Inactive MBAM refuses to delete

Status
Not open for further replies.
Hi guys, I'm a long time viewer and first time poster, your general advice has saved my comps/laptops many a time. I recently bought a new PC and everything has been going well, I installed all the anti-virus' etc that I thought I'd need and it's all been good.

However over the last couple of days my net connection turns itself off sporadically and the screen flashes black for an instant. I ran AVG, Ad-Aware and Malwarebytes. The net troubles seemed to have stopped, but that's without the help of Malwarebytes. It refuses to work, refuses to uninstall or re-install. I just don't know what to do with it! Something is wrong, I just have no idea what. It worked fine a few days beforehand.

Any help would be greatly appreciated, it's like a week old! :(
 
Welcome to TechSpot! Glad you decided to stop by.

If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Important!
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

If you still cannot run Malwarebytes:
Please download randmbam.exe

It will try to create random names and shortcuts for Malwarebytes Anti Malware(MBAM) if you have it installed already.

Once done, try running a scan again
 
Thanks for the reply,

The AVG scan was clean.
Re-installing MBAM still didn't work, and randmbam.exe stated 'ERROR: Unable to locate the Malwarebytes program. You may need to try to download and install it again from a known good source.' The only file that does not allow to be touched is the MBAM application itself.
GMER found nothing, and no log file was produced to save.

Tried to delete the games that came with the desktop, and AVG proceeded to find a number of trojans within it. Now the net has completely slowed and freezes. I don't know what I'm doing wrong :rolleyes: Sorry if I've missed anything.

