Solved Another Win64 sirefef victim - constant auto reboot of PC

Status
Not open for further replies.
It will not wipe anything. It is a Windows Recovery Environment used only to look at your PC's files through a different lens, so to speak.

Now, for that Update new data...no clue. Is it preventing you from moving forward past the boot screen?
 
Hi
Yes it is stopping me doing anything else. Is it potentially ok to run off a USB stick or do I need find a way to copy to CD for thsi to work?
 
If you cannot boot the computer at all because of the error, you'll have to talk to your manufacturer's tech support agents.
 
No, I can boot it if I let it boot as normal., but not f I follow your instrcutions to make it boot from CD (As that file wont download - it just sits a 0% extracting to CD) or does as above if I reboot to removal disk drive.
If I boot to hard drive its fine, but your instrcutiosn said to change to boot from another drive with the OTLPEN programme?
 
PC status is as it was before the instructions to download and reboot from cd
If you can let me know how to get the download file onto CD any other way I can try it? As I said I can copy the download on USB but can't get it onto a CD from my laptop?
I haven't used anything on disc for years! I will see if someone else can download it onto cd for me in meantime

Also has noted when I followed instructions sent to reboot from cd drive, the option on my PC was DVD drive not cd
It does run CDs, but should I save to a DVD instead?
 
OK, managed to get programme onto disc. Went to Packard Bell website see if boot to disc details correct as PB not listed on our link, gave new instructions to press F12 and given 4 drive reboot options so selected DVD drive
NVIDIA Boot agent screen came up
After a few minutes I get a "No boot filename received"
then
PXE-M)F: EXiting NVIDIA Boot agent
DISK BOOT FAILURE, INSERT SYSTEM DISK AND PRESS ENTER

Concerned its wanting me to put total system restore into action so have I found wring menu?
File is definitely on the disk... but its not opening at all
 
Sorry - this is like groundhog day!!
FRST below .. just a thought though, the NVIDEA message ... when I set up to boot from disc I set CD/DVD to 1st boot then what should I set for 2nd. I think 2nd was NVIDEA something or other ... should I have that set to hard drive?

Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 01
Ran by SYSTEM at 24-07-2012 21:45:50
Running from K:\
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Rob\...\Policies\system: [DisableLockWorkstation] 0
HKU\Rob\...\Policies\system: [DisableChangePassword] 0
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) ======

2 BcmSqlStartupSvc; "C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [30312 2009-02-20] (Microsoft Corporation)
2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\bin32\nSvcAppFlt.exe [920064 2008-01-29] ()
2 GenericHidService; HidService.exe [83264 2008-05-29] (Packard Bell Services)
2 GenericHidService; HidService.exe [83264 2008-05-29] (Packard Bell Services)
2 HsdService; "C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe" [1406264 2011-03-23] (Virgin Media)
2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [33960 2009-08-19] (Lexmark International, Inc.)
2 lxdu_device; C:\Windows\system32\lxducoms.exe -service [1044136 2009-08-19] ( )
2 lxdu_device; C:\Windows\SysWow64\lxducoms.exe -service [1040552 2008-05-23] ( )
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 MSSQL$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [29293408 2010-12-10] (Microsoft Corporation)
4 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-02-18] (Nero AG)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
4 NMIndexingService; "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe" [529704 2008-04-28] (Nero AG)
2 nSvcIp; C:\Program Files\bin32\nSvcIp.exe [193024 2008-01-29] ()
2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.)
2 ServicepointService; "C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe" [689464 2011-03-25] (Radialpoint Inc.)
2 TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [92592 2011-04-22] (TomTom)

========================== Drivers (Whitelisted) =============

3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-16 11:08 - 2012-07-16 11:08 - 00000000 ____D C:\FRST
2012-07-16 07:19 - 2012-07-16 07:19 - 00000036 ____A C:\Users\Rob\AppData\Local\housecall.guid.cache
2012-07-16 07:19 - 2011-05-16 02:15 - 02433672 ____A (Trend Micro Inc.) C:\Users\Rob\Desktop\FakeAVRemover.exe
2012-07-16 07:05 - 2012-07-16 06:42 - 03875048 ____A (AVG Technologies) C:\Users\Rob\Desktop\avg_avct_stb_all_2012_2195_ppc2.exe
2012-07-16 06:49 - 2012-07-16 07:26 - 00000000 ____D C:\Users\All Users\MFAData
2012-07-08 03:30 - 2012-07-08 03:30 - 00000000 ____D C:\Users\Rob\AppData\Roaming\SpeedMaxPc
2012-07-08 03:30 - 2012-07-08 03:30 - 00000000 ____D C:\Users\Rob\AppData\Roaming\DriverCure
2012-07-08 03:30 - 2012-07-08 03:30 - 00000000 ____D C:\Users\All Users\SpeedMaxPc
2012-07-08 03:30 - 2012-07-08 03:30 - 00000000 ____D C:\Program Files (x86)\SpeedMaxPc
2012-07-07 14:08 - 2012-07-07 14:08 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-07 14:08 - 2012-07-07 14:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-06 14:00 - 2012-07-06 14:00 - 00000012 ____A C:\Windows\srun.log
2012-06-24 10:13 - 2012-06-24 10:13 - 00538624 ____A C:\Users\Rob\Downloads\rent statement (1).xls
2012-06-24 10:11 - 2012-06-24 10:11 - 00538624 ____A C:\Users\Rob\Downloads\rent statement.xls
2012-06-24 10:11 - 2012-06-24 10:11 - 00445687 ____A C:\Users\Rob\Downloads\fwdfff40st_loenardsavenuehove.zip
2012-06-24 02:10 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-24 02:10 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-24 02:10 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2012-06-24 02:10 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-24 02:10 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-24 02:10 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-24 02:10 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2012-06-24 02:10 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-24 02:10 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-24 02:10 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2012-06-24 02:10 - 2012-06-02 06:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-24 02:10 - 2012-06-02 06:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2012-06-24 02:10 - 2012-06-02 06:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-24 02:10 - 2012-06-02 06:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

