Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

microsoft-security-essentials-wont-run/

Started by ste29uk , Jun 04 2011 11:22 AM

  • Please log in to reply

#1
ste29uk
Posted 04 June 2011 - 11:22 AM

ste29uk

    New Member

  • Member
  • Pip
  • 9 posts
I recently was infected with some Malware (antimalware doctor)that I removed with Malwarebyte's Antimalware program. However, I'm having problems now:

(1) MS Security Essentials will not open or run, and

(2) Window security centre will not switch on for more than a minute

(3) My Google searches sometimes are redirected to strange sites.

More info:
1. I do not have any other Anti-virus software running that I know of that would be stopping MS Security Essentials from running.
2. Windoes security centre will no switch on for more than 1 minute
3. The google redirection doesn't always happen. Sometimes it goes to the thing I searched for, sometimes it doesn't.
4. Have tried reinstalling MS Security Essentials, but same problem exists

Any help would be very gratefull

Edited by ste29uk, 05 June 2011 - 09:52 AM.

  • 0

Advertisements

#2
ste29uk
Posted 05 June 2011 - 08:34 AM

ste29uk

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
done what is said in this post http://www.geekstogo...tials-wont-run/ but still have same problem
  • 0

#3
Jacee
Posted 05 June 2011 - 10:18 AM

Jacee

    Malware Expert

  • Expert
  • 994 posts
  • MVP
What did you do following that link?

Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.
Double click on the flush.bat file to run it. Vista and Windows 7 need to run as Administrator. Your computer will reboot/restart itself.

Next,

Download DDS from one of these links:
Mirror 1 Mirror 2 Mirror 3
  • Disable any script blocking protection
  • Double click the dds icon to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt <--- will be minimized in the task tray
  • Save both reports to your desktop.
Copy and paste the contents of both logs in your next post.
  • 0

#4
ste29uk
Posted 05 June 2011 - 10:34 AM

ste29uk

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks for reply, i followed evereything of that link.

