Re: Windows update is not running - win 7 x64

I

itpusher

Member
Joined
Mar 8, 2013
Posts
18
Re: Windows update is not running - win 7 x64

Hi,

I have had a lot of problems regarding update of my Win7 x64 and I have had a lot of help from various supporters.
I was asked to upload files from dds.scr and file from SecurityCheck to see if my PC has malware before working along the road of saving my PC.

Regards

Itpusher

Results of screen317's Security Check version 0.99.61
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 29
Java version out of Date!
Adobe Reader 10.1.6 Adobe Reader out of Date!
Mozilla Firefox 16.0.2 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by cp at 21:01:33 on 2013-03-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.45.1030.18.8102.6456 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\windows\system32\inetsrv\inetinfo.exe
C:\windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation
c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Flexlm\lmgrd.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Flexlm\lmgrd.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Palette\BBA602\BMS602\Palette.Baltzar.Interface.WinService.MaintenanceService.exe
C:\windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k bthsvcs
"C:\windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\windows\system32\taskeng.exe
C:\windows\system32\taskhost.exe
C:\Windows\system32\userinit.exe
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.dk/
uSearch Bar = Preserve
uSearch Page = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
mStart Page = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937
mSearch Bar = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
mURLSearchHooks: <No Name>: - LocalServer32 - <no file>
mURLSearchHooks: GagetBox: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll
mURLSearchHooks: {37483b40-c254-4a72-bda4-22ee90182c1e} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: Citrix URL-Redirection Helper: {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: File Sanitizer for HP ProtectTools: {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
BHO: Groove GFS Browser Helper: {390C7E87-153C-12DB-2EA6-0BB301EB26E9} - C:\Windows\SysWOW64\d3dx9_322.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: DownTango Launcher: {b52d0735-ec19-448a-abde-e01b5bd275d2} - C:\Users\cp\AppData\Roaming\DownTangoLauncherToolbar\DownTangoLauncherToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: GagetBox: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll
TB: DownTango Launcher: {b52d0735-ec19-448a-abde-e01b5bd275d2} - C:\Users\cp\AppData\Roaming\DownTangoLauncherToolbar\DownTangoLauncherToolbar.dll
EB: GagetBox: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll
EB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} -
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
StartupFolder: C:\Users\cp\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SKRMKL~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-System: EnableLUA = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {45d8438c-b51d-47a8-aeea-9061535f25f1} - {b52d0735-ec19-448a-abde-e01b5bd275d2}
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: mswsock.dll
Trusted Zone: btjunkie.org
Trusted Zone: itpro
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install-ie/alttiff.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} - hxxps://vpn-emea.navico.com/SNX/CSHELL/extender.cab
DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://sslvpn.sbs.dk/XTSAC.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://80.196.99.178/CACHE/stc/1/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553542500} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553578200} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://readsoft.webex.com/client/T27L10NSP32EP5/support/ieatgpc1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://illumsms.egdatainform.dk/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5F61A844-EC0F-4478-B1CF-DE8D60DA2CF3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5F61A844-EC0F-4478-B1CF-DE8D60DA2CF3}\64B40244963747279626574796F6E6 : DHCPNameServer = 172.17.10.111 172.17.10.110
TCP: Interfaces\{B7628398-7312-4E8A-9425-3748ECA83947} : DHCPNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: DeviceNP - DeviceNP.dll
AppInit_DLLs= c:\progra~3\wincert\win32c~1.dll,C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages = EpePcNp64 DPPassFilter scecli CPEPCNP
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-mWinlogon: Userinit = C:\windows\System32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - LocalServer32 - <no file>
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://illum.egdatainform.dk/dana-cached/sc/JuniperSetupClient64.cab
x64-DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\cp\AppData\Roaming\Mozilla\Firefox\Profiles\o5vk8pz3.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - ExtSQL: 2013-01-21 08:52; {5ddeb737-082c-48fb-8c06-aa4b38d61e5f}; C:\Program Files (x86)\Mozilla Firefox\extensions\{5ddeb737-082c-48fb-8c06-aa4b38d61e5f}
FF - ExtSQL: 2013-01-21 08:52; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-01-22 22:41; {34712C68-7391-4c47-94F3-8F88D49AD632}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - ExtSQL: 2013-01-29 09:39; {411beae9-8c58-477c-8903-201536f61512}; C:\Users\cp\AppData\Roaming\Mozilla\Firefox\Profiles\o5vk8pz3.default\extensions\{411beae9-8c58-477c-8903-201536f61512}
FF - ExtSQL: 2013-01-29 09:39; {890a3e16-521d-4d00-bdf9-e07218d09c8d}; C:\Users\cp\AppData\Roaming\Mozilla\Firefox\Profiles\o5vk8pz3.default\extensions\{890a3e16-521d-4d00-bdf9-e07218d09c8d}
.
============= SERVICES / DRIVERS ===============
.
R0 MfeEpePc;MfeEpePc;C:\windows\System32\drivers\MfeEpePc.sys [2011-2-9 168008]
R0 PCTCore;PCTools KDS;C:\windows\System32\drivers\PCTCore64.sys [2012-6-29 413448]
R0 pctDS;PC Tools Data Store;C:\windows\System32\drivers\pctDS64.sys [2012-5-21 453896]
R0 pctEFA;PC Tools Extended File Attributes;C:\windows\System32\drivers\pctEFA64.sys [2012-5-21 1096176]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-3-9 55856]
R0 TfFsMon;TfFsMon;C:\windows\System32\drivers\TfFsMon.sys [2012-11-27 66344]
R0 TfSysMon;TfSysMon;C:\windows\System32\drivers\TfSysMon.sys [2012-11-27 709552]
R1 ctxusbm;Citrix USB Monitor Driver;C:\windows\System32\drivers\ctxusbm.sys [2012-5-17 93272]
R1 pctgntdi;pctgntdi;C:\windows\System32\drivers\pctgntdi64.sys [2012-6-29 347016]
R1 pctNdisLW64;PC Tools NDIS 6 LightWeight filter;C:\windows\System32\drivers\pctNdisLW64.sys [2012-6-30 77976]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\windows\System32\drivers\PCTSD64.sys [2012-6-24 253256]
R1 PersonalSecureDrive;PersonalSecureDrive;C:\windows\System32\drivers\psd.sys [2010-1-26 44576]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2012-6-29 580728]
R2 Readsoft;Readsoft;C:\Flexlm\lmgrd.exe [2011-1-5 1500424]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 Sentinel64;Sentinel64;C:\windows\System32\drivers\sentinel64.sys [2012-1-12 145448]
R2 SentinelKeysServer;Sentinel Keys Server;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2010-10-20 374048]
R2 SentinelSecurityRuntime;Sentinel Security Runtime;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2010-10-20 292128]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2013-1-14 1024384]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-8-31 2849120]
R2 Test602;Test602;C:\Palette\BBA602\BMS602\Palette.Baltzar.Interface.WinService.MaintenanceService.exe [2013-2-18 48640]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;C:\windows\System32\drivers\ArcSoftVCapture.sys [2011-4-22 32192]
R3 btwampfl;Bluetooth AMP USB Filter;C:\windows\System32\drivers\btwampfl.sys [2011-4-21 344616]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-4-21 39464]
R3 busenum;Synology Virtual USB Hub;C:\windows\System32\drivers\busenum.sys [2011-9-5 56160]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-14 317440]
R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2011-4-21 174168]