============ 3 Months Modified Files ========================

2012-07-16 08:24 - 2010-10-23 02:56 - 00034709 ____A C:\Users\All Users\nvModes.dat
2012-07-16 08:24 - 2010-10-23 02:56 - 00034709 ____A C:\Users\All Users\nvModes.001
2012-07-16 08:24 - 2010-01-31 02:35 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-16 08:24 - 2006-11-02 07:42 - 00032602 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-16 08:24 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-16 08:24 - 2006-11-02 07:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-16 08:24 - 2006-11-02 07:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-16 07:40 - 2010-01-31 02:35 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-16 07:19 - 2012-07-16 07:19 - 00000036 ____A C:\Users\Rob\AppData\Local\housecall.guid.cache
2012-07-16 06:42 - 2012-07-16 07:05 - 03875048 ____A (AVG Technologies) C:\Users\Rob\Desktop\avg_avct_stb_all_2012_2195_ppc2.exe
2012-07-07 14:41 - 2009-07-09 15:35 - 01534265 ____A C:\Windows\WindowsUpdate.log
2012-07-07 14:08 - 2011-05-15 09:11 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-07 14:08 - 2010-05-03 09:32 - 00778976 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-07 13:59 - 2011-04-15 03:14 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1198968773-186493069-1406013737-1000UA.job
2012-07-07 12:53 - 2006-11-02 04:46 - 00772686 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-06 14:16 - 2012-05-05 01:02 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-06 14:16 - 2011-11-20 03:53 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-06 14:00 - 2012-07-06 14:00 - 00000012 ____A C:\Windows\srun.log
2012-07-03 14:59 - 2011-04-15 03:14 - 00000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1198968773-186493069-1406013737-1000Core.job
2012-07-03 13:04 - 2011-04-15 03:14 - 00002034 ____A C:\Users\Rob\Desktop\Google Chrome.lnk
2012-06-24 10:13 - 2012-06-24 10:13 - 00538624 ____A C:\Users\Rob\Downloads\rent statement (1).xls
2012-06-24 10:11 - 2012-06-24 10:11 - 00538624 ____A C:\Users\Rob\Downloads\rent statement.xls
2012-06-24 10:11 - 2012-06-24 10:11 - 00445687 ____A C:\Users\Rob\Downloads\fwdfff40st_loenardsavenuehove.zip
2012-06-24 06:17 - 2006-11-02 07:27 - 00025630 ____A C:\Windows\setupact.log
2012-06-15 10:22 - 2006-11-02 07:21 - 00408992 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-15 09:47 - 2006-11-02 04:35 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-06-13 12:51 - 2012-06-13 12:51 - 00001696 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-04 05:52 - 2012-06-04 05:39 - 00022362 ____A C:\Users\Rob\Downloads\Saint Lucia stats - Tropical Sky 2012 at 31 May 2012.xlsx
2012-06-04 05:39 - 2012-06-04 05:39 - 00022157 ____A C:\Users\Rob\Downloads\Saint Lucia stats - Tropical Sky 2012 at 30Apr2012.xlsx
2012-06-04 04:40 - 2012-06-04 04:40 - 02586352 ____A C:\Users\Rob\Downloads\IMG_0971 (1).MOV
2012-06-04 04:39 - 2012-06-04 04:39 - 05228241 ____A C:\Users\Rob\Downloads\IMG_0971.MOV
2012-06-04 04:26 - 2009-11-16 00:07 - 00000069 ____A C:\Windows\NeroDigital.ini
2012-06-04 03:42 - 2012-06-04 03:42 - 00000126 ____A C:\Users\Rob\Desktop\Download.url
2012-06-04 03:41 - 2012-06-04 03:40 - 13583705 ____A C:\Users\Rob\Downloads\Charlotte playing and singing.wmv
2012-06-02 14:19 - 2012-06-24 02:10 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-24 02:10 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-24 02:10 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2012-06-02 14:19 - 2012-06-24 02:10 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-24 02:10 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-24 02:10 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-24 02:10 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2012-06-02 14:15 - 2012-06-24 02:10 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-24 02:10 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-24 02:10 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2012-06-02 06:19 - 2012-06-24 02:10 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:19 - 2012-06-24 02:10 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2012-06-02 06:15 - 2012-06-24 02:10 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 06:12 - 2012-06-24 02:10 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2012-05-31 14:39 - 2012-05-31 14:39 - 00001758 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-31 03:25 - 2009-12-11 10:57 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-17 18:47 - 2012-06-15 09:54 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-15 09:54 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-15 09:54 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-15 09:54 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-15 09:54 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-15 09:54 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-15 09:54 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-15 09:54 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-15 09:54 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-15 09:54 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-15 09:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-15 09:54 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-15 09:54 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-15 09:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-15 09:54 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-15 09:54 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-15 09:54 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-15 09:54 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-15 09:54 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-15 09:54 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-15 09:54 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-15 09:54 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-15 09:54 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-15 09:54 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-15 09:54 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-15 09:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-15 09:54 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-15 09:54 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-15 12:15 - 2012-06-13 11:54 - 02767360 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-12 22:45 - 2008-01-20 19:26 - 00377380 ____A C:\Windows\PFRO.log
2012-05-10 14:25 - 2009-11-17 14:59 - 00007680 ____A C:\Users\Rob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-01 06:29 - 2012-06-13 11:54 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-10-20 12:05] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 4093.62 MB
Available physical RAM: 3543.96 MB
Total Pagefile: 3970.49 MB
Available Pagefile: 3530.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:342.02 GB) (Free:193.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
7 Drive I: (DATA) (Fixed) (Total:341.97 GB) (Free:341.65 GB) NTFS
9 Drive k: () (Removable) (Total:0.97 GB) (Free:0.97 GB) FAT
10 Drive x: (PQSERVICE) (Fixed) (Total:14.65 GB) (Free:4.16 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 699 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 Online 992 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 15 GB 1024 KB
Partition 2 Primary 342 GB 15 GB
Partition 3 Primary 342 GB 357 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 X PQSERVICE NTFS Partition 15 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 342 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 I DATA NTFS Partition 342 GB Healthy