DDS.
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Jack at 21:30:13.37 on 16/03/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3063.1574 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: COMODO Defense+ *Enabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\OEM\USBDECTION\USBS3S4Detection.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\AVG\AVG10\avgfws.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG10\avgam.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Users\Jack\AppData\Local\Opera\Opera\temporary_downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.youtube.com/
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: {0050B548-63D8-4728-A5C1-B7FFC91EFAB9} = 156.154.70.22,156.154.71.22
TCP: {CDF60D99-D097-4F1B-BD6C-C4FCF3AAC390} = 156.154.70.22,156.154.71.22
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
AppInit_DLLs-X64: C:\Windows\system32\guard64.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-3-7 69376]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2010-7-12 57696]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2011-1-6 250008]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2011-1-6 39888]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2010-11-22 3226632]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-3-2 163280]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-3-4 1405384]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2011-3-15 110312]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-8-31 243232]
R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-14 76320]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-3 157264]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-3 35920]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-3-4 17152]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-8-31 86120]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-8-31 346144]
R3 rtl819xpn64;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;C:\Windows\System32\drivers\rtl819xp.sys [2010-8-31 620576]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-3-7 517448]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-3-8 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-27 305520]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-8 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-03-16 20:44:44 -------- d-----w- C:\Users\Jack\AppData\Local\Cyberlink
2011-03-16 20:44:33 -------- d-----w- C:\Users\Jack\AppData\Roaming\PowerCinema
2011-03-16 20:44:33 -------- d-----w- C:\Users\Jack\AppData\Local\PowerCinema
2011-03-15 09:31:37 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2011-03-13 22:34:46 -------- d-----w- C:\PROGRA~3\Friends Games
2011-03-13 09:55:55 84480 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPA4.DLL
2011-03-13 09:55:55 28672 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDA4.DLL
2011-03-13 09:55:45 344064 ----a-w- C:\Windows\System32\CNMLMA4.DLL
2011-03-13 09:52:04 -------- d-----w- C:\Users\Jack\AppData\Local\Microsoft Help
2011-03-09 09:09:01 3767504 ----a-w- C:\Windows\System32\d3dx9_26.dll
2011-03-09 09:09:01 2297552 ----a-w- C:\Windows\SysWow64\d3dx9_26.dll
2011-03-09 08:51:01 -------- d-----w- C:\AeriaGames
2011-03-09 08:36:23 -------- d-----w- C:\Program Files (x86)\Common Files\Akamai
2011-03-08 11:41:14 -------- d-----w- C:\PROGRA~3\VirtualizedApplications
2011-03-08 10:13:11 -------- d-----w- C:\Program Files (x86)\MSECache
2011-03-08 09:29:36 -------- d-----w- C:\Windows\SysWow64\Wat
2011-03-08 09:29:35 -------- d-----w- C:\Windows\System32\Wat
2011-03-08 09:25:36 -------- d-----w- C:\Users\Jack\AppData\Local\Opera
2011-03-08 09:24:01 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-03-08 09:20:45 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-03-08 09:20:45 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-03-08 09:10:02 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-03-08 09:10:02 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-03-08 09:02:44 -------- d-----w- C:\Windows\en
2011-03-08 09:01:20 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2011-03-08 08:59:38 -------- d-----w- C:\Users\Jack\AppData\Local\Windows Live
2011-03-08 08:58:43 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-03-08 08:58:43 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-03-08 08:58:43 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-03-08 08:58:43 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-03-08 08:58:43 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-03-08 08:58:43 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-03-08 08:58:43 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-03-08 08:58:43 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-03-08 08:58:43 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-03-08 08:58:43 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-03-08 08:58:38 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2011-03-08 08:56:09 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-03-08 08:23:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2011-03-08 08:13:05 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2011-03-08 08:12:01 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2011-03-08 08:12:01 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2011-03-08 08:12:01 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2011-03-08 08:12:01 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2011-03-08 08:10:30 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-03-08 08:10:30 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-03-08 08:09:26 3127808 ----a-w- C:\Windows\System32\win32k.sys
2011-03-08 08:06:02 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-03-08 08:06:02 720896 ----a-w- C:\Windows\System32\odbc32.dll
2011-03-08 08:06:02 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2011-03-08 08:06:02 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-03-08 08:06:02 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-03-08 08:06:02 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-03-08 08:06:02 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-03-08 08:06:02 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-03-08 08:06:02 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-03-08 08:06:02 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-03-08 08:06:01 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
2011-03-08 08:06:01 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
2011-03-08 08:03:17 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2011-03-08 08:03:17 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2011-03-08 08:02:43 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-03-08 08:02:43 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-03-08 08:02:07 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2011-03-08 08:02:07 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-03-08 08:02:07 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-03-08 08:02:07 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2011-03-08 08:02:07 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-03-08 08:02:04 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-08 08:02:04 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-03-08 08:02:04 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-08 08:02:04 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-03-08 08:01:21 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-03-08 08:01:21 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2011-03-08 08:01:21 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2011-03-08 08:01:21 464384 ----a-w- C:\Windows\System32\taskeng.exe
2011-03-08 08:01:21 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2011-03-08 08:01:21 285696 ----a-w- C:\Windows\System32\schtasks.exe
2011-03-08 08:01:21 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2011-03-08 08:01:21 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2011-03-08 08:01:21 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2011-03-08 08:01:21 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2011-03-08 08:00:55 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 08:00:55 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-08 08:00:55 2080256 ----a-w- C:\Program Files\Windows Mail\msoe.dll
2011-03-08 08:00:55 1619968 ----a-w- C:\Program Files (x86)\Windows Mail\msoe.dll
2011-03-08 08:00:37 214016 ----a-w- C:\Windows\System32\winsrv.dll
2011-03-08 08:00:30 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2011-03-08 08:00:29 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2011-03-08 08:00:29 2085376 ----a-w- C:\Windows\System32\ole32.dll
2011-03-08 08:00:29 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
2011-03-08 08:00:28 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-03-08 08:00:11 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2011-03-08 08:00:11 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2011-03-08 07:59:53 395776 ----a-w- C:\Windows\System32\webio.dll
2011-03-08 07:59:53 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-03-08 07:58:30 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2011-03-08 07:58:04 148992 ----a-w- C:\Windows\System32\t2embed.dll
2011-03-08 07:58:04 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2011-03-08 07:58:02 112000 ----a-w- C:\Windows\System32\consent.exe
2011-03-08 07:57:45 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-03-08 07:57:38 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2011-03-08 07:57:38 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
2011-03-08 07:57:38 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
2011-03-07 23:04:08 -------- d-----w- C:\Users\Jack\AppData\Local\Adobe
2011-03-07 22:56:04 -------- d-----w- C:\Users\Jack\AppData\Local\SoftGrid Client
2011-03-07 22:56:02 -------- d-----w- C:\Users\Jack\AppData\Roaming\SoftGrid Client
2011-03-07 22:55:38 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2011-03-07 22:55:31 -------- d-----w- C:\Users\Jack\AppData\Roaming\TP
2011-03-07 21:08:39 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-03-07 21:08:36 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-03-07 21:07:10 -------- d-----w- C:\Users\Jack\AppData\Local\Sunbelt Software
2011-03-07 21:06:21 -------- dc-h--w- C:\PROGRA~3\{A5847AFF-A1FE-4929-A3C0-16C23AB1D29D}
2011-03-07 21:06:12 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-03-07 21:04:45 -------- d-----w- C:\Users\Jack\AppData\Roaming\AVG10
2011-03-07 21:03:45 -------- d--h--w- C:\PROGRA~3\Common Files
2011-03-07 21:03:41 -------- d-----w- C:\PROGRA~3\AVG Security Toolbar
2011-03-07 21:03:30 -------- d-----w- C:\PROGRA~3\Comodo
2011-03-07 21:03:29 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-03-07 21:03:26 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2011-03-07 21:03:26 -------- d-----w- C:\Program Files\COMODO
2011-03-07 21:01:29 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-03-07 21:01:29 -------- d-----w- C:\PROGRA~3\AVG10
2011-03-07 21:00:54 -------- d-----w- C:\Program Files (x86)\AVG
2011-03-07 20:58:29 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{F5B1F9C0-1FDC-4F42-A81A-DFEFD832CBD6}\mpengine.dll
2011-03-07 20:58:28 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-03-07 20:52:44 -------- d-----w- C:\Users\Jack\AppData\Roaming\Malwarebytes
2011-03-07 20:52:40 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-03-07 20:52:38 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-03-07 20:52:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-07 20:40:16 -------- d-----w- C:\PROGRA~3\MFAData
2011-03-07 20:29:35 -------- d-----w- C:\Users\Jack\AppData\Local\Diagnostics
2011-03-07 20:18:53 -------- d-----w- C:\Users\Jack\AppData\Roaming\OEM
2011-03-07 20:18:52 -------- d-----w- C:\Users\Jack\AppData\Local\EgisTec IPS
.
==================== Find3M ====================
.
2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-06 17:37:00 39888 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2011-01-06 17:36:58 250008 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2011-01-06 17:36:58 14184 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2010-12-29 01:42:04 285480 ----a-w- C:\Windows\SysWow64\guard32.dll
2010-12-29 01:42:02 362784 ----a-w- C:\Windows\System32\guard64.dll
2010-12-23 06:07:50 1118720 ----a-w- C:\Windows\System32\sbe.dll
2010-12-23 06:07:49 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-12-23 06:07:49 723968 ----a-w- C:\Windows\System32\EncDec.dll
2010-12-23 06:02:33 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-12-23 05:28:29 850432 ----a-w- C:\Windows\SysWow64\sbe.dll
2010-12-23 05:28:28 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-12-23 05:28:28 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2010-12-23 05:24:02 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
2010-12-18 06:12:28 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll
2010-12-18 06:08:15 1097216 ----a-w- C:\Windows\System32\mstsc.exe
2010-12-18 05:30:20 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2010-12-18 05:26:55 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 21:31:23.23 ===============

Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 07/03/2011 20:17:24
System Uptime: 16/03/2011 20:52:13 (1 hours ago)
.
Motherboard: Acer | | Aspire M3910
Processor: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz | CPU 1 | 2240/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 290 GiB total, 248.216 GiB free.
D: is FIXED (NTFS) - 291 GiB total, 290.515 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 07/03/2011 20:58:18 - Windows Update
RP2: 07/03/2011 21:00:40 - Installed AVG 2011
RP3: 07/03/2011 21:01:00 - Installed AVG 2011
RP4: 07/03/2011 21:04:25 - Installed COMODO Internet Security
RP5: 08/03/2011 08:14:45 - Removed eBay Worldwide
RP6: 08/03/2011 08:56:00 - Windows Update
RP7: 08/03/2011 09:22:07 - Windows Update
RP8: 08/03/2011 10:13:36 - Installed Microsoft PowerPoint Viewer
RP9: 08/03/2011 12:33:07 - Windows Update
RP10: 08/03/2011 20:01:43 - Windows Update
RP11: 09/03/2011 09:08:35 - Installed DirectX
RP12: 09/03/2011 18:01:41 - Windows Update
RP13: 16/03/2011 20:43:17 - Configured PowerCinema
.
==== Installed Programs ======================
.
Acer Arcade Deluxe
Acer Arcade Movie
Acer eRecovery Management
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2 MUI
Advertising Center
Akamai NetSession Interface
Bing Bar
Bing Bar Platform
COMODO GeekBuddy
D3DX10
Dynasty Warriors Online
eSobi v2
Hotkey Utility
Identity Card
ImagXpress
Junk Mail filter update
McAfee SiteAdvisor
MediaShow Espresso
Mesh Runtime
Messenger Companion
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
MyWinLocker Suite
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Norton Online Backup
NVIDIA PhysX
Opera 11.01
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Shredder
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2008 x64 Redistributables
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
16/03/2011 19:46:29, Error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/03/2011 13:44:16, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
09/03/2011 08:36:26, Error: Service Control Manager [7030] - The Akamai NetSession Interface service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================
 
Believe it or not, having multiple AV programs and/or Firewalls can make the system more vulnerable, not less:

From the DDS header:
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated*
AV: AVG Internet Security 2011 *Enabled/Updated*
SP: AVG Internet Security 2011 *Enabled/Updated*
SP: COMODO Defense+ *Enabled/Updated*
SP: Windows Defender *Disabled/Updated*
SP: Lavasoft Ad-Watch Live! *Enabled/Updated*
FW: COMODO Firewall *Enabled*
FW: AVG Firewall *Enabled*

======================================
You should have one antivirus program and one Firewall.
Okay to have multiple antimalware programs.