R3 johci;JMicron 1394 Filter Driver;C:\windows\System32\drivers\johci.sys [2011-4-21 26712]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 PCTBD;PC Tools Browser Defender Driver;C:\windows\System32\drivers\PCTBD64.sys [2012-6-29 77144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 PMS;PMS;C:\Palette\BBA60\Webroot\BMS\Palette.Baltzar.Interface.WinService.MaintenanceService.exe [2012-1-26 45568]
S2 PMS610;PMS610;C:\Palette\BBA610\BMS610\PMS610\Palette.Baltzar.Interface.WinService.MaintenanceService.exe [2013-3-3 48640]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-4-21 2656280]
S3 acsock;acsock;C:\windows\System32\drivers\acsock64.sys [2013-3-8 106408]
S3 DAMDrv;DAMDrv;C:\windows\System32\drivers\DAMDrv64.sys [2011-2-7 63336]
S3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
S3 EsgScanner;EsgScanner;C:\windows\System32\drivers\EsgScanner.sys [2013-1-29 22704]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;C:\windows\System32\drivers\pctNdis-PacketFilter64.sys [2012-6-30 125024]
S3 pctplfw;pctplfw;C:\windows\System32\drivers\pctplfw64.sys [2012-6-30 182728]
S3 pctplsg;pctplsg;C:\windows\System32\drivers\pctplsg64.sys [2012-6-29 93600]
S3 pctplsm;pctplsm;C:\windows\System32\drivers\pctplsm64.sys [2012-11-27 87968]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2012-11-27 403416]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2012-11-27 1162360]
S3 StorSvc;Lagertjeneste;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TfNetMon;TfNetMon;C:\windows\System32\drivers\TfNetMon.sys [2012-11-27 42648]
S3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-10-16 59392]
S3 VNA;Check Point Virtual Network Adapter;C:\windows\System32\drivers\vna.sys [2009-4-2 161256]
S3 vna_ap;Check Point Virtual Network Adapter - Apollo;C:\windows\System32\drivers\vnaap.sys [2009-4-2 161256]
S3 WatAdminSvc;Tjenesten Windows Aktivering;C:\windows\System32\Wat\WatAdminSvc.exe [2011-10-15 1255736]
S3 WMSVC;Tjenesten Web Management;C:\windows\System32\inetsrv\WMSvc.exe [2009-7-14 10752]
S4 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2012-1-16 134456]
S4 cpextender;Check Point SSL Network Extender;C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [2011-10-18 355496]
S4 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2011-2-4 464480]
S4 HP Power Assistant Service;HP Power Assistant Service;C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-7-15 137272]
S4 HP ProtectTools Service;HP ProtectTools Service;C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2011-1-12 36864]
S4 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
S4 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-5-23 1098296]
S4 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-2-7 320000]
S4 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2011-7-6 1698360]
S4 hpsrv;HP Service;C:\windows\System32\hpservice.exe [2011-5-13 30520]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-21 13336]
S4 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
S4 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2011-2-9 1318912]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-12-23 113264]
S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2011-1-15 1116656]
S4 RsFx0151;RsFx0151 Driver;C:\windows\System32\drivers\RsFx0151.sys [2011-6-17 313696]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-6-17 431456]
S4 uArcCapture;ArcCapture;C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe [2011-4-22 502464]
S4 vcsFPService;Validity VCS Fingerprint Service;C:\windows\System32\vcsFPService.exe [2011-1-22 3154224]
.
=============== Created Last 30 ================
.
2013-03-10 19:15:19 -------- d-----w- C:\windows\System32\catroot2
2013-03-10 14:46:08 -------- d-----w- C:\ProgramData\Citrix
2013-03-10 14:45:19 -------- d-----w- C:\Program Files (x86)\Common Files\Citrix
2013-03-10 13:35:02 -------- d-----w- C:\$WINDOWS.~BT
2013-03-09 15:26:01 -------- d-----w- C:\Program Files (x86)\XML Notepad 2007
2013-03-08 14:11:34 106408 ----a-r- C:\windows\System32\drivers\acsock64.sys
2013-03-08 13:18:58 -------- d-----w- C:\Users\cp\AppData\Roaming\PC Cleaners
2013-03-08 13:18:51 -------- d-----w- C:\Users\cp\AppData\Roaming\PCPro
2013-03-08 13:03:34 4728712 ----a-w- C:\windows\uninst.exe
2013-03-08 13:03:33 -------- d-----w- C:\ProgramData\PC1Data
2013-03-07 17:31:50 -------- d-----w- C:\Users\cp\AppData\Roaming\unikgame
2013-03-07 17:28:37 -------- d-----w- C:\Users\cp\AppData\Roaming\GreenSauceGames
2013-03-05 21:45:29 -------- d-----w- C:\Program Files (x86)\RealNetworks
2013-03-05 21:45:27 -------- d-----w- C:\ProgramData\RealNetworks
2013-03-05 21:45:22 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2013-03-05 21:44:37 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2013-03-05 21:44:37 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2013-03-04 14:40:32 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes
2013-03-03 09:58:08 -------- d-----w- C:\Users\cp\AppData\Roaming\FVZilla
2013-03-03 09:58:04 -------- d-----w- C:\Program Files (x86)\Free Video Zilla
2013-02-27 17:50:17 -------- d-----w- C:\Users\cp\AppData\Roaming\BlamGames
2013-02-27 17:44:20 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%
2013-02-27 17:33:18 -------- d-----w- C:\Program Files (x86)\The Keepers 2 - The Order's Last Secret CE
2013-02-25 08:50:13 77152 ----a-w- C:\windows\System32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
2013-02-25 08:50:13 47456 ----a-w- C:\windows\SysWow64\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
2013-02-25 08:50:01 79200 ----a-w- C:\windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.51.2500.0.dll
2013-02-25 08:50:01 73568 ----a-w- C:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.51.2500.0.dll
2013-02-25 08:44:16 -------- d-----w- C:\windows\System32\1033
2013-02-25 08:44:16 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2013-02-21 12:56:34 -------- d-----w- C:\Users\cp\AppData\Roaming\Realore_Whiterra Roads Of Rome 2
2013-02-21 12:34:59 -------- d-----w- C:\Users\cp\AppData\Roaming\Realore_Whiterra Roads Of Rome
2013-02-21 12:33:51 -------- d-----w- C:\Program Files (x86)\Roads of Rome
2013-02-17 09:17:43 -------- d-----w- C:\windows\CheckSur
2013-02-16 16:32:52 -------- d-----w- C:\Users\cp\AppData\Local\Torch
2013-02-16 09:24:26 -------- dc-h--w- C:\ProgramData\{E0634565-E271-4760-99E4-50A964525826}
2013-02-16 09:24:03 -------- d-----w- C:\Users\cp\AppData\Local\PackageAware
2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-13 10:53:57 -------- d-----w- C:\Users\cp\AppData\Roaming\PerformerSoft
2013-02-13 10:53:54 19632 ----a-w- C:\windows\System32\roboot64.exe
2013-02-13 07:00:46 5553512 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-02-13 07:00:44 3967848 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 07:00:44 3913064 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-02-13 07:00:40 3153408 ----a-w- C:\windows\System32\win32k.sys
2013-02-13 07:00:37 215040 ----a-w- C:\windows\System32\winsrv.dll
2013-02-13 07:00:36 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-02-13 07:00:36 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-02-13 07:00:36 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-02-13 07:00:36 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-02-13 07:00:35 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-02-13 07:00:33 288088 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2013-02-13 07:00:33 1913192 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-02-12 17:26:18 -------- d-----w- C:\Program Files (x86)\ISO Image Burner
2013-02-12 16:39:58 40960 ----a-w- C:\windows\SysWow64\SSubTmr6.dll
2013-02-12 16:39:57 -------- d-----w- C:\Users\cp\AppData\Roaming\FreeBurner
2013-02-12 16:39:14 -------- d-----w- C:\Program Files (x86)\Free Easy CD DVD Burner
.
==================== Find3M ====================
.
2013-02-27 11:01:30 71024 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-27 11:01:30 691568 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-01-13 21:17:03 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\windows\System32\XpsPrint.dll
2013-01-09 06:35:21 159 ----a-w- C:\ProgramData\dsgsdgdsgdsgw.reg
2013-01-04 06:11:21 2284544 ----a-w- C:\windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11:13 2776576 ----a-w- C:\windows\System32\msmpeg2vdec.dll