==================================================================================

Partitions of Disk 6:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 992 MB 16 KB

==================================================================================

Disk: 6
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K FAT Removable 992 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-07 12:57

======================= End Of Log ==========================
 
nVidia option should be network card, right?

Let's try a couple of things over again. I looked a lot closer and am trying a couple of things...

FRST64 Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
HKU\Rob\...\Policies\system: [DisableLockWorkstation] 0
HKU\Rob\...\Policies\system: [DisableChangePassword] 0
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe C:\windows\system32\services.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.
 
Here you go:
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 01
Ran by SYSTEM at 2012-07-25 21:52:19 Run:4
Running from H:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
HKEY_USERS\Rob\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation Value deleted successfully.
HKEY_USERS\Rob\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableChangePassword Value deleted successfully.
C:\windows\system32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe copied successfully to C:\windows\system32\services.exe

==== End of Fixlog ====


I dont know if its relevant, but on running frst, I noted the USB ports have bee assigned different letter .. I was using K and this is now the CD/DVD drive?? What was K is now H as you can see above ...

I AM PASSED THE BLACK SCREEN!!
Windows welcome screen up and logged in OK ...
No messages coming up ...
internet up OK
I think I must have managed to disable some of the start up apps so poss no protection of any kind running ... do I run a malware programme of some kind now?!

This is fantastic!! See a light at end of tunnel ...:) Thank you

Await next move....
 
Excellent News!



ComboFix


Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.
After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:
  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
 
All looking good .... still have virus protection etc switched off as per above so let me know if should reinstate? ...
:)

