# Can't open control panel (error msg {26EE0668-A00A-44D7-9371-BEV064C98683}).



## nickpgood (Aug 25, 2011)

Suddenly I can't access the control panel, I get the error message above and then am told that the interface isn't supported.
Also when I try to open Windows explorer I am told the interface isn't supported.
Also on start-up I am getting a message about some missing .dll file but I'm not sure what programme that is referring to.

I am using Windows 7.

Does anyone have any idea what has happenned?

Thanks

Nick


----------



## Cheeseball81 (Mar 3, 2004)

Hi and welcome

It sounds like you might be infected with something.

What DLL is coming up at start up?


----------



## Phantom010 (Mar 9, 2009)

Could be malware, as pointed out by *Cheeseball81*.

The GUID in the error message is for the Control Panel special folder in Explorer and it seems to be corrupted.

However, I have found a couple of threads with the exact same issue. The solution was to re-register OLE Classes:

1. Reboot into Safe Mode
2. Log on as Administrator.
3. Click Start.
4. Type the three letters cmd into the Search box.
5. Press Ctrl+Shift+Enter
6. Start the process as Administrator.
6. Very carefully type this command:
*for %a in (c:\Windows\System32\*.dll) do regsvr32.exe /s "%a"*
7. Press the Enter key.

http://answers.microsoft.com/en-us/...-no-such/2ec4acab-e81e-4f13-8aef-5b1bacdbd05f

http://www.sevenforums.com/crashes-debugging/152962-black-screen-start-up-cant-access-drives-2.html

http://msdn.microsoft.com/en-us/library/3aht5wfh(v=vs.80).aspx


----------



## nickpgood (Aug 25, 2011)

Cheeseball81

The mesage was to do with the I-player which opens on start up. It says the program can't start because sysenv.dll is missing

Phantom010

I'm going to try what you suggest now


----------



## Phantom010 (Mar 9, 2009)

*sysenv.dll* seems to be related to SysEnv from *HiTRUST*?


----------



## Phantom010 (Mar 9, 2009)

Or, *sysenv.dll* could be related to your Acer computer. You may need to reinstall the "Mylocker" application.

You can also simply press the Windows key + R to open a Run box.

Type in *msconfig*.

Select the *Startup* tab.

Uncheck anything related to "Mylocker".

If you don't need to encrypt any files, you can simply uninstall MyLocker.


----------



## nickpgood (Aug 25, 2011)

Phantom010

I did as you suggested. It seemed to be going well until I got the following message:

You do not have sufficient rights to register the certificates snap-in.


----------



## Phantom010 (Mar 9, 2009)

After what step did you get that message? Aren't you logged in as Administrator?


----------



## nickpgood (Aug 25, 2011)

I'm not familiar with the MyLocker application. I selected the startup tab as you said but there was nothing that mentioned Mylocker there at all


----------



## nickpgood (Aug 25, 2011)

There's only one profile on my computer, the one I use all the time. Does that not automatically mean I am the administrator?


----------



## nickpgood (Aug 25, 2011)

Maybe I made a mistake on point 6. You said "start the process as administrator". I didn't know what that meant. How do I "start the process as administrator"?


----------



## Phantom010 (Mar 9, 2009)

You probably won't be able to remove the MyLocker application without having access to the Control Panel and "Programs and Features". You could try the free *Revo Uninstaller*. It may find it and remove it.

Or, I can have a look for you in your Startup directory:

In *Normal Mode*:

Please click *HERE* to download and install *HijackThis.* 

Run it and select *Do a system scan and save a logfile* from the Main Menu.

The log will be saved in Notepad. Copy and paste the log in your next reply.

*IMPORTANT: Do not "Fix" anything* 

If Windows is denying access to the Hosts file, *disable the UAC* and run HijackThis again.


----------



## Phantom010 (Mar 9, 2009)

nickpgood said:


> Maybe I made a mistake on point 6. You said "start the process as administrator". I didn't know what that meant. How do I "start the process as administrator"?


_CTRL+SHIFT+ENTER_ runs a program elevated (Run as administrator).

Alternately, click Start > Programs > Accessories > right-click on *Command Prompt*, select "Run as Administrator" to open a command prompt.


----------



## nickpgood (Aug 25, 2011)

> Alternately, click Start > Programs > Accessories > right-click on *Command Prompt*, select "Run as Administrator" to open a command prompt.


I did this and I am still getting the same message regarding the "certificates snap-in"


----------



## nickpgood (Aug 25, 2011)

I think i have fixed the MyLocker issue using Revo installer, thanks for that


----------



## Phantom010 (Mar 9, 2009)

Please do submit your HijackThis log.


----------



## nickpgood (Aug 25, 2011)

Am just installing Hijackthis now. I've got the 64 bit version


----------



## nickpgood (Aug 25, 2011)

Phantom010. Thanks for all your help on this. I'm going to have to come back to this tomorrow now


----------



## Phantom010 (Mar 9, 2009)

nickpgood said:


> I've got the 64 bit version


In that case, you might need to re-register your 64-bit DLLs as well:

Use the following command:

*for %a in (C:\Windows\SysWOW64\*.dll) do regsvr32.exe /s "%a"*


----------



## nickpgood (Aug 25, 2011)

I ran Hijackthis as you suggested pressing the "Do a system scan and save a log file" button.
Firstly I get a message saying my "system denied write access to the Hosts file" and explaining how I can edit a file myself if there are any hijacked domains in this file.

Then after the scan has finished I get this message:

"Cannot find the C:\Program Files (x86)\Trend Micro\HiJackThis\hijackthis.log file.

Do you want to create a new file?"

I press yes but nothing happens. An untitled notepad file has opened but nothing else happens.


----------



## Phantom010 (Mar 9, 2009)

> If Windows is denying access to the Hosts file, *disable the UAC* and run HijackThis again.


----------



## nickpgood (Aug 25, 2011)

OK here it is:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:56:23, on 26/08/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\pdfconverter.com\PDF Converter Elite\2009\pcSONPrnDisp.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Users\Nick\AppData\Local\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Users\Nick\AppData\Local\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5740&r=273605105506l04g8z105t4491d146
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.ask.com?o=10148&tb=ARS
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5740&r=273605105506l04g8z105t4491d146
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...=aspire_5740&r=273605105506l04g8z105t4491d146
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: EndNote Web - {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files (x86)\EndNote Web\ENWIEPlug.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: EndNote Web - {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files (x86)\EndNote Web\ENWIEPlug.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O4 - Startup: Dropbox.lnk = Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
O18 - Protocol: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files (x86)\QlikView\QvProtocol\qvp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: lxdp_device - Unknown owner - C:\Windows\system32\lxdpcoms.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Unknown owner - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16450 bytes


----------



## Phantom010 (Mar 9, 2009)

I don't see anything special in your log.

Did you try the following command?

*for %a in (C:\Windows\SysWOW64\*.dll) do regsvr32.exe /s "%a"*

Getting the same error message?