here are log files

.
DDS (Ver_2011-06-03.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Administrator at 17:30:34 on 2011-06-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.3094 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s3210&r=173601101716p0305v125y47i49218
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s3210&r=173601101716p0305v125y47i49218
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s3210&r=173601101716p0305v125y47i49218
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: vShare Toolbar: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: vShare Toolbar: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [POEngine5]
uRun: [DriverMax]
uRun: [DriverMax_RESTART]
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files (x86)\PlaySushi\PSText.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0A55DDF4-8552-4402-8071-23FEE25024EB} : DhcpNameServer = 192.168.1.254
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO-X64: vShare Toolbar: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: vShare Toolbar: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun-x64: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE-X64: {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
IE-X64: {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\stanjamesgibMPP\MPPoker.exe
IE-X64: {1B0A5259-1AF0-42B3-BAF0-AD7180101AE5} - C:\Microgaming\Poker\LadbrokesMPP\MPPoker.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5j7qpztw.default\
FF - component: C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\PlaySushiFF.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-8 169312]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-8-15 240160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-4 135664]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w --> C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-4 135664]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-06-05 15:40:27 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-06-05 15:40:20 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-06-05 15:17:27 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2011-06-05 15:13:12 34560 ----a-w- C:\Windows\SysWow64\drivers\Normandy.sys
2011-06-05 15:11:42 35712 ----a-w- C:\Windows\SysWow64\drivers\BlackBox.sys
2011-06-05 15:08:41 20040 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-06-05 15:08:41 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2011-06-05 15:07:57 -------- d-----w- C:\ProgramData\Hitman Pro
2011-06-05 15:04:59 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2011-06-05 15:02:24 -------- d-----w- C:\ProgramData\PC Tools
2011-06-03 14:47:45 582 ----a-w- C:\FixitRegBackup.reg
2011-06-03 12:21:48 -------- d-----w- C:\ProgramData\~1
2011-06-03 12:20:34 0 ----a-w- C:\Users\Administrator\AppData\Local\Kluwo.bin
2011-06-03 12:11:41 -------- d-----w- C:\Users\Administrator\AppData\Roaming\3A973709911EF41449DCBC87E3A2933C
2011-06-03 11:03:10 -------- d-----w- C:\NEXT_THREE_DAYS
2011-06-03 10:18:39 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8CC5E965-3364-406B-8901-80661EF0FBF7}\mpengine.dll
2011-06-01 17:28:12 -------- d-----w- C:\Windows\System32\SPReview
2011-06-01 17:27:13 -------- d-----w- C:\Windows\System32\EventProviders
2011-06-01 17:24:13 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2011-06-01 17:24:13 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-06-01 17:24:07 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-06-01 17:24:04 59392 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2011-06-01 17:24:04 3715584 ----a-w- C:\Windows\System32\mstscax.dll
2011-06-01 17:24:04 1838080 ----a-w- C:\Windows\System32\d3d10warp.dll
2011-06-01 17:24:04 14967808 ----a-w- C:\Program Files\DVD Maker\OmdBase.dll
2011-06-01 17:24:04 12288 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2011-06-01 17:24:02 3215872 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-06-01 17:22:59 983040 ----a-w- C:\Program Files (x86)\Windows Media Player\WMPDMC.exe
2011-06-01 17:21:59 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll
2011-06-01 17:21:59 257024 ----a-w- C:\Windows\SysWow64\dpx.dll
2011-06-01 17:21:54 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2011-06-01 17:21:54 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-06-01 17:19:54 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-06-01 17:19:54 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-06-01 17:19:54 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-06-01 17:19:40 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-06-01 17:19:34 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-06-01 17:19:11 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-06-01 17:19:11 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-06-01 13:40:16 -------- d-----w- C:\Users\Administrator\AppData\Local\Microsoft Games
2011-05-27 23:15:02 -------- d-----w- C:\Users\Administrator\P5JavaClientSettings
2011-05-25 13:12:28 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-05-15 16:26:03 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c7d4b6001cc131c23\InstallManager_WLE_WLE.exe
2011-05-15 16:25:46 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\be72ac201cc131c18\MeshBetaRemover.exe
2011-05-15 16:25:32 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b5f5d2201cc131c10\DSETUP.dll
2011-05-15 16:25:32 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b5f5d2201cc131c10\DXSETUP.exe
2011-05-15 16:25:32 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b5f5d2201cc131c10\dsetup32.dll
2011-05-15 16:25:31 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b4e636e01cc131c0f\DSETUP.dll
2011-05-15 16:25:31 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b4e636e01cc131c0f\DXSETUP.exe
2011-05-15 16:25:31 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b4e636e01cc131c0f\dsetup32.dll
2011-05-15 16:23:43 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-05-15 16:23:43 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-05-15 16:23:43 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-05-15 16:23:43 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-05-15 16:23:41 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-15 16:23:41 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-15 16:02:46 -------- d-----w- C:\ProgramData\Innovative Solutions
2011-05-15 16:02:45 -------- d-----w- C:\Users\Administrator\AppData\Local\Innovative Solutions
2011-05-15 16:02:12 -------- d-----w- C:\Program Files (x86)\Innovative Solutions
2011-05-14 17:08:06 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2011-05-14 17:07:22 438272 ----a-w- C:\Windows\SysWow64\vp6vfw.dll
2011-05-14 17:07:21 327680 ----a-w- C:\Windows\SysWow64\vp6dec.ax
2011-05-14 17:07:21 118832 ----a-w- C:\Windows\SysWow64\SHW32.DLL
2011-05-14 16:58:26 -------- d-----w- C:\Program Files\tigerwoods2008
