RTitans
1 Copper

Error code 80073EFE, unable to Update windows and browser problems.

Hello, 

I am unable to update windows and whenever I use Google Chrome some webpages dont load or load incorrectly.  

Thank you  in advance for any help you can give me. 

Hijackthis log:

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 05:10:46, on 17/07/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19019)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2645238

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

R3 - URLSearchHook: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll

F2 - REG:system.ini: UserInit=userinit.exe,

O1 - Hosts: ::1 localhost

O2 - BHO:  AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO:  (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ZoneAlarm Security - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll

O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

O4 - HKCU\..\Run: [Google Update] "C:\Users\Ross\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\SysWOW64\ZoneLabs\vsmon.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)


--

End of file - 9427 bytes

0 Kudos
39 Replies
kevinf80
4 Tellurium

Re: Error code 80073EFE, unable to Update windows and browser problems.

I'm kevinf80 and I will be helping with any issues you may have. Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.
Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.

* If you are using any cracked software, please remove it. In addition to being illegal, when you install cracked software, you are running executable files from dubious, unknown sources. You are giving these sources access to information on your hard disk, and potential control over operation of your computer. Definition of cracked software HERE

** If you are using any P2P (file sharing) programs, please remove them before we clean your computer. The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a partial list HERE

Please proceed as follows :-

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
    Before saving Combofix to the Desktop re-name to Gotcha.exe as below:

    user posted image


  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the user posted image icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available Here if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)


Post the log in next reply please...

Kevin

[img]http://en.community.dell.com/cfs-file.ashx/__key/communityserver-components-userfiles/00-00-87-63-64-Attached+Files/0172.dellrsnew.jpg[/img]
 

 

0 Kudos
RTitans
1 Copper

Re: Error code 80073EFE, unable to Update windows and browser problems.

Thank you for your help and the quick response.

here is combo fix log:

ComboFix 11-07-17.03 - Ross 17/07/2011  22:18:18.1.2 - x64

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.4055.2698 [GMT 1:00]

Running from: c:\users\Ross\Desktop\Gotcha.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((   Files Created from 2011-06-17 to 2011-07-17  )))))))))))))))))))))))))))))))

.

.

2011-07-17 21:32 . 2011-07-17 21:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-17 21:12 . 2011-07-17 21:14 -------- d-----w- C:\Gotcha

2011-07-17 06:35 . 2011-07-17 06:35 -------- d-----w- c:\program files\BatteryBar

2011-07-17 03:07 . 2011-06-07 09:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D569DAA2-641A-4838-A5AD-6FFD2ACA19A3}\mpengine.dll

2011-07-17 00:32 . 2011-07-17 00:32 -------- d-----w- c:\program files (x86)\ESET

2011-07-17 00:27 . 2011-07-17 00:27 -------- d-----w- c:\program files (x86)\Trend Micro

2011-07-15 15:43 . 2010-10-19 04:56 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2011-07-15 15:43 . 2010-10-19 04:27 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll

2011-07-15 15:13 . 2011-07-15 15:14 -------- d-----w- c:\windows\SysWow64\ca-ES

2011-07-15 15:13 . 2011-07-15 15:14 -------- d-----w- c:\windows\SysWow64\eu-ES

2011-07-15 15:13 . 2011-07-15 15:14 -------- d-----w- c:\windows\SysWow64\vi-VN

2011-07-15 15:13 . 2011-07-15 15:14 -------- d-----w- c:\windows\system32\ca-ES

2011-07-15 15:13 . 2011-07-15 15:14 -------- d-----w- c:\windows\system32\eu-ES

2011-07-15 15:13 . 2011-07-15 15:13 -------- d-----w- c:\windows\system32\vi-VN

2011-07-15 14:45 . 2011-07-15 14:45 -------- d-----w- c:\windows\system32\EventProviders

2011-07-15 14:42 . 2009-04-11 07:11 796672 ----a-w- c:\windows\system32\mssvp.dll

2011-07-15 14:40 . 2009-04-11 07:11 622592 ----a-w- c:\windows\system32\WMVXENCD.DLL

2011-07-15 14:39 . 2009-04-11 06:28 247808 ----a-w- c:\windows\SysWow64\drvstore.dll

2011-07-15 14:39 . 2009-04-11 06:28 83968 ----a-w- c:\windows\SysWow64\wbem\wmiutils.dll

2011-07-15 14:39 . 2009-04-11 06:28 30208 ----a-w- c:\windows\SysWow64\wbem\wbemprox.dll

2011-07-15 14:39 . 2009-04-11 06:28 189440 ----a-w- c:\windows\SysWow64\wbem\mofd.dll

2011-07-15 14:39 . 2009-04-11 06:28 614912 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll

2011-07-15 14:39 . 2009-04-11 06:28 265728 ----a-w- c:\windows\SysWow64\wbem\esscli.dll

2011-07-15 14:39 . 2009-04-11 07:11 43520 ----a-w- c:\windows\system32\wbem\wbemprox.dll

2011-07-15 14:39 . 2009-04-11 07:11 1172992 ----a-w- c:\windows\system32\wbem\wbemcore.dll

2011-07-15 14:39 . 2009-04-11 07:11 891392 ----a-w- c:\windows\system32\wbem\fastprox.dll

2011-07-15 14:39 . 2009-04-11 07:11 936448 ----a-w- c:\windows\system32\SmiEngine.dll

2011-07-15 14:38 . 2009-04-11 07:11 293888 ----a-w- c:\windows\system32\wdscore.dll

2011-07-15 14:38 . 2009-04-11 07:10 138752 ----a-w- c:\windows\system32\PkgMgr.exe

2011-07-15 14:38 . 2009-04-11 07:11 315904 ----a-w- c:\windows\system32\drvstore.dll

2011-07-15 01:50 . 2011-07-15 01:50 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services

2011-07-15 01:49 . 2011-07-15 15:35 -------- d-----w- c:\program files (x86)\Microsoft.NET

2011-07-15 01:49 . 2011-07-15 01:49 -------- d-----w- c:\windows\PCHEALTH

2011-07-15 01:46 . 2011-07-15 01:46 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8

2011-07-15 01:44 . 2011-07-15 01:44 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services

2011-07-15 01:43 . 2011-07-15 01:43 -------- d-----r- C:\MSOCache

2011-07-14 22:03 . 2011-07-14 22:05 -------- d-----w- c:\program files (x86)\Auslogics

2011-07-14 21:39 . 2011-07-06 18:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-14 21:39 . 2011-07-14 21:39 -------- d-----w- c:\programdata\Malwarebytes

2011-07-14 21:39 . 2011-07-14 21:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-07-14 21:39 . 2011-07-06 18:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-14 05:23 . 2011-07-14 05:24 -------- d-----w- c:\program files (x86)\PowerISO

2011-07-14 05:23 . 2011-06-15 08:30 93240 ----a-w- c:\windows\system32\drivers\scdemu.sys

2011-07-13 22:04 . 2011-07-13 23:21 -------- d-----w- c:\program files (x86)\JDownloader

2011-07-13 21:37 . 2011-07-13 21:37 -------- d-----w- c:\program files (x86)\PC SleepTimer

2011-07-13 21:35 . 2011-06-07 09:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-13 21:33 . 2009-11-03 22:07 28160 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui

2011-07-13 21:33 . 2009-08-24 11:47 442368 ----a-w- c:\windows\system32\winhttp.dll

2011-07-13 21:33 . 2009-08-24 11:36 377344 ----a-w- c:\windows\SysWow64\winhttp.dll

2011-07-13 21:33 . 2010-09-06 18:28 179712 ----a-w- c:\windows\system32\srvsvc.dll

2011-07-13 21:33 . 2010-09-06 18:28 12288 ----a-w- c:\windows\system32\sscore.dll

2011-07-13 21:33 . 2010-09-06 18:27 17920 ----a-w- c:\windows\system32\netevent.dll

2011-07-13 21:33 . 2010-09-06 16:20 9728 ----a-w- c:\windows\SysWow64\sscore.dll

2011-07-13 21:33 . 2010-09-06 16:19 17920 ----a-w- c:\windows\SysWow64\netevent.dll

2011-07-13 19:14 . 2011-07-13 19:14 -------- d-----w- c:\program files\7-Zip

2011-07-13 19:04 . 2010-02-24 09:28 294912 ----a-w- c:\windows\system32\browserchoice.exe

2011-07-13 19:01 . 2010-02-20 23:15 32768 ----a-w- c:\windows\system32\nshhttp.dll

2011-07-13 19:00 . 2010-02-20 23:06 24064 ----a-w- c:\windows\SysWow64\nshhttp.dll

2011-07-13 19:00 . 2010-02-20 21:30 620032 ----a-w- c:\windows\system32\drivers\http.sys

2011-07-13 19:00 . 2010-02-20 23:14 33792 ----a-w- c:\windows\system32\httpapi.dll

2011-07-13 19:00 . 2010-02-20 23:05 30720 ----a-w- c:\windows\SysWow64\httpapi.dll

2011-07-13 18:53 . 2009-11-08 09:55 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll

2011-07-13 18:53 . 2009-11-08 09:55 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll

2011-07-13 18:53 . 2009-11-08 09:55 48960 ----a-w- c:\windows\system32\netfxperf.dll

2011-07-13 18:53 . 2009-11-08 09:55 444752 ----a-w- c:\windows\system32\mscoree.dll

2011-07-13 18:53 . 2009-11-08 09:55 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2011-07-13 18:53 . 2009-11-08 09:55 297808 ----a-w- c:\windows\SysWow64\mscoree.dll

2011-07-13 18:53 . 2009-11-08 09:55 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe

2011-07-13 18:53 . 2009-11-08 09:55 1942856 ----a-w- c:\windows\system32\dfshim.dll

2011-07-13 18:53 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2011-07-13 18:53 . 2009-11-08 09:55 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2011-07-13 18:29 . 2011-07-13 19:52 -------- d-----w- c:\program files (x86)\Common Files\Steam

2011-07-13 18:29 . 2011-07-17 21:37 -------- d-----w- c:\program files (x86)\Steam

2011-07-13 15:32 . 2011-07-13 15:32 -------- d-----w- c:\windows\SMINST

2011-07-13 09:32 . 2011-03-03 15:59 32256 ----a-w- c:\windows\system32\Apphlpdm.dll

2011-07-13 09:32 . 2011-03-03 15:40 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll

2011-07-13 09:32 . 2011-03-03 14:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2011-07-13 09:32 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll

2011-07-13 09:32 . 2010-05-15 15:30 453720 ------w- c:\windows\system32\drivers\vsdatant.sys

2011-07-13 09:32 . 2011-07-13 09:32 -------- d-----w- c:\program files (x86)\Zone Labs

2011-07-13 09:32 . 2011-07-13 09:32 -------- d-----w- c:\programdata\CheckPoint

2011-07-13 09:32 . 2011-07-17 21:36 -------- d-----w- c:\windows\Internet Logs

2011-07-13 09:27 . 2011-07-13 09:27 -------- d-----w- c:\users\Default\AppData\Local\SoftThinks

2011-07-13 09:19 . 2009-08-01 06:27 201184 ----a-w- c:\windows\SysWow64\winrm.vbs

2011-07-13 09:02 . 2009-06-10 11:52 3547136 ----a-w- c:\windows\system32\mf.dll

2011-07-13 09:02 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\SysWow64\mf.dll

2011-07-13 09:00 . 2009-08-14 16:04 143360 ----a-w- c:\windows\system32\netiohlp.dll

2011-07-13 08:55 . 2010-01-25 12:08 460288 ----a-w- c:\windows\system32\msdrm.dll

2011-07-13 08:54 . 2011-02-24 16:38 991104 ----a-w- c:\windows\system32\winresume.efi

2011-07-13 08:53 . 2010-06-17 18:34 16361984 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll

2011-07-13 08:52 . 2010-12-20 16:59 847360 ----a-w- c:\windows\system32\oleaut32.dll

2011-07-13 08:52 . 2010-12-20 16:35 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-07-13 08:52 . 2011-03-10 17:18 1360384 ----a-w- c:\windows\system32\mfc42u.dll

2011-07-13 08:52 . 2011-03-10 17:18 1398784 ----a-w- c:\windows\system32\mfc42.dll

2011-07-13 08:52 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\SysWow64\mfc42u.dll

2011-07-13 08:52 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\SysWow64\mfc42.dll

2011-07-13 08:52 . 2010-08-26 17:46 189952 ----a-w- c:\windows\system32\t2embed.dll

2011-07-13 08:52 . 2010-08-26 16:37 157184 ----a-w- c:\windows\SysWow64\t2embed.dll

2011-07-13 08:52 . 2011-04-20 16:03 451072 ----a-w- c:\windows\system32\winsrv.dll

2011-07-13 08:52 . 2011-04-20 15:58 85504 ----a-w- c:\windows\system32\csrsrv.dll

2011-07-13 08:51 . 2010-08-31 15:46 954752 ----a-w- c:\windows\SysWow64\mfc40.dll

2011-07-13 08:51 . 2010-08-31 15:46 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll

2011-07-13 08:51 . 2009-07-15 14:47 368128 ----a-w- c:\windows\system32\wmpdxm.dll

2011-07-13 08:51 . 2009-07-15 12:39 313344 ----a-w- c:\windows\SysWow64\wmpdxm.dll

2011-07-13 08:51 . 2009-07-15 10:23 43520 ----a-w- c:\windows\system32\msdxm.tlb

2011-07-13 08:51 . 2009-07-15 10:23 18432 ----a-w- c:\windows\system32\amcompat.tlb

2011-07-13 08:51 . 2009-07-15 10:21 43520 ----a-w- c:\windows\SysWow64\msdxm.tlb

2011-07-13 08:51 . 2009-07-15 10:21 18432 ----a-w- c:\windows\SysWow64\amcompat.tlb

2011-07-13 08:51 . 2010-10-15 14:02 4699024 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-07-13 08:51 . 2010-10-15 13:43 1168512 ----a-w- c:\windows\SysWow64\ntdll.dll

2011-07-13 08:51 . 2010-10-15 13:43 1585168 ----a-w- c:\windows\system32\ntdll.dll

2011-07-13 08:50 . 2009-09-10 15:27 1486848 ----a-w- c:\program files\Windows Media Player\setup_wm.exe

2011-07-13 08:50 . 2009-09-10 15:27 372736 ----a-w- c:\windows\system32\unregmp2.exe

