Random web page redirects and strange pop-up window

[Altorio]

So yesterday while reseaching load cells for a DIY electronics project I somehow got infected with something that hid all my desktop and startup icons. I was able to clean the infection with Malwarebytes (so I thought) and unhide the icons. I used Unhide.exe and GooredFix. All seemed well last night but now this morning I am again getting random redirects and IE 8 seems a bit slow. I found my Windows Defender is turned off and it won't turn on. Also, every 20 minutes or so a dark blue window pops open with the command promtp in the title bar at the top and it says "Administer". I've tried several fixes but to no avail. Things I've tried:

Combofix

CWShredder

Malwarebytes

Gooredfix

CCleaner - Used it to clean the registry and also to stop some start up programs that were eating memory and I didn't need them running all the time.

Roguecleaner (ran it but did not attempt to clean or fix anything)

aswMBR - Won't run. Click on it and get the small wircle icon indicating it is busy, but then it stops and aswMBR never runs)

tdskiller - Also won't run, same issue as aswMBR.

I'll be gone for part of the day today so if I am a bit slow to respond that is why. Thank you for your assitance.

Here's my logs:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by Brent at 7:57:19 on 2012-03-25

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8160.6461 [GMT -7:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\iRacing\iRacingService.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\WMPSideShowGadget.exe

C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\DllHost.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\REGSVR32.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uSearch Bar = Preserve

uURLSearchHooks: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File

BHO: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

mRun: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry

mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

mRun: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\LU5.exe /reminder

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

StartupFolder: C:\Users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

StartupFolder: C:\Users\Brent\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab

DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{435FE150-C4AE-46FA-879C-27705E65D246} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{4C7CD283-F217-4D84-B6F5-B622E423E351} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{658D6FB5-78DD-42CE-99BA-D384461D981C} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{698F4C70-A05E-4B52-9E83-CD6806E0FEB3} : DhcpNameServer = 192.168.0.1

mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Shareaza Web Download Hook: {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File

BHO-X64: NetAssistant: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll

BHO-X64: NetAssistantBHO - No File

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun-x64: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry

mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

mRun-x64: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\LU5.exe /reminder

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

.

============= SERVICES / DRIVERS ===============

.

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 iRacingService;iRacing.com Helper Service;C:\Program Files (x86)\iRacing\iRacingService.exe [2011-7-26 473768]

R2 Simraceway Update Service;Simraceway Update Service;C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe [2012-2-10 405504]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 FanatecWheelFilterUsb;FanatecWheelFilterUsb;C:\Windows\system32\DRIVERS\FWFilterUsb.sys --> C:\Windows\system32\DRIVERS\FWFilterUsb.sys [?]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]

R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]

R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [2011-12-23 33592]

R3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2011-12-23 14136]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\system32\drivers\t3.sys --> C:\Windows\system32\drivers\t3.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-11-9 79360]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]

S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-2-11 135584]

S3 iDispService;iDispService;C:\Windows\system32\DRIVERS\idisplayminiport.sys --> C:\Windows\system32\DRIVERS\idisplayminiport.sys [?]

S3 JmtFltr;n52te;C:\Windows\system32\drivers\JmtFltr.sys --> C:\Windows\system32\drivers\JmtFltr.sys [?]

S3 LADF_BakerCOnly;BakerC Filter Driver;C:\Windows\system32\DRIVERS\ladfBakerCamd64.sys --> C:\Windows\system32\DRIVERS\ladfBakerCamd64.sys [?]

S3 LADF_BakerROnly;BakerR Filter Driver;C:\Windows\system32\DRIVERS\ladfBakerRamd64.sys --> C:\Windows\system32\DRIVERS\ladfBakerRamd64.sys [?]

S3 NTIOLib_1_0_6;NTIOLib_1_0_6;C:\Program Files (x86)\Setup Files\Ms7681v1G0\NTIOLib_X64.sys [2011-1-6 11888]

S3 SaiH0762;SaiH0762;C:\Windows\system32\DRIVERS\SaiH0762.sys --> C:\Windows\system32\DRIVERS\SaiH0762.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 VJoystick;Virtual JoyStick KMDF HID Minidriver;C:\Windows\system32\DRIVERS\VJoystick.sys --> C:\Windows\system32\DRIVERS\VJoystick.sys [?]