ComboFix 12-07-27.03 - Rob 27/07/2012 19:43:05.1.3 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4094.2716 [GMT 1:00]
Running from: c:\users\Rob\Desktop\svchost.exe.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL6CA7.tmp
c:\users\Rob\AppData\Local\{9E77D259-A81E-4160-850E-26E1A90DE62E}
c:\users\Rob\AppData\Local\{9E77D259-A81E-4160-850E-26E1A90DE62E}\chrome.manifest
c:\users\Rob\AppData\Local\{9E77D259-A81E-4160-850E-26E1A90DE62E}\chrome\content\_cfg.js
c:\users\Rob\AppData\Local\{9E77D259-A81E-4160-850E-26E1A90DE62E}\chrome\content\overlay.xul
c:\users\Rob\AppData\Local\{9E77D259-A81E-4160-850E-26E1A90DE62E}\install.rdf
c:\users\Rob\AppData\Roaming\Adobe\plugs
c:\users\Rob\AppData\Roaming\Adobe\plugs\mmc106.exe
c:\users\Rob\AppData\Roaming\Adobe\plugs\mmc146.exe
c:\users\Rob\AppData\Roaming\Adobe\plugs\mmc163.exe
c:\users\Rob\AppData\Roaming\Adobe\plugs\mmc238.exe
c:\users\Rob\AppData\Roaming\Adobe\shed
c:\users\Rob\AppData\Roaming\Adobe\shed\thr1.chm
c:\users\Rob\Taskmgr.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
.
.
2012-07-25 21:06 . 2012-06-29 10:049133488----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{696BC3A1-BA6E-464C-B7EC-49F8A3E862FA}\mpengine.dll
2012-07-16 19:08 . 2012-07-16 19:08--------d-----w-C:\FRST
2012-07-16 14:49 . 2012-07-16 15:26--------d-----w-c:\programdata\MFAData
2012-07-16 14:49 . 2012-07-16 14:49--------d--h--w-c:\programdata\Common Files
2012-07-08 11:30 . 2012-07-08 11:30--------d-----w-c:\users\Rob\AppData\Roaming\DriverCure
2012-07-08 11:30 . 2012-07-08 11:30--------d-----w-c:\users\Rob\AppData\Roaming\SpeedMaxPc
2012-07-08 11:30 . 2012-07-08 11:30--------d-----w-c:\program files (x86)\Common Files\SpeedMaxPc
2012-07-08 11:30 . 2012-07-08 11:30--------d-----w-c:\programdata\SpeedMaxPc
2012-07-08 11:30 . 2012-07-08 11:30--------d-----w-c:\program files (x86)\SpeedMaxPc
2012-07-07 22:10 . 2012-02-09 13:17927800----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{09A9BD8A-9120-471F-AB78-5000EF23E417}\gapaengine.dll
2012-07-07 22:09 . 2012-06-18 02:129013136----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-07 22:08 . 2012-07-07 22:08--------d-----w-c:\program files (x86)\Microsoft Security Client
2012-07-07 22:08 . 2012-07-07 22:08--------d-----w-c:\program files\Microsoft Security Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 22:16 . 2012-05-05 09:02426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-06 22:16 . 2011-11-20 11:5370344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-15 17:47 . 2006-11-02 12:3558957832----a-w-c:\windows\system32\mrt.exe
2012-06-02 22:19 . 2012-06-24 10:1038424----a-w-c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 10:102428952----a-w-c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-24 10:1044056----a-w-c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 10:1057880----a-w-c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 10:1035864----a-w-c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-24 10:10701976----a-w-c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-24 10:10577048----a-w-c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-24 10:102622464----a-w-c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-24 10:1099840----a-w-c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-24 10:1088576----a-w-c:\windows\SysWow64\wudriver.dll
2012-06-02 14:19 . 2012-06-24 10:10186752----a-w-c:\windows\system32\wuwebv.dll
2012-06-02 14:19 . 2012-06-24 10:10171904----a-w-c:\windows\SysWow64\wuwebv.dll
2012-06-02 14:15 . 2012-06-24 10:1036864----a-w-c:\windows\system32\wuapp.exe
2012-06-02 14:12 . 2012-06-24 10:1033792----a-w-c:\windows\SysWow64\wuapp.exe
2012-05-31 11:25 . 2009-12-11 18:57279656------w-c:\windows\system32\MpSigStub.exe
2012-05-18 02:47 . 2012-06-15 17:5417807360----a-w-c:\windows\system32\mshtml.dll
2012-05-18 02:16 . 2012-06-15 17:5410924032----a-w-c:\windows\system32\ieframe.dll
2012-05-18 02:06 . 2012-06-15 17:542311680----a-w-c:\windows\system32\jscript9.dll
2012-05-18 01:59 . 2012-06-15 17:541346048----a-w-c:\windows\system32\urlmon.dll
2012-05-18 01:59 . 2012-06-15 17:541392128----a-w-c:\windows\system32\wininet.dll
2012-05-18 01:58 . 2012-06-15 17:541494528----a-w-c:\windows\system32\inetcpl.cpl
2012-05-18 01:58 . 2012-06-15 17:54237056----a-w-c:\windows\system32\url.dll
2012-05-18 01:56 . 2012-06-15 17:5485504----a-w-c:\windows\system32\jsproxy.dll
2012-05-18 01:55 . 2012-06-15 17:54173056----a-w-c:\windows\system32\ieUnatt.exe
2012-05-18 01:55 . 2012-06-15 17:54818688----a-w-c:\windows\system32\jscript.dll
2012-05-18 01:54 . 2012-06-15 17:542144768----a-w-c:\windows\system32\iertutil.dll
2012-05-18 01:51 . 2012-06-15 17:5496768----a-w-c:\windows\system32\mshtmled.dll
2012-05-18 01:51 . 2012-06-15 17:542382848----a-w-c:\windows\system32\mshtml.tlb
2012-05-18 01:47 . 2012-06-15 17:54248320----a-w-c:\windows\system32\ieui.dll
2012-05-17 22:45 . 2012-06-15 17:541800192----a-w-c:\windows\SysWow64\jscript9.dll
2012-05-17 22:35 . 2012-06-15 17:541129472----a-w-c:\windows\SysWow64\wininet.dll
2012-05-17 22:35 . 2012-06-15 17:541427968----a-w-c:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29 . 2012-06-15 17:54142848----a-w-c:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24 . 2012-06-15 17:542382848----a-w-c:\windows\SysWow64\mshtml.tlb
2012-05-15 20:15 . 2012-06-13 19:542767360----a-w-c:\windows\system32\win32k.sys
2012-05-01 14:29 . 2012-06-13 19:54209920----a-w-c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 10:34]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 10:34]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1198968773-186493069-1406013737-1000Core.job
- c:\users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-15 18:53]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1198968773-186493069-1406013737-1000UA.job
- c:\users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-15 18:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s3210&r=1v3607091106p03e5vq35y46219303
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\windows\system32\HidService.exe
c:\program files (x86)\Virgin Media\Digital Home Support\HsdService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\program files (x86)\Virgin Media\Service Manager\ServicepointService.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe
.
**************************************************************************
.
Completion time: 2012-07-27 19:58:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-27 18:58
.
Pre-Run: 206,397,480,960 bytes free
Post-Run: 207,322,128,384 bytes free
.
- - End Of File - - 7D2E4BD84DECEF2733DC26C8850551CF
 
Might as well get rid of these while we're at it...

ComboFix Script

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:
    Folder::
    c:\programdata\MFAData
    c:\users\Rob\AppData\Roaming\DriverCure
    c:\users\Rob\AppData\Roaming\SpeedMaxPc
    c:\program files (x86)\Common Files\SpeedMaxPc
    c:\programdata\SpeedMaxPc
    c:\program files (x86)\SpeedMaxPc
  • Save this as CFScript.txt, in the same location as ComboFix.exe

    CFScriptB-4.gif

  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.
ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
 
Great

1st text file for you, now scanning so will update further in a few hours:


ComboFix 12-07-27.03 - Rob 28/07/2012 20:56:18.2.3 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4094.2262 [GMT 1:00]
Running from: c:\users\Rob\Desktop\svchost.exe.exe
Command switches used :: c:\users\Rob\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\SpeedMaxPc
c:\program files (x86)\Common Files\SpeedMaxPc\UUS3\Images\close.png
c:\program files (x86)\Common Files\SpeedMaxPc\UUS3\Images\close_md.png
c:\program files (x86)\Common Files\SpeedMaxPc\UUS3\Images\close_mo.png
c:\program files (x86)\Common Files\SpeedMaxPc\UUS3\Images\close_pu.png
c:\program files (x86)\Common Files\SpeedMaxPc\UUS3\Images\close_pu_md.png
c:\program files (x86)\Common Files\SpeedMaxPc\UUS3\Images\close_pu_mo.png
c:\program files (x86)\Common Files\SpeedMaxPc\UUS3\Images\Logo.png
c:\program files (x86)\Common Files\SpeedMaxPc\UUS3\Images\min.png
c:\program files (x86)\Common Files\SpeedMaxPc\UUS3\Images\min_md.png
c:\program files (x86)\Common Files\SpeedMaxPc\UUS3\Images\min_mo.png
c:\program files (x86)\Common Files\SpeedMaxPc\UUS3\Images\topbar_gradient.png
c:\program files (x86)\Common Files\SpeedMaxPc\UUS3\LiteUnzip.dll
c:\program files (x86)\Common Files\SpeedMaxPc\UUS3\settings.xml
c:\program files (x86)\Common Files\SpeedMaxPc\UUS3\Update3.exe
c:\program files (x86)\Common Files\SpeedMaxPc\UUS3\UUS3.dll
c:\program files (x86)\SpeedMaxPc
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\7ZipDLL.dll
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\colors.xml
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\CommonLoggingExtension.pxt
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\CommonSpecialist.pxt
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\ExtensionManager.dll
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\HandleUpdate.dll
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\HTML\0_days.htm
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\HTML\1_days.htm
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\HTML\15_days.htm
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\HTML\2_days.htm
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\HTML\30_days.htm
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\HTML\5_days.htm
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\HTML\container_content_bkimg.gif
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\HTML\container_content_leftimg.gif
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\HTML\container_content_rightimg.gif
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\HTML\error_connect.html
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\HTML\images\10x10.gif
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\HTML\images\10x10tile.gif
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\HTML\images\contentwrapper.gif
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\HTML\images\error_internet.jpg
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\HTML\images\footerbarfill.gif
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\HTML\images\info_bubble.jpg
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\HTML\images\pcha_background.jpg
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\HTML\images\tile_footerbarbase.jpg
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\HTML\images\tile_subheadbarbase.jpg
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\HTML\images\tile_titlebarbase.jpg
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\HTML\main.css
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\HTML\main_error.css
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\HTML\package_titlebar_bkimg.jpg
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\HTML\uninstall\box_screen.jpg
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\HTML\uninstall\default_button.gif
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\HTML\uninstall\default_button_over.gif
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\HTML\uninstall\header_background.jpg
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\HTML\uninstall\index.html
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Audio\cancel.wav
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Audio\complete.wav
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\buttons\btn.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\buttons\btn_over.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\buttons\button_bho.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\buttons\button_defrag.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\buttons\button_file.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\buttons\button_generalsettings.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\buttons\button_ignore.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\buttons\button_junk.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\buttons\button_privacy.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\buttons\button_process.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\buttons\button_registry.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\buttons\button_schedule.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\buttons\button_startup.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\buttons\register.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\buttons\register_over.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\buttons\register_over_small.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\buttons\register_small.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\buttons\renew.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\buttons\renew_over.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\buttons\settings_button.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\buttons\settings_button_over.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\buttons\start.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\buttons\start_over.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\defrag\c_empty.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\defrag\c_frag.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\defrag\c_unfrag.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\defrag\c_unknown.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\defrag\c_unmove.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Frame\close.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Frame\dlg_title.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Frame\logo.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Frame\max.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Frame\min.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Frame\register.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Frame\register_close.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Frame\register_close_over.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Frame\register_over.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Frame\renew.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Frame\renew_over.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Frame\restore.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Frame\tab_bg.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Frame\tabactive_bg.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Frame\tabover_bg.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Frame\tfn_bg.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Frame\tfn_logo.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Frame\title_bar.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Frame\upper_divider.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\general\collapse.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\general\delete.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\general\expand.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\general\progress_glow.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\bho.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\dup_audio.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\dup_doc.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\dup_image.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\dup_other.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\dup_video.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\ig_drivers.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\ig_proc.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\ig_reg.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\junk.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\priv_3rd.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\priv_browser.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\priv_email.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\priv_fs.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\priv_im.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\priv_multi.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\priv_office.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\priv_other.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\priv_windows.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\reg_apppath.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\reg_com.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\reg_dll.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\reg_empty.