2011-07-13 08:50 . 2009-09-10 14:58 1418752 ----a-w- c:\program files (x86)\Windows Media Player\setup_wm.exe

2011-07-13 08:50 . 2009-09-10 14:58 310784 ----a-w- c:\windows\SysWow64\unregmp2.exe

2011-07-13 08:47 . 2009-06-15 15:11 656896 ----a-w- c:\windows\system32\kerberos.dll

2011-07-13 08:46 . 2010-10-28 13:56 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-13 08:46 . 2010-10-28 13:20 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-07-13 08:44 . 2009-06-10 11:53 203264 ----a-w- c:\windows\system32\wkssvc.dll

2011-07-13 08:44 . 2010-01-29 16:03 2080768 ----a-w- c:\program files\Windows Mail\msoe.dll

2011-07-13 08:44 . 2010-01-29 15:40 1616384 ----a-w- c:\program files (x86)\Windows Mail\msoe.dll

2011-07-13 08:44 . 2010-01-21 15:05 62464 ----a-w- c:\windows\SysWow64\l3codeca.acm

2011-07-13 08:44 . 2010-01-21 15:37 72192 ----a-w- c:\windows\system32\l3codeca.acm

2011-07-13 08:44 . 2009-04-11 07:09 181760 ----a-w- c:\windows\system32\l3codecp.acm

2011-07-13 08:44 . 2009-04-11 06:27 220672 ----a-w- c:\windows\SysWow64\l3codecp.acm

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-27 14:25 . 2011-04-27 14:25 84864 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]

.

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]

.

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-07-13 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]

"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

.

c:\users\Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

BatteryBar.lnk - c:\program files\BatteryBar\BatteryBar.exe [2011-6-11 69632]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 33528]

S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 822264]

S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc

S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-96148779-2948309731-3870321898-1000Core.job

- c:\users\Ross\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-14 03:15]

.

2011-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-96148779-2948309731-3870321898-1000UA.job

- c:\users\Ross\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-14 03:15]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 305664]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-31 154648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-31 227352]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-31 202264]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-03-26 2115664]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 1123320]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.2.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-mcmscsvc

SafeBoot-MCODS

WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)

HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]

@Denied: (A 2) (Everyone)

@="IFlashBroker2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Common Files\Steam\SteamService.exe

.

**************************************************************************

.

Completion time: 2011-07-17  22:44:09 - machine was rebooted

ComboFix-quarantined-files.txt  2011-07-17 21:44

.

Pre-Run: 120,928,473,088 bytes free

Post-Run: 120,855,711,744 bytes free

.

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10

- - End Of File - - 6B5FABEAF26193A3E2A096B5D20C6015

0 Kudos
kevinf80
4 Tellurium

Re: Error code 80073EFE, unable to Update windows and browser problems.

Thanks for the log, run the following :-

 

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

    user posted image


  • If an infected file is detected, the default action will be Cure, click on Continue.

    user posted image


  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    user posted image


  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    user posted image


  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

 

Let me see he log in next reply,

 

Kevin

[img]http://en.community.dell.com/cfs-file.ashx/__key/communityserver-components-userfiles/00-00-87-63-64-Attached+Files/0172.dellrsnew.jpg[/img]
 

 

0 Kudos
RTitans
1 Copper

Re: Error code 80073EFE, unable to Update windows and browser problems.

Here is the TDSSKiller Log:

2011/07/18 09:54:39.0368 0644 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56

2011/07/18 09:54:40.0632 0644 ================================================================================

2011/07/18 09:54:40.0632 0644 SystemInfo:

2011/07/18 09:54:40.0632 0644

2011/07/18 09:54:40.0632 0644 OS Version: 6.0.6002 ServicePack: 2.0

2011/07/18 09:54:40.0632 0644 Product type: Workstation

2011/07/18 09:54:40.0632 0644 ComputerName: ROSS-PC

2011/07/18 09:54:40.0632 0644 UserName: Ross

2011/07/18 09:54:40.0647 0644 Windows directory: C:\Windows

2011/07/18 09:54:40.0647 0644 System windows directory: C:\Windows

2011/07/18 09:54:40.0647 0644 Running under WOW64

2011/07/18 09:54:40.0647 0644 Processor architecture: Intel x64

2011/07/18 09:54:40.0647 0644 Number of processors: 2

2011/07/18 09:54:40.0647 0644 Page size: 0x1000

2011/07/18 09:54:40.0647 0644 Boot type: Normal boot

2011/07/18 09:54:40.0647 0644 ================================================================================

2011/07/18 09:54:41.0474 0644 Initialize success

2011/07/18 09:54:43.0861 1404 ================================================================================

2011/07/18 09:54:43.0861 1404 Scan started

2011/07/18 09:54:43.0861 1404 Mode: Manual;

2011/07/18 09:54:43.0861 1404 ================================================================================

2011/07/18 09:54:44.0610 1404 ACPI            (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

2011/07/18 09:54:44.0766 1404 adp94xx         (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

2011/07/18 09:54:45.0000 1404 adpahci         (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

2011/07/18 09:54:45.0031 1404 adpu160m        (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

2011/07/18 09:54:45.0078 1404 adpu320         (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

2011/07/18 09:54:45.0546 1404 AFD             (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys

2011/07/18 09:54:45.0686 1404 agp440          (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

2011/07/18 09:54:45.0811 1404 aic78xx         (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

2011/07/18 09:54:45.0920 1404 aliide          (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys

2011/07/18 09:54:46.0014 1404 amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

2011/07/18 09:54:46.0107 1404 AmdK8           (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

2011/07/18 09:54:46.0216 1404 ApfiltrService  (1412e9a88fe1f7e35ce6058a2ef03664) C:\Windows\system32\DRIVERS\Apfiltr.sys

2011/07/18 09:54:46.0341 1404 arc             (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

2011/07/18 09:54:46.0482 1404 arcsas          (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

2011/07/18 09:54:46.0560 1404 AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/07/18 09:54:46.0669 1404 atapi           (f988bb0690cd660318037908e9b8dbf7) C:\Windows\system32\drivers\atapi.sys

2011/07/18 09:54:46.0794 1404 BCM42RLY        (a7c9995ba861fce78b2ceaae61d39fd7) C:\Windows\system32\drivers\BCM42RLY.sys

2011/07/18 09:54:46.0950 1404 BCM43XX         (912012b708a7d8e8ce2ee55afb663dff) C:\Windows\system32\DRIVERS\bcmwl664.sys

2011/07/18 09:54:47.0152 1404 blbdrive        (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

2011/07/18 09:54:47.0293 1404 bowser          (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys

2011/07/18 09:54:47.0402 1404 BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

2011/07/18 09:54:47.0433 1404 BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

2011/07/18 09:54:47.0542 1404 Brserid         (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

2011/07/18 09:54:47.0636 1404 BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

2011/07/18 09:54:47.0745 1404 BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

2011/07/18 09:54:47.0886 1404 BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

2011/07/18 09:54:47.0979 1404 BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

2011/07/18 09:54:48.0073 1404 cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

2011/07/18 09:54:48.0166 1404 cdrom           (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

2011/07/18 09:54:48.0307 1404 circlass        (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

2011/07/18 09:54:48.0400 1404 CLFS            (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

