## koyoupi (Sep 29, 2012)

i just remembered that im running a dual boot,windows xp and windows 7.windows xp is on drive E so i cant format it.


----------



## Mark1956 (May 7, 2011)

No problem, please continue with the instructions in post 35.

I think you will find that Windows 7 is on Drive E: not XP.


----------



## Mark1956 (May 7, 2011)

I've attached a test file for you to download. Click on the attachment and allow it to download to your PC.

Then open Windows Explorer, click on *Computer* in the left hand pane and then type *Download test* into the search box and see if it can find it, if it does tell me the location it has found it in.


----------



## koyoupi (Sep 29, 2012)

cant find the file


----------



## Mark1956 (May 7, 2011)

Boot into XP and do another search.

If you cannot find it there, please try the file download while running XP and see if it has the same problem.


----------



## koyoupi (Sep 29, 2012)

it cant find the file.however, it can download files.


----------



## Mark1956 (May 7, 2011)

Ok, this is an odd one. Please stick with Windows 7 for the moment.

Please run this and post the log:

*Disk Check*


Click on *Start* then type *cmd* in the search box. A menu will pop up with *cmd* at the top, *right click* on it and select *Run as Administrator*. Another box will open, at the prompt type *chkdsk /r* and hit *Enter*._ *Note:* you must include a space between the *k* and the */*_
You will then see the following message:
*chkdsk* cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts?* (Y/N)*
Type *Y* for yes, and hit *Enter*. Then reboot the computer.
*chkdsk* will start when Windows begins loading again. Let all 5 phases run and don't use or turn off the computer. (_The *chkdsk* process may take an hour or more to finish, if it appears to freeze this is normal so *do not* interrupt it. On drives above 500GB it can take several hours._)
When the Disk Check is done, it will finish loading Windows.

Then follow this guide to find the *chkdsk* log. *NOTE:* You need to do the search for *wininit* not *chkdsk*.
Windows 7 Disk Check log

Once the log is in view then click on* Copy* in the right hand pane and select *"Copy details as text".*
You can then *right click* on the message box on this forum and select *Paste* and the log will appear, add any further information asked for and then click on *Submit/Post Quick Reply* and your done.

And this:


Windows 7 System File Checker
Click on *Start* and type *cmd* in the search box. Right click on *cmd* in the popup menu and select *Run as Administrator*.
Another box will open, at the Command Prompt, type *sfc /scannow* and press Enter. (Note the gap between the c and the /)
Let the check run to completion.

*To find the log*
Copy & Paste the following command at the Command Prompt and press Enter:

* findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt*
This will place a file on your desktop called *sfcdetails.txt* which contains the results of the scan.
Zip up the file and attach it to your next post.

And this:

Please download MiniToolBox and save it to your desktop.
Double click on the MiniToolBox icon









You will now see the following window appear.










Click on each of the boxes as indicated in the list below, then click on the *GO* button.

Copy & Paste the contents of the report that appears into your next post, you can also find a copy of the report on your desktop (Result.txt).

•List last 10 Event Viewer log
•List Installed Programs
•List Devices Check options for *Only Problems*
•List Users, Partitions and Memory size.
•List Minidump Files


----------



## koyoupi (Sep 29, 2012)

MiniToolBox by Farbar Version: 23-07-2012
Ran by user (administrator) on 04-10-2012 at 22:59:36
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ================================

Could not start eventlog service, could not read events.

The Windows Event Log service is starting.
The Windows Event Log service could not be started.

A system error has occurred.

The system cannot find message text for message number 0x1069 in the message file for (null).

More help is available by typing NET HELPMSG 4201.