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\reg_extensions.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\reg_filepath.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\reg_font.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\reg_help.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\reg_shortcut.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\reg_startup.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\reg_uninstall.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\group\startup.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\headers\header_about.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\headers\header_bho.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\headers\header_clean.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\headers\header_defrag.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\headers\header_file.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\headers\header_junk.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\headers\header_junk_settings.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\headers\header_malware.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\headers\header_performance.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\headers\header_privacy.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\headers\header_process.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\headers\header_registry.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\headers\header_restore.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\headers\header_settings.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\headers\header_startup.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\headers\header_tools.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\headers\settings_general.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\headers\settings_ignore.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\headers\settings_privacy.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\headers\settings_registry.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\headers\settings_schedule.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Icons\info.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Icons\warning.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\list\other.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\list\process\bho.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\list\process\process.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\list\process\startup.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\list\recommendations\rec_malware16.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\list\recommendations\rec_malware24.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\list\recommendations\rec_malware32.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\list\recommendations\rec_system16.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\list\recommendations\rec_system24.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\list\recommendations\rec_system32.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\list\recommendations\rec_unknown16.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\list\recommendations\rec_unknown24.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\list\recommendations\rec_unknown32.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\list\recommendations\rec_unwanted16.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\list\recommendations\rec_unwanted24.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\list\recommendations\rec_unwanted32.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\list\recommendations\rec_userapp16.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\list\recommendations\rec_userapp24.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\list\recommendations\rec_userapp32.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\011.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\012.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\animation\01.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\animation\02.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\animation\03.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\animation\04.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\animation\05.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\animation\06.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\animation\07.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\animation\08.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\animation\09.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\check.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\damage1.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\damage2.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\damage3.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\damage4.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\damage5.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\damage6.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\error.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\error_large.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\Fix.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\Fix_over.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\junk.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\malware.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\md5.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\privacy.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\process-animation.gif
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\rating_h.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\rating_h_scan.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\rating_l.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\rating_l_scan.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\rating_m.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\rating_m_scan.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\rating_mh.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\rating_mh_scan.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\rating_ml.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\rating_ml_scan.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\registry.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\security_high.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\security_low.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Scan\warning.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Tabs\overview.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Tabs\restore.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Tabs\scan.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Tabs\settings.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Images\Tabs\tools.png
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\LiteUnzip.dll
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\LiteZip.dll
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\LogSettings.xml
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\MyResources.dll
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\privacy.db
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\RegHookSpecialist.pxt
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\SandBoxer.dll
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\settings.xml
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\SpeedMaxPc.exe
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\sqlite3.dll
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\uninstall.exe
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\UNS.xml
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\Utility.pxt
c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\whitelist.dat
c:\programdata\MFAData
c:\programdata\MFAData\logs\mfa-20120716-150558.log
c:\programdata\MFAData\logs\mfa-20120716-152251.log
c:\programdata\MFAData\logs\mfa-20120716-152614.log
c:\programdata\MFAData\logs\msi-20120716-150058.log
c:\programdata\MFAData\logs\msi-20120716-152251.log
c:\programdata\MFAData\logs\msi-20120716-152614.log
c:\programdata\MFAData\mfaurlconf.ini
c:\programdata\MFAData\msistorg.dat
c:\programdata\MFAData\msistorg.dat.bkp
c:\programdata\MFAData\pack\AlertMga.cab
c:\programdata\MFAData\pack\AntiRka.cab
c:\programdata\MFAData\pack\Antivira.cab
c:\programdata\MFAData\pack\avg12infoavi.ctf
c:\programdata\MFAData\pack\avg12infooi.ctf
c:\programdata\MFAData\pack\avg12infowin.ctf
c:\programdata\MFAData\pack\Avgx64.msi
c:\programdata\MFAData\pack\AVIsa.cab
c:\programdata\MFAData\pack\basea.cab
c:\programdata\MFAData\pack\bins\poi12ppc2_dtc26dv.bin
c:\programdata\MFAData\pack\bins\poi12ppc2_lic15ih.bin
c:\programdata\MFAData\pack\bins\w12alertmga2195sv.bin
c:\programdata\MFAData\pack\bins\w12antirka2195bp.bin
c:\programdata\MFAData\pack\bins\w12antivira2195tq.bin
c:\programdata\MFAData\pack\bins\w12avga2195gi.bin
c:\programdata\MFAData\pack\bins\w12avisa2195ef.bin
c:\programdata\MFAData\pack\bins\w12basa2195ph.bin
c:\programdata\MFAData\pack\bins\w12corea2437iv.bin
c:\programdata\MFAData\pack\bins\w12emailsa2195in.bin
c:\programdata\MFAData\pack\bins\w12guia2195wk.bin
c:\programdata\MFAData\pack\bins\w12idata2195rz.bin
c:\programdata\MFAData\pack\bins\w12idpa2195fy.bin