S3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-03-25 14:29:35 -------- d-----w- C:\ComboFix

2012-03-25 04:49:19 -------- d-----w- C:\Program Files\CCleaner

2012-03-24 21:03:58 525544 ----a-w- C:\Windows\System32\deployJava1.dll

2012-03-23 11:38:31 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FED5FB29-A476-4B77-B113-F670D6C23545}\mpengine.dll

2012-03-14 10:01:59 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-14 10:01:59 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-14 10:01:59 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-14 05:42:35 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-03-14 05:42:34 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-14 05:42:34 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-14 05:42:23 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-14 05:42:23 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-14 05:42:23 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-14 05:42:18 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-14 05:42:18 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-14 05:42:18 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-14 05:42:18 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-03-07 17:43:29 -------- d-----w- C:\Users\Brent\AppData\Local\SimCommander3

2012-03-07 06:21:01 -------- d-----w- C:\Users\Brent\AppData\Local\SimXperience

2012-03-07 06:16:45 -------- d-----w- C:\Users\Brent\AppData\Roaming\SimXperience

2012-03-07 06:16:33 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin

2012-03-07 06:16:31 -------- d-----w- C:\Program Files (x86)\SimXperience

2012-03-07 06:12:03 -------- d-----w- C:\Users\Brent\AppData\Local\AuthenticatedWpfApp

2012-03-07 06:07:30 -------- d-----w- C:\Program Files\Microsoft Synchronization Services

2012-03-07 06:07:29 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition

2012-03-07 06:07:26 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services

2012-03-07 06:07:26 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2012-03-06 20:42:38 -------- d-----w- C:\Program Files (x86)\NoLimits Coasters v1.8

2012-03-04 22:30:20 162664 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin

2012-03-04 04:42:49 20688 ----a-w- C:\Windows\System32\idisplay.dll

2012-03-04 04:42:49 15568 ----a-w- C:\Windows\System32\drivers\idisplayminiport.sys

2012-03-04 04:42:49 -------- d-----w- C:\Users\Brent\AppData\Roaming\SHAPE Services

2012-02-29 01:09:05 -------- d-----w- C:\Users\Brent\AppData\Roaming\.rFactor

2012-02-29 01:01:59 -------- d-----w- C:\Program Files (x86)\rFactor2

2012-02-29 00:33:37 -------- d-----w- C:\Users\Brent\AppData\Local\ShiftTone

.

==================== Find3M ====================

.

2012-03-24 21:02:51 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-02-23 16:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl

2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

.

============= FINISH: 8:04:24.53 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 2/24/2011 4:01:34 AM

System Uptime: 3/25/2012 7:44:59 AM (1 hours ago)

.

Motherboard: MSI | | P67A-GD65 (MS-7681)

Processor: Intel® Core i5-2500K CPU @ 3.30GHz | SOCKET 0 | 3292/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 115.419 GiB free.

D: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Universal Serial Bus (USB) Controller

Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_76811462&REV_04\FFFFFFFFFFFFFFFF00

Manufacturer:

Name: Universal Serial Bus (USB) Controller

PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_76811462&REV_04\FFFFFFFFFFFFFFFF00

Service:

.

Class GUID:

Description: Universal Serial Bus (USB) Controller

Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_76811462&REV_04\4&9154DF2&0&FFFFFFFFFFFFFFFF00

Manufacturer:

Name: Universal Serial Bus (USB) Controller

PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_76811462&REV_04\4&9154DF2&0&FFFFFFFFFFFFFFFF00

Service:

.

==== System Restore Points ===================

.

RP222: 3/3/2012 8:47:23 PM - Device Driver Package Install: SHAPE Services Display adapters

RP223: 3/3/2012 9:10:19 PM - Removed Bonjour

RP224: 3/6/2012 6:29:56 AM - Windows Update

RP225: 3/13/2012 1:05:06 AM - Windows Update

RP226: 3/14/2012 3:00:10 AM - Windows Update

RP227: 3/18/2012 11:06:20 AM - Installed Fanatec Wheel

RP228: 3/20/2012 4:16:25 AM - Windows Update

RP229: 3/23/2012 4:38:09 AM - Windows Update

RP230: 3/24/2012 2:02:14 PM - Installed Java 6 Update 31

RP231: 3/24/2012 2:03:28 PM - Installed Java 6 Update 31 (64-bit)

RP232: 3/24/2012 10:47:28 PM - Removed Java 6 Update 31

.