----------



## nickpgood (Aug 25, 2011)

i tried that command, it ran OK, though did take a while. No error messages


----------



## Phantom010 (Mar 9, 2009)

Any change with the Control Panel?


----------



## nickpgood (Aug 25, 2011)

none


----------



## Phantom010 (Mar 9, 2009)

You did try both commands after booting into Safe Mode, right?

I'm sorry but I cannot think of anything else right now. If I do come up with another idea, I'll be sure to let you know.


----------



## nickpgood (Aug 25, 2011)

No I wasn't in safe mode! I must have got muddled along the way. So I should enter the following two commands, one after the other in safe mode?:

*for %a in (c:\Windows\System32\*.dll) do regsvr32.exe /s "%a"

**for %a in (C:\Windows\SysWOW64\*.dll) do regsvr32.exe /s "%a"*


----------



## Phantom010 (Mar 9, 2009)

Yes.



> 1. *Reboot into Safe Mode
> *2. Log on as Administrator.
> 3. Click Start.
> 4. Type the three letters cmd into the Search box.
> ...


----------



## nickpgood (Aug 25, 2011)

I have tried to run those commands, exactly as you said, but midway through running each command I get the message about the certificate snap ins


----------



## Phantom010 (Mar 9, 2009)

Sorry. I don't know what else to try.


----------



## nickpgood (Aug 25, 2011)

That is:

"You do not have sufficient rights to register the certificates snap-in."


----------



## nickpgood (Aug 25, 2011)

OK thanks for all your effort. Am I right in thinking that my computer is not infected with anything, as you saw nothing out of the ordinary on the HijackThis log file?


----------



## Phantom010 (Mar 9, 2009)

By the way, can you access the Control Panel with the following Run command? I don't think so but just in case... 

Press the Windows key + R to open a Run box.

Type *Control*.

Click OK.


----------



## nickpgood (Aug 25, 2011)

No I can't


----------



## Phantom010 (Mar 9, 2009)

nickpgood said:


> OK thanks for all your effort. Am I right in thinking that my computer is not infected with anything, as you saw nothing out of the ordinary on the HijackThis log file?


Well, yes and know. I do not see anything in your HijackThis log to suggest your computer is infected. However, when malware is concerned, HijackThis will only show the tip of the iceberg. It doesn't always show infections. It's not the best tool on the market. I'm just not permitted to have you run the more powerful tools on this forum... However, *Cheeseball81* is...


----------



## Cheeseball81 (Mar 3, 2004)

Hey Nick,

I got your PM.

What I will do is move this thread to our Malware Removal forum. There is a chance you could be infected with something that just isn't visible in the HijackThis log.

I wouldn't recommend running the tools yourself, it would be better to have an expert walk you through it.

So after I move your thread, I am going to ask one of our gold shields to further assist you. I don't want to take on any new threads right now with Hurricane Irene approaching the East Coast. 
I will likely have no power or have to evacuate so I won't be able to post here at the forum.


----------



## Phantom010 (Mar 9, 2009)

Sorry to hear about the hurricane threat. 

Let's hope it'll miss your neck of the woods.


----------



## Cheeseball81 (Mar 3, 2004)

Thanks Phantom. 

Judging by its path, it looks unavoidable. We are definitely going to get it. How bad we get it is the real question.


----------



## Cheeseball81 (Mar 3, 2004)

Nick,

In the meantime, please do this:

Please download *DDS* by sUBs to your desktop from one of the following locations:
http://download.bleepingcomputer.com/sUBs/dds.com
http://download.bleepingcomputer.com/sUBs/dds.scr
http://www.infospyware.net/sUBs/dds/

Disable any script blocker you may have as they may interfere and then double-click the DDS.scr to run the tool.

When DDS has finished scanning, it will open two logs named as follows:

DDS.txt
Attach.txt

Save them both to your desktop.
Copy and paste the contents of the DDS.txt file.
*Upload as an attachment* the Attach.txt file. *There is no need to zip it as suggested in the DDS instructions *