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.4.402.278)
Adobe Flash Player 11 Plugin (Version: 11.4.402.265)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Counter-Strike: Global Offensive
Counter-Strike: Global Offensive - SDK
CutePDF Writer 2.8
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Pro (Version: 4.41.0315.0262)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diablo III (Version: 1.0.4.11327)
Dota 2
FastStone Image Viewer 4.6 (Version: 4.6)
FileASSASSIN (Version: 1.06)
Google Chrome (Version: 22.0.1229.79)
Google Update Helper (Version: 1.3.21.123)
Hex Workshop v6.6 (Version: 6.6.1.5158)
Intel(R) Management Engine Components (Version: 7.0.0.1144)
iTunes (Version: 10.6.0.40)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
JavaFX 2.1.1 (Version: 2.1.1)
LogMeIn Hamachi (Version: 2.1.0.166)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT Redists (Version: 1.0)
Notepad++ (Version: 6.1.2)
NVIDIA 3D Vision Controller Driver 301.42 (Version: 301.42)
NVIDIA 3D Vision Driver 301.42 (Version: 301.42)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA Graphics Driver 301.42 (Version: 301.42)
NVIDIA HD Audio Driver 1.3.16.0 (Version: 1.3.16.0)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0142)
NVIDIA Update 1.8.15 (Version: 1.8.15)
NVIDIA Update Components (Version: 1.8.15)
Razer BlackWidow Ultimate (Version: 1.04.04)
Razer Lachesis (Version: 1.10.0000)
Razer Lachesis 5600 (Version: 3.00.08)
Razer Mamba (Version: 2.01.05)
Realtek Ethernet Controller Driver (Version: 7.43.321.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6251)
Safari (Version: 5.34.54.16)
SciTE4AutoIt3 12/29/2011 (Version: 12/29/2011)
Skype&#8482; 5.10 (Version: 5.10.116)
Steam (Version: 1.0.0.0)
The Secret World (Version: 1.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Vegas Pro 11.0 (Version: 11.0.594)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
XSplit (Version: 1.0.1207.2601)

========================= Devices: ================================

Name: Hamachi Network Interface
Description: Hamachi Network Interface
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 4078.32 MB
Available physical RAM: 2078.94 MB
Total Pagefile: 8154.82 MB
Available Pagefile: 5379.23 MB
Total Virtual: 4095.88 MB
Available Virtual: 3964.74 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:234.38 GB) (Free:145.11 GB) NTFS
3 Drive e: (New Volume) (Fixed) (Total:231.38 GB) (Free:90.62 GB) NTFS
4 Drive f: (Preload) (Fixed) (Total:70.84 GB) (Free:21.72 GB) NTFS

========================= Users: ========================================

User accounts for \\USER-PC

Administrator Guest UpdatusUser 
user 

========================= Minidump Files ==================================

No minidump file found


**** End of log ****


----------



## koyoupi (Sep 29, 2012)

i will be running the diskcheck tmr as i dun have hours to spare today.also,by any chance u know how to fix my windows photo viewer?,not really that important.Whenever i open a photo,i get this error.there was a problem starting E:\program files\window photo viewer\photoviewer.dll
the system cannot find message text for message number0x%1 in the message file for %2.(im asking this because sfc /scannow log says it fixes the photoviewer problem(i think) but it still wont work)


----------



## Mark1956 (May 7, 2011)

Finally we have found something, the SFC log shows a huge number of corrupt files including the Photo Viewer, Internet Explorer, to name but a few. It would be best to hold back with the Disk Check until SFC can come up with a clean log. Note, in the minitoolbox results the Event log Service failed to start.

A failing hard drive could be the cause of this but please run SFC again and post the new log.


----------



## koyoupi (Sep 29, 2012)

here it is


----------



## Mark1956 (May 7, 2011)

The SFC log is showing the same thing, loads of corrupted files which all show as being repaired, but it showed that with the previous scan and nothing seems to have changed, either an infection not found yet or a hardware fault could be the cause.

Please run these two scans:

NOTE: Eset has to download files to work correctly which may cause a problem so you will just have to try it and see how it goes.

Has your copy of Windows 7 got SP1 on it?

*Eset online scan instructions.*
*IMPORTANT --->* Please make sure you follow the instruction to *uncheck* the box next to *Remove found threats*. Eset will detect anything that looks even remotely suspicious, this can include legitimate program files. If you do not uncheck the box, as instructed, Eset will automatically remove all suspect files which could leave some of your software inoperative. If you make a mistake these files can be restored from quarantine, but it would be preferable not to add any extra work to the clean up of your system.