2011/07/18 09:54:48.0541 1404 CmBatt          (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/07/18 09:54:48.0572 1404 cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

2011/07/18 09:54:48.0681 1404 Compbatt        (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys

2011/07/18 09:54:48.0790 1404 crcdisk         (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

2011/07/18 09:54:48.0915 1404 DfsC            (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys

2011/07/18 09:54:49.0040 1404 disk            (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

2011/07/18 09:54:49.0212 1404 drmkaud         (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

2011/07/18 09:54:49.0336 1404 DXGKrnl         (e828cdca431d1f98d33501dfc390079a) C:\Windows\System32\drivers\dxgkrnl.sys

2011/07/18 09:54:49.0446 1404 e1express       (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys

2011/07/18 09:54:49.0555 1404 E1G60           (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

2011/07/18 09:54:49.0648 1404 Ecache          (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

2011/07/18 09:54:49.0773 1404 elxstor         (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

2011/07/18 09:54:49.0867 1404 ErrDev          (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys

2011/07/18 09:54:49.0992 1404 exfat           (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

2011/07/18 09:54:50.0101 1404 fastfat         (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

2011/07/18 09:54:50.0132 1404 fdc             (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

2011/07/18 09:54:50.0241 1404 FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

2011/07/18 09:54:50.0319 1404 Filetrace       (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

2011/07/18 09:54:50.0413 1404 flpydisk        (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/07/18 09:54:50.0506 1404 FltMgr          (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

2011/07/18 09:54:50.0569 1404 Fs_Rec          (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

2011/07/18 09:54:50.0662 1404 gagp30kx        (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

2011/07/18 09:54:50.0787 1404 HDAudBus        (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/07/18 09:54:50.0896 1404 HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

2011/07/18 09:54:50.0974 1404 HidIr           (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

2011/07/18 09:54:51.0068 1404 HidUsb          (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys

2011/07/18 09:54:51.0177 1404 HpCISSs         (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

2011/07/18 09:54:51.0271 1404 HTTP            (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

2011/07/18 09:54:51.0411 1404 i2omp           (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

2011/07/18 09:54:51.0505 1404 i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/07/18 09:54:51.0630 1404 iaStor          (0b6c9c8f2e00e8b61c8379e62a9f921b) C:\Windows\system32\drivers\iastor.sys

2011/07/18 09:54:51.0723 1404 iaStorV         (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

2011/07/18 09:54:52.0051 1404 igfx            (f7ab8285bbecfaa5ed4050ccb89e073d) C:\Windows\system32\DRIVERS\igdkmd64.sys

2011/07/18 09:54:52.0332 1404 iirsp           (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

2011/07/18 09:54:52.0441 1404 intelide        (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

2011/07/18 09:54:52.0456 1404 intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

2011/07/18 09:54:52.0566 1404 IpFilterDriver  (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/07/18 09:54:52.0690 1404 IPMIDRV         (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

2011/07/18 09:54:52.0800 1404 IPNAT           (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

2011/07/18 09:54:52.0893 1404 IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

2011/07/18 09:54:53.0002 1404 isapnp          (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

2011/07/18 09:54:53.0112 1404 iScsiPrt        (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/07/18 09:54:53.0205 1404 ISWKL           (9d7ac39e2f3a45d6fc277ec10c2732eb) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys

2011/07/18 09:54:53.0330 1404 iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

2011/07/18 09:54:53.0424 1404 iteraid         (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

2011/07/18 09:54:53.0517 1404 kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/07/18 09:54:53.0595 1404 kbdhid          (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/07/18 09:54:53.0689 1404 KSecDD          (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys

2011/07/18 09:54:53.0814 1404 ksthunk         (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

2011/07/18 09:54:53.0923 1404 lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

2011/07/18 09:54:54.0032 1404 LSI_FC          (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

2011/07/18 09:54:54.0126 1404 LSI_SAS         (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

2011/07/18 09:54:54.0235 1404 LSI_SCSI        (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

2011/07/18 09:54:54.0313 1404 luafv           (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

2011/07/18 09:54:54.0406 1404 megasas         (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

2011/07/18 09:54:54.0500 1404 MegaSR          (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

2011/07/18 09:54:54.0625 1404 Modem           (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

2011/07/18 09:54:54.0734 1404 monitor         (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

2011/07/18 09:54:54.0843 1404 mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

2011/07/18 09:54:54.0921 1404 mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

2011/07/18 09:54:55.0015 1404 MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

2011/07/18 09:54:55.0093 1404 MpFilter        (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys

2011/07/18 09:54:55.0202 1404 mpio            (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

2011/07/18 09:54:55.0296 1404 MpNWMon         (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys

2011/07/18 09:54:55.0374 1404 mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

2011/07/18 09:54:55.0467 1404 Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

2011/07/18 09:54:55.0576 1404 MRxDAV          (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

2011/07/18 09:54:55.0670 1404 mrxsmb          (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/07/18 09:54:55.0748 1404 mrxsmb10        (6dc9461915a551c2a625986f5fb3b851) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/07/18 09:54:55.0873 1404 mrxsmb20        (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/07/18 09:54:55.0951 1404 msahci          (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys

2011/07/18 09:54:56.0044 1404 msdsm           (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

2011/07/18 09:54:56.0154 1404 Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

2011/07/18 09:54:56.0247 1404 msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

2011/07/18 09:54:56.0356 1404 MSKSSRV         (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

2011/07/18 09:54:56.0497 1404 MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/07/18 09:54:56.0606 1404 MSPQM           (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

2011/07/18 09:54:56.0715 1404 MsRPC           (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

2011/07/18 09:54:56.0824 1404 mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/07/18 09:54:56.0856 1404 MSTEE           (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

2011/07/18 09:54:56.0965 1404 Mup             (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

2011/07/18 09:54:57.0090 1404 NativeWifiP     (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

2011/07/18 09:54:57.0230 1404 NDIS            (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

2011/07/18 09:54:57.0324 1404 NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/07/18 09:54:57.0402 1404 Ndisuio         (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/07/18 09:54:57.0511 1404 NdisWan         (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/07/18 09:54:57.0604 1404 NDProxy         (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

2011/07/18 09:54:57.0682 1404 NetBIOS         (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

2011/07/18 09:54:57.0792 1404 netbt           (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

2011/07/18 09:54:57.0870 1404 nfrd960         (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

2011/07/18 09:54:57.0948 1404 NisDrv          (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

2011/07/18 09:54:58.0072 1404 Npfs            (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

2011/07/18 09:54:58.0119 1404 nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

2011/07/18 09:54:58.0275 1404 Ntfs            (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

2011/07/18 09:54:58.0369 1404 Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

2011/07/18 09:54:58.0462 1404 nvraid          (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

2011/07/18 09:54:58.0556 1404 nvstor          (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

2011/07/18 09:54:58.0650 1404 nv_agp          (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

2011/07/18 09:54:58.0837 1404 ohci1394        (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys

2011/07/18 09:54:58.0993 1404 Parport         (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

2011/07/18 09:54:59.0102 1404 partmgr         (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys

2011/07/18 09:54:59.0149 1404 pci             (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

2011/07/18 09:54:59.0242 1404 pciide          (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys

2011/07/18 09:54:59.0336 1404 pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

2011/07/18 09:54:59.0445 1404 PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