2013-01-04 04:43:21 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2012-12-16 17:11:22 46080 ----a-w- C:\windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2010-10-05 21:47:54 129024 ----a-w- C:\Program Files (x86)\Common Files\Uninstall.exe
.
============= FINISH: 21:03:03,82 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 13-10-2011 09:40:48
System Uptime: 12-03-2013 19:59:07 (2 hours ago)
.
Motherboard: Hewlett-Packard | | 1618
Processor: Intel(R) Core(TM) i5-2540M CPU @ 2.60GHz | CPU 1 | 988/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 277 GiB total, 119,688 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 15 GiB total, 2,29 GiB free.
F: is FIXED (FAT32) - 5 GiB total, 1,202 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter for 64-bit Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter for 64-bit Windows
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Check Point Virtual Network Adapter For SSL Network Extender
Device ID: ROOT\NET\0001
Manufacturer: Check Point
Name: Check Point Virtual Network Adapter For SSL Network Extender
PNP Device ID: ROOT\NET\0001
Service: VNA
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Check Point Virtual Network Adapter For SSL Network Extender
Device ID: ROOT\NET\0003
Manufacturer: Check Point
Name: Check Point Virtual Network Adapter For SSL Network Extender #2
PNP Device ID: ROOT\NET\0003
Service: VNA
.
==== System Restore Points ===================
.
RP385: 08-03-2013 13:46:40 - Installationsprogram til Windows-moduler
RP386: 08-03-2013 13:55:42 - Removed Check Point Endpoint Connect
RP387: 08-03-2013 15:11:06 - Installed Cisco AnyConnect Secure Mobility Client
RP388: 08-03-2013 15:53:20 - Installationsprogram til Windows-moduler
RP389: 08-03-2013 16:02:22 - Installationsprogram til Windows-moduler
RP390: 08-03-2013 16:51:52 - Installationsprogram til Windows-moduler
RP391: 08-03-2013 16:56:14 - Installationsprogram til Windows-moduler
RP392: 09-03-2013 16:25:39 - Installed XML Notepad 2007
RP393: 10-03-2013 20:06:53 - Installed Microsoft Fix it 50202
RP394: 10-03-2013 20:09:16 - Installed Microsoft Fix it 50202
RP395: 10-03-2013 20:12:28 - Installed Microsoft Fix it 50202
.
==== Installed Programs ======================
.
7-Zip 9.22beta
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.6) - Dansk
Agent Ransack 2010 (64-bit)
Album Art Downloader XUI 0.45
Alcor Micro Smart Card Reader Driver
Apple-programunderstøttelse
Apple Software Update
ArcSoft Webcam Sharing Manager
AutoIt v3.3.8.1
AVG 2012
Broadcom 2070 Bluetooth 3.0
Browser Guard 4.0
Check Point Deployment Shell
Check Point SSL Network Extender
Check Point SSL Network Extender Service
Check Point VPN
Cisco Systems VPN Client 5.0.07.0290
Cisco WebEx Meetings
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
Crystal Reports for Visual Studio
Danish Module for Microsoft Dynamics NAV Classic Client
dBpoweramp DSP Effects
dBpoweramp Music Converter
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Device Access Manager for HP ProtectTools
DirectDownloader
DirectX 9 Runtime
Drive Encryption For HP ProtectTools
Dropbox
eDocPrinter PDF Pro 6.76(x64) MSI
Embedded Security for HP ProtectTools
Energy Star Digital Logo
Face Recognition for HP ProtectTools
File Sanitizer For HP ProtectTools
FileZilla Client 3.6.0.2
GDR 5057 for SQL Server Analysis Services 2005 ENU (KB2494120)
GDR 5057 for SQL Server Database Services 2005 ENU (KB2494120)
GDR 5057 for SQL Server Tools and Workstation Components 2005 ENU (KB2494120)
GoToMeeting 5.2.0.952
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2542054)
HP 3D DriveGuard
HP Auto
HP Client Automation Agent Preload
HP Connection Manager
HP Customer Experience Enhancements
HP Documentation
HP ESU for Microsoft Windows 7
HP HotKey Support
HP Power Assistant
HP ProtectTools Security Manager
HP QuickWeb
HP Setup
HP SoftPaq Download Manager
HP Software Framework
HP Software Setup
HP System Default Settings
HP Wallpaper
HP Web Camera
HP Webcam
HP Webcam Driver
Intel(R) Identity Protection Technology 1.0.71.0
Intel(R) Management Engine Components
Intel(R) Network Connections Drivers
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
ISO Image Burner 1.1
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 6 Update 29 (64-bit)
JMicron 1394 Filter Driver
JMicron Flash Media Controller Driver
Juniper Networks Network Connect 7.0.0
Juniper Networks, Inc. Setup Client
Juniper Terminal Services Client
LightScribe Applications
LightScribe System Software
MediaMonkey 4.0
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Dynamics NAV 2009 Classic
Microsoft Help Viewer 1.0
Microsoft Office 2003 Web Components
Microsoft Office 2010
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Danish) 2010
Microsoft Office Excel MUI (Danish) 2010
Microsoft Office Groove MUI (Danish) 2010
Microsoft Office InfoPath MUI (Danish) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (Danish) 2010
Microsoft Office Outlook MUI (Danish) 2010
Microsoft Office PowerPoint MUI (Danish) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Professionel Plus 2010
Microsoft Office Proof (Danish) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proof (Swedish) 2010
Microsoft Office Proofing (Danish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (Danish) 2010
Microsoft Office Shared 64-bit MUI (Danish) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (Danish) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word MUI (Danish) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Analysis Services
Microsoft SQL Server 2005 Backward compatibility
Microsoft SQL Server 2005 Books Online (English) (September 2007)
Microsoft SQL Server 2005 Tools
Microsoft SQL Server 2008 R2 (64-bit)
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 Policies
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Browser
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 SP1 (x64)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x64)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Premium 2010
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DAN
Microsoft Visual Studio 2010 Ultimate - ENU
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Mobilt Bredband
Mozilla Firefox 16.0.2 (x86 da)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Notepad++
Online Plug-in
Outlook 2010 Toolbar
PC Tools Internet Security 9.1
Privacy Manager for HP ProtectTools
QuickTime
RBVirtualFolder64Inst
ReadSoft COLLECTOR 6-3 R1 HF2
ReadSoft CollectorPDFConverter v2.4.5
ReadSoft FLEXlm Server
ReadSoft INVOICES 5-6 Mergemodules
ReadSoft INVOICES 5-6 R2
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
RegHunter
Renesas Electronics USB 3.0 Host Controller Driver
Roxio Activation Module
Roxio CinePlayer Decoder Pack
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio MyDVD Business 2010
Roxio Secure Burn
Roxio Update Manager
SDK
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2251489)
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2644980)
Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2251489)
Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2644980)
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Self-service Plug-in
Sentinel Protection Installer 7.6.3
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit)
Service Pack 4 for SQL Server Analysis Services 2005 ENU (KB2463332)
Service Pack 4 for SQL Server Database Services 2005 ENU (KB2463332)
Service Pack 4 for SQL Server Tools and Workstation Components 2005 ENU (KB2463332)
Skype Click to Call
Skypeâ„¢ 6.0
Sonos Controller
SpyHunter
SQL Server 2008 R2 SP1 Common Files
SQL Server 2008 R2 SP1 Database Engine Services
SQL Server 2008 R2 SP1 Database Engine Shared
SQL Server 2008 R2 SP1 Management Studio
Sql Server Customer Experience Improvement Program
SQLXML4
Synaptics Pointing Device Driver
Synology Download Redirector
TeamViewer 7
Theft Recovery for HP ProtectTools
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Validity Fingerprint Sensor Driver
VirtualCloneDrive
Visual Studio 2008 x64 Redistributables
Web Deployment Tool
Windows Live ID Sign-in Assistant
WinRAR 4.01 (32-bit)
XML Notepad 2007
.
==== End Of File ===========================
 