Disable your existing Anti Virus following these instructions.
Please go here to use the Eset Online Scanner.
When the web page opens click on this button








If you are not using *Internet Explorer* you will see a message box open asking you to to download the *ESET Smart Installer*, click on the link and allow it to download and then run it. Accept the *Terms of use* and click on *Start*. The required components will download.
If using Internet Explorer the *Terms of use* box will open immediately, accept it and click on *Start*.
After the download is complete the *Computer scan settings* window will open, *IMPORTANT ---->* *uncheck* the box next to *Remove found threats* and click on *Start*. The virus signature database will then download which may take some time depending on the speed of your internet connection. The scan will automatically start when the download is complete.
This is a very thorough scan and may take several hours to complete depending on how much data you have on your hard drive. *Do not* interrupt it, be patient and let it finish.
A Scan Results window will appear at the end of the scan. If it lists any number of Infected Files click on List of found threats. Click on Copy to clipboard, come back to this thread and right click on the message box. Select *Paste* and the report will appear, add any comments you have and post the reply.
Back on the *Eset* window, click the *Back* button and then click on *Finish*.

*STEP 1*
*NOTE:* If you have already used Combofix please delete the icon from your desktop.


Please download DeFogger and save it to your desktop.
Once downloaded, double-click on the *DeFogger* icon to start the tool.
The application window will appear.
You should now click on the *Disable* button to disable your CD Emulation drivers.
When it prompts you whether or not you want to continue, please click on the *Yes* button to continue.
When the program has completed you will see a *Finished!* message. Click on the *OK* button to exit the program.
If CD Emulation programs are present and have been disabled, *DeFogger* will now ask you to reboot the machine. Please allow it to do so by clicking on the *OK* button.

*STEP 2*
Please download *ComboFix*







from one of the locations below and *save it to your Desktop. <-Important!!!*


Download Mirror #1
Download Mirror #2

Be sure to print out and follow these instructions: *A guide and tutorial on using ComboFix*

*Vista*/*Windows 7* users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. *XP* users need to install the Recovery Console first.


Temporarily *disable* your *anti-virus*, script blocking and any *anti-malware* real-time protection _*before*_ performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results"_. Click this link to see a list of such programs and how to disable them.
If ComboFix detects an older version of itself, you will be asked to update the program.
ComboFix will begin by showing a Disclaimer. Read it and click *I Agree* if you want to continue.
Follow the prompts and click on *Yes* to continue scanning for malware.
If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the *Continue* button.
When finished, please copy and paste the contents of C:\*ComboFix.txt* (_which will open after reboot_) in your next reply.
Be sure to *re-enable* your anti-virus and other security programs.

_-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security._

If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "_How to Guide_" you printed out earlier. Those instructions only apply to XP, for Vista and Windows 7 go here: Internet connection repair

*NOTE:* if you see a message like this when you attempt to open anything after the reboot *"Illegal Operation attempted on a registry key that has been marked for deletion"* please reboot the system again and the warning should not return.



> *Do NOT use ComboFix* unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, *NOT for general public or personal use*. *Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again.* This site, sUBs and myself *will not* be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read *ComboFix's Disclaimer*.


----------



## koyoupi (Sep 29, 2012)

ya i have SP1.i alr ran the eset online scan about 2 days ago,do i need to run it again?