----------



## nickpgood (Aug 25, 2011)

Hope the hurricane passed over OK.
I only just saw the last post, but as you requested here is the contents of the DDS file, with the Attach file attached:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Nick at 9:59:16 on 2011-08-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2804.903 [GMT 1:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\lxdpcoms.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\pdfconverter.com\PDF Converter Elite\2009\pcSONPrnDisp.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Users\Nick\AppData\Local\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Nick\AppData\Local\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5740&r=273605105506l04g8z105t4491d146
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5740&r=273605105506l04g8z105t4491d146
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: EndNote Web: {82d2e569-25a7-4e4d-9fa3-c5025b4b7912} - C:\Program Files (x86)\EndNote Web\ENWIEPlug.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: EndNote Web: {945c8270-a848-11d5-a805-00b0d092f45b} - C:\Program Files (x86)\EndNote Web\ENWIEPlug.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Nick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BBCIPL~1.LNK - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
StartupFolder: C:\Users\Nick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Nick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{079E895E-A34A-44CA-AB30-B5385D4D0B79} : DhcpNameServer = 10.72.163.1 10.72.162.80
TCP: Interfaces\{5C5CE2DE-823D-4FDC-ABC0-6473E9FD98B6} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5C5CE2DE-823D-4FDC-ABC0-6473E9FD98B6}\244524573796E6563737845726D2635323 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5C5CE2DE-823D-4FDC-ABC0-6473E9FD98B6}\B696D62697478656375616 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files (x86)\QlikView\QvProtocol\qvp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: EndNote Web: {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files (x86)\EndNote Web\ENWIEPlug.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: EndNote Web: {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files (x86)\EndNote Web\ENWIEPlug.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun-x64: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
SSODL-X64: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\vqu0y7lg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1383093&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.guardian.co.uk/
FF - component: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\vqu0y7lg.default\extensions\{13460e88-83f7-4d8c-9958-38af0ddfa2a9}\components\FFExternalAlert.dll
FF - component: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\vqu0y7lg.default\extensions\{13460e88-83f7-4d8c-9958-38af0ddfa2a9}\components\RadioWMPCore.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 RapportCerberus_29574;RapportCerberus_29574;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus64_29574.sys [2011-8-7 386128]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-8-21 52496]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-8-21 61200]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-1-11 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 lxdp_device;lxdp_device;C:\Windows\system32\lxdpcoms.exe -service --> C:\Windows\system32\lxdpcoms.exe -service [?]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-9-25 62720]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-18 144640]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-8-21 870200]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2010-5-12 1831024]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-5 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-11-5 240160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-8-2 136824]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\system32\DRIVERS\seehcri.sys --> C:\Windows\system32\DRIVERS\seehcri.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-14 136176]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-14 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe --> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [?]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-18 50432]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-8-25 155344]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-08-29 21:20:23 -------- d-----w- C:\Users\Nick\AppData\Local\{94CE1ABC-C632-4FEF-9664-739B3E09D984}
2011-08-29 21:20:09 -------- d-----w- C:\Users\Nick\AppData\Local\{D5995B91-C11C-46F7-A52E-6EBE18373C57}
2011-08-29 09:19:32 -------- d-----w- C:\Users\Nick\AppData\Local\{E5C0C0DB-35A1-402C-A79F-244EA18A4F39}
2011-08-29 09:19:11 -------- d-----w- C:\Users\Nick\AppData\Local\{6AB40948-8182-45B6-814D-E999761A233B}
2011-08-26 14:57:46 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B088A155-E67E-4AD4-94CD-AEB8DF8B925F}\mpengine.dll
2011-08-26 10:38:34 -------- d-----w- C:\Users\Nick\AppData\Local\{22268AC5-2E40-4D2B-9500-3F18B37C32FA}
2011-08-26 10:38:21 -------- d-----w- C:\Users\Nick\AppData\Local\{87B7F3B4-358E-45E9-B022-4551041907D0}
2011-08-26 07:35:00 -------- d-----w- C:\Windows\en
2011-08-26 07:26:48 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-26 07:21:14 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bd07d3601cc63c001\MeshBetaRemover.exe
2011-08-26 06:56:30 -------- d-----w- C:\Users\Nick\AppData\Local\{FF071E8C-A340-4F6D-83FE-BDEA756E0AFE}
2011-08-26 06:56:17 -------- d-----w- C:\Users\Nick\AppData\Local\{D452C3F1-79D9-4AAD-96F4-4A8F169BE68D}
2011-08-25 18:16:03 388096 ----a-r- C:\Users\Nick\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-25 18:16:02 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-08-25 17:08:24 -------- d-----w- C:\Users\Nick\AppData\Local\VS Revo Group
2011-08-25 17:08:23 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2011-08-25 17:08:21 -------- d-----w- C:\Program Files\VS Revo Group
2011-08-25 14:07:29 -------- d-----w- C:\Users\Nick\AppData\Local\{A9DE8FCC-B715-4F37-A82C-57BF5A4D35C0}
2011-08-25 14:07:13 -------- d-----w- C:\Users\Nick\AppData\Local\{9307C66F-7167-44E9-9F5C-585CD9023193}
2011-08-25 11:14:17 -------- d-----w- C:\Users\Nick\AppData\Local\{AFE4EACA-DDE2-46E6-AFBF-26808BA6B7BA}
2011-08-25 11:10:29 -------- d-----w- C:\Users\Nick\AppData\Local\{170007CF-78E7-4603-A196-4BB16D79865E}
2011-08-25 07:38:49 34032 ----a-w- C:\Windows\System32\drivers\seehcri.sys
2011-08-25 07:11:56 -------- d-----w- C:\Users\Nick\AppData\Local\{8F0CFDB1-BBB1-42F3-8C61-2EA7058610AB}
2011-08-25 07:11:45 -------- d-----w- C:\Users\Nick\AppData\Local\{F71D9F31-E131-4175-A4F9-5DF41BDECF0A}
2011-08-25 07:11:11 -------- d-----w- C:\Program Files (x86)\Avanquest update
2011-08-25 07:11:09 -------- d-----w- C:\ProgramData\Avanquest
2011-08-24 16:10:59 -------- d-----w- C:\Users\Nick\AppData\Local\{FA868E6D-1BD5-4C58-9E60-EBE6FC459CB4}
2011-08-24 16:10:49 -------- d-----w- C:\Users\Nick\AppData\Local\{32FF90C5-59F0-4B4D-A382-9328C0E6792A}
2011-08-24 15:00:31 -------- d-----w- C:\Users\Nick\AppData\Local\{845695F0-FD76-477C-9911-3881C8984FDF}
2011-08-24 15:00:21 -------- d-----w- C:\Users\Nick\AppData\Local\{B84E58B0-E903-49D9-8035-71C80F7B8B3D}
2011-08-24 15:00:11 -------- d-----w- C:\Users\Nick\AppData\Local\{F4956E16-5038-4C7D-B648-E4EE239B352E}
2011-08-24 15:00:00 -------- d-----w- C:\Users\Nick\AppData\Local\{099097CC-59D9-4A1A-A4BB-EBE5DD9FFBBB}
2011-08-24 11:19:05 -------- d-----w- C:\Users\Nick\AppData\Local\{0377025E-1CA5-4C48-B147-AD171CC9C5E0}
2011-08-24 11:18:55 -------- d-----w- C:\Users\Nick\AppData\Local\{980DF1F7-5952-4823-9032-70BAC180674B}
2011-08-24 08:46:28 -------- d-----w- C:\Users\Nick\AppData\Local\Mozilla Firefox
2011-08-24 08:42:57 -------- d-----w- C:\Users\Nick\AppData\Local\{0951F87D-6347-4DFB-ABA5-160F6C5FB27B}
2011-08-24 08:42:46 -------- d-----w- C:\Users\Nick\AppData\Local\{E934F4CC-A381-41A4-89C9-B790480F2026}
2011-08-24 08:13:40 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-24 08:13:40 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-08-23 11:00:52 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-08-23 11:00:52 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-08-23 11:00:51 126976 ----a-w- C:\Program Files\Common Files\System\Ole DB\msdaosp.dll
2011-08-23 11:00:50 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-08-23 11:00:43 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-08-23 11:00:36 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-08-23 11:00:36 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-08-23 11:00:34 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-08-23 11:00:29 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-08-23 11:00:28 94208 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll
2011-08-23 11:00:25 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-08-23 11:00:01 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-08-23 10:57:38 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-08-23 10:51:22 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-08-23 10:51:18 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-08-23 10:51:11 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-08-23 10:27:33 -------- d-----w- C:\Users\Nick\AppData\Local\{212FD8D8-B367-40A9-B102-938A7D1CA060}
2011-08-23 10:27:16 -------- d-----w- C:\Users\Nick\AppData\Local\{87B78637-E3E8-49FA-9C4A-2DAB268E42C4}
2011-08-07 19:28:52 -------- d-----w- C:\Users\Nick\AppData\Local\{C71D2F51-E329-424A-9F7E-03A0D112C9B8}
2011-08-04 18:02:16 -------- d-----w- C:\Users\Nick\AppData\Local\{4E3C660D-4139-484D-A3A6-1D0545766C81}
2011-08-03 10:26:26 -------- d-----w- C:\Program Files\iPod
2011-08-03 10:26:22 -------- d-----w- C:\Program Files\iTunes
2011-08-03 10:18:33 -------- d-----w- C:\Program Files\Bonjour
2011-08-03 10:18:33 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-08-03 10:05:23 -------- d-----w- C:\Users\Nick\AppData\Local\{FE42C4CC-4D25-4636-8E9A-9A1CFE79F9AB}
2011-08-02 19:07:32 15400 ----a-w- C:\Windows\System32\drivers\a016whnt.sys
2011-08-02 19:07:32 15400 ----a-w- C:\Windows\System32\drivers\a016wh.sys
2011-08-02 19:07:32 125480 ----a-w- C:\Windows\System32\drivers\a016obex.sys
2011-08-02 19:07:31 146472 ----a-w- C:\Windows\System32\drivers\a016mdm.sys
2011-08-02 19:07:31 130600 ----a-w- C:\Windows\System32\drivers\a016mgmt.sys
2011-08-02 19:07:30 19496 ----a-w- C:\Windows\System32\drivers\a016mdfl.sys
2011-08-02 19:07:27 14888 ----a-w- C:\Windows\System32\drivers\a016cmnt.sys
2011-08-02 19:07:27 14888 ----a-w- C:\Windows\System32\drivers\a016cm.sys
2011-08-02 19:07:26 109096 ----a-w- C:\Windows\System32\drivers\a016bus.sys
2011-08-02 18:51:19 -------- d-----w- C:\Users\Nick\AppData\Local\{AB0571EB-B262-4C6C-A369-0B99811C4161}
2011-08-02 18:15:10 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-08-02 18:15:07 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-08-02 18:15:06 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-08-02 18:15:05 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-08-02 18:15:04 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-08-02 18:15:04 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-08-02 18:15:04 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-08-02 18:14:08 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-08-02 09:34:56 -------- d-----w- C:\Users\Nick\AppData\Local\{26DD3692-7319-4BC1-8FD5-8090244F5DA1}
2011-08-01 09:56:15 -------- d-----w- C:\Users\Nick\AppData\Local\{F5CF965B-FFF1-483B-9F73-BF5C702C6E1F}
.
==================== Find3M ====================
.
2011-08-21 09:00:42 64272 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2011-07-25 11:46:59 27176 ----a-w- C:\Windows\System32\drivers\ggsemc.sys
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-12 10:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-07-12 10:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-07-12 10:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-07-12 10:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
.
============= FINISH: 10:01:23.50 ===============