2011/07/18 09:54:59.0632 1404 PptpMiniport    (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

2011/07/18 09:54:59.0726 1404 Processor       (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

2011/07/18 09:54:59.0882 1404 PSched          (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

2011/07/18 09:54:59.0991 1404 PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

2011/07/18 09:55:00.0100 1404 ql2300          (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

2011/07/18 09:55:00.0194 1404 ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

2011/07/18 09:55:00.0288 1404 QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

2011/07/18 09:55:00.0444 1404 R300            (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/07/18 09:55:00.0584 1404 RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

2011/07/18 09:55:00.0678 1404 Rasl2tp         (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/07/18 09:55:00.0724 1404 RasPppoe        (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/07/18 09:55:00.0802 1404 RasSstp         (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

2011/07/18 09:55:00.0880 1404 rdbss           (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

2011/07/18 09:55:00.0974 1404 RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/07/18 09:55:01.0114 1404 rdpdr           (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

2011/07/18 09:55:01.0208 1404 RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

2011/07/18 09:55:01.0317 1404 RDPWD           (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys

2011/07/18 09:55:01.0458 1404 rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

2011/07/18 09:55:01.0536 1404 RTSTOR          (39e74e264338934dbf11f8db79a3e116) C:\Windows\system32\drivers\RTSTOR64.SYS

2011/07/18 09:55:01.0645 1404 sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

2011/07/18 09:55:01.0738 1404 SCDEmu          (b2f50286dc82b93c013e3fc57ba1a956) C:\Windows\system32\drivers\SCDEmu.sys

2011/07/18 09:55:01.0910 1404 secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2011/07/18 09:55:02.0019 1404 Serenum         (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys

2011/07/18 09:55:02.0113 1404 Serial          (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys

2011/07/18 09:55:02.0191 1404 sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

2011/07/18 09:55:02.0331 1404 sffdisk         (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

2011/07/18 09:55:02.0425 1404 sffp_mmc        (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

2011/07/18 09:55:02.0503 1404 sffp_sd         (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

2011/07/18 09:55:02.0596 1404 sfloppy         (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

2011/07/18 09:55:02.0706 1404 SiSRaid2        (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

2011/07/18 09:55:02.0799 1404 SiSRaid4        (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

2011/07/18 09:55:02.0924 1404 Smb             (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

2011/07/18 09:55:03.0049 1404 spldr           (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

2011/07/18 09:55:03.0158 1404 srv             (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys

2011/07/18 09:55:03.0252 1404 srv2            (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys

2011/07/18 09:55:03.0330 1404 srvnet          (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys

2011/07/18 09:55:03.0470 1404 STHDA           (ba16447226abfd342e130d2f24f73d32) C:\Windows\system32\DRIVERS\stwrt64.sys

2011/07/18 09:55:03.0595 1404 swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

2011/07/18 09:55:03.0704 1404 Symc8xx         (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

2011/07/18 09:55:03.0798 1404 Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

2011/07/18 09:55:03.0876 1404 Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

2011/07/18 09:55:04.0000 1404 Tcpip           (0011810b5211fdacd784de585262ecfe) C:\Windows\system32\drivers\tcpip.sys

2011/07/18 09:55:04.0125 1404 Tcpip6          (0011810b5211fdacd784de585262ecfe) C:\Windows\system32\DRIVERS\tcpip.sys

2011/07/18 09:55:04.0219 1404 tcpipreg        (ce3ae2ba7a076f0ade9f48c598c1d15d) C:\Windows\system32\drivers\tcpipreg.sys

2011/07/18 09:55:04.0312 1404 TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

2011/07/18 09:55:04.0406 1404 TDTCP           (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

2011/07/18 09:55:04.0515 1404 tdx             (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

2011/07/18 09:55:04.0624 1404 TermDD          (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

2011/07/18 09:55:04.0765 1404 tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/07/18 09:55:04.0858 1404 tunmp           (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

2011/07/18 09:55:04.0983 1404 tunnel          (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys

2011/07/18 09:55:05.0061 1404 uagp35          (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

2011/07/18 09:55:05.0186 1404 udfs            (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

2011/07/18 09:55:05.0311 1404 uliagpkx        (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

2011/07/18 09:55:05.0404 1404 uliahci         (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

2011/07/18 09:55:05.0498 1404 UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

2011/07/18 09:55:05.0592 1404 ulsata2         (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

2011/07/18 09:55:05.0670 1404 umbus           (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

2011/07/18 09:55:05.0779 1404 usbccgp         (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/07/18 09:55:05.0904 1404 usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

2011/07/18 09:55:06.0028 1404 usbehci         (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

2011/07/18 09:55:06.0106 1404 usbhub          (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

2011/07/18 09:55:06.0216 1404 usbohci         (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys

2011/07/18 09:55:06.0309 1404 usbprint        (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys

2011/07/18 09:55:06.0372 1404 USBSTOR         (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/07/18 09:55:06.0496 1404 usbuhci         (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/07/18 09:55:06.0621 1404 vga             (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/07/18 09:55:06.0715 1404 VgaSave         (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

2011/07/18 09:55:06.0746 1404 viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

2011/07/18 09:55:06.0871 1404 volmgr          (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

2011/07/18 09:55:06.0949 1404 volmgrx         (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

2011/07/18 09:55:07.0105 1404 volsnap         (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

2011/07/18 09:55:07.0198 1404 Vsdatant        (f3099c3d724816493df8bbc5168f81cd) C:\Windows\system32\DRIVERS\vsdatant.sys

2011/07/18 09:55:07.0354 1404 vsmraid         (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

2011/07/18 09:55:07.0479 1404 WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

2011/07/18 09:55:07.0588 1404 Wanarp          (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/18 09:55:07.0620 1404 Wanarpv6        (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/18 09:55:07.0729 1404 Wd              (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

2011/07/18 09:55:07.0838 1404 Wdf01000        (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

2011/07/18 09:55:08.0025 1404 WmiAcpi         (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/07/18 09:55:08.0181 1404 ws2ifsl         (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

2011/07/18 09:55:08.0290 1404 WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/07/18 09:55:08.0400 1404 yukonx64        (b681cadb266b151061e7baa82b0d77b7) C:\Windows\system32\DRIVERS\yk60x64.sys

2011/07/18 09:55:08.0446 1404 MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

2011/07/18 09:55:08.0478 1404 Boot (0x1200)   (e7d520ac42f006b606fa67a86d2be6f8) \Device\Harddisk0\DR0\Partition0

2011/07/18 09:55:08.0493 1404 Boot (0x1200)   (fd0f3cdc31c462c926452028b0ff961e) \Device\Harddisk0\DR0\Partition1

2011/07/18 09:55:08.0509 1404 ================================================================================

2011/07/18 09:55:08.0509 1404 Scan finished

2011/07/18 09:55:08.0509 1404 ================================================================================

2011/07/18 09:55:08.0509 3992 Detected object count: 0

2011/07/18 09:55:08.0509 3992 Actual detected object count: 0

0 Kudos
kevinf80
4 Tellurium

Re: Error code 80073EFE, unable to Update windows and browser problems.

Not seeing anything really conclusive in your logs, OK continue as follows please :-

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in between the dotted lines below into it:

---------------------------------------------------------------------------------------------------------------------------------
KillAll::
FixCset::
DDS::
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238
---------------------------------------------------------------------------------------------------------------------------------

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

user posted image

user posted image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Run ESET Online Scan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.ESET OnlineScan
  • Click the user posted image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

 

  • Click on user posted image to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the user posted image icon on your desktop.

 

  • Check user posted image
  • Click the user posted image button.
  • Accept any security warnings from your browser.
  • Check user posted image
  • Leave the tick out of remove found threats
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push user posted image
  • Push user posted image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the user posted image button.
  • Push user posted image


You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.

Also be aware this scan can take between one and several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

Let me see those two logs in next reply,also give update on current issues/concerns....

Kevin

[img]http://en.community.dell.com/cfs-file.ashx/__key/communityserver-components-userfiles/00-00-87-63-64-Attached+Files/0172.dellrsnew.jpg[/img]
 

 

0 Kudos
RTitans
1 Copper

Re: Error code 80073EFE, unable to Update windows and browser problems.

I am still unable to update windows due to error code 80073EFE. When browsing on the internet pages are not loading properly or not at all and pictures are distorted also my system is slower than usual. here are the logs:

ComboFix 11-07-17.03 - Ross 18/07/2011  11:10:35.2.2 - x64

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.4055.2669 [GMT 1:00]

Running from: c:\users\Ross\Desktop\Gotcha.exe

Command switches used :: c:\users\Ross\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((   Files Created from 2011-06-18 to 2011-07-18  )))))))))))))))))))))))))))))))

.

.

2011-07-18 10:21 . 2011-07-18 10:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-17 21:45 . 2011-06-07 09:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F4A176AF-875F-4E4F-B5D4-AD85BF27CD8A}\mpengine.dll

2011-07-17 21:12 . 2011-07-17 21:14 -------- d-----w- C:\Gotcha

2011-07-17 06:35 . 2011-07-17 21:59 -------- d-----w- c:\program files\BatteryBar

2011-07-17 00:32 . 2011-07-17 00:32 -------- d-----w- c:\program files (x86)\ESET

2011-07-17 00:27 . 2011-07-17 00:27 -------- d-----w- c:\program files (x86)\Trend Micro

2011-07-15 15:43 . 2010-10-19 04:56 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2011-07-15 15:43 . 2010-10-19 04:27 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll

2011-07-15 15:13 . 2011-07-15 15:14 -------- d-----w- c:\windows\SysWow64\ca-ES

2011-07-15 15:13 . 2011-07-15 15:14 -------- d-----w- c:\windows\SysWow64\eu-ES

2011-07-15 15:13 . 2011-07-15 15:14 -------- d-----w- c:\windows\SysWow64\vi-VN

2011-07-15 15:13 . 2011-07-15 15:14 -------- d-----w- c:\windows\system32\ca-ES

2011-07-15 15:13 . 2011-07-15 15:14 -------- d-----w- c:\windows\system32\eu-ES

2011-07-15 15:13 . 2011-07-15 15:13 -------- d-----w- c:\windows\system32\vi-VN

2011-07-15 14:45 . 2011-07-15 14:45 -------- d-----w- c:\windows\system32\EventProviders

2011-07-15 14:42 . 2009-04-11 07:11 796672 ----a-w- c:\windows\system32\mssvp.dll

2011-07-15 14:40 . 2009-04-11 07:11 622592 ----a-w- c:\windows\system32\WMVXENCD.DLL

2011-07-15 14:39 . 2009-04-11 06:28 247808 ----a-w- c:\windows\SysWow64\drvstore.dll

2011-07-15 14:39 . 2009-04-11 06:28 83968 ----a-w- c:\windows\SysWow64\wbem\wmiutils.dll

2011-07-15 14:39 . 2009-04-11 06:28 30208 ----a-w- c:\windows\SysWow64\wbem\wbemprox.dll

2011-07-15 14:39 . 2009-04-11 06:28 189440 ----a-w- c:\windows\SysWow64\wbem\mofd.dll

2011-07-15 14:39 . 2009-04-11 06:28 614912 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll

2011-07-15 14:39 . 2009-04-11 06:28 265728 ----a-w- c:\windows\SysWow64\wbem\esscli.dll

2011-07-15 14:39 . 2009-04-11 07:11 43520 ----a-w- c:\windows\system32\wbem\wbemprox.dll

2011-07-15 14:39 . 2009-04-11 07:11 1172992 ----a-w- c:\windows\system32\wbem\wbemcore.dll

2011-07-15 14:39 . 2009-04-11 07:11 891392 ----a-w- c:\windows\system32\wbem\fastprox.dll

2011-07-15 14:39 . 2009-04-11 07:11 936448 ----a-w- c:\windows\system32\SmiEngine.dll

2011-07-15 14:38 . 2009-04-11 07:11 293888 ----a-w- c:\windows\system32\wdscore.dll

2011-07-15 14:38 . 2009-04-11 07:10 138752 ----a-w- c:\windows\system32\PkgMgr.exe

2011-07-15 14:38 . 2009-04-11 07:11 315904 ----a-w- c:\windows\system32\drvstore.dll

2011-07-15 01:50 . 2011-07-15 01:50 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services

2011-07-15 01:49 . 2011-07-15 15:35 -------- d-----w- c:\program files (x86)\Microsoft.NET

2011-07-15 01:49 . 2011-07-15 01:49 -------- d-----w- c:\windows\PCHEALTH

2011-07-15 01:46 . 2011-07-15 01:46 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8

2011-07-15 01:44 . 2011-07-15 01:44 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services

2011-07-15 01:43 . 2011-07-15 01:43 -------- d-----r- C:\MSOCache

2011-07-14 22:03 . 2011-07-14 22:05 -------- d-----w- c:\program files (x86)\Auslogics

2011-07-14 21:39 . 2011-07-06 18:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-14 21:39 . 2011-07-14 21:39 -------- d-----w- c:\programdata\Malwarebytes

2011-07-14 21:39 . 2011-07-14 21:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-07-14 21:39 . 2011-07-06 18:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-14 05:23 . 2011-07-14 05:24 -------- d-----w- c:\program files (x86)\PowerISO

2011-07-14 05:23 . 2011-06-15 08:30 93240 ----a-w- c:\windows\system32\drivers\scdemu.sys

2011-07-13 22:04 . 2011-07-13 23:21 -------- d-----w- c:\program files (x86)\JDownloader

2011-07-13 21:37 . 2011-07-13 21:37 -------- d-----w- c:\program files (x86)\PC SleepTimer

2011-07-13 21:35 . 2011-06-07 09:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-13 21:33 . 2009-11-03 22:07 28160 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui

2011-07-13 21:33 . 2009-08-24 11:47 442368 ----a-w- c:\windows\system32\winhttp.dll

2011-07-13 21:33 . 2009-08-24 11:36 377344 ----a-w- c:\windows\SysWow64\winhttp.dll

2011-07-13 21:33 . 2010-09-06 18:28 179712 ----a-w- c:\windows\system32\srvsvc.dll

2011-07-13 21:33 . 2010-09-06 18:28 12288 ----a-w- c:\windows\system32\sscore.dll

2011-07-13 21:33 . 2010-09-06 18:27 17920 ----a-w- c:\windows\system32\netevent.dll

2011-07-13 21:33 . 2010-09-06 16:20 9728 ----a-w- c:\windows\SysWow64\sscore.dll

2011-07-13 21:33 . 2010-09-06 16:19 17920 ----a-w- c:\windows\SysWow64\netevent.dll

2011-07-13 19:14 . 2011-07-13 19:14 -------- d-----w- c:\program files\7-Zip

2011-07-13 19:04 . 2010-02-24 09:28 294912 ----a-w- c:\windows\system32\browserchoice.exe

2011-07-13 19:01 . 2010-02-20 23:15 32768 ----a-w- c:\windows\system32\nshhttp.dll

2011-07-13 19:00 . 2010-02-20 23:06 24064 ----a-w- c:\windows\SysWow64\nshhttp.dll

2011-07-13 19:00 . 2010-02-20 21:30 620032 ----a-w- c:\windows\system32\drivers\http.sys

2011-07-13 19:00 . 2010-02-20 23:14 33792 ----a-w- c:\windows\system32\httpapi.dll

2011-07-13 19:00 . 2010-02-20 23:05 30720 ----a-w- c:\windows\SysWow64\httpapi.dll

2011-07-13 18:53 . 2009-11-08 09:55 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll

2011-07-13 18:53 . 2009-11-08 09:55 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll

2011-07-13 18:53 . 2009-11-08 09:55 48960 ----a-w- c:\windows\system32\netfxperf.dll

2011-07-13 18:53 . 2009-11-08 09:55 444752 ----a-w- c:\windows\system32\mscoree.dll

2011-07-13 18:53 . 2009-11-08 09:55 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2011-07-13 18:53 . 2009-11-08 09:55 297808 ----a-w- c:\windows\SysWow64\mscoree.dll

2011-07-13 18:53 . 2009-11-08 09:55 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe

2011-07-13 18:53 . 2009-11-08 09:55 1942856 ----a-w- c:\windows\system32\dfshim.dll

2011-07-13 18:53 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2011-07-13 18:53 . 2009-11-08 09:55 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2011-07-13 18:29 . 2011-07-13 19:52 -------- d-----w- c:\program files (x86)\Common Files\Steam

2011-07-13 18:29 . 2011-07-18 10:23 -------- d-----w- c:\program files (x86)\Steam

2011-07-13 15:32 . 2011-07-13 15:32 -------- d-----w- c:\windows\SMINST

2011-07-13 09:32 . 2011-03-03 15:59 32256 ----a-w- c:\windows\system32\Apphlpdm.dll

2011-07-13 09:32 . 2011-03-03 15:40 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll

2011-07-13 09:32 . 2011-03-03 14:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2011-07-13 09:32 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll

2011-07-13 09:32 . 2010-05-15 15:30 453720 ------w- c:\windows\system32\drivers\vsdatant.sys

2011-07-13 09:32 . 2011-07-13 09:32 -------- d-----w- c:\program files (x86)\Zone Labs

2011-07-13 09:32 . 2011-07-13 09:32 -------- d-----w- c:\programdata\CheckPoint

2011-07-13 09:32 . 2011-07-18 10:23 -------- d-----w- c:\windows\Internet Logs

2011-07-13 09:27 . 2011-07-13 09:27 -------- d-----w- c:\users\Default\AppData\Local\SoftThinks

2011-07-13 09:19 . 2009-08-01 06:27 201184 ----a-w- c:\windows\SysWow64\winrm.vbs

2011-07-13 09:02 . 2009-06-10 11:52 3547136 ----a-w- c:\windows\system32\mf.dll

2011-07-13 09:02 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\SysWow64\mf.dll

2011-07-13 09:00 . 2009-08-14 16:04 143360 ----a-w- c:\windows\system32\netiohlp.dll

2011-07-13 08:55 . 2010-01-25 12:08 460288 ----a-w- c:\windows\system32\msdrm.dll

2011-07-13 08:54 . 2011-02-24 16:38 991104 ----a-w- c:\windows\system32\winresume.efi

2011-07-13 08:53 . 2010-06-17 18:34 16361984 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll

2011-07-13 08:52 . 2010-12-20 16:59 847360 ----a-w- c:\windows\system32\oleaut32.dll

2011-07-13 08:52 . 2010-12-20 16:35 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-07-13 08:52 . 2011-03-10 17:18 1360384 ----a-w- c:\windows\system32\mfc42u.dll

2011-07-13 08:52 . 2011-03-10 17:18 1398784 ----a-w- c:\windows\system32\mfc42.dll

2011-07-13 08:52 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\SysWow64\mfc42u.dll

2011-07-13 08:52 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\SysWow64\mfc42.dll

2011-07-13 08:52 . 2010-08-26 17:46 189952 ----a-w- c:\windows\system32\t2embed.dll

2011-07-13 08:52 . 2010-08-26 16:37 157184 ----a-w- c:\windows\SysWow64\t2embed.dll

2011-07-13 08:52 . 2011-04-20 16:03 451072 ----a-w- c:\windows\system32\winsrv.dll

2011-07-13 08:52 . 2011-04-20 15:58 85504 ----a-w- c:\windows\system32\csrsrv.dll

2011-07-13 08:51 . 2010-08-31 15:46 954752 ----a-w- c:\windows\SysWow64\mfc40.dll

2011-07-13 08:51 . 2010-08-31 15:46 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll

2011-07-13 08:51 . 2009-07-15 14:47 368128 ----a-w- c:\windows\system32\wmpdxm.dll

2011-07-13 08:51 . 2009-07-15 12:39 313344 ----a-w- c:\windows\SysWow64\wmpdxm.dll

2011-07-13 08:51 . 2009-07-15 10:23 43520 ----a-w- c:\windows\system32\msdxm.tlb

2011-07-13 08:51 . 2009-07-15 10:23 18432 ----a-w- c:\windows\system32\amcompat.tlb

2011-07-13 08:51 . 2009-07-15 10:21 43520 ----a-w- c:\windows\SysWow64\msdxm.tlb

2011-07-13 08:51 . 2009-07-15 10:21 18432 ----a-w- c:\windows\SysWow64\amcompat.tlb

2011-07-13 08:51 . 2010-10-15 14:02 4699024 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-07-13 08:51 . 2010-10-15 13:43 1168512 ----a-w- c:\windows\SysWow64\ntdll.dll

2011-07-13 08:51 . 2010-10-15 13:43 1585168 ----a-w- c:\windows\system32\ntdll.dll

2011-07-13 08:50 . 2009-09-10 15:27 1486848 ----a-w- c:\program files\Windows Media Player\setup_wm.exe

2011-07-13 08:50 . 2009-09-10 15:27 372736 ----a-w- c:\windows\system32\unregmp2.exe

2011-07-13 08:50 . 2009-09-10 14:58 1418752 ----a-w- c:\program files (x86)\Windows Media Player\setup_wm.exe

2011-07-13 08:50 . 2009-09-10 14:58 310784 ----a-w- c:\windows\SysWow64\unregmp2.exe

2011-07-13 08:47 . 2009-06-15 15:11 656896 ----a-w- c:\windows\system32\kerberos.dll

2011-07-13 08:46 . 2010-10-28 13:56 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-13 08:46 . 2010-10-28 13:20 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-07-13 08:44 . 2009-06-10 11:53 203264 ----a-w- c:\windows\system32\wkssvc.dll

2011-07-13 08:44 . 2010-01-29 16:03 2080768 ----a-w- c:\program files\Windows Mail\msoe.dll

2011-07-13 08:44 . 2010-01-29 15:40 1616384 ----a-w- c:\program files (x86)\Windows Mail\msoe.dll

2011-07-13 08:44 . 2010-01-21 15:05 62464 ----a-w- c:\windows\SysWow64\l3codeca.acm

2011-07-13 08:44 . 2010-01-21 15:37 72192 ----a-w- c:\windows\system32\l3codeca.acm

2011-07-13 08:44 . 2009-04-11 07:09 181760 ----a-w- c:\windows\system32\l3codecp.acm

2011-07-13 08:44 . 2009-04-11 06:27 220672 ----a-w- c:\windows\SysWow64\l3codecp.acm

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-27 14:25 . 2011-04-27 14:25 84864 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

.

.

(((((((((((((((((((((((((((((   SnapShot@2011-07-17_21.36.35   )))))))))))))))))))))))))))))))))))))))))

.

- 2008-01-21 03:20 . 2011-07-17 21:34 16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-01-21 03:20 . 2011-07-18 10:23 16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-01-21 03:20 . 2011-07-17 21:34 32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-01-21 03:20 . 2011-07-18 10:23 32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-01-21 03:20 . 2011-07-17 21:34 16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-01-21 03:20 . 2011-07-18 10:23 16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-01-21 02:23 . 2011-07-18 10:24 44976              c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 15:45 . 2011-07-18 10:24 66846              c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2009-09-01 14:11 . 2011-07-17 20:45 16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-09-01 14:11 . 2011-07-18 01:45 16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-09-01 19:58 . 2011-07-18 01:45 32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-09-01 19:58 . 2011-07-17 20:45 32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-09-01 19:58 . 2011-07-17 20:45 16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-09-01 19:58 . 2011-07-18 01:45 16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-07-13 06:57 . 2011-07-18 10:24 5192              c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-96148779-2948309731-3870321898-1000_UserData.bin

+ 2011-07-18 10:22 . 2011-07-18 10:22 2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-07-17 21:33 . 2011-07-17 21:33 2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-07-18 10:22 . 2011-07-18 10:22 2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-07-17 21:33 . 2011-07-17 21:33 2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-07-13 18:19 . 2011-07-18 09:39 200492              c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2006-11-02 12:46 . 2011-07-17 21:14 611296              c:\windows\system32\perfh009.dat

+ 2006-11-02 12:46 . 2011-07-18 10:08 611296              c:\windows\system32\perfh009.dat

- 2006-11-02 12:46 . 2011-07-17 21:14 109672              c:\windows\system32\perfc009.dat

+ 2006-11-02 12:46 . 2011-07-18 10:08 109672              c:\windows\system32\perfc009.dat

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]

.

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]

.

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-07-13 1242448]

"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]

"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

.

c:\users\Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

BatteryBar.lnk - c:\program files\BatteryBar\BatteryBar.exe [2011-6-11 69632]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 33528]

S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 822264]

S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc

S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-96148779-2948309731-3870321898-1000Core.job

- c:\users\Ross\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-14 03:15]

.

2011-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-96148779-2948309731-3870321898-1000UA.job

- c:\users\Ross\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-14 03:15]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 305664]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-31 154648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-31 227352]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-31 202264]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 1123320]

"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.2.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]

@Denied: (A 2) (Everyone)

@="IFlashBroker2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

.

**************************************************************************

.

Completion time: 2011-07-18  11:42:54 - machine was rebooted

ComboFix-quarantined-files.txt  2011-07-18 10:42

ComboFix2.txt  2011-07-17 21:44

.

Pre-Run: 113,504,993,280 bytes free

Post-Run: 112,591,646,720 bytes free

.

- - End Of File - - 467779AE0787B8CAD75DCC3C32BD82F3

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=36882

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6541

# api_version=3.0.2

# EOSSerial=b031edb61e34f54499eb9c7a71e127d2

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-07-19 01:10:07

# local_time=2011-07-19 02:10:07 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=2057

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=5892 16776574 100 45 110149648 148554935 0 0

# compatibility_mode=8192 67108863 100 0 739 739 0 0

# compatibility_mode=9217 16777214 75 70 481299 10628341 0 0

# scanned=161809

# found=0

# cleaned=0

# scan_time=6778

0 Kudos
kevinf80
4 Tellurium

Re: Error code 80073EFE, unable to Update windows and browser problems.

Download aswMBR from Here

  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it. Vista or Windows 7 user right click and sselect Run as Administarator.
  • Click the Scan button to start the scan as illustrated below

    user posted image


    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

  • Once the scan finishes click Save log to save the log to your Desktop.

    user posted image


  • Copy and paste the contents of aswMBR.txt back here for review
  • You will also notice another file created on the desktop named MBR.dat. Right-click that file and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.



Kevin

[img]http://en.community.dell.com/cfs-file.ashx/__key/communityserver-components-userfiles/00-00-87-63-64-Attached+Files/0172.dellrsnew.jpg[/img]
 

 

0 Kudos
RTitans
1 Copper

Re: Error code 80073EFE, unable to Update windows and browser problems.

How do I attach a file to a post?

Here is the aswMBR log:

aswMBR version 0.9.7.777 Copyright(c) 2011 AVAST Software

Run date: 2011-07-19 08:44:47

-----------------------------

08:44:47.448    OS Version: Windows x64 6.0.6002 Service Pack 2

08:44:47.449    Number of processors: 2 586 0x170A

08:44:47.449    ComputerName: ROSS-PC  UserName: Ross

08:44:50.236    Initialize success

08:49:51.850    AVAST engine defs: 11071801

08:51:14.839    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

08:51:14.842    Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3

08:51:14.866    Disk 0 MBR read successfully

08:51:14.869    Disk 0 MBR scan

08:51:14.876    Disk 0 unknown MBR code

08:51:14.880    Service scanning

08:51:16.568    Disk 0 trace - called modules:

08:51:16.610    ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll

08:51:16.614    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006096790]

08:51:16.618    3 CLASSPNP.SYS[fffffa6000fd3c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80045c7050]

08:51:17.481    AVAST engine scan C:\Windows

08:51:22.114    AVAST engine scan C:\Windows\system32

08:54:22.733    AVAST engine scan C:\Windows\system32\drivers

08:54:39.090    AVAST engine scan C:\Users\Ross

08:56:17.191    Disk 0 MBR has been saved successfully to "C:\Users\Ross\Desktop\MBR.dat"

08:56:17.207    The log file has been saved successfully to "C:\Users\Ross\Desktop\aswMBR.txt"

0 Kudos
kevinf80
4 Tellurium

Re: Error code 80073EFE, unable to Update windows and browser problems.

To be honest i`m not sure how you attach a file on these forums, no problem. You can upload the MBR.dat file for analysis yourself..

 

Upload a File to Virustotal


Please visit Virustotal

  • Click the
  • Browse... button
  • Navigate to the file
  • C:\Users\Ross\Desktop\MBR.dat
  • Click the
  • O...



[img]http://en.community.dell.com/cfs-file.ashx/__key/communityserver-components-userfiles/00-00-87-63-64-Attached+Files/0172.dellrsnew.jpg[/img]
 

 

0 Kudos