----------



## koyoupi (Sep 29, 2012)

defrogger didnt ask me to reboot


----------



## koyoupi (Sep 29, 2012)

nvm


----------



## koyoupi (Sep 29, 2012)

ComboFix 12-10-04.02 - user 05/10/2012 19:51:29.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.65.1033.18.4078.2791 [GMT 8:00]
Running from: e:\users\user\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\users\user\AppData\Local\Temp\7zS10A8\HPSLPSVC64.DLL
e:\users\user\AppData\Roaming\Jagex
e:\users\user\AppData\Roaming\Jagex\RsBot.jar
e:\users\user\AppData\Roaming\Temp\_is4059.exe
e:\users\user\AppData\Roaming\Temp\{9FDAFAFF-3D52-4E2E-9FD2-EBE7EC20FF79}\_Setup.dll
e:\users\user\AppData\Roaming\Temp\{9FDAFAFF-3D52-4E2E-9FD2-EBE7EC20FF79}\ISSetup.dll
e:\users\user\AppData\Roaming\Temp\D93F.dir\InstallFlashPlayer.exe
e:\users\user\AppData\Roaming\Temp\ispE207.tmp\_Setup.dll
e:\users\user\AppData\Roaming\Temp\SetE05F.tmp
F:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_HPSLPSVC
.
.
((((((((((((((((((((((((( Files Created from 2012-09-05 to 2012-10-05 )))))))))))))))))))))))))))))))
.
.
2012-10-04 03:03 . 2012-08-29 16:27	9308616	----a-w-	e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55E4922F-A7FE-4CCB-AB01-BC587CD1636F}\mpengine.dll
2012-10-03 02:53 . 2012-10-03 02:53	--------	d-----w-	e:\windows\system32\appmgmt
2012-10-03 01:26 . 2012-08-29 16:27	9308616	----a-w-	e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-30 07:42 . 2012-09-30 07:42	--------	d-----w-	e:\windows\SysWow64\zh-CHT
2012-09-30 07:42 . 2012-09-30 07:42	--------	d-----w-	e:\windows\SysWow64\drivers\zh-TW
2012-09-30 07:42 . 2012-09-30 07:42	--------	d-----w-	e:\windows\SysWow64\wbem\zh-TW
2012-09-30 07:42 . 2012-09-30 07:42	--------	d-----w-	e:\windows\SysWow64\wbem\zh-HK
2012-09-30 07:42 . 2012-09-30 07:42	--------	d-----w-	e:\windows\zh-TW
2012-09-30 07:42 . 2012-09-30 07:42	--------	d-----w-	e:\windows\system32\zh-CHT
2012-09-30 07:41 . 2012-09-30 07:41	--------	d-----w-	e:\windows\system32\drivers\zh-TW
2012-09-30 07:41 . 2012-09-30 07:41	--------	d-----w-	e:\windows\system32\drivers\zh-HK
2012-09-30 07:41 . 2012-09-30 07:41	--------	d-----w-	e:\windows\system32\drivers\UMDF\zh-TW
2012-09-30 07:41 . 2012-09-30 07:41	--------	d-----w-	e:\windows\system32\wbem\zh-TW
2012-09-30 07:41 . 2012-09-30 07:41	--------	d-----w-	e:\windows\system32\wbem\zh-HK
2012-09-30 07:31 . 2009-07-13 10:15	424448	----a-w-	e:\program files (x86)\Common Files\Microsoft Shared\ink\mshwcht.dll
2012-09-30 07:31 . 2009-07-13 10:07	15720448	----a-w-	e:\program files (x86)\Common Files\Microsoft Shared\ink\mshwchtr.dll
2012-09-30 07:31 . 2009-07-13 12:06	3072	----a-w-	e:\windows\system32\Spool\prtprocs\x64\zh-TW\LXKPTPRC.DLL.mui
2012-09-30 07:31 . 2009-07-13 10:41	492544	----a-w-	e:\program files\Common Files\Microsoft Shared\ink\mshwcht.dll
2012-09-30 07:31 . 2009-07-13 10:29	15720448	----a-w-	e:\program files\Common Files\Microsoft Shared\ink\mshwchtr.dll
2012-09-30 03:40 . 2012-09-30 03:40	972192	------w-	e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD8387ED-7065-478E-B863-9D46AB93991D}\gapaengine.dll
2012-09-30 03:39 . 2012-09-30 03:39	--------	d-----w-	e:\program files\Microsoft Security Client
2012-09-29 01:41 . 2012-09-29 01:41	--------	d-----w-	e:\programdata\Cached Installations
2012-09-28 10:12 . 2012-09-28 10:12	--------	d-----w-	e:\users\user\AppData\Local\AVG Secure Search
2012-09-28 10:12 . 2012-09-28 10:12	--------	d-----w-	e:\users\user\AppData\Roaming\TuneUp Software
2012-09-28 10:12 . 2012-09-28 10:12	31080	----a-w-	e:\windows\system32\drivers\avgtpx64.sys
2012-09-28 10:10 . 2012-09-29 01:47	--------	d-----w-	E:\$AVG
2012-09-28 09:58 . 2012-09-28 09:58	--------	d-----w-	e:\programdata\Common Files
2012-09-28 09:06 . 2012-08-24 18:03	9056256	----a-w-	e:\windows\system32\mshtml.dll
2012-09-28 09:06 . 2012-08-24 18:02	12295680	----a-w-	e:\windows\system32\ieframe.dll
2012-09-28 08:54 . 2012-09-28 08:54	--------	d-----w-	e:\users\user\AppData\Local\Macromedia
2012-09-28 08:46 . 2012-09-28 08:46	--------	d-----w-	e:\users\user\AppData\Local\Mozilla
2012-09-22 13:49 . 2012-09-22 13:59	--------	d-----w-	e:\programdata\RELOADED
2012-09-21 13:04 . 2012-09-21 13:04	--------	d-----w-	e:\users\user\AppData\Roaming\Windows Authenticator
2012-09-14 07:14 . 2012-08-02 17:58	574464	----a-w-	e:\windows\system32\d3d10level9.dll
2012-09-14 07:14 . 2012-08-02 16:57	490496	----a-w-	e:\windows\SysWow64\d3d10level9.dll
2012-09-14 07:14 . 2012-08-22 18:12	950128	----a-w-	e:\windows\system32\drivers\ndis.sys
2012-09-14 07:14 . 2012-07-04 20:26	41472	----a-w-	e:\windows\system32\drivers\RNDISMP.sys
2012-09-14 07:14 . 2012-08-22 18:12	1913200	----a-w-	e:\windows\system32\drivers\tcpip.sys
2012-09-14 07:14 . 2012-08-22 18:12	376688	----a-w-	e:\windows\system32\drivers\netio.sys
2012-09-14 07:14 . 2012-08-22 18:12	288624	----a-w-	e:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 11:16 . 2012-04-02 08:18	696240	----a-w-	e:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 11:16 . 2012-01-31 07:55	73136	----a-w-	e:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-14 07:16 . 2012-02-01 02:32	64462936	----a-w-	e:\windows\system32\MRT.exe
2012-09-03 12:39 . 2012-09-03 12:39	95208	----a-w-	e:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-03 12:39 . 2012-07-15 07:56	821736	----a-w-	e:\windows\SysWow64\npDeployJava1.dll
2012-09-03 12:39 . 2012-07-15 07:56	746984	----a-w-	e:\windows\SysWow64\deployJava1.dll
2012-08-30 14:03 . 2012-08-30 14:03	228768	----a-w-	e:\windows\system32\drivers\MpFilter.sys
2012-08-30 14:03 . 2012-08-30 14:03	128456	----a-w-	e:\windows\system32\drivers\NisDrvWFP.sys
2012-08-24 14:13 . 2012-08-20 05:37	281120	----a-w-	e:\windows\SysWow64\PnkBstrB.exe
2012-08-24 14:13 . 2012-08-20 05:36	281120	----a-w-	e:\windows\SysWow64\PnkBstrB.xtr