2011-05-11 17:42:23 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-11 17:42:21 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-11 17:42:21 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-11 17:42:03 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-11 17:42:03 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-11 17:42:03 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-11 17:42:03 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-11 17:42:03 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-11 17:42:03 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-05-11 17:42:03 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
.
==================== Find3M ====================
.
2011-06-01 17:34:27 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-06-01 17:34:26 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-05-29 08:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:23:45 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
.
============= FINISH: 17:31:29.59 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/01/2010 15:13:12
System Uptime: 05/06/2011 17:24:20 (0 hours ago)
.
Motherboard: Packard Bell | | WMCP78M
Processor: AMD Athlon™ II X3 425 Processor | Socket AM2 | 2700/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 341 GiB total, 277.217 GiB free.
D: is FIXED (NTFS) - 342 GiB total, 241.99 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&18018E29&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&18018E29&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP239: 03/06/2011 16:54:12 - Scheduled Checkpoint
RP240: 03/06/2011 17:30:50 - Windows Update
RP242: 04/06/2011 17:47:51 - Removed Symantec AntiVirus Win64.
RP243: 04/06/2011 18:11:14 - OTL Restore Point
RP244: 05/06/2011 16:45:12 - OTL Restore Point
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 2 (SP2)
7-Zip 4.65
888poker
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 7.0
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
Advertising Center
Alice Greenfingers
Amazonia
ArcSoft PhotoImpression
ArcSoft PhotoImpression 6
Ask Toolbar
Barbie™ Horse Adventures™
Bestpoker Avatar
BSR Screen Recorder 4
Call of Duty Modern Warfare 2
CamStudio
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Checkers-7 2.3
Chicken Invaders 2
Compatibility Pack for the 2007 Office system
Coral Poker
Cue Club
D3DX10
Dairy Dash
Dream Day First Home
DriverMax 5
DVD Decrypter (Remove Only)
DVD Shrink 3.1.7
DVDFab 6.2.1.8 (31/12/2009)
DVDFab 7.0.7.0 (08/06/2010)
eBay Worldwide
Farm Frenzy 2
Flight Simulator X
Flight Simulator X Service Pack 1
Full Tilt Poker
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Granny In Paradise
Heroes of Hellas
Holdem Manager
Identity Card
ImagXpress
J2SE Runtime Environment 5.0 Update 7
Java™ 6 Update 17
Junk Mail filter update
Ladbrokes Poker
LiveUpdate 3.2 (Symantec Corporation)
Marble Blast Gold
Marble Blast Gold (remove only)
Merriam Websters Spell Jam
Metaboli
Microsoft Choice Guard
Microsoft Flight Simulator X
Microsoft Flight Simulator X: Acceleration
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox (3.6.11)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero 7 Demo
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
NVIDIA PhysX
Packard Bell GameZone Console
Packard Bell InfoCentre
Packard Bell Recovery Management
Packard Bell Registration
Packard Bell ScreenSaver
Packard Bell Software Suite SE
Packard Bell Updater
Paddy Power Poker
Paradise Pet Salon 1.00
PKR
PokerOffice (remove only)
PokerStars
PokerStove version 1.23
PostgreSQL 8.4
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Stan James
Star Defender 4
System Requirements Lab
Tiger Woods PGA TOUR 08
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
vShare Plugin
Welcome Center
Windows Live Communications Platform
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live Upload Tool
Windows Live UX Platform
Windows Live Writer
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
05/06/2011 17:24:38, Error: Service Control Manager [7041] - The postgresql-8.4 service was unable to log on as .\postgres with the currently configured password due to the following error: Logon failure: the user has not been granted the requested logon type at this computer. Service: postgresql-8.4 Domain and account: .\postgres This service account does not have the required user right "Log on as a service." User Action Assign "Log on as a service" to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check that this user right is assigned to the Cluster service account on all nodes in the cluster. If you have already assigned this user right to the service account, and the user right appears to be removed, check with your domain administrator to find out if a Group Policy object associated with this node might be removing the right.
05/06/2011 17:24:38, Error: Service Control Manager [7000] - The PostgreSQL Server 8.4 service failed to start due to the following error: The service did not start due to a logon failure.
05/06/2011 16:13:12, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
04/06/2011 18:06:06, Error: Service Control Manager [7034] - The Adobe Active File Monitor V7 service terminated unexpectedly. It has done this 1 time(s).
04/06/2011 17:01:11, Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
03/06/2011 17:33:13, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows 7 for x64-based Systems.
03/06/2011 15:39:07, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
03/06/2011 14:30:52, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
03/06/2011 13:55:30, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
03/06/2011 13:55:30, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
03/06/2011 13:55:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
03/06/2011 13:55:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
03/06/2011 13:55:19, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
03/06/2011 13:55:16, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eeCtrl spldr sptd SRTSP SRTSPX Wanarpv6
03/06/2011 13:54:51, Error: sptd [4] - Driver detected an internal error in its data structures for .
03/06/2011 13:41:11, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
03/06/2011 13:00:27, Error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
03/06/2011 13:00:27, Error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.
03/06/2011 13:00:25, Error: Service Control Manager [7031] - The Symantec AntiVirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
02/06/2011 21:02:21, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
01/06/2011 19:29:55, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63AA156-D534-4BAC-9BF1-55359CF5EC30} and APPID {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} to the user mark-PC\postgres SID (S-1-5-21-3526405480-3933869627-3991127821-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
01/06/2011 18:57:18, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Windows Live Essentials 2011 (KB2434419).
.
==== End Of File ===========================
  • 0