Please decide which AV and which FW you want to keep and uninstall the others.
Note: before you decide: I am going to have you run Combofix, which unfortunately won't run with AVG- so AVG has to be uninstalled before that scan.
===============================================
AVG Remover eliminates all the parts of your AVG installation from your computer, including registry items, installation files, user files, etc.
Note:
  • AVG user settings will be removed.
  • Virus Vault contents will be removed.
  • All other items related to AVG installation and use will be removed.
  • You will be asked during the removal procedure to restart your computer. Please do so.
  • Make sure there is no open work in process prior toto launching AVG Remover.
Use the appropriate download for your system for the AVG Remover: AVG Remover:32bit
AVG Remover:64 bit

I don't have a special tool for Comodo removal.
Please reboot the computer when you have finished.
===============================================
Try this link for Malwarebytes. Instructions will be the same.
============================================
Try this for Mbam:
Please download and run the tool below named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
  • Rkill.com
  • Rkill.scr
  • Rkill.pif
  • Rkill.exe
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following>>>>.

Please download exeHelper by Raktor and save it to your desktop.
  • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
  • A black window should pop up, press any key to close once the fix is completed.
  • A log file called exehelperlog.txt will be created and should open at the end of the scan)
  • A copy of that log will also be saved in the directory where you ran exeHelper.com
  • Copy and paste the contents of exehelperlog.txt in your next reply.

Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).

Try the Mbam scan now.

Let me know your status at this point.
 
I uninstalled AVG, does that deal with the multiple AV and FW problem? I now have Comodo as my FW and Ad-Watch as my AV. I tried the links of re-installing and uninstalling MBAM, but that single app won't budge, got this message this time:

Unable to execute file:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
CreateProcess failed; code 5.
Access is denied.


Here are the logs:

exeHelper by Raktor
Build 20100414
Run at 20:45:25 on 03/20/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 20/03/2011 at 20:45:57.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

C:\Windows\SysWOW64\InfDefaultInstall.exe
C:\Windows\SysWOW64\runonce.exe
C:\Windows\SysWOW64\grpconv.exe


Rkill completed on 20/03/2011 at 20:46:05.
 
Did you try Mbam again after you ran RKill and exe? If not, please do it.

The following needs to be handled:

1. You still have too much security. Please run this Security Check so we can find everything and deal with it:
Download Security Check by screen317 from HERE or HERE .
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
============================================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
  10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
  11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

I'll decide what's next after the above.

Do you have any idea what this is? Install date of 3/7/2011, same dat as several other programs, including Sunbelt Software data- more security!
C:\PROGRA~3\{A5847AFF-A1FE-4929-A3C0-16C23AB1D29D}

You shouldn't be installing new software or configuring new programs when we're trying to clean the system. For instance: A Restore Point was set to configure Power Cinema on 3/16. That is also the date of your first log. It's a big program and it's running in the background.

You also have a lot of redundancy> for instance, you have McAfee Site Advisor running- but AVG also has one!
 
Sorry about the installations, I'm not the only person who uses the comp. Also I'm not aware of the extra security programme, if I can I just want rid of everything I don't absolutely need, feel free to streamline!

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
McAfee SiteAdvisor
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.2.152.32
Adobe Reader X (10.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
Symantec Norton Online Backup NOBuAgent.exe
``````````End of Log````````````


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=7891ca0a1e2a8e4580b8ca40db0f0c01
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-26 10:04:30
# local_time=2011-03-26 10:04:30 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777213 80 75 1605143 7550136 0 0
# compatibility_mode=5893 16776574 100 94 93955 53598494 0 0
# compatibility_mode=8192 67108863 100 0 4151 4151 0 0
# scanned=16079
# found=0
# cleaned=0
# scan_time=425

MBAM installed now after rkill, but it stopped responding when it tried to update. I ran as admin and it updated and scanned successfully, thanks!
 
Now you have no antivirus! Please put one AV program on the system.
[o]Avira-AntiVir-Personal-Free-Antivirus
[o]Avast Free Version

Eset online scan is clean.
The description of Mbam is confusing. The subject is "Mbam refuses to delete", but isn't it Mbam refuses to scan?
=================================
Show Hidden Files and Folders in Windows Vista and Windows 7:
  • Click on the Start button and select Computer
  • Press the Alt key on your keyboard and click on Tools
  • Select Folder Options
  • Click the View tab and make sure that Show hidden files and folders is selected under Hidden files and folders
  • Next, uncheck the box next to Hide protected operating system files (Recommended)
  • Then, uncheck the box next to Hide extensions for known filetypes
  • Click Apply then click OK

Then go to C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware and delete rules.ref.
Once you've done that, start MBAM and when it shows the error and asks to update, let it do so and see if that corrects it.

Please go back and rehide the files and folders after doing this.
================================================
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
Status
Not open for further replies.
Back