2012-08-23 12:16 . 2012-08-20 05:37	281120	----a-w-	e:\windows\SysWow64\PnkBstrB.ex0
2012-08-20 05:36 . 2012-08-20 05:36	75136	----a-w-	e:\windows\SysWow64\PnkBstrA.exe
2012-07-18 18:15 . 2012-08-17 02:59	3148800	----a-w-	e:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Razer Mamba Elite Driver"="e:\program files (x86)\Razer\Mamba\RazerMambaSysTray.exe" [2011-11-25 973720]
"SunJavaUpdateSched"="e:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;e:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cpuz135;cpuz135;e:\windows\system32\drivers\cpuz135_x64.sys [x]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;e:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R2 KMService;KMService;e:\windows\system32\srvany.exe [x]
R3 CV2K1;CommView Network Monitor;e:\windows\system32\DRIVERS\cv2k1.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;e:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;e:\windows\system32\DRIVERS\lvrs64.sys [2012-01-17 351136]
R3 LVUVC64;Logitech Webcam C160(UVC);e:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-17 4865568]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;e:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 Netaapl;Apple Mobile Device Ethernet Service;e:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 NisDrv;Microsoft Network Inspection System;e:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;e:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 npggsvc;nProtect GameGuard Service;e:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;e:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;e:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;e:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;e:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;e:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;e:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;e:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;e:\windows\system32\Wat\WatAdminSvc.exe [2012-02-22 1255736]
R4 AdobeARMservice;Adobe Acrobat Update Service;e:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;e:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R4 gupdate;Google Update Service (gupdate);e:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28 136176]
R4 gupdatem;Google Update Service (gupdatem);e:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28 136176]
R4 MozillaMaintenance;Mozilla Maintenance Service;e:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R4 nvUpdatusService;NVIDIA Update Service Daemon;e:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R4 SkypeUpdate;Skype Updater;e:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R4 UMVPFSrv;UMVPFSrv;e:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-17 450848]
R4 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;e:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [x]
S1 avgtp;avgtp;e:\windows\system32\drivers\avgtpx64.sys [2012-09-28 31080]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-31 271424]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;e:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-14 382272]
S2 UNS;Intel(R) Management and Security Application User Notification Service;e:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 MEIx64;Intel(R) Management Engine Interface;e:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;e:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;e:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-09 539240]
S3 RzSynapse;Razer Driver;e:\windows\system32\DRIVERS\RzSynapse.sys [2011-05-12 154624]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-05 e:\windows\Tasks\Adobe Flash Player Updater.job
- e:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 11:16]
.
2012-10-05 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28 04:56]
.
2012-10-05 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- e:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28 04:56]
.
2012-10-05 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2569354861-4051638808-1583284266-1000Core.job
- e:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-31 01:38]
.
2012-10-05 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2569354861-4051638808-1583284266-1000UA.job
- e:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-31 01:38]
.
2012-10-05 e:\windows\Tasks\ParetoLogic Registration.job
- e:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="e:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = e:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.sg/
mLocal Page = e:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - e:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - e:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - e:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pdflls2g.default-1348822183021\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
Wow6432Node-HKLM-Run-vProt - e:\program files\AVG Secure Search\vprot.exe
Wow6432Node-HKLM-Run-ROC_ROC_NT - e:\program files\AVG Secure Search\ROC_ROC_NT.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="e:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@e:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="e:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@e:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="e:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
e:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
e:\windows\SysWOW64\PnkBstrA.exe
e:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
e:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-10-05 20:01:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-05 12:01
ComboFix2.txt 2009-08-29 04:06
ComboFix3.txt 2009-08-29 02:34
.
Pre-Run: 103,712,616,448 bytes free
Post-Run: 103,333,937,152 bytes free
.
- - End Of File - - 2336AE7D2B741B038F163D005BA8EF35