c:\programdata\MFAData\pack\bins\w12lng_usa2195jj.bin
c:\programdata\MFAData\pack\bins\w12onlnsca2195oc.bin
c:\programdata\MFAData\pack\bins\w12rdsta2195ez.bin
c:\programdata\MFAData\pack\bins\w12rdstx2195dv.bin
c:\programdata\MFAData\pack\bins\w12resshlda2195ug.bin
c:\programdata\MFAData\pack\bins\w12srchsrfa2195qa.bin
c:\programdata\MFAData\pack\bins\w12sshttpba2195sx.bin
c:\programdata\MFAData\pack\bins\w12tdidrva2195qb.bin
c:\programdata\MFAData\pack\bins\w12tuneupa2195mm.bin
c:\programdata\MFAData\pack\bins\w12update2a2195ol.bin
c:\programdata\MFAData\pack\bins\w12updatea2195fn.bin
c:\programdata\MFAData\pack\bins\w12xpla2195mt.bin
c:\programdata\MFAData\pack\COREa.cab
c:\programdata\MFAData\pack\COREx64.msi
c:\programdata\MFAData\pack\crt_x64.msi
c:\programdata\MFAData\pack\Emailsa.cab
c:\programdata\MFAData\pack\GUIa.cab
c:\programdata\MFAData\pack\idata.cab
c:\programdata\MFAData\pack\IDPa.cab
c:\programdata\MFAData\pack\lic.mdf
c:\programdata\MFAData\pack\lng_usa.cab
c:\programdata\MFAData\pack\OnlnSca.cab
c:\programdata\MFAData\pack\ppc2_dtc.mdf
c:\programdata\MFAData\pack\ResShlda.cab
c:\programdata\MFAData\pack\SrchSrfa.cab
c:\programdata\MFAData\pack\SSHttpBa.cab
c:\programdata\MFAData\pack\TDIDrva.cab
c:\programdata\MFAData\pack\TuneUpa.cab
c:\programdata\MFAData\pack\Update2a.cab
c:\programdata\MFAData\pack\Updatea.cab
c:\programdata\MFAData\pack\vc_red.cab
c:\programdata\MFAData\pack\vc_red.msi
c:\programdata\MFAData\pack\xpla.cab
c:\programdata\MFAData\public_installation_log.xml
c:\programdata\SpeedMaxPc
c:\programdata\SpeedMaxPc\SpeedMaxPc\dc_db.db
c:\programdata\SpeedMaxPc\UUS3\Master.xml
c:\programdata\SpeedMaxPc\UUS3\Patch.xml
c:\programdata\SpeedMaxPc\UUS3\speedmaxpc\Database.xml
c:\programdata\SpeedMaxPc\UUS3\speedmaxpc\Master.xml
c:\programdata\SpeedMaxPc\UUS3\speedmaxpc\Patch.xml
c:\programdata\SpeedMaxPc\UUS3\speedmaxpc\Update.xml
c:\programdata\SpeedMaxPc\UUS3\Update.xml
c:\users\Rob\AppData\Roaming\DriverCure
c:\users\Rob\AppData\Roaming\DriverCure\LogFile.txt
c:\users\Rob\AppData\Roaming\SpeedMaxPc
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))
.
.
2012-07-28 20:06 . 2012-07-28 20:0669000----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{696BC3A1-BA6E-464C-B7EC-49F8A3E862FA}\offreg.dll
2012-07-28 20:05 . 2012-07-28 20:08--------d-----w-c:\users\Rob\AppData\Local\temp
2012-07-28 20:05 . 2012-07-28 20:05--------d-----w-c:\users\Default\AppData\Local\temp
2012-07-25 21:06 . 2012-06-29 10:049133488----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{696BC3A1-BA6E-464C-B7EC-49F8A3E862FA}\mpengine.dll
2012-07-16 19:08 . 2012-07-16 19:08--------d-----w-C:\FRST
2012-07-16 14:49 . 2012-07-16 14:49--------d--h--w-c:\programdata\Common Files
2012-07-07 22:10 . 2012-02-09 13:17927800----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{09A9BD8A-9120-471F-AB78-5000EF23E417}\gapaengine.dll
2012-07-07 22:09 . 2012-06-18 02:129013136----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-07 22:08 . 2012-07-07 22:08--------d-----w-c:\program files (x86)\Microsoft Security Client
2012-07-07 22:08 . 2012-07-07 22:08--------d-----w-c:\program files\Microsoft Security Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 22:16 . 2012-05-05 09:02426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-06 22:16 . 2011-11-20 11:5370344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-15 17:47 . 2006-11-02 12:3558957832----a-w-c:\windows\system32\mrt.exe
2012-06-02 22:19 . 2012-06-24 10:1038424----a-w-c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 10:102428952----a-w-c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-24 10:1044056----a-w-c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 10:1057880----a-w-c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 10:1035864----a-w-c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-24 10:10701976----a-w-c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-24 10:10577048----a-w-c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-24 10:102622464----a-w-c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-24 10:1099840----a-w-c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-24 10:1088576----a-w-c:\windows\SysWow64\wudriver.dll
2012-06-02 14:19 . 2012-06-24 10:10186752----a-w-c:\windows\system32\wuwebv.dll
2012-06-02 14:19 . 2012-06-24 10:10171904----a-w-c:\windows\SysWow64\wuwebv.dll
2012-06-02 14:15 . 2012-06-24 10:1036864----a-w-c:\windows\system32\wuapp.exe
2012-06-02 14:12 . 2012-06-24 10:1033792----a-w-c:\windows\SysWow64\wuapp.exe
2012-05-31 11:25 . 2009-12-11 18:57279656------w-c:\windows\system32\MpSigStub.exe
2012-05-18 02:47 . 2012-06-15 17:5417807360----a-w-c:\windows\system32\mshtml.dll
2012-05-18 02:16 . 2012-06-15 17:5410924032----a-w-c:\windows\system32\ieframe.dll
2012-05-18 02:06 . 2012-06-15 17:542311680----a-w-c:\windows\system32\jscript9.dll
2012-05-18 01:59 . 2012-06-15 17:541346048----a-w-c:\windows\system32\urlmon.dll
2012-05-18 01:59 . 2012-06-15 17:541392128----a-w-c:\windows\system32\wininet.dll
2012-05-18 01:58 . 2012-06-15 17:541494528----a-w-c:\windows\system32\inetcpl.cpl
2012-05-18 01:58 . 2012-06-15 17:54237056----a-w-c:\windows\system32\url.dll
2012-05-18 01:56 . 2012-06-15 17:5485504----a-w-c:\windows\system32\jsproxy.dll
2012-05-18 01:55 . 2012-06-15 17:54173056----a-w-c:\windows\system32\ieUnatt.exe
2012-05-18 01:55 . 2012-06-15 17:54818688----a-w-c:\windows\system32\jscript.dll
2012-05-18 01:54 . 2012-06-15 17:542144768----a-w-c:\windows\system32\iertutil.dll
2012-05-18 01:51 . 2012-06-15 17:5496768----a-w-c:\windows\system32\mshtmled.dll
2012-05-18 01:51 . 2012-06-15 17:542382848----a-w-c:\windows\system32\mshtml.tlb
2012-05-18 01:47 . 2012-06-15 17:54248320----a-w-c:\windows\system32\ieui.dll
2012-05-17 22:45 . 2012-06-15 17:541800192----a-w-c:\windows\SysWow64\jscript9.dll
2012-05-17 22:35 . 2012-06-15 17:541129472----a-w-c:\windows\SysWow64\wininet.dll
2012-05-17 22:35 . 2012-06-15 17:541427968----a-w-c:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29 . 2012-06-15 17:54142848----a-w-c:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24 . 2012-06-15 17:542382848----a-w-c:\windows\SysWow64\mshtml.tlb
2012-05-15 20:15 . 2012-06-13 19:542767360----a-w-c:\windows\system32\win32k.sys
2012-05-01 14:29 . 2012-06-13 19:54209920----a-w-c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-27_18.53.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2012-07-28 20:0979052 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-07-28 19:4997478 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-09-12 12:25 . 2012-07-28 19:4919562 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1198968773-186493069-1406013737-1000_UserData.bin
+ 2012-07-28 19:52 . 2012-07-28 19:5211442 c:\windows\SoftwareDistribution\EventCache\{AF9B929C-A957-476B-880A-39F3BD7026D2}.bin
+ 2009-10-14 21:53 . 2012-07-27 19:072246 c:\windows\system32\WDI\ERCQueuedResolutions.dat
- 2012-07-27 18:53 . 2012-07-27 18:532048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-28 20:06 . 2012-07-28 20:062048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-27 18:53 . 2012-07-27 18:532048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-28 20:06 . 2012-07-28 20:062048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 12:46 . 2012-07-27 18:37658124 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-07-28 19:53658124 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-07-28 19:53127346 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2012-07-27 18:37127346 c:\windows\system32\perfc009.dat
- 2011-02-10 08:37 . 2012-07-27 18:52410332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-10 08:37 . 2012-07-28 20:05410332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-04-30 03:34 . 2012-07-06 22:212467004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1198968773-186493069-1406013737-1000-8192.dat
+ 2011-04-30 03:34 . 2012-07-27 19:072467004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1198968773-186493069-1406013737-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 10:34]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 10:34]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1198968773-186493069-1406013737-1000Core.job
- c:\users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-15 18:53]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1198968773-186493069-1406013737-1000UA.job
- c:\users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-15 18:53]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s3210&r=1v3607091106p03e5vq35y46219303
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{EF4F8650-7710-4CA0-831D-4AA9C1CF6D87} - c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\windows\system32\HidService.exe
c:\program files (x86)\Virgin Media\Digital Home Support\HsdService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\program files (x86)\Virgin Media\Service Manager\ServicepointService.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe
.
**************************************************************************
.
Completion time: 2012-07-28 21:12:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-28 20:12
ComboFix2.txt 2012-07-27 18:58
.
Pre-Run: 207,189,356,544 bytes free
Post-Run: 207,114,833,920 bytes free
.
- - End Of File - - B7BABA362BBEE261656609F5119848A6
 