----------



## Cheeseball81 (Mar 3, 2004)

I forgot to add this to the instructions, please do this too:

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! Save ComboFix.exe to your Desktop*

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.


----------



## nickpgood (Aug 25, 2011)

I could not disable Symantec antivirus. I right clicked on the System tray icon but the option to disable it was shaded out. I think this may be because I installed it through my university and connect to the university network via a VPN. Also I clicked on the link above to see if any other programs should be disabled but the link wasn't working.
I ran combofix anyway and got the below log:

ComboFix 11-08-30.02 - Nick 31/08/2011 9:00.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2804.898 [GMT 1:00]
Running from: c:\users\Nick\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\TEMP.Nick-PC.003\prf5540.tmp
c:\users\TEMP.Nick-PC.004\prf59B.tmp
c:\users\TEMP.Nick-PC.005\prf2F59.tmp
c:\users\TEMP.Nick-PC.007\prf2970.tmp
c:\users\TEMP.Nick-PC.008\prf77ED.tmp
c:\users\TEMP.Nick-PC.009\prfA89D.tmp
c:\users\TEMP.Nick-PC.010\prf64AB.tmp
c:\users\TEMP.Nick-PC\prf703F.tmp
c:\users\TEMP\prf4D06.tmp
c:\windows\SysWow64\regobj.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-31 )))))))))))))))))))))))))))))))
.
.
2011-08-31 08:14 . 2011-08-31 08:14 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-08-31 08:14 . 2011-08-31 08:14 -------- d-----w- c:\users\TEMP.Nick-PC\AppData\Local\temp
2011-08-31 08:14 . 2011-08-31 08:14 -------- d-----w- c:\users\TEMP.Nick-PC.009\AppData\Local\temp
2011-08-31 08:14 . 2011-08-31 08:14 -------- d-----w- c:\users\TEMP.Nick-PC.008\AppData\Local\temp
2011-08-31 08:14 . 2011-08-31 08:14 -------- d-----w- c:\users\TEMP.Nick-PC.007\AppData\Local\temp
2011-08-31 08:14 . 2011-08-31 08:14 -------- d-----w- c:\users\TEMP.Nick-PC.005\AppData\Local\temp
2011-08-31 08:14 . 2011-08-31 08:14 -------- d-----w- c:\users\TEMP.Nick-PC.004\AppData\Local\temp
2011-08-31 08:14 . 2011-08-31 08:14 -------- d-----w- c:\users\TEMP.Nick-PC.003\AppData\Local\temp
2011-08-26 07:35 . 2011-08-26 07:35 -------- d-----w- c:\windows\en
2011-08-26 07:26 . 2011-08-26 07:26 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-26 07:21 . 2011-08-26 07:21 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\bd07d3601cc63c001\MeshBetaRemover.exe
2011-08-25 18:16 . 2011-08-25 18:16 388096 ----a-r- c:\users\Nick\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-25 18:16 . 2011-08-25 18:16 -------- d-----w- c:\program files (x86)\Trend Micro
2011-08-25 17:08 . 2011-08-25 17:08 -------- d-----w- c:\users\Nick\AppData\Local\VS Revo Group
2011-08-25 17:08 . 2009-12-30 10:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-08-25 17:08 . 2011-08-25 17:08 -------- d-----w- c:\program files\VS Revo Group
2011-08-25 07:38 . 2008-01-09 11:28 34032 ----a-w- c:\windows\system32\drivers\seehcri.sys
2011-08-25 07:11 . 2011-08-25 07:11 -------- d-----w- c:\program files (x86)\Avanquest update
2011-08-25 07:11 . 2011-08-25 07:11 -------- d-----w- c:\programdata\Avanquest
2011-08-24 08:46 . 2011-08-24 08:46 -------- d-----w- c:\users\Nick\AppData\Local\Mozilla Firefox
2011-08-24 08:13 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-23 11:00 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccu32.dll
2011-08-23 11:00 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccr32.dll
2011-08-23 11:00 . 2011-06-15 09:59 126976 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2011-08-23 11:00 . 2011-06-15 10:02 163840 ----a-w- c:\windows\system32\odbccp32.dll
2011-08-23 11:00 . 2011-06-15 10:02 212992 ----a-w- c:\windows\system32\odbctrac.dll
2011-08-23 11:00 . 2011-06-15 08:54 94208 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaosp.dll
2011-08-23 11:00 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-23 10:57 . 2011-06-21 06:34 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-23 10:51 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-03 10:26 . 2011-08-03 10:26 -------- d-----w- c:\program files\iPod
2011-08-03 10:26 . 2011-08-03 10:27 -------- d-----w- c:\program files\iTunes
2011-08-03 10:18 . 2011-08-03 10:18 -------- d-----w- c:\program files\Bonjour
2011-08-03 10:18 . 2011-08-03 10:18 -------- d-----w- c:\program files (x86)\Bonjour
2011-08-02 19:07 . 2008-01-18 15:16 15400 ----a-w- c:\windows\system32\drivers\a016whnt.sys
2011-08-02 19:07 . 2008-01-18 15:16 15400 ----a-w- c:\windows\system32\drivers\a016wh.sys
2011-08-02 19:07 . 2008-01-18 15:16 125480 ----a-w- c:\windows\system32\drivers\a016obex.sys
2011-08-02 19:07 . 2008-01-18 15:16 146472 ----a-w- c:\windows\system32\drivers\a016mdm.sys
2011-08-02 19:07 . 2008-01-18 15:16 130600 ----a-w- c:\windows\system32\drivers\a016mgmt.sys
2011-08-02 19:07 . 2008-01-18 15:16 19496 ----a-w- c:\windows\system32\drivers\a016mdfl.sys
2011-08-02 19:07 . 2008-01-18 15:16 14888 ----a-w- c:\windows\system32\drivers\a016cmnt.sys
2011-08-02 19:07 . 2008-01-18 15:16 14888 ----a-w- c:\windows\system32\drivers\a016cm.sys
2011-08-02 19:07 . 2008-01-18 15:16 109096 ----a-w- c:\windows\system32\drivers\a016bus.sys
2011-08-02 18:57 . 2011-08-02 18:57 -------- d-----w- c:\users\Nick\AppData\Roaming\InstallShield
2011-08-02 18:15 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-08-02 18:15 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-08-02 18:15 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-08-02 18:15 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-08-02 18:15 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-08-02 18:15 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-08-02 18:15 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-08-02 18:14 . 2011-06-11 03:07 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-08-02 17:20 . 2011-08-31 08:13 -------- d-----w- c:\users\TEMP.Nick-PC.010
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-21 09:00 . 2011-02-24 19:02 64272 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2011-08-16 07:48 . 2011-08-26 14:57 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B088A155-E67E-4AD4-94CD-AEB8DF8B925F}\mpengine.dll
2011-07-25 11:46 . 2011-07-25 11:46 27176 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2011-07-22 02:48 . 2011-08-23 17:23 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-16 04:29 . 2011-08-23 10:58 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26 . 2011-08-23 10:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:25 . 2011-08-23 10:58 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:24 . 2011-08-23 10:58 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 02:21 . 2011-08-23 10:58 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-12 10:34 . 2011-07-12 10:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 10:34 . 2011-07-12 10:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 10:20 . 2011-07-12 10:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 10:20 . 2011-07-12 10:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-09 04:29 . 2011-08-24 08:13 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-06-23 04:33 . 2011-08-23 10:51 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-06-23 04:33 . 2011-08-23 10:51 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-06-15 08:55 . 2011-08-23 11:00 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll
2011-06-15 08:55 . 2011-08-23 11:00 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll
2011-06-15 08:55 . 2011-08-23 11:00 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll
2011-06-15 08:55 . 2011-08-23 11:00 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll
2011-06-15 08:55 . 2011-08-23 11:00 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-04-18 15146376]
"Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-07-25 433360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-11-12 181480]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-05-12 115560]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
c:\users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2011-5-21 142848]
Dropbox.lnk - c:\users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-14 136176]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-14 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus64_29574.sys [2011-08-07 386128]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-08-21 52496]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-08-21 61200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-08-21 870200]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-02 136824]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-14 17:27]
.
2011-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-14 17:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-29 8312352]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-11 200704]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"PDF Converter Elite Print Dispatcher"="c:\program files (x86)\pdfconverter.com\PDF Converter Elite\2009\pcSONPrnDisp.exe" [2009-11-13 53248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
Handler: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - c:\program files (x86)\QlikView\QvProtocol\qvp.dll
FF - ProfilePath - c:\users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\vqu0y7lg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1383093&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.guardian.co.uk/
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
ShellIconOverlayIdentifiers-{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
SafeBoot-Symantec Antvirus
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} - c:\program files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-506875343-581532590-2031743691-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-506875343-581532590-2031743691-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
c:\users\Nick\AppData\Local\Mozilla Firefox\firefox.exe
c:\users\Nick\AppData\Local\Mozilla Firefox\plugin-container.exe
.
**************************************************************************
.
Completion time: 2011-08-31 09:34:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-31 08:34
.
Pre-Run: 111,043,289,088 bytes free
Post-Run: 110,791,741,440 bytes free
.
- - End Of File - - 8C5EFF6EA4833F8D974EEBE78FFD53EE


----------



## JSntgRvr (Jul 1, 2003)

Just two cents:

Open an Administrator Command prompt. (Click on the Orb button, type CMD on the search bar and press Ctrl+Shift+Enter). At the command prompt Copy and paste the entire contents of the Codebox below and press Enter:


```
Regedit /e "%Userprofile%\Desktop\Control.txt" "HKEY_CLASSES_ROOT\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}"
Exit
```
Post the Control.txt file that will be produced on your desktop.


----------



## nickpgood (Aug 25, 2011)

JSntgRvr

I tried your suggestion. It doesn't seem to produce anything. Should the file Control.txt open, or should it be saved somewhere? If so, where?

Thanks


----------



## JSntgRvr (Jul 1, 2003)

nickpgood said:


> JSntgRvr
> 
> I tried your suggestion. It doesn't seem to produce anything. Should the file Control.txt open, or should it be saved somewhere? If so, where?
> 
> Thanks


The *Control.txt*, the file produced by the commands above, should open with Notepad upon clicking on it. Is this happening?


----------



## JSntgRvr (Jul 1, 2003)

There are profiles under users I don't understand:

c:\users\TEMP.Nick-PC.003
c:\users\TEMP.Nick-PC.004
c:\users\TEMP.Nick-PC.005
c:\users\TEMP.Nick-PC.007
c:\users\TEMP.Nick-PC.008
c:\users\TEMP.Nick-PC.009
c:\users\TEMP.Nick-PC.010
c:\users\TEMP.Nick-PC
c:\users\TEMP

Are you familar in any way with these profiles

Download and run *profiles.exe* by noahdfear. A report will be produced. Post that report in your next reply.

====================================================================================
I would like to review a file.

Please highlight the address to this topic, right click and select copy. Please go here:

http://www.bleepingcomputer.com/submit-malware.php?channel=4

Paste the address to this topic.

Then browse to the following file and click on Open:

*C:\Qoobox\Quarantine\C\windows\SysWow64\regobj.dll.vir*

Click on Send File

=====================================================================================
Download *OTS.exe* by OldTimer to your Desktop.

Close any open browsers.
Double-click on *OTS.exe* to start the program.
Leave all settings as they appear as default, except for the following:
Under *File Age*, select *30*.
Under *Drivers*, select *"All"*.
Under *Registry*, select *"All"*.
Under *Additional Scans*, click on the* "Extras"* button and remove the safe list checkmark.

Now click the *Run Scan *button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file
Use the *Reply* button and attach the notepad file here *(Do not copy and paste in a reply, rather attach it to it).*


----------



## nickpgood (Aug 25, 2011)

*JSntgRvr*
With ref to the Control.txt file, it is not produced when I enter the commands you gave. I paste the two lines in and press enter and the command box just disappears (as the last command is 'exit'). I have tried entering the first line separately and pressing enter but nothing at all happens.

I am not familiar with those profiles. I would have thought there would only be one Nick-PC profile.
Here is the report produced by profiles.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ C:\Windows\ServiceProfiles\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ C:\Windows\ServiceProfiles\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-506875343-581532590-2031743691-1000
ProfileImagePath REG_EXPAND_SZ C:\Users\Nick

SystemRoot REG_SZ C:\Windows

I have submited the file to bleeping computer as you requested.

Also find attached the OTS file as requested


----------



## JSntgRvr (Jul 1, 2003)

I believe the issue may be on your Registry. Would you be able to determine the date this issue appeared. Click on the Orb and type *Control.exe* on the search line. Press Enter. Would the Control Panel open?


----------



## nickpgood (Aug 25, 2011)

The problem started some time at the start of August..I can't remember the exact date.
I did what you suggested above. The Control panel still does not open. I get a message saying:

Search:query=Control.exe

No such interface supported


----------



## JSntgRvr (Jul 1, 2003)

Try to run any of the following:

*C:\Windows\SysNative\control.exe
C:\Windows\SysWow64\control.exe*


----------



## nickpgood (Aug 25, 2011)

When I enter the first command I am told that the path does not exist. When I enter the second I get the error message shown in the subject line of this thread


----------



## JSntgRvr (Jul 1, 2003)

I don't know why you don't have access to those files. Lets try a quick fix.

Open an Adminitrator command windows (Click on the Orb button, type CMD on the search bar and press Ctrl+Shift+Enter). At the command prompt Copy and paste the entire contents below and press Enter:

*Net User Administrator /Active:yes*

If successful, boot in Safe mode (Restart the computer and during startup tap on F8 every other second until you reach the Advanced Menu. Select Safe Mode)

Logon as an Administrator. See it you can reach the Control Panel, if yes, select the Users Accounts, then Manage another account -> Create a new account and make sure the account created has an Account type as an admiistrator.

Once done, restart and logon to this new account and test the Control Panel. Let me know the outcome.


----------



## nickpgood (Aug 25, 2011)

Tried as you suggested. Couldn't get on the Control Panel on the Administrator profile. I got the same error message with and additional \0 on the end.

Am also having more problems now. When I logged on today I was sent to a temporary profile. After shutting down and trying again I am back on my profile but have lost my wallpaper and am still having same issues re. the COntrol Panel and Windows Explorer.


----------



## JSntgRvr (Jul 1, 2003)

Open an Adminitrator command windows (Click on the Orb button, type CMD on the search bar and press Ctrl+Shift+Enter). At the command prompt Copy and paste the entire contents below and press Enter:

Net User Administrator /Active:no

Download the enclosed folder. Save and extract its contents to the desktop. Once extracted open the *PermsCheck* folder and click on the *Perms.bat* file. Post back its report.


----------



## nickpgood (Aug 25, 2011)

JSntgRvr
Due to the problem I am having with windows explorer I cannot open the zipped folder. Is there another way?

Nick


----------



## JSntgRvr (Jul 1, 2003)

Lets try to do this manually.

Download *swxcacls* from *here* and save it on your desktop.


*Copy the entire contents of the Quote Box * below to *Notepad*. 
Name the file as *Query.bat* 
Change the *Save as Type* to *All Files * 
and *Save* it on the *desktop* 
 Once saved, click on the *Query.bat* file and post the resulting report.



> @ECHO OFF
> cd /d %~dp0
> Swxcacls C:\Windows\SysNative >Report.txt
> Swxcacls C:\Windows\SysWow64 >>Report.txt
> ...


Please do not run *Swxcacls* unless instructed to do so.


----------



## nickpgood (Aug 25, 2011)

Here is the report:
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 (C)
*******************************************************************************
Folder: C:\Windows\SysNative

Permissions:
*******************************************************************************
Username
Type Permissions Inheritance
*******************************************************************************
NT SERVICE\TrustedInstaller
Allowed Full Control This Folder/File Only
NT SERVICE\TrustedInstaller
Allowed Special (Unknown) Subfolders only
NT AUTHORITY\SYSTEM
Allowed Modify This Folder/File Only
NT AUTHORITY\SYSTEM
Allowed Special (Unknown) Subfolders and Files only
NICK-PC\Administrators
Allowed Modify This Folder/File Only
NICK-PC\Administrators
Allowed Special (Unknown) Subfolders and Files only
NICK-PC\Users
Allowed Read and Execute This Folder/File Only
NICK-PC\Users
Allowed Special (Unknown) Subfolders and Files only
\CREATOR OWNER
Allowed Special (Unknown) Subfolders and Files only

No Auditing set

Owner: TrustedInstaller (NT SERVICE\TrustedInstaller)
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 (C)
*******************************************************************************
Folder: C:\Windows\SysWow64

Permissions:
*******************************************************************************
Username
Type Permissions Inheritance
*******************************************************************************
NT SERVICE\TrustedInstaller
Allowed Full Control This Folder/File Only
NT SERVICE\TrustedInstaller
Allowed Special (Unknown) Subfolders only
NT AUTHORITY\SYSTEM
Allowed Modify This Folder/File Only
NT AUTHORITY\SYSTEM
Allowed Special (Unknown) Subfolders and Files only
NICK-PC\Administrators
Allowed Modify This Folder/File Only
NICK-PC\Administrators
Allowed Special (Unknown) Subfolders and Files only
NICK-PC\Users
Allowed Read and Execute This Folder/File Only
NICK-PC\Users
Allowed Special (Unknown) Subfolders and Files only
\CREATOR OWNER
Allowed Special (Unknown) Subfolders and Files only

No Auditing set

Owner: TrustedInstaller (NT SERVICE\TrustedInstaller)
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 (C)
*******************************************************************************
Folder: C:\Windows

Permissions:
*******************************************************************************
Username
Type Permissions Inheritance
*******************************************************************************
NT SERVICE\TrustedInstaller
Allowed Full Control This Folder/File Only
NT SERVICE\TrustedInstaller
Allowed Special (Unknown) Subfolders only
NT AUTHORITY\SYSTEM
Allowed Modify This Folder/File Only
NT AUTHORITY\SYSTEM
Allowed Special (Unknown) Subfolders and Files only
NICK-PC\Administrators
Allowed Modify This Folder/File Only
NICK-PC\Administrators
Allowed Special (Unknown) Subfolders and Files only
NICK-PC\Users
Allowed Read and Execute This Folder/File Only
NICK-PC\Users
Allowed Special (Unknown) Subfolders and Files only
\CREATOR OWNER
Allowed Special (Unknown) Subfolders and Files only

No Auditing set

Owner: TrustedInstaller (NT SERVICE\TrustedInstaller)


----------



## nickpgood (Aug 25, 2011)

Ah, I didn't run the command

Net User Administrator /Active:no

which I assume gets rid of the administrator account
Here is the output once that command has been run:

SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 (C)
*******************************************************************************
Folder: C:\Windows\SysNative

Permissions:
*******************************************************************************
Username
Type Permissions Inheritance
*******************************************************************************
NT SERVICE\TrustedInstaller
Allowed Full Control This Folder/File Only
NT SERVICE\TrustedInstaller
Allowed Special (Unknown) Subfolders only
NT AUTHORITY\SYSTEM
Allowed Modify This Folder/File Only
NT AUTHORITY\SYSTEM
Allowed Special (Unknown) Subfolders and Files only
NICK-PC\Administrators
Allowed Modify This Folder/File Only
NICK-PC\Administrators
Allowed Special (Unknown) Subfolders and Files only
NICK-PC\Users
Allowed Read and Execute This Folder/File Only
NICK-PC\Users
Allowed Special (Unknown) Subfolders and Files only
\CREATOR OWNER
Allowed Special (Unknown) Subfolders and Files only

No Auditing set

Owner: TrustedInstaller (NT SERVICE\TrustedInstaller)
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 (C)
*******************************************************************************
Folder: C:\Windows\SysWow64

Permissions:
*******************************************************************************
Username
Type Permissions Inheritance
*******************************************************************************
NT SERVICE\TrustedInstaller
Allowed Full Control This Folder/File Only
NT SERVICE\TrustedInstaller
Allowed Special (Unknown) Subfolders only
NT AUTHORITY\SYSTEM
Allowed Modify This Folder/File Only
NT AUTHORITY\SYSTEM
Allowed Special (Unknown) Subfolders and Files only
NICK-PC\Administrators
Allowed Modify This Folder/File Only
NICK-PC\Administrators
Allowed Special (Unknown) Subfolders and Files only
NICK-PC\Users
Allowed Read and Execute This Folder/File Only
NICK-PC\Users
Allowed Special (Unknown) Subfolders and Files only
\CREATOR OWNER
Allowed Special (Unknown) Subfolders and Files only

No Auditing set

Owner: TrustedInstaller (NT SERVICE\TrustedInstaller)
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 (C)
*******************************************************************************
Folder: C:\Windows

Permissions:
*******************************************************************************
Username
Type Permissions Inheritance
*******************************************************************************
NT SERVICE\TrustedInstaller
Allowed Full Control This Folder/File Only
NT SERVICE\TrustedInstaller
Allowed Special (Unknown) Subfolders only
NT AUTHORITY\SYSTEM
Allowed Modify This Folder/File Only
NT AUTHORITY\SYSTEM
Allowed Special (Unknown) Subfolders and Files only
NICK-PC\Administrators
Allowed Modify This Folder/File Only
NICK-PC\Administrators
Allowed Special (Unknown) Subfolders and Files only
NICK-PC\Users
Allowed Read and Execute This Folder/File Only
NICK-PC\Users
Allowed Special (Unknown) Subfolders and Files only
\CREATOR OWNER
Allowed Special (Unknown) Subfolders and Files only

No Auditing set

Owner: TrustedInstaller (NT SERVICE\TrustedInstaller)


----------



## JSntgRvr (Jul 1, 2003)

The results are normal, so I don't know why can't you run *C:\Windows\SysWow64\control.exe* as you do have access to that file and folder.

Lests perform a few scans.

Download the enclosed file. Save it next to Combofix.










Once saved, referring to the picture above, drag *CFScript.txt * into *ComboFix.exe*, and post back the resulting report.








Please download Malwarebytes' Anti-Malware from *Here*. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:

*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.*

*I'd like us to scan your machine with ESET OnlineScan*
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the







button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on







to download the ESET Smart Installer. *Save* it to your desktop.
Double click on the







icon on your desktop.

Check








Click the







button.
Accept any security warnings from your browser.
Check








Push the *Start* button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push








Push







, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the







button.
Push


----------



## nickpgood (Aug 25, 2011)

Here is the Combofix report:
ComboFix 11-09-12.02 - Nick 12/09/2011 20:44:17.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2804.768 [GMT 1:00]
Running from: c:\users\Nick\Downloads\ComboFix.exe
Command switches used :: c:\users\Nick\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-08-12 to 2011-09-12 )))))))))))))))))))))))))))))))
.
.
2011-09-12 19:38 . 2011-07-06 18:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-12 19:38 . 2011-09-12 19:38 -------- d-----w- c:\programdata\Malwarebytes
2011-09-12 19:37 . 2011-07-06 18:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-12 19:37 . 2011-09-12 19:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-07 13:33 . 2011-09-07 13:33 0 ----a-w- c:\users\Nick\regdll.bat
2011-09-07 11:53 . 2011-09-07 13:46 3421298 ----a-w- C:\regdll.bat
2011-09-07 08:48 . 2011-09-07 08:48 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-05 18:50 . 2011-09-07 13:17 -------- d-----w- c:\users\Administrator
2011-09-05 18:27 . 2011-09-05 18:27 -------- d-----w- c:\users\TEMP.Nick-PC.011
2011-08-26 07:35 . 2011-08-26 07:35 -------- d-----w- c:\windows\en
2011-08-26 07:26 . 2011-08-26 07:26 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-26 07:21 . 2011-08-26 07:21 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\bd07d3601cc63c001\MeshBetaRemover.exe
2011-08-25 18:16 . 2011-08-25 18:16 388096 ----a-r- c:\users\Nick\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-25 18:16 . 2011-08-25 18:16 -------- d-----w- c:\program files (x86)\Trend Micro
2011-08-25 17:08 . 2011-08-25 17:08 -------- d-----w- c:\users\Nick\AppData\Local\VS Revo Group
2011-08-25 17:08 . 2009-12-30 10:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-08-25 17:08 . 2011-08-25 17:08 -------- d-----w- c:\program files\VS Revo Group
2011-08-25 07:38 . 2008-01-09 11:28 34032 ----a-w- c:\windows\system32\drivers\seehcri.sys
2011-08-25 07:11 . 2011-08-25 07:11 -------- d-----w- c:\program files (x86)\Avanquest update
2011-08-25 07:11 . 2011-08-25 07:11 -------- d-----w- c:\programdata\Avanquest
2011-08-24 08:46 . 2011-09-10 13:11 -------- d-----w- c:\users\Nick\AppData\Local\Mozilla Firefox
2011-08-24 08:13 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-23 11:00 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccu32.dll
2011-08-23 11:00 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccr32.dll
2011-08-23 11:00 . 2011-06-15 09:59 126976 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2011-08-23 11:00 . 2011-06-15 10:02 163840 ----a-w- c:\windows\system32\odbccp32.dll
2011-08-23 11:00 . 2011-06-15 10:02 212992 ----a-w- c:\windows\system32\odbctrac.dll
2011-08-23 11:00 . 2011-06-15 08:54 94208 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaosp.dll
2011-08-23 11:00 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-23 10:57 . 2011-06-21 06:34 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-23 10:51 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-21 09:00 . 2011-02-24 19:02 64272 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2011-08-16 07:48 . 2011-09-12 05:58 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6144068F-1958-4C88-ADC4-3FF814F64731}\mpengine.dll
2011-07-25 11:46 . 2011-07-25 11:46 27176 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2011-07-22 02:48 . 2011-08-23 17:23 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-16 04:29 . 2011-08-23 10:58 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26 . 2011-08-23 10:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:25 . 2011-08-23 10:58 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:24 . 2011-08-23 10:58 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 02:21 . 2011-08-23 10:58 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-12 10:34 . 2011-07-12 10:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 10:34 . 2011-07-12 10:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 10:20 . 2011-07-12 10:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 10:20 . 2011-07-12 10:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-09 04:29 . 2011-08-24 08:13 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-06-23 04:33 . 2011-08-23 10:51 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-06-23 04:33 . 2011-08-23 10:51 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-06-15 08:55 . 2011-08-23 11:00 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll
2011-06-15 08:55 . 2011-08-23 11:00 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll
2011-06-15 08:55 . 2011-08-23 11:00 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll
2011-06-15 08:55 . 2011-08-23 11:00 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll
2011-06-15 08:55 . 2011-08-23 11:00 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll
.
.
((((((((((((((((((((((((((((( [email protected]_08.19.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-08-31 08:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-09-12 20:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-08-31 08:16 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-12 20:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-12 20:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-31 08:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-05 18:30 . 2011-09-05 18:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
+ 2009-11-05 00:35 . 2011-09-09 20:20 68456 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-09-12 20:40 43906 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-08 17:45 . 2011-09-12 20:40 19790 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-506875343-581532590-2031743691-1000_UserData.bin
+ 2009-07-14 05:30 . 2011-09-02 08:01 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-08-25 10:27 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2010-01-11 19:56 . 2011-09-12 20:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-11 19:56 . 2011-08-31 08:16 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-11 19:56 . 2011-09-12 20:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-11 19:56 . 2011-08-31 08:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-12 20:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-05 18:30 . 2011-09-05 18:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
+ 2009-07-14 04:46 . 2011-09-07 13:29 96016 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2011-08-25 07:40 96016 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-09-05 18:34 . 2011-09-05 18:34 9512 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\kurrtsxy.default\pluginreg.dat
+ 2011-09-05 18:43 . 2011-09-05 18:45 2120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Office\14.0\msodatalast.dat
+ 2011-09-05 18:45 . 2011-09-05 18:45 2120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Office\14.0\msodata100.dat
+ 2011-09-05 18:43 . 2011-09-05 18:43 2120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Office\14.0\msodata099.dat
+ 2011-09-05 18:43 . 2011-09-05 18:43 2120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Office\14.0\msodata098.dat
+ 2010-07-30 19:03 . 2011-09-06 20:58 6208 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2010-07-30 19:03 . 2011-08-26 11:13 6208 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2010-01-11 19:54 . 2011-09-07 14:55 1704 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-506875343-581532590-2031743691-500_UserData.bin
+ 2011-09-12 20:36 . 2011-09-12 20:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-31 08:16 . 2011-08-31 08:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-31 08:16 . 2011-08-31 08:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-12 20:36 . 2011-09-12 20:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-07 08:48 . 2011-09-07 08:48 243360 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10w_Plugin.exe
- 2010-10-16 11:29 . 2011-07-08 08:07 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-10-16 11:29 . 2011-09-07 14:55 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-05-09 22:17 . 2011-09-12 20:32 323940 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-09-09 20:24 628460 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-08-29 16:15 628460 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-09-09 20:24 110612 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-08-29 16:15 110612 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:30 . 2011-09-02 08:01 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-08-25 10:27 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-09-02 08:01 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-08-25 10:27 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-09-02 19:34 . 2009-09-02 19:34 708168 c:\windows\system32\DriverStore\FileRepository\sa0102adb.inf_amd64_neutral_cdd95df2ee8e8592\amd64\WinUSBCoInstaller.dll
- 2009-07-14 05:12 . 2011-07-29 10:16 278528  c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2011-09-07 14:54 278528 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-09-05 18:46 . 2011-09-05 18:46 299160 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\1033\StructuredQuerySchema.bin
+ 2009-07-14 05:01 . 2011-09-12 20:34 475120 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-08-31 08:14 475120 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-01-27 01:07 . 2011-09-07 08:48 6277280 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
+ 2009-09-02 19:34 . 2009-09-02 19:34 1490656 c:\windows\system32\DriverStore\FileRepository\sa0102adb.inf_amd64_neutral_cdd95df2ee8e8592\amd64\WdfCoInstaller01007.dll
+ 2009-07-14 04:45 . 2011-09-07 08:47 7163631 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-08-25 06:46 7163631 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-10-16 10:16 . 2011-09-12 20:34 8152963 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-506875343-581532590-2031743691-1000-12288.dat
- 2009-07-14 02:34 . 2011-08-26 01:34 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-09-06 20:59 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
c:\program files (x86)\Ask.com\GenericAskToolbar.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-04-18 15146376]
"Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-07-25 433360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-11-12 181480]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-05-12 115560]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-14 136176]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-14 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus64_29574.sys [2011-08-07 386128]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-08-21 52496]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-08-21 61200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-08-21 870200]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-02 136824]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-14 17:27]
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-14 17:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-29 8312352]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-11 200704]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"PDF Converter Elite Print Dispatcher"="c:\program files (x86)\pdfconverter.com\PDF Converter Elite\2009\pcSONPrnDisp.exe" [2009-11-13 53248]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
Handler: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - c:\program files (x86)\QlikView\QvProtocol\qvp.dll
FF - ProfilePath - 
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-506875343-581532590-2031743691-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-506875343-581532590-2031743691-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
c:\users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
c:\program files (x86)\Skype\Plugin Manager\skypePM.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
c:\users\Nick\AppData\Local\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2011-09-12 21:57:31 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-12 20:57
ComboFix2.txt 2011-08-31 08:34
.
Pre-Run: 107,806,257,152 bytes free
Post-Run: 107,527,544,832 bytes free
.
- - End Of File - - 2569C38A385251CF1413D329A0C974B8


----------



## nickpgood (Aug 25, 2011)

Here is the Malwarebytes report. There were no results to view, but I guess that was becasue nothing was infected.
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7710

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

13/09/2011 20:47:57
mbam-log-2011-09-13 (20-47-57).txt

Scan type: Quick scan
Objects scanned: 373683
Time elapsed: 6 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## JSntgRvr (Jul 1, 2003)

All clear.

Open a command prompt window (Click on the Orb, type CMD on the search box. The CMD file should be shown on tp of the start menu programs. Right click on it