----------



## koyoupi (Sep 29, 2012)

combofix scanning is done however i still cant donwload.
do i reenable the defrogger now?


----------



## Mark1956 (May 7, 2011)

As Defogger did not request a reboot there is no need to run it again.

No need to run Eset again, I forgot to add it to my notes of what had already been tried.

The Combofix log is not showing anything of concern, at the moment I think the conclusion has to be that your download problem is simply due to all the corrupt files in the system. Unfortunately what caused them to corrupt is a mystery. We have found no evidence of any Malware in the system only minor Adware items.

RogueKiller did check the MBR but as a last scan for infections it would be worth a try with this tool.

Please download *aswMBR.exe* and save it to your Desktop.


Double click on aswMBR.exe to run it. _*Vista*/*Windows 7* users right-click and select Run As Administrator_.
You will be asked if you wish to download the latest Avast Virus Definitions, please select *Yes*. It may take several minutes to complete.
Click the *Scan* button to start scan.









On completion of the scan, click the *Save log* button and save it to your Desktop.
*Do not* select any Fix options at this time.
Copy and paste the contents of that log in your next reply.

*-- Important note*: Upon the first run, aswMBR will back up the MBR and save it to the Desktop as *MBR.dat*. Do not delete this file unless advised.
NOTE: Right-click on MBR.dat and select *Send To* and then *Compressed (zipped) file*. Attach that zipped file to your next reply as well.