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
 
(y) Not sure if you want this one too ... list of scan results:

C:\FRST\Quarantine\xsecva\xsecva.exea variant of Win32/Vcaredrix.A trojancleaned by deleting - quarantined
C:\FRST\Quarantine\{86fe38bd-e6ce-2fa3-84c1-225639a4b68b}\nWin64/Sirefef.W trojancleaned by deleting - quarantined
C:\FRST\Quarantine\{86fe38bd-e6ce-2fa3-84c1-225639a4b68b}\U\80000000.@Win64/Sirefef.AL trojancleaned by deleting - quarantined
C:\FRST\Quarantine\{86fe38bd-e6ce-2fa3-84c1-225639a4b68b}\{86fe38bd-e6ce-2fa3-84c1-225639a4b68b}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantined
C:\FRST\Quarantine\{86fe38bd-e6ce-2fa3-84c1-225639a4b68b}\{86fe38bd-e6ce-2fa3-84c1-225639a4b68b}\U\000000cb.@Win64/Conedex.B trojancleaned by deleting - quarantined
C:\FRST\Quarantine\{86fe38bd-e6ce-2fa3-84c1-225639a4b68b}\{86fe38bd-e6ce-2fa3-84c1-225639a4b68b}\U\80000000.@Win64/Sirefef.AE trojancleaned by deleting - quarantined
C:\FRST\Quarantine\{86fe38bd-e6ce-2fa3-84c1-225639a4b68b}\{86fe38bd-e6ce-2fa3-84c1-225639a4b68b}\U\80000032.@a variant of Win32/Sirefef.FD trojancleaned by deleting - quarantined
C:\FRST\Quarantine\{86fe38bd-e6ce-2fa3-84c1-225639a4b68b}\{86fe38bd-e6ce-2fa3-84c1-225639a4b68b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantined
C:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7YRXO72W\I[1].htmJS/Kryptik.NX trojancleaned by deleting - quarantined
C:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8250MDMI\jelly-in-shirt-sponsorship-with-crystal-palace[1].htmHTML/Iframe.B.Gen virusdeleted - quarantined
C:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GBSJ5AV5\jelly-in-shirt-sponsorship-with-crystal-palace[1].htmHTML/Iframe.B.Gen virusdeleted - quarantined
C:\Users\Rob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\3e060fc1-1affdcb8a variant of Java/TrojanDownloader.OpenStream.NCM trojancleaned by deleting - quarantined
C:\Users\Rob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\5cfe6714-74c7a6d9a variant of Win32/Kryptik.QXK trojancleaned by deleting - quarantined
 
Hi! Your logs appear to be clean. If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name I.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive I.e. C
  • For a few moments the system will make some calculations:
    diskcleanup1.png
  • Select the More Options tab
    moreoptions.png
  • In the System Restore and Shadow Backups select Clean up
    moreoptions2.png
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Tell me in your next reply, if you have completed these tasks:
  • Cleaned System Restore
  • Ran OTC
  • Ran TFC
  • Ran Security Check
Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.
 
Hi DMJ
I didn't receive an email to alert me to your reply - sorry!
I'll run this tomorrow - pls don't close the case down ... I was thinking it had taken a long time. Should have checked the forum!!
Thanks
 
Hi
Partially done. Up to running OTC but get following message (tried to download from google search and same message)

[FONT=Times New Roman]Internal Server Error[/FONT]

[FONT=Times New Roman]The server encountered an internal error or misconfiguration and was unable to complete your request.[/FONT]
[FONT=Times New Roman]Please contact the server administrator, webmaster@oldtimer.geekstogo.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.[/FONT]
[FONT=Times New Roman]More information about this error may be available in the server error log.[/FONT]
[FONT=Times New Roman]Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.[/FONT]
[FONT=Times New Roman][/FONT]
[FONT=Times New Roman]Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at oldtimer.geekstogo.com Port 80[/FONT]
 
Goodness. Sorry that happened. Try again the first link that I gave you (the one hosted at GeeksToGo).
 
Status
Not open for further replies.
Back