#5
Jacee
Posted 05 June 2011 - 11:08 AM

Jacee

    Malware Expert

  • Expert
  • 994 posts
  • MVP
Download Combofix from any of the links below, and save it to your desktop.<--Important

Link 1
Link 2
Link 3



Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.
  • Double click combofix.exe and follow the prompts. Win 7, right click and run as Administrator.
  • When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Please be patient while the scan runs, at times it may appear to stall.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply.

After rebooting ensure your Security applications have been re-enabled.


In your next reply post:
ComboFix.txt


***A guide and tutorial on "How to use Combofix" can be found here:
http://www.bleepingc...to-use-combofix

IF CF won't run:
During the download, rename Combofix.exe to sVchost.exe
  • 0

#6
ste29uk
Posted 05 June 2011 - 11:30 AM

ste29uk

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks followed instructions and i think so far problem is fixed, Thanks again will write another reply tomorrow to say if for sure it is fixed.

here is the log file

ComboFix 11-06-05.02 - Administrator 05/06/2011 18:20:02.1.3 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.2939 [GMT 1:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\DSCF5265.JPG
c:\users\Administrator\AppData\Roaming\.#
c:\users\Administrator\AppData\Roaming\.#\MBX@12F4@1E62790.###
c:\users\Administrator\AppData\Roaming\.#\MBX@12F4@1E627C0.###
c:\users\Administrator\AppData\Roaming\.#\MBX@1AC@272790.###
c:\users\Administrator\AppData\Roaming\.#\MBX@1AC@2727C0.###
c:\users\Administrator\AppData\Roaming\.#\MBX@444@1F32790.###
c:\users\Administrator\AppData\Roaming\.#\MBX@444@1F327C0.###
c:\users\Administrator\AppData\Roaming\.#\MBX@A4C@2232790.###
c:\users\Administrator\AppData\Roaming\.#\MBX@A4C@22327C0.###
c:\users\Administrator\AppData\Roaming\.#\MBX@DF8@1FB2790.###
c:\users\Administrator\AppData\Roaming\.#\MBX@DF8@1FB27C0.###
c:\users\Administrator\AppData\Roaming\.#\MBX@F78@6D2790.###
c:\users\Administrator\AppData\Roaming\.#\MBX@F78@6D27C0.###
c:\users\Administrator\AppData\Roaming\Adobe\plugs
c:\users\Administrator\AppData\Roaming\Adobe\shed
c:\users\Administrator\AppData\Roaming\completescan
c:\users\Administrator\AppData\Roaming\install
c:\users\mark\AppData\Roaming\.#
c:\users\mark\AppData\Roaming\.#\MBX@116C@692790.###
c:\users\mark\AppData\Roaming\.#\MBX@116C@6927C0.###
c:\users\mark\AppData\Roaming\.#\MBX@930@2152790.###
c:\users\mark\AppData\Roaming\.#\MBX@930@21527C0.###
c:\users\mark\AppData\Roaming\.#\MBX@AB8@1F2790.###
c:\users\mark\AppData\Roaming\.#\MBX@AB8@1F27C0.###
c:\users\mark\AppData\Roaming\.#\MBX@BDC@232790.###
c:\users\mark\AppData\Roaming\.#\MBX@BDC@2327C0.###
c:\users\mark\AppData\Roaming\.#\MBX@E44@1E82790.###
c:\users\mark\AppData\Roaming\.#\MBX@E44@1E827C0.###
c:\users\mark\AppData\Roaming\inst.exe
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-05 to 2011-06-05 )))))))))))))))))))))))))))))))
.
.
2011-06-05 15:40 . 2011-06-05 15:40 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-06-05 15:40 . 2011-06-05 15:40 -------- d-----w- c:\program files\Microsoft Security Client
2011-06-05 15:17 . 2011-06-05 15:17 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-06-05 15:13 . 2011-06-05 15:13 34560 ----a-w- c:\windows\SysWow64\drivers\Normandy.sys
2011-06-05 15:11 . 2011-06-05 15:12 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2011-06-05 15:08 . 2011-06-05 15:18 20040 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-05 15:08 . 2011-06-05 15:08 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-06-05 15:07 . 2011-06-05 15:17 -------- d-----w- c:\programdata\Hitman Pro
2011-06-05 15:04 . 2011-06-05 15:29 -------- d-----w- c:\program files (x86)\PC Tools Security
2011-06-05 15:02 . 2011-06-05 15:25 -------- d-----w- c:\programdata\PC Tools
2011-06-03 14:47 . 2011-06-03 14:47 582 ----a-w- C:\FixitRegBackup.reg
2011-06-03 12:21 . 2011-06-03 12:21 -------- d-----w- c:\programdata\~1
2011-06-03 12:20 . 2011-06-03 12:20 0 ----a-w- c:\users\Administrator\AppData\Local\Kluwo.bin
2011-06-03 12:11 . 2011-06-03 17:19 -------- d-----w- c:\users\Administrator\AppData\Roaming\3A973709911EF41449DCBC87E3A2933C
2011-06-03 11:03 . 2011-06-03 11:03 -------- d-----w- C:\NEXT_THREE_DAYS