Below the *Message Box* click on *Go Advanced*. Then scroll down until you see a button, *Manage Attachments*. Click on that and a new window opens.
Click on the *Browse* button, find the zip folder you made earlier and doubleclick on it.
Now click on the *Upload* button. Wait for the Upload to complete, it will appear just below the *Browse* box.
When done, click on the *Close this window* button at the bottom of the page.
Enter your message-text in the message box, then click on *Submit Message/Reply.*

Once that is done please follow the instructions in post 42 to run the Disk Check and post the log.

I must warn at this point that we are very close to the end of the road as there is little else we can do other than a reinstall of Windows, so be prepared and make sure you have everything saved to an external drive or DVD's.

I would also like you to run this scan. It is normally used to check for pirated windows but I would like to see if it detects any missing files which may or may not be related to your problem..


To run the tool, click on this link: MGADiag
In the File Download - Security Warning dialog box, click Run.
In the Internet Explorer - Security Warning dialog box, click Run.
In the Microsoft Genuine Advantage Diagnostic Tool dialog box, click *Continue*.
When the MGADIAG tool finishes, ensure it is displaying the information under the *Windows* tab and click* Copy*.
Come back to this thread and right click on the message box and select *Paste* from the pop up menu and the results will appear, then submit the message.


----------



## koyoupi (Sep 29, 2012)

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-05 22:44:07
-----------------------------
22:44:07.071 OS Version: Windows x64 6.1.7601 Service Pack 1
22:44:07.071 Number of processors: 4 586 0x2A07
22:44:07.071 ComputerName: USER-PC UserName: user
22:44:09.121 Initialize success
22:44:58.246 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:44:58.248 Disk 0 Vendor: WDC_WD800JD-08MSA1 10.01E01 Size: 76324MB BusType: 3
22:44:58.249 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
22:44:58.251 Disk 1 Vendor: Hitachi_HDS721050CLA362 JP2OA50E Size: 476940MB BusType: 3
22:44:58.253 Disk 1 MBR read successfully
22:44:58.254 Disk 1 MBR scan
22:44:58.256 Disk 1 Windows 7 default MBR code
22:44:58.258 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 240002 MB offset 63
22:44:58.281 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 236935 MB offset 491524740
22:44:58.296 Disk 1 scanning E:\Windows\system32\drivers
22:45:04.006 Service scanning
22:45:19.250 Modules scanning
22:45:19.255 Disk 1 trace - called modules:
22:45:19.258 
22:45:19.264 Scan finished successfully
22:45:39.858 Disk 1 MBR has been saved successfully to "E:\Users\user\Desktop\MBR.dat"
22:45:39.862 The log file has been saved successfully to "E:\Users\user\Desktop\aswMBR.txt"


----------



## koyoupi (Sep 29, 2012)

also,few mins after i ran that.i had a blue screen of death.this is the first time i ever had it.


----------



## Mark1956 (May 7, 2011)

And the other scans?


----------



## koyoupi (Sep 29, 2012)

for mgadiag,when i click copy it says failed to create output files ,hr= 0x800706b5.please contact support


----------



## koyoupi (Sep 29, 2012)

i ran diskchecker however i cant retrieve the log,when i open event viewer,it will say service is unavailable. verify the service is running.


----------



## Mark1956 (May 7, 2011)

Your last two posts would indicate more problems with the system so I think the time has come to re-install Windows.

You can try a Repair install, but there is no guarantee it will fix the problems, where as a full reinstall is guaranteed to put everything back to normal as long as there are no hardware errors.

One last check to make sure your hard drive is healthy would be wise, if the hard drive has errors then a reinstall will be a waste of time.

Identify the make of your hard drive and then use the appropriate link below to get the manufacturer's diagnostics for *ISO (CD)* not the one for Windows.

When the download is complete right click the file and select *Extract Here* and burn the image to a *CD*. (A re-recordable CD will be fine).

In Windows 7 right click the extracted file, select *Open With*, then select* Windows Disc Image Burning Tool* then follow the prompts. For all other versions of windows (if you do not have an ISO burner) download this free software. ImgBurn 
Install the program and start the application. Select the top left hand option to burn image file to disk and then on the next window click on the small yellow folder icon and browse to the file you have downloaded from the links below. Then click on the two grey discs with the arrow in between (bottom left) and leave it to complete the operation.