Attachments

Last edited by a moderator:
Re: Windows update is not running - win 7 x64

Hi, Itpusher.

You are going to have some additional updating to do aside from Windows Updates. We'll get to that in a bit. First, however, please do the following:

Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  • Click the Start Scan button. Do not use the computer during the scan!
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
 
Re: Windows update is not running - win 7 x64

Corrine said:
Hi, Itpusher.

You are going to have some additional updating to do aside from Windows Updates. We'll get to that in a bit. First, however, please do the following:

Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  • Click the Start Scan button. Do not use the computer during the scan!
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
Click to expand...
 

Attachments

Re: Windows update is not running - win 7 x64

itpusher said:
Corrine said:
Hi, Itpusher.

You are going to have some additional updating to do aside from Windows Updates. We'll get to that in a bit. First, however, please do the following:

Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  • Click the Start Scan button. Do not use the computer during the scan!
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
Click to expand...
Click to expand...

Hi again,

sorry for not writing anything last time.

The program is run and it found something.

Please advice.

Itpusher
 
Re: Windows update is not running - win 7 x64

Hi, Itpusher. Yes, it found what I suspected.
06:05:23.0036 5876 Scan finished
06:05:23.0036 5876 ============================================================
06:05:23.0067 7300 Detected object count: 1
06:05:23.0067 7300 Actual detected object count: 1
06:09:59.0297 7300 C:\windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - skipped by user
06:09:59.0297 7300 C:\windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Skip
06:15:06.0555 2568 Deinitialize success
Click to expand...

Please rescan again with TDSSKiller.exe.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  • Click the Start Scan button. Do not use the computer during the scan!
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


Please follow these instructions carefully.

Download ComboFix from the following location: Link 1

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

    Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.
  • If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, a log will be produced. Please copy C:\ComboFix.txt in your next reply.
 
Re: Windows update is not running - win 7 x64

Corrine said:
Hi, Itpusher. Yes, it found what I suspected.
06:05:23.0036 5876 Scan finished
06:05:23.0036 5876 ============================================================
06:05:23.0067 7300 Detected object count: 1
06:05:23.0067 7300 Actual detected object count: 1
06:09:59.0297 7300 C:\windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - skipped by user
06:09:59.0297 7300 C:\windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Skip
06:15:06.0555 2568 Deinitialize success
Click to expand...

Please rescan again with TDSSKiller.exe.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  • Click the Start Scan button. Do not use the computer during the scan!
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


Please follow these instructions carefully.

Download ComboFix from the following location: Link 1

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

    Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.
  • If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, a log will be produced. Please copy C:\ComboFix.txt in your next reply.
Click to expand...

Hi again,

here is the file - a large one !

Regards

Itpusher

Edit to paste log:

ComboFix 13-03-13.02 - cp 13-03-2013 19:07:32.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.45.1030.18.8102.6557 [GMT 1:00]
Kører fra: c:\users\cp\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\0.bak
c:\program files (x86)\GadgetBox\gaDGetboxtb.dll
c:\programdata\100
c:\programdata\dsgsdgdsgdsgw.pad
c:\programdata\TheBflix
c:\programdata\TheBflix\background.html
c:\programdata\TheBflix\bhoclass.dll
c:\programdata\TheBflix\content.js
c:\programdata\TheBflix\data\content.js
c:\programdata\TheBflix\data\jsondb.js
c:\programdata\TheBflix\ppjemjejnnojomfekgbpbbnecicblllf.crx
c:\programdata\TheBflix\settings.ini
C:\Thumbs.db
c:\users\cp\AppData\Local\assembly\tmp
c:\users\cp\AppData\Roaming\msconfig.ini
c:\users\cp\AppData\Roaming\skype.ini
c:\users\cp\g2mdlhlpx.exe
c:\users\itpusher\AppData\Local\assembly\tmp
c:\users\itpusher\AppData\Roaming\k 36
c:\users\itpusher\AppData\Roaming\k 36\j.exe
c:\users\itpusher\AppData\Roaming\k 36\r.lnk
c:\users\itpusher\AppData\Roaming\k 36\settings.txt
c:\users\itpusher\AppData\Roaming\k 36\tk.lnk
c:\users\itpusher\g2mdlhlpx.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{4835385a-b096-9719-2ea1-2fbcaaa3cc2e}\@
c:\windows\Installer\{4835385a-b096-9719-2ea1-2fbcaaa3cc2e}\L\00000004.@
c:\windows\Installer\{4835385a-b096-9719-2ea1-2fbcaaa3cc2e}\L\201d3dde
c:\windows\Installer\{4835385a-b096-9719-2ea1-2fbcaaa3cc2e}\L\76603ac3
c:\windows\Installer\{4835385a-b096-9719-2ea1-2fbcaaa3cc2e}\U\00000004.@
c:\windows\Installer\{4835385a-b096-9719-2ea1-2fbcaaa3cc2e}\U\00000008.@
c:\windows\Installer\{4835385a-b096-9719-2ea1-2fbcaaa3cc2e}\U\000000cb.@
c:\windows\Installer\{4835385a-b096-9719-2ea1-2fbcaaa3cc2e}\U\80000000.@
c:\windows\Installer\{4835385a-b096-9719-2ea1-2fbcaaa3cc2e}\U\80000032.@
c:\windows\Installer\{4835385a-b096-9719-2ea1-2fbcaaa3cc2e}\U\80000064.@
c:\windows\SysWow64\10561057
c:\windows\SysWow64\10561058
c:\windows\SysWow64\c_8577.nls
c:\windows\SysWow64\l_inntl.nls
.
Inficeret kopi af c:\windows\system32\services.exe blev fundet og desinficeret
Genskabt kopi fra - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2013-02-13 til 2013-03-13 )))))))))))))))))))))))))))))))))))
.
.
2013-03-13 18:20 . 2013-03-13 18:20 -------- d-----w- c:\users\Palette\AppData\Local\temp
2013-03-13 18:20 . 2013-03-13 18:20 -------- d-----w- c:\users\itpusher\AppData\Local\temp
2013-03-13 18:20 . 2013-03-13 18:20 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-03-13 18:20 . 2013-03-13 18:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-13 18:20 . 2013-03-13 18:20 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2013-03-13 18:20 . 2013-03-13 18:20 -------- d-----w- c:\users\administrator\AppData\Local\temp
2013-03-13 14:33 . 2013-03-13 14:33 -------- d-----w- c:\program files\Citrix
2013-03-12 21:55 . 2013-03-12 22:05 -------- d-----w- c:\program files (x86)\Delta
2013-03-10 19:15 . 2013-03-10 23:37 -------- d-----w- c:\windows\system32\catroot2
2013-03-10 14:46 . 2013-03-13 14:33 -------- d-----w- c:\programdata\Citrix
2013-03-10 14:45 . 2013-03-10 14:45 -------- d-----w- c:\program files (x86)\Common Files\Citrix
2013-03-10 13:38 . 2013-03-10 13:38 -------- d-----w- c:\users\itpusher\AppData\Local\Adobe
2013-03-10 13:35 . 2013-03-10 13:35 -------- d-----w- C:\$WINDOWS.~BT
2013-03-10 12:58 . 2013-03-10 22:27 -------- d-----w- c:\users\itpusher\AppData\Roaming\PC Cleaners
2013-03-10 12:58 . 2013-03-10 12:58 -------- d-----w- c:\users\itpusher\AppData\Roaming\PCPro
2013-03-10 11:54 . 2013-03-10 11:54 -------- d-----w- c:\program files (x86)\7-Zip
2013-03-09 15:26 . 2013-03-09 15:26 -------- d-----w- c:\program files (x86)\XML Notepad 2007
2013-03-08 14:11 . 2012-01-13 09:07 106408 ----a-r- c:\windows\system32\drivers\acsock64.sys
2013-03-08 13:18 . 2013-03-08 13:18 -------- d-----w- c:\users\cp\AppData\Roaming\PC Cleaners
2013-03-08 13:18 . 2013-03-08 13:18 -------- d-----w- c:\users\cp\AppData\Roaming\PCPro
2013-03-08 13:03 . 2012-12-22 18:53 4728712 ----a-w- c:\windows\uninst.exe
2013-03-08 13:03 . 2013-03-08 13:36 -------- d-----w- c:\programdata\PC1Data
2013-03-07 17:31 . 2013-03-07 17:31 -------- d-----w- c:\users\cp\AppData\Roaming\unikgame
2013-03-07 17:28 . 2013-03-07 17:28 -------- d-----w- c:\users\cp\AppData\Roaming\GreenSauceGames
2013-03-05 21:45 . 2013-03-05 21:45 -------- d-----w- c:\program files (x86)\RealNetworks
2013-03-05 21:45 . 2013-03-05 21:45 -------- d-----w- c:\programdata\RealNetworks
2013-03-05 21:45 . 2013-03-05 21:45 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2013-03-05 21:44 . 2013-03-05 21:44 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-03-05 21:44 . 2013-03-05 21:44 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-03-04 14:40 . 2013-03-04 14:40 -------- d-----w- c:\program files (x86)\Elaborate Bytes
2013-03-03 13:06 . 2013-03-06 07:56 -------- d-----w- c:\users\Palette602
2013-03-03 12:44 . 2013-03-03 12:44 -------- d-----w- c:\users\Palette610
2013-03-03 09:58 . 2013-03-03 12:17 -------- d-----w- c:\users\cp\AppData\Roaming\FVZilla
2013-03-03 09:58 . 2013-03-03 12:17 -------- d-----w- c:\program files (x86)\Free Video Zilla
2013-03-02 17:29 . 2013-03-02 17:31 196608 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2013-02-27 17:50 . 2013-02-27 17:50 -------- d-----w- c:\users\cp\AppData\Roaming\BlamGames
2013-02-27 17:44 . 2013-02-27 17:44 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2013-02-27 17:33 . 2013-02-27 17:38 -------- d-----w- c:\program files (x86)\The Keepers 2 - The Order's Last Secret CE
2013-02-25 08:50 . 2010-04-03 10:51 47456 ----a-w- c:\windows\SysWow64\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
2013-02-25 08:50 . 2010-04-03 09:57 77152 ----a-w- c:\windows\system32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
2013-02-25 08:50 . 2010-04-03 10:51 73568 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.51.2500.0.dll
2013-02-25 08:50 . 2010-04-03 09:57 79200 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.51.2500.0.dll
2013-02-25 08:47 . 2013-02-25 08:47 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2013-02-25 08:46 . 2013-02-25 08:46 -------- d-----w- c:\program files\Microsoft.NET
2013-02-25 08:44 . 2013-02-25 08:45 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2013-02-25 08:44 . 2013-02-25 08:44 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2013-02-25 08:44 . 2013-02-25 08:44 -------- d-----w- c:\windows\system32\1033
2013-02-21 12:56 . 2013-02-21 12:57 -------- d-----w- c:\users\cp\AppData\Roaming\Realore_Whiterra Roads Of Rome 2
2013-02-21 12:34 . 2013-02-21 12:35 -------- d-----w- c:\users\cp\AppData\Roaming\Realore_Whiterra Roads Of Rome
2013-02-21 12:33 . 2013-02-21 12:34 -------- d-----w- c:\program files (x86)\Roads of Rome
2013-02-17 09:17 . 2013-02-17 09:17 -------- d-----w- c:\windows\CheckSur
2013-02-16 16:32 . 2013-02-18 16:55 -------- d-----w- c:\users\cp\AppData\Local\Torch
2013-02-16 09:24 . 2013-02-17 15:04 -------- dc-h--w- c:\programdata\{E0634565-E271-4760-99E4-50A964525826}
2013-02-16 09:24 . 2013-02-16 09:24 -------- d-----w- c:\users\cp\AppData\Local\PackageAware
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-13 10:53 . 2013-02-13 10:58 -------- d-----w- c:\users\cp\AppData\Roaming\PerformerSoft
2013-02-13 10:53 . 2012-12-19 14:53 19632 ----a-w- c:\windows\system32\roboot64.exe
2013-02-13 07:00 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 07:00 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 07:00 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 07:00 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 07:00 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 07:00 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 07:00 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 07:00 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 07:00 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 07:00 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 07:00 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 07:00 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-12 17:26 . 2013-02-12 17:26 -------- d-----w- c:\program files (x86)\ISO Image Burner
2013-02-12 16:39 . 2011-09-28 08:20 40960 ----a-w- c:\windows\SysWow64\SSubTmr6.dll
2013-02-12 16:39 . 2013-02-12 17:19 -------- d-----w- c:\users\cp\AppData\Roaming\FreeBurner
2013-02-12 16:39 . 2013-02-13 10:59 -------- d-----w- c:\program files (x86)\Free Easy CD DVD Burner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-11 15:51 . 2013-03-11 15:51 272824 ----a-w- C:\tom982.zip
2013-02-27 11:01 . 2012-03-29 16:26 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-27 11:01 . 2011-10-13 16:28 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-21 16:40 . 2012-02-04 13:55 2112832 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2013-02-14 02:04 . 2011-10-15 17:42 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-29 07:51 . 2013-01-29 07:51 110080 ----a-r- c:\users\cp\AppData\Roaming\Microsoft\Installer\{3260EEB5-1E2B-4044-A35F-0B8BF577E210}\IconF7A21AF7.exe
2013-01-29 07:51 . 2013-01-29 07:51 110080 ----a-r- c:\users\cp\AppData\Roaming\Microsoft\Installer\{3260EEB5-1E2B-4044-A35F-0B8BF577E210}\IconD7F16134.exe
2013-01-29 07:51 . 2013-01-29 07:51 110080 ----a-r- c:\users\cp\AppData\Roaming\Microsoft\Installer\{3260EEB5-1E2B-4044-A35F-0B8BF577E210}\Icon5B4E0377.exe
2013-01-09 06:35 . 2013-01-09 06:35 159 ----a-w- c:\programdata\dsgsdgdsgdsgw.reg
2013-01-09 06:35 . 2012-12-28 20:22 2819 ----a-w- c:\programdata\dsgsdgdsgdsgw.js
2013-01-04 04:43 . 2013-02-13 07:00 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 05:31 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 05:31 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 05:31 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 05:31 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-10-05 21:47 . 2010-09-30 00:21 129024 ----a-w- c:\program files (x86)\Common Files\Uninstall.exe
.
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{390C7E87-153C-12DB-2EA6-0BB301EB26E9}]
2006-11-29 20:06 73728 ----a-w- c:\windows\SysWOW64\d3dx9_322.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{b52d0735-ec19-448a-abde-e01b5bd275d2}]
2012-10-03 05:57 1031240 ----a-w- c:\users\cp\AppData\Roaming\DownTangoLauncherToolbar\DownTangoLauncherToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{b52d0735-ec19-448a-abde-e01b5bd275d2}"= "c:\users\cp\AppData\Roaming\DownTangoLauncherToolbar\DownTangoLauncherToolbar.dll" [2012-10-03 1031240]
.
[HKEY_CLASSES_ROOT\clsid\{b52d0735-ec19-448a-abde-e01b5bd275d2}]
[HKEY_CLASSES_ROOT\wtb.Band.1]
[HKEY_CLASSES_ROOT\TypeLib\{036ec50e-b1e7-481c-8e5a-24e42150f9e3}]
[HKEY_CLASSES_ROOT\wtb.Band]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-05-23 371896]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-03-05 295072]
.
c:\users\cp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Skærmklipper og startprogram til OneNote 2010.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-02-03 23:09 75360 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 PMS;PMS;c:\palette\BBA60\Webroot\BMS\Palette.Baltzar.Interface.WinService.MaintenanceService.exe [2012-01-24 45568]
R2 PMS610;PMS610;c:\palette\BBA610\BMS610\\PMS610\Palette.Baltzar.Interface.WinService.MaintenanceService.exe [2013-02-28 48640]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-03 2656280]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-01-13 106408]
R3 ctxva51;Citrix Virtual Adapter;c:\windows\system32\DRIVERS\ctxva51.sys [2011-12-20 45720]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2011-02-07 63336]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys [2012-06-22 22704]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter64.sys [2012-09-17 125024]
R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw64.sys [2012-11-16 182728]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [2012-11-01 93600]
R3 pctplsm;pctplsm;c:\windows\System32\drivers\pctplsm64.sys [2012-11-01 87968]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2012-10-31 403416]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-10-31 42648]
R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools Security\TFEngine\TFService.exe service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\DRIVERS\vna.sys [2009-04-02 161256]
R3 vna_ap;Check Point Virtual Network Adapter - Apollo;c:\windows\system32\DRIVERS\vnaap.sys [2009-04-02 161256]
R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-15 1255736]
R3 WMSVC;Tjenesten Web Management;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 10752]
R4 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2012-06-14 134456]
R4 cpextender;Check Point SSL Network Extender;c:\program files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [2011-10-18 355496]
R4 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2011-02-03 464480]
R4 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-07-15 137272]
R4 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2011-01-12 36864]
R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R4 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-05-23 1098296]
R4 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-02-07 320000]
R4 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-07-06 1698360]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336]
R4 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
R4 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2011-02-09 1318912]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-03-16 113264]
R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2011-01-15 1116656]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-17 313696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-06-17 431456]
R4 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464]
R4 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-01-22 3154224]
S0 MfeEpePc;MfeEpePc; [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-10-22 413448]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-10-31 66344]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-10-31 709552]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2012-05-17 93272]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-10-31 347016]
S1 pctNdisLW64;PC Tools NDIS 6 LightWeight filter;c:\windows\system32\DRIVERS\pctNdisLW64.sys [2012-06-30 77976]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-11-01 253256]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2010-01-26 44576]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2012-10-23 580728]
S2 Readsoft;Readsoft;c:\flexlm\lmgrd.exe [2009-07-09 1500424]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2009-09-17 145448]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2010-10-19 374048]
S2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2010-10-19 292128]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2013-02-22 2849120]
S2 Test602;Test602;c:\palette\BBA602\BMS602\Palette.Baltzar.Interface.WinService.MaintenanceService.exe [2012-10-03 48640]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2010-11-11 32192]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys [2011-11-13 56160]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-01-30 174168]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2011-02-08 26712]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-10-23 77144]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Indhold af mappen 'Planlagte Opgaver'
.
2013-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:01]
.
2013-02-24 c:\windows\Tasks\HPCeeScheduleForcp.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2013-03-12 c:\windows\Tasks\HPCeeScheduleForITPRO$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\cp\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\cp\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\cp\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\cp\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
mStart Page = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937
mSearch Bar = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE: {{45d8438c-b51d-47a8-aeea-9061535f25f1} - {b52d0735-ec19-448a-abde-e01b5bd275d2} - c:\users\cp\AppData\Roaming\DownTangoLauncherToolbar\DownTangoLauncherToolbar.dll
Trusted Zone: btjunkie.org
Trusted Zone: citrix.com\www
Trusted Zone: egmont.com\onesystem
Trusted Zone: google.dk\www
Trusted Zone: isohunt.com\www
Trusted Zone: itpro
Trusted Zone: palette.se\helpdesk
Trusted Zone: sbs.dk\sslvpn
Trusted Zone: senmatic.com\vpn
Trusted Zone: sttcondigi.com\gate
Trusted Zone: xnxx.com\video
TCP: DhcpNameServer = 192.168.1.1
DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} - hxxps://vpn-emea.navico.com/SNX/CSHELL/extender.cab
FF - ProfilePath -
.
- - - - TOMME GENVEJE FJERNET - - - -
.
BHO-{C1AF5FA5-852C-4C90-812E-A7F75E011D87} - c:\program files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
Toolbar-10 - (no file)
Toolbar-{3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - c:\program files (x86)\GadgetBox\gadgetBoxTB.dll
Toolbar-Locked - (no file)
Toolbar-{82E1477C-B154-48D3-9891-33D83C26BCD3} - c:\program files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} - (no file)
ShellIconOverlayIdentifiers-{C72C6188-BEF2-46E5-A89A-52F0ED75219E} - (no file)
ShellIconOverlayIdentifiers-{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} - (no file)
AddRemove-1ClickDownload - c:\program files (x86)\TornTV.com\uninst.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-delta - c:\program files (x86)\Delta\delta\1.8.10.0\GUninstaller.exe
AddRemove-Delta Chrome Toolbar - c:\users\cp\AppData\Roaming\BabSolution\Shared\GUninstaller.exe
.
.
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andre kørende processer ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\flexlm\EHLM.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
c:\program files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
c:\program files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
.
**************************************************************************
.
Gennemført tid: 2013-03-13 20:07:35 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2013-03-13 19:07
.
Pre-Kørsel: 134.843.707.392 byte ledig
Post-Kørsel: 134.256.021.504 byte ledig
.
- - End Of File - - 4ADC685ADA2BEF8E2E516AB6C7BC4C35
 

Attachments

Last edited by a moderator:
Re: Windows update is not running - win 7 x64

Hi, Itpusher.

I've edited your post to copy/paste the log results as it is much easier to review in situ rather than as an attachment and to compare the results as cleanup progresses. It also isn't necessary to "Reply With Quote". The "Reply" button is all that is needed.

I'll need to take some time to review your log and will provide additional instructions after I've done that.
 
Re: Windows update is not running - win 7 x64

Hi again,

Windows update is now working and I have installed the most nedded things.

//Itpusher
 
Re: Windows update is not running - win 7 x64

Hi, Itpusher.

Great news about Windows Update working. Please hold off on additional Microsoft updates until we finish here. However, there are other updates you need to get installed ASAP as they are likely the source of the infection, combined with having UAC disabled. As you would have seen from the SecurityCheck log, Adobe Read and Java are out of date, along with your browsers, IE and Firefox.

Due to prerequisites that may be needed due to the problem you had with Windows Update, please hold off updating IE until we finish. In fact, you may want to first update to IE9. Microsoft started offering IE10 with Windows Update this past Tuesday so it will come your way after you have all the prerequisites installed.

Please uninstall the following:

Java(TM) 6 Update 29
Adobe Reader 10.1.6 Adobe Reader out of Date!

Java:
Due to the increasing number of Java vulnerabilities, it is my recommendation remove Java where possible, although I understand there are some programs as well as websites that require it. See my article, Java, The Never-Ending Saga. If you find you do need Java, the latest version can be downloaded from here: Java Version 7 Update 17. Be very watchful when installing it to uncheck the Ask Toolbar and any other add-ons that are not needed.

Please follow my instructions in the above article for disabling Java in the browser until needed. Also, expect a Java update sooner rather than later due to the ease it fell in Pwn2Own 2013.

Adobe Reader:
If you wish to stick with Adobe Reader, you can download the latest version from here: Download Adobe Reader. With Adobe, you also need to be watchful when installing it to avoid unwanted extras. Should you wish to try a different PDF reader, I have been very happy with Sumatra PDF. See Replacing Adobe Reader with Sumatra PDF, which includes the download link in the References section.​

Firefox:
Mozilla Firefox has been updated to version 19.0.2. Update to the latest version. Select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."​

After you have taken care of Java, Adobe Reader and Firefox, please do the following:

1. Please download AdwCleaner by Xplode to your Desktop.
  • Double-click AdwCleaner.exe to run the tool.
  • Click Delete.
  • Everything that was found will be deleted.
  • Save any open files and approve the reboot. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
Note: The log can also be found at C:\AdwCleaner[XX].txt where XX denotes the number of times the application has been run, i.e., S1

2. Please download Junkware Removal Tool to your desktop.
  • Disable your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

3. Please go here to run an on-line scan from ESET.
  • Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
 
Re: Windows update is not running - win 7 x64

Hi Corrine,

please look at the attached data. A lot of them is in shelter, but som are not, please advice hov to remove those.

C:\Program Files (x86)\GadgetBox\gadgetBoxTB_new.dll Win32/Toolbar.GadgetBox application
C:\Program Files (x86)\GadgetBox\searchInstaller.exe Win32/Toolbar.GadgetBox application
C:\ProgramData\dsgsdgdsgdsgw.js JS/Agent.NIG trojan
C:\Qoobox\Quarantine\C\Program Files (x86)\GadgetBox\gaDGetboxtb.dll.vir Win32/Toolbar.GadgetBox application
C:\Qoobox\Quarantine\C\ProgramData\TheBflix\bhoclass.dll.vir a variant of Win32/Adware.MultiPlug.B application
C:\Qoobox\Quarantine\C\Windows\Installer\{4835385a-b096-9719-2ea1-2fbcaaa3cc2e}\U\00000004.@.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{4835385a-b096-9719-2ea1-2fbcaaa3cc2e}\U\000000cb.@.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{4835385a-b096-9719-2ea1-2fbcaaa3cc2e}\U\80000000.@.vir Win64/Sirefef.AW trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{4835385a-b096-9719-2ea1-2fbcaaa3cc2e}\U\80000032.@.vir Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{4835385a-b096-9719-2ea1-2fbcaaa3cc2e}\U\80000064.@.vir a variant of Win64/Sirefef.AN trojan
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.A.Gen trojan
C:\Users\All Users\dsgsdgdsgdsgw.js JS/Agent.NIG trojan
C:\Users\cp\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120505122319973.rsc multiple threats


Regards

Itpusher
 
Re: Windows update is not running - win 7 x64

Hi, Itpusher.

Not to worry, the items shown as being in Qoobox will be taken care of at the end when we finish with ComboFix. We'll also deal with the remaining items after you follow the above instructions for AdwCleaner and Junkware Toolbox and copy/paste those logs in your next reply and deal with the following.

I noted a couple of things in your log. First, it appears you still have AVG 2012 installed along with PC Tools Internet Security 9.1, which also includes antivirus software. Although AVG is not my favorite antivirus software, if you are satisfied with it, I suggest you update to the latest version, AVG 2013. On the other hand, if you have a paid subscription for PC Tools Internet Security 9.1 and wish to keep it, you need to run the AVG Removal Tool.

Personally, it does not appear that either AVG or PC Tools Internet Security were effective. You may wish to switch to Microsoft Security Essentials, in which case you would need to remove both AVG 2012 and PC Tools Internet Security.

I don't know if things have improved since 2007 when I wrote Enigma Software, A Mystery? ~ Security Garden, however, it is difficult to trust after trust has been lost. If you don't use SpyHunter, I suggest you uninstall it.

Please advise which programs you have removed, post the above-requested logs as well as a fresh DDS.txt log. (I don't need attach.txt this time)
  • Disable any script blocker and double-click dds.scr to run.
  • The logs will automatically be saved to your desktop.
  • Please only copy the contents of dds.txt and post it in your next reply
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top