2011-06-03 10:18 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8CC5E965-3364-406B-8901-80661EF0FBF7}\mpengine.dll
2011-06-01 17:44 . 2011-06-01 17:44 -------- d-----w- c:\program files\Windows Live
2011-06-01 17:28 . 2011-06-01 17:28 -------- d-----w- c:\windows\system32\SPReview
2011-06-01 17:27 . 2011-06-01 17:27 -------- d-----w- c:\windows\system32\EventProviders
2011-06-01 17:24 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2011-06-01 17:24 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-06-01 17:24 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-06-01 17:24 . 2010-11-20 13:27 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2011-06-01 17:24 . 2010-11-20 13:27 14967808 ----a-w- c:\program files\DVD Maker\OmdBase.dll
2011-06-01 17:24 . 2010-11-20 13:27 3715584 ----a-w- c:\windows\system32\mstscax.dll
2011-06-01 17:24 . 2010-11-20 13:26 1838080 ----a-w- c:\windows\system32\d3d10warp.dll
2011-06-01 17:24 . 2010-11-20 11:07 59392 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2011-06-01 17:24 . 2010-11-20 12:19 3215872 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-06-01 17:22 . 2010-11-20 13:33 213888 ----a-w- c:\windows\system32\drivers\rdyboost.sys
2011-06-01 17:21 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2011-06-01 17:21 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2011-06-01 17:21 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-06-01 17:21 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-06-01 17:19 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-06-01 17:19 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-06-01 17:19 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-06-01 17:19 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-06-01 17:19 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-06-01 17:19 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-06-01 17:19 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-06-01 13:40 . 2011-06-01 13:43 -------- d-----w- c:\users\Administrator\AppData\Local\Microsoft Games
2011-05-27 23:15 . 2011-05-27 23:23 -------- d-----w- c:\users\Administrator\P5JavaClientSettings
2011-05-25 13:12 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-15 16:26 . 2011-05-15 16:26 469256 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c7d4b6001cc131c23\InstallManager_WLE_WLE.exe
2011-05-15 16:25 . 2011-05-15 16:25 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\be72ac201cc131c18\MeshBetaRemover.exe
2011-05-15 16:25 . 2011-05-15 16:25 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\b5f5d2201cc131c10\DSETUP.dll
2011-05-15 16:25 . 2011-05-15 16:25 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\b5f5d2201cc131c10\DXSETUP.exe
2011-05-15 16:25 . 2011-05-15 16:25 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\b5f5d2201cc131c10\dsetup32.dll
2011-05-15 16:25 . 2011-05-15 16:25 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\b4e636e01cc131c0f\DSETUP.dll
2011-05-15 16:25 . 2011-05-15 16:25 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\b4e636e01cc131c0f\DXSETUP.exe
2011-05-15 16:25 . 2011-05-15 16:25 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\b4e636e01cc131c0f\dsetup32.dll
2011-05-15 16:23 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-05-15 16:23 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-05-15 16:23 . 2010-11-20 13:26 321024 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-05-15 16:23 . 2010-11-20 12:18 219136 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-05-15 16:23 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-15 16:23 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-15 16:02 . 2011-05-15 16:02 -------- d-----w- c:\programdata\Innovative Solutions
2011-05-15 16:02 . 2011-05-15 16:02 -------- d-----w- c:\users\Administrator\AppData\Local\Innovative Solutions
2011-05-15 16:02 . 2011-05-15 16:02 -------- d-----w- c:\program files (x86)\Innovative Solutions
2011-05-14 17:08 . 2011-05-14 17:08 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-05-14 17:08 . 2011-05-14 17:08 -------- d--h--r- c:\users\Administrator\AppData\Roaming\SecuROM
2011-05-14 17:07 . 2004-08-30 13:25 438272 ----a-w- c:\windows\SysWow64\vp6vfw.dll
2011-05-14 17:07 . 2007-04-12 14:01 118832 ----a-w- c:\windows\SysWow64\SHW32.DLL
2011-05-14 17:07 . 2004-12-10 09:06 327680 ----a-w- c:\windows\SysWow64\vp6dec.ax