Boot the PC into the Bios setup and set the CD/DVD drive to 1st in the boot sequence. Insert the disk in the drive then reboot and the disc will load into dos.

Excelstore (ISO for CD)---Excelstore for USB flash drive (instructions included in Readme.txt file)
Hitachi/IBM Use the Drive Fitness Test - CD Image.
Seagate, Samsung, Maxtor & Quantum Scroll down to: Seatools for Dos.
Western Digital

*NOTE:* For Toshiba/Fujitsu hard drives.
If you have a Toshiba/Fujitsu hard drive use the diagnostics from the Seagate link.

*NOTE:* Unfortunately the hard drive is the one item in your PC that will fail, it is not a case of *if* but a case of *when*. It is an electrical/mechanical device and therefore it *will* wear out. Hence the need to keep regular back ups of all your important data to an external source, DVD's or Blu-ray discs are the most dependable but if you have 1000's of GB's of data then an external hard drive would be a better choice, unfortunately that drive too will eventually fail, so DVD's or Blu-ray discs are the safest option for crucial data that you would be devastated to loose.


----------



## koyoupi (Sep 29, 2012)

when i mount the image and run it,no installer will appear.the autoplay function only shows open folder to view files and no running of any .exe installers.i have a hitachi harddrive.


----------



## Mark1956 (May 7, 2011)

I've never tried to run a diagnostics by mounting the image so can't be sure that should work. It is not supposed to be installed.

It would be best to follow my instructions to burn the image file to a CD and then boot the system with it in the CD drive.


----------



## koyoupi (Sep 29, 2012)

The problem is i dun have a CD. I will try using a usb


----------



## koyoupi (Sep 29, 2012)

I burned the image to a USB and set boot piroty and restarted. Nothing happen


----------



## Mark1956 (May 7, 2011)

Are you talking about a USB CD drive or a USB memory stick?

The Excelstore diagnostics (which won't work with your hard drive) is the only one that has an option for a USB memory stick, all the others have to be burned to a CD.

You can use a re-recordable CD if you can borrow one.


----------



## koyoupi (Sep 29, 2012)

usb memory stick.i dont have a cd,so i cant burn it to a cd


----------



## Mark1956 (May 7, 2011)

It will not work any other way than to use a CD.


----------



## Mark1956 (May 7, 2011)

There is an option, but the test is not as thorough due to it having to be run while the hard drive is in use.

Use the Seagate link in my instructions, scroll down the page and you will find Seatools for Windows. This version can be installed and run from the desktop.


----------



## koyoupi (Sep 29, 2012)

wat test do i run?or i just click rescan


----------



## Mark1956 (May 7, 2011)

No, not rescan, that is only for detecting what hard drives are in your system.

Click on the box next to the hard drive you need to test so a tick appears, then click on Basic Tests and select Long Generic and the test will start. There is a help button you can use if you need assistance.


----------



## koyoupi (Sep 29, 2012)

it passed


----------



## Mark1956 (May 7, 2011)

Ok, you should be good to go with a re-install.

Let us know how it is after it's completed.


----------



## koyoupi (Sep 29, 2012)

re-install of windows?didnt you say to try reapiring first?cause i want reinstalling to be the last resort


----------



## Mark1956 (May 7, 2011)

You can try a Repair install first if you wish, the choice is yours. Whatever you do just be sure you have everything saved to another drive or DVD's.


----------



## koyoupi (Sep 29, 2012)

so wat do i do with the windows folder in my current drive taking up space.


----------



## Mark1956 (May 7, 2011)

If you do a Repair Install it will not effect any of your folders so you can leave everything as it is, if you go for a full reinstall it will over right everything on the drive.

As I said be sure you backup everything to another drive or DVD's just in case something goes wrong.


----------



## koyoupi (Sep 29, 2012)

oh.i didnt read the previous post clearly.i thought u said install on another drive


----------



## Mark1956 (May 7, 2011)

Nope, same drive.

If I had a pound for everything I had misread I would be rich


----------

