[waynegr]

I am now being asked on the NFS racing game site, to upgrade my internet explorer to 9, but when I try to its just says I have a newer version, that’s just like with the Silverlight. I found out the problem with trying to install that NFS racing game again, it was not part of this problem, as many other people had it on the forum.

It takes me to this page, http://windows.micro...down_bannercode

Wayne

[Advertisements]

Hi.

OK fair play re the AVP scan and what you mentioned is most likely systematic with the ongoing issues with your machine.

Now going back to the other machine you say you have access too, so we can download and transfer etc. Can you inform myself please what Operating System is on the machine and do you intend using a USB drive for the aforementioned transfer?

[Dakeyras]

Hi.

OK fair play re the AVP scan and what you mentioned is most likely systematic with the ongoing issues with your machine.

Now going back to the other machine you say you have access too, so we can download and transfer etc. Can you inform myself please what Operating System is on the machine and do you intend using a USB drive for the aforementioned transfer?

[waynegr]

Would it be possable, to E-mail my Sister with the links to what I need her to dl, then let here dl them, copy to disc and give to me ??? If not will ask her what operating system it is.

And you said do nothing on my own, however would it be ok to try some free scans from your site ??? Also, was wounderinf what I have got, a virus, if so would you know whats its called. The mad thing, is I ran my Kaspersky, spybot and ad several times every week. Just to repcap, this problem started when I started to dl free antivirus Avira.

Wayne

[Dakeyras]

Hi.

Would it be possable, to E-mail my Sister with the links to what I need her to dl, then let here dl them, copy to disc and give to me ??? If not will ask her what operating system it is.

No that will not work so we will leave that.

And you said do nothing on my own, however would it be ok to try some free scans from your site ???

Best not to run any scans on your own and or download anything unless I advise so.

Also, was wounderinf what I have got, a virus, if so would you know whats its called. The mad thing, is I ran my Kaspersky, spybot and ad several times every week. Just to repcap, this problem started when I started to dl free antivirus Avira.

Your machine had a compromised Host-File(may still be) and the fact ARO was mistakenly downloaded and installed has not helped matters at all. As for the ongoing problems being perfectly honest I have not quite pinpointed the exact problem yet as not easy at times via the medium of support I do provide because I do not actually have physical access to the machine.

Next:

Please download ComboFix from here, here or here to the Desktop.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs <-- Click on this link.

Right-click on ComboFix.exe and select Run as Administrator then follow the prompts.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If ComboFix detects Rootkit activitity and asks to reboot the system, please allow this to be done.

If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper

When completed the above, please post back the following in the order asked for:

• How is your computer performing now, any other symptoms and or problems encountered?
• ComboFix Log.

[waynegr]

Hi and thx for the info.

I can borrow the laptop, just thought that would have been easier, she is bringing it down tomorrow, just finding out what operating system.

Will test machine out now.

ComboFix 11-09-01.03 - FLIPP 04/09/2011 21:13:04.1.4 - x64
Running from: c:\users\FLIPP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UD56X9PS\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\SysWow64\mfc100deu.dll
c:\windows\UA000071.DLL
.
.
((((((((((((((((((((((((( Files Created from 2011-08-04 to 2011-09-04 )))))))))))))))))))))))))))))))
.
.
2011-09-04 20:23 . 2011-09-04 20:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-09-04 20:23 . 2011-09-04 20:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-04 17:37 . 2011-09-04 17:37 -------- d-----w- c:\program files\Java
2011-09-01 19:11 . 2011-09-01 19:11 -------- d-----w- c:\program files (x86)\ESET
2011-08-29 23:08 . 2011-08-29 23:12 -------- d-----w- c:\programdata\ManiaPlanet
2011-08-29 23:08 . 2011-08-29 23:09 -------- d-----w- c:\program files (x86)\ManiaPlanet
2011-08-27 13:34 . 2011-08-28 23:24 -------- d-----w- c:\users\FLIPP\AppData\Roaming\Sammsoft
2011-08-27 00:48 . 2011-08-27 00:48 -------- d-----w- c:\program files (x86)\Google
2011-08-26 21:07 . 2011-08-26 21:07 -------- d-----w- C:\_OTL
2011-08-26 21:02 . 2011-08-26 21:04 -------- d-----w- c:\program files (x86)\ERUNT
2011-08-26 11:37 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9AC299A4-512B-45F5-AC2F-3E8D757C653C}\mpengine.dll
2011-08-24 12:45 . 2011-08-24 12:45 -------- d-----w- C:\f12f1591da052aec4117
2011-08-24 11:08 . 2011-07-11 13:45 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 11:08 . 2011-07-11 13:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-21 16:34 . 2011-08-21 16:34 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-08-19 22:56 . 2011-08-19 22:56 -------- d-----w- c:\users\FLIPP\AppData\Local\Mozilla
2011-08-19 18:20 . 2011-08-19 18:20 -------- d-----w- c:\users\FLIPP\AppData\Local\Deployment
2011-08-19 18:20 . 2011-08-19 18:20 -------- d-----w- c:\users\FLIPP\AppData\Local\Apps
2011-08-13 00:23 . 2011-09-04 17:37 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-11 12:56 . 2011-07-04 11:32 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-11 12:56 . 2011-07-04 11:36 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-11 12:56 . 2011-07-04 11:35 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-11 12:56 . 2011-07-04 11:32 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-11 12:56 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-11 12:56 . 2011-07-04 11:32 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-11 12:56 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-11 12:56 . 2011-07-04 11:43 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-08-11 12:56 . 2011-08-11 12:56 -------- d-----w- c:\program files\AVAST Software
2011-08-10 12:43 . 2011-08-10 12:43 -------- d--h--w- c:\programdata\Common Files
2011-08-10 12:42 . 2011-08-10 12:43 -------- d-----w- c:\programdata\MFAData
2011-08-10 11:03 . 2011-06-06 10:59 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-08-10 11:03 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-10 11:03 . 2011-06-17 16:16 451072 ----a-w- c:\windows\system32\winsrv.dll
2011-08-10 11:03 . 2011-07-06 15:49 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 11:03 . 2011-06-17 20:14 1427344 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 11:03 . 2011-06-20 08:45 4699536 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 00:07 . 2011-08-10 00:07 -------- d-----w- c:\windows\system32\Macromed
2011-08-09 18:42 . 2011-08-09 18:42 -------- d-----w- c:\programdata\Avira
2011-08-08 20:25 . 2011-07-20 10:30 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-08 20:25 . 2011-07-20 10:30 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-20 01:03 . 2011-05-15 11:48 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-26 20:15 . 2010-06-11 18:31 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-15 00:57 . 2010-03-10 13:40 7634 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2011-07-06 18:52 . 2009-08-23 14:37 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 18:52 . 2009-08-23 14:37 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43 . 2011-02-18 16:14 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-11 00:58 . 2011-06-11 00:58 81744 ----a-w- c:\windows\SysWow64\mfcm100u.dll
2011-06-11 00:58 . 2011-06-11 00:58 81744 ----a-w- c:\windows\SysWow64\mfcm100.dll
2011-06-11 00:58 . 2011-06-11 00:58 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll
2011-06-11 00:58 . 2011-06-11 00:58 64336 ----a-w- c:\windows\SysWow64\mfc100fra.dll
2011-06-11 00:58 . 2011-06-11 00:58 63824 ----a-w- c:\windows\SysWow64\mfc100esn.dll
2011-06-11 00:58 . 2011-06-11 00:58 62288 ----a-w- c:\windows\SysWow64\mfc100ita.dll
2011-06-11 00:58 . 2011-06-11 00:58 60752 ----a-w- c:\windows\SysWow64\mfc100rus.dll
2011-06-11 00:58 . 2011-06-11 00:58 55120 ----a-w- c:\windows\SysWow64\mfc100enu.dll
2011-06-11 00:58 . 2011-06-11 00:58 51024 ----a-w- c:\windows\SysWow64\vcomp100.dll
2011-06-11 00:58 . 2011-06-11 00:58 4422992 ----a-w- c:\windows\SysWow64\mfc100u.dll
2011-06-11 00:58 . 2011-06-11 00:58 4397384 ----a-w- c:\windows\SysWow64\mfc100.dll
2011-06-11 00:58 . 2011-06-11 00:58 43856 ----a-w- c:\windows\SysWow64\mfc100jpn.dll
2011-06-11 00:58 . 2011-06-11 00:58 43344 ----a-w- c:\windows\SysWow64\mfc100kor.dll
2011-06-11 00:58 . 2011-06-11 00:58 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2011-06-11 00:58 . 2011-06-11 00:58 36176 ----a-w- c:\windows\SysWow64\mfc100cht.dll
2011-06-11 00:58 . 2011-06-11 00:58 36176 ----a-w- c:\windows\SysWow64\mfc100chs.dll
2011-06-11 00:58 . 2011-06-11 00:58 138056 ----a-w- c:\windows\SysWow64\atl100.dll
2011-06-11 00:15 . 2011-06-11 00:15 93008 ----a-w- c:\windows\system32\mfcm100u.dll
2011-06-11 00:15 . 2011-06-11 00:15 93008 ----a-w- c:\windows\system32\mfcm100.dll
2011-06-11 00:15 . 2011-06-11 00:15 829264 ----a-w- c:\windows\system32\msvcr100.dll
2011-06-11 00:15 . 2011-06-11 00:15 64336 ----a-w- c:\windows\system32\mfc100fra.dll
2011-06-11 00:15 . 2011-06-11 00:15 64336 ----a-w- c:\windows\system32\mfc100deu.dll
2011-06-11 00:15 . 2011-06-11 00:15 63824 ----a-w- c:\windows\system32\mfc100esn.dll
2011-06-11 00:15 . 2011-06-11 00:15 62288 ----a-w- c:\windows\system32\mfc100ita.dll
2011-06-11 00:15 . 2011-06-11 00:15 608080 ----a-w- c:\windows\system32\msvcp100.dll
2011-06-11 00:15 . 2011-06-11 00:15 60752 ----a-w- c:\windows\system32\mfc100rus.dll
2011-06-11 00:15 . 2011-06-11 00:15 57168 ----a-w- c:\windows\system32\vcomp100.dll
2011-06-11 00:15 . 2011-06-11 00:15 5601616 ----a-w- c:\windows\system32\mfc100u.dll
2011-06-11 00:15 . 2011-06-11 00:15 5574984 ----a-w- c:\windows\system32\mfc100.dll
2011-06-11 00:15 . 2011-06-11 00:15 55120 ----a-w- c:\windows\system32\mfc100enu.dll
2011-06-11 00:15 . 2011-06-11 00:15 43856 ----a-w- c:\windows\system32\mfc100jpn.dll
2011-06-11 00:15 . 2011-06-11 00:15 43344 ----a-w- c:\windows\system32\mfc100kor.dll
2011-06-11 00:15 . 2011-06-11 00:15 36176 ----a-w- c:\windows\system32\mfc100cht.dll
2011-06-11 00:15 . 2011-06-11 00:15 36176 ----a-w- c:\windows\system32\mfc100chs.dll
2011-06-11 00:15 . 2011-06-11 00:15 158536 ----a-w- c:\windows\system32\atl100.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2009-12-31 198160]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-10-17 189736]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe" [2007-02-15 119296]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 136176]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-26 2218600]
R3 ATICDSDr;ATICDSDr;c:\users\FLIPP\AppData\Local\Temp\ATICDSDr.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 136176]
R4 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-09-26 27632]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 27648]
S2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-09-30 192512]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-03-26 378472]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 00:48]
.
2011-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 00:48]
.
2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{2630C28E-E88E-49C7-9770-69E193BCAF2E}.job
- c:\windows\system32\msfeedssync.exe [2011-04-24 23:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-10-06 182808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c1,4d,86,11,fe,8a,6b,d1,d2,1f,9e,94,5c,7e,0e,72,7d,4a,f1,b5,ed,f6,74,
cb,24,80,94,f0,80,10,24,18,9c,31,8f,f8,90,76,e0,03,54,7e,a5,07,f4,5b,c8,a4,\
"??"=hex:3d,38,10,60,5a,5b,7a,eb,9a,3a,3e,b8,2a,df,94,29
.
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000\Software\SecuROM\License information*]
"datasecu"=hex:e3,2e,3a,d8,d1,a7,bd,e3,69,e3,26,9c,f2,a6,1b,8e,b7,02,f8,4e,b4,
f7,7b,f2,ff,1d,eb,18,ac,fa,e3,cd,da,cb,51,59,72,ef,bf,5f,ca,b5,91,f2,95,06,\
"rkeysecu"=hex:77,29,f6,d5,90,c7,a0,8d,8e,9e,e4,a5,d6,52,66,85
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
.
**************************************************************************
.
Completion time: 2011-09-04 21:32:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-04 20:32
.
Pre-Run: 607,950,630,912 bytes free
Post-Run: 607,718,010,880 bytes free
.
- - End Of File - - 53D816F39E06901FD8EFAF628AF0D6B1

Wayne

[waynegr]

Still the same problems.

Wayne

[waynegr]

When I asked if I could use some of the malwear softwear from this site, it was just to get rid of a few things, not my main problem, as spybot and adwear used to find several things after a few days surfing, the malwearbyt does not find anything, but if you say this is ok fine.

Thought I best say that when I changed my password, I did not have to do this, from the Sky site, hope I did it right; If you have changed your wireless password (network key), you will need to reconnect to your Sky Broadband router. Open the wireless connection manager window to see a list of available wireless networks in your area and select your wireless network from the list. Look at the label on the bottom of your router (SSID: SKYxxxxx) - and find the network with the matching code in the list, click to highlight this with your mouse and select Connect. Enter your the new password you created in Step 4 and select Connect or Ok.

This is what I am now getting on the NFS site; Your Internet Explorer is out of date
To get the best possible experience using our website we recommend that you upgrade to a newer version or other web browser. A list of the most popular web browsers can found below. Just click on the icons to get to the download page.

Wayne

[Dakeyras]

Hi.

Please move the executable for ComboFix to the Desktop, it is currently residing here:-

c:\users\FLIPP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UD56X9PS\ComboFix.exe

Reason being it needs to be on the Desktop if we use it again and for the actual uninstalltion process later on.

When I asked if I could use some of the malwear softwear from this site, it was just to get rid of a few things, not my main problem, as spybot and adwear used to find several things after a few days surfing, the malwearbyt does not find anything, but if you say this is ok fine.

The latter you may reinstall as I mentioned in a prior post when I give the all clear if you so wish.

As for the ongoing problems I am beginning to suspect your actual user-profile is corrupt and or the Operating System itself is damaged...so we will run a few basic checks to see if the situation is improved at all.

Also it appears you may be using a HP machine, can you confirm this for myself please and also inform myself the exact modal.

Vista Startup Repair:

You will need the Windows Vista DVD that came with your computer:-

• Bootup your computer from the Vista DVD.
• If not sure how to, a very good tutorial can be read here
• You will have to answer a few basic questions then select the option Repair your computer
• At the the System Recovery Options screen click Windows Vista to highlight then Next>
• You should now see the Searching for Problems...
• Note: If given the option to Perform a System Restore, do not select and cancel the option.
• If problems found let Startup Repair complete and follow the prompts.

Vista-System File Checker:

You may require your Vista DVD for the below.

• Click on Start(Vista Orb).
• Click on All Programs >> Accessories
• Right click on Command Prompt and select Run as Administrator.
• Click on Continue in the UAC prompt.
• At the Command Prompt C:\Windows\System32> type in the following exactly:
• CD C:\
• Then depress the Enter/Return key, then type in the following exactly:
• sfc /scannow
• Then depress the Enter/Return key.

Note: This may take awhile to finish. When completed close the Administrator Command Prompt window, via typing Exit then depress the Enter/Return key.

Next:

Let myself know when completed the above and if any further issues and or problems encountered, thank you.

[waynegr]

Yes its a HP Pavilion.

I never had a dvd with the systm, should have burnded one, the first day, but never got round to it, suppose its far to late now. Should I buy a Windows Vista DVD ???

Wayne

[Dakeyras]

Hi.

I never had a dvd with the systm, should have burnded one, the first day, but never got round to it, suppose its far to late now. Should I buy a Windows Vista DVD ???

OK for future reference the below link(s) shows you how to create a Recovery Disk:-

Creating An HP Recovery Disk & Using HP Recovery

I do advise you do this as if in the future the actual Recovery Partition on your machine becomes damaged you will be left with no way to run a factory reset.

You do not actually need to purchase a Vista DVD but lets see if we can create a System Repair Disc. If you are unable it means the RecDisc file on the system is not suitable and unfortunately with Vista I have never had any success in the past trying to replace the aforementioned file and we will have to consider actually invoking the Recovery Partition which will basically restore your machine back to as it was when first purchased etc. Anyway try the below please and let myself know the outcome, thank you.

Create a Vista SP2 System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed.