2011-05-14 16:58 . 2011-05-14 17:06 -------- d-----w- c:\program files\tigerwoods2008
2011-05-11 17:42 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 17:42 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 17:42 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 17:42 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 17:42 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 17:42 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 17:42 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 17:42 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 17:42 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 17:42 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-01 17:44 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-01 17:34 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-06-01 17:34 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-05-29 08:11 . 2010-07-24 14:38 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-28 21:39 . 2011-04-28 21:39 0 ---ha-w- c:\users\Administrator\AppData\Local\BIT9351.tmp
2011-03-12 12:08 . 2011-04-28 14:22 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-12 11:23 . 2011-04-28 14:22 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-03-11 06:41 . 2011-04-28 14:22 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 06:41 . 2011-04-28 14:22 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 06:41 . 2011-04-28 14:22 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 06:41 . 2011-04-28 14:22 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 06:41 . 2011-04-28 14:22 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 06:41 . 2011-04-28 14:22 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 06:41 . 2011-04-28 14:22 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 06:34 . 2011-04-15 12:23 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:34 . 2011-04-15 12:23 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 06:33 . 2011-04-28 14:22 2565632 ----a-w- c:\windows\system32\esent.dll
2011-03-11 06:30 . 2011-04-28 14:22 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-03-11 05:33 . 2011-04-15 12:22 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:33 . 2011-04-15 12:22 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-11 05:33 . 2011-04-28 14:22 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2011-03-11 05:31 . 2011-04-28 14:22 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-03-08 06:29 . 2011-04-15 12:22 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:28 . 2011-04-15 12:22 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 14:23 1385864 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-15 39408]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2010-01-12 149280]
"NeroFilterCheck"="c:\windows\SysWOW64\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
R3 BlackBox;BlackBox SR2; [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 Normandy;Normandy SR2; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 15:43]
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 15:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 16299552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s3210&r=173601101716p0305v125y47i49218
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5j7qpztw.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-POEngine5 - (no file)
Wow6432Node-HKCU-Run-DriverMax - (no file)
Wow6432Node-HKCU-Run-DriverMax_RESTART - (no file)
SafeBoot-09678855.sys
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-DVDFab 6_is1 - c:\program files (x86)\DVDFab 6\unins000.exe
AddRemove-ladbrokes (Poker) - c:\microgaming\Poker\LadbrokesMPP\install.exe
AddRemove-MarbleBlastGoldShockwave - c:\program files (x86)\Shockwave.com\Marble Blast Gold\uninst-mb.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c6,13,b0,b2,b0,24,7c,46,81,b5,54,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c6,13,b0,b2,b0,24,7c,46,81,b5,54,\
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wordpad.exe"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WinRAR"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-3526405480-3933869627-3991127821-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-05 18:26:05
ComboFix-quarantined-files.txt 2011-06-05 17:26
.
Pre-Run: 297,612,709,888 bytes free
Post-Run: 297,553,027,072 bytes free
.
- - End Of File - - 2C076B1511E2C92A99692F3805EF204A
  • 0