==== Installed Programs ======================

.

3DMark 11

7-Zip 9.20

Adobe AIR

Adobe Digital Editions

Adobe Reader X (10.1.2)

Advanced Combat Tracker (remove only)

Age of Conan - Hyborian Adventures

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Colin McRae Rally 2005

Compatibility Pack for the 2007 Office system

DiRT2

erLT

ERUNT 1.1j

Etron USB3.0 Host Controller

EVE Online (remove only)

EverQuest II

Freeze.com NetAssistant

Futuremark SystemInfo

Geeks3D.com FurMark 1.9.2

GIMP 2.6.10

Hid FootSwitch V4.0

Host OpenAL

HydraVision

iRacing.com Race Simulation

iRSetupManager

iSpeed 3.1.1.0

Jimmie Johnson Spotter Pack v5.10

Live Update 5

Malwarebytes' Anti-Malware version 1.51.2.1300

merhaut.co.at telemetry app

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Office Converter Pack

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft Organization Chart 2.0

Microsoft Silverlight

Microsoft SQL Server Compact 3.5 SP1 English

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Need for Speed Hot Pursuit

NetAssistant

NoLimits Coasters 1.8 (remove only)

NoLimits Coasters Demo 1.8 (remove only)

OpenAL

Origin

PDFCreator

Rapture3D 2.3.22 Game

Reader Library by Sony

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

rFactor2

RIFT

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Shareaza 2.5.4.0

Shockwave

SimDash

Simraceway 0.28.57

SimXperience Commander for X-Sim Beta

SIW version 2010.07.14

Sound Blaster X-Fi

Star Wars: The Old Republic

Team MPR Pit Commander

Team MPR Setup Analyzer

TradingPaints Downloader

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

X-Sim Installer Version 2.0.8.9b beta

.

==== Event Viewer Messages From Past Week ========

.

3/25/2012 8:00:45 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

3/25/2012 7:46:19 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .

3/25/2012 7:45:38 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: hwinterface

3/25/2012 7:44:59 AM, Error: Application Popup [56] - Driver PCI returned invalid ID for a child device (FFFFFFFFFFFFFFFF00).

3/25/2012 7:41:59 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

3/25/2012 7:41:57 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

3/25/2012 7:41:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

3/25/2012 7:41:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

3/25/2012 7:41:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/25/2012 7:41:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

3/25/2012 7:41:40 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache hwinterface spldr Wanarpv6

3/25/2012 6:58:39 AM, Error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

3/24/2012 10:26:16 AM, Error: Service Control Manager [7000] - The AMD FUEL Service service failed to start due to the following error: The system cannot find the file specified.

.

==== End Of File ===========================

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Brent [Admin rights]

Mode: Scan -- Date: 03/25/2012 07:13:20

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 13 ¤¤¤

[sUSP PATH] {3A48ADC5-9290-4E9F-81AD-6A830AF983E8}.job @ : C:\Users\Brent\Desktop\KeyboardOptimizer.exe -> FOUND

[sUSP PATH] {C5D78C36-881D-4D71-914A-318697BA3168}.job @ : C:\Users\Brent\Desktop\KeyboardOptimizer.exe -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowDownloads (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAKS-00L9A0 ATA Device +++++

--- User ---

[MBR] 92685b4bfaadb2ba1fe8cb51ab551937

[bSP] c77f9df55b86806ca102ead22684e851 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305235 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 7ad6c4ea83cf9e061a11ea04104ce9ef

[bSP] c77f9df55b86806ca102ead22684e851 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305235 Mo

1 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 625137345 | Size: 2 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

[Altorio]

Oops...bad typo. Should say "Adminstrator" not "administer" for the info on the pop-up window.

[Altorio]

Sigh... please delete. I posted this in the wrong forum. My apologies. Will re-post it correctly.

[Firefox]

No worries, thanks for going and posting in the right section, stick to that topic and the experts will get you cleaned up.