• Click on Start(Vista Orb) >> Run... (or the Windows key and R together), then copy/paste the following command into the box and click on OK:
  
  

  recdisc.exe

• Allow the UAC(User Account Control) prompt via selecting Yes.
• You should now see a menu like the below:-

• Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
• Note: If a AutoPlay window pops up, just close it.
• If prompted with the below:-

• Remove the blank rewritable CD/DVD and replace with the Vista CD/DVD you do have and you should see the below:-

• When prompted with the below:-

• Remove your Vista CD/DVD and replace with a blank rewritable CD/DVD and click on OK.
• When the SRD has been created you will see the below:-

• Now click on Close >> OK.

Note: You now have a Vista System Repair Disc.

[waynegr]

That run command did not work, however I found it one my system.

It did about 90%, and then said you need 3 discs in all, then later it said please used a high quality disc. What disc do you recommend please, and could I get the information on one disc. If we do this, is this going to wipe all my computer ??? As I have a lot of file, videos, photos, and several games that took me quite some time to get where I am, it would be quite disheartening to have to go thought all that again, just to get to where I am now. Thx for your help and time again.

Wayne

[Dakeyras]

Hi.

That run command did not work, however I found it one my system.

OK, we will leave alone that particular avenue so to speak, because as I mentioned prior trying to replace it with Vista is far from easy and rarely successful I have found. Though why Microsoft in there wisdom opted for this with Vista is beyond me. For interests sake this is not a issue with Windows 7 and RecDisk.exe can be used, so if at any time in the future you decide to upgrade your machine to Windows 7 you will be able to actually create a Startup Repair Disk.

It did about 90%, and then said you need 3 discs in all, then later it said please used a high quality disc. What disc do you recommend please, and could I get the information on one disc.

I take it you have attempted to create a set of Recovery Disks. Any decent CD R/RW or DVD R/RW should suffice(the latter will depend on the type of Optical Drive your machine actually has) and you should be able to purchase such from a reputble local IT Centre/Store like say PC World and or Electrical Goods Store such as Curry's for example. As for the make of the aforementioned there are many such and to be honest not really my sphere of expertise as primarily myself and this part of the forum provide Anti-Malware Support only...you could ask a assistant in the shop though as that is what I would do if unsure. I'm sorry I cannot provide more salient facts about such but as I mentioned just not something I know a lot about.

If we do this, is this going to wipe all my computer ??? As I have a lot of file, videos, photos, and several games that took me quite some time to get where I am, it would be quite disheartening to have to go thought all that again, just to get to where I am now. Thx for your help and time again.

Hopefully we will not have to resort to this drastic measure, IE using the Recovery Partition and you are most welcome!

OK since your machine is a HP it may actually have the Start-Up Repair feature pre-installed, so lets check as follows...

Vista Startup Repair:

• Reboot your machine and as soon as it starts booting up again continuously tap the F8 key. A menu should come up where you will be given the option to enter Advanced Boot Options, do so.
• On the Advanced Boot Options screen, use the arrow keys to highlight Repair your computer, and then press Enter. (If Repair your computer is not listed as an option, then your computer does not include Startup Repair as a preinstalled recovery option.)
• Select a keyboard layout, and then click on Next. <-- In your case it will be UK etc.
• Select your user name and click on OK.
• On the System Recovery Options menu, click Startup Repair. Startup Repair might prompt you to make choices as it tries to fix the problem and, if necessary, it might restart your computer as it makes repairs.

Note: If unable to complete the above merely move on to the next step and inform myself in your next reply, thank you.

Vista-System File Checker:

• Click on Start(Vista Orb).
• Click on All Programs >> Accessories
• Right click on Command Prompt and select Run as Administrator.
• Click on Continue in the UAC prompt.
• At the Command Prompt C:\Windows\System32> type in the following exactly:
• CD C:\
• Then depress the Enter/Return key, then type in the following exactly:
• sfc /scannow
• Then depress the Enter/Return key.

Note: This may take awhile to finish. When completed close the Administrator Command Prompt window, via typing Exit then depress the Enter/Return key.

Next:

Right-click on OTL.exe and select Run as Administrator to start OTL. Only one log will be produced, post the contents of this in your next reply and provide a quick update about how your machine is performing now.

[waynegr]

Will try tomorrow and let you know, busy night out tonight.

Wayne

[Dakeyras]

OK.

[waynegr]

Found something like repair your computer, ran it, but nothing much seemed to happen when I restarted.

Ran the other scan, said some files were corrupt, and could not fix all.

Found the log, but it would not let me open.

Not sure what you want me to do with OTL.exe, I opened it, but what then please ???

Wayne