#7
Jacee
Posted 05 June 2011 - 12:47 PM

Jacee

    Malware Expert

  • Expert
  • 994 posts
  • MVP
Download CKScanner by askey127 from HERE
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Next,

  • Please download http://go.microsoft....k/?linkid=52012 MGADiag and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Push Posted Image
  • Push Posted Image
  • Go to Start -> Run and type in "Notepad"
  • Go to Edit -> Paste in notepad.
  • x out all of the numbers and letters in the line beginning with "Windows Product Key:"
  • Copy and paste that log here.

  • 0

#8
ste29uk
Posted 06 June 2011 - 02:52 AM

ste29uk

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi sorry had to go to work yesterday

Computer still has same problems
havee followed your instructions
here are the log files

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\barbie™\barbie™ horse adventures™\game exports\subgames\code crack\vssver.scc
c:\program files (x86)\barbie™\barbie™ horse adventures™\game exports\subgames\code crack\model\handle.dff
c:\program files (x86)\barbie™\barbie™ horse adventures™\game exports\subgames\code crack\model\vssver.scc
c:\program files (x86)\rvg software\holdem manager\keygenerateclasslibrary.dll
c:\programdata\adobe\photoshop elements\7.0\photo creations\backgrounds\cracked paint.metadata.xml
scanner sequence 3.BC.11
----- EOF -----




Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-xxxxx-xxxxx-xxxxx
Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34=
Windows Product ID: 00359-OEM-8992687-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {6C6FD9B1-27A4-4A01-A3F2-F2F4FC7F79D8}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.110408-1631
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 102
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_B4D0AA8B-920-80070057

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{6C6FD9B1-27A4-4A01-A3F2-F2F4FC7F79D8}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7QJB7</PKey><PID>00359-OEM-8992687-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-3526405480-3933869627-3991127821</SID><SYSTEM><Manufacturer>Packard Bell</Manufacturer><Model>imedia S3210</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>P01-A4</Version><SMBIOSVersion major="2" minor="5"/><Date>20090831000000.000000+000</Date></BIOS><HWID>993D3E07018400F2</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>102</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><PidType>19</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows® 7, HomePremium edition
Description: Windows Operating System - Windows® 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800006-02-1033-7600.0000-2272009
Installation ID: 011601775396228894256566268286443964200276719832370612
Processor Certificate URL: http://go.microsoft....k/?LinkID=88338
Machine Certificate URL: http://go.microsoft....k/?LinkID=88339
Use License URL: http://go.microsoft....k/?LinkID=88341
Product Key Certificate URL: http://go.microsoft....k/?LinkID=88340
Partial Product Key: 7QJB7
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 06/06/2011 09:46:56

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 3:30:2011 14:27
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MAAAAAEAAwABAAEAAAACAAAAAQABAAEA6GH+Xb7PlpIAdcQtxCM4nJqIhhzEwp6z

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ACRSYS ACRPRDCT
FACP ACRSYS ACRPRDCT
HPET ACRSYS ACRPRDCT
MCFG ACRSYS ACRPRDCT
SSDT PTLTD POWERNOW
SLIC ACRSYS ACRPRDCT
  • 0

#9
ste29uk
Posted 06 June 2011 - 03:22 AM

ste29uk

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi again thanks for help, problem is solved, only thing is that in the action centre there is message saying-

Virus protection

Symantec antivirus is on but is reporting its status to windows security center in a format that is no longer suported.Use the program's automatic updating feature, or contact the program manufacturer for an updated version.

Thanks again.
  • 0

#10
Jacee
Posted 06 June 2011 - 09:28 AM

Jacee

    Malware Expert

  • Expert
  • 994 posts
  • MVP
Did you re-install Norton? Have you updated it manually?

This is in your report, that's why I ask ... 04/06/2011 17:47:51 - Removed Symantec AntiVirus Win64.
  • 0

Advertisements

#11
ste29uk
Posted 06 June 2011 - 10:58 AM

ste29uk

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Never had norton installed or unless didn't think i did, have just recently installed Symantec AntiVirus Win64.
But everything seems to be fine apart from message saying
Virus protection

Symantec antivirus is on but is reporting its status to windows security center in a format that is no longer suported.Use the program's automatic updating feature, or contact the program manufacturer for an updated version.

Thanks again.
  • 0

#12
Jacee
Posted 06 June 2011 - 01:10 PM

Jacee

    Malware Expert

  • Expert
  • 994 posts
  • MVP
Do you still have PC Tools Security running? Uninstall, then delete the program folder.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u25 allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u25-windows-i586-p.exe to install the newest version.

  • 0

#13
ste29uk
Posted 07 June 2011 - 08:51 AM

ste29uk

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi jacee i removed microsoft security essentials, then installed Symantec AntiVirus Win64.

Have followed instructions to update java

Thank you
  • 0

#14
Jacee
Posted 07 June 2011 - 09:23 AM

Jacee

    Malware Expert

  • Expert
  • 994 posts
  • MVP
Do you still have PC Tools Security running? Uninstall, then delete the program folder.
  • 0

#15
ste29uk
Posted 07 June 2011 - 09:27 AM

ste29uk

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Removed pc security tools and folder.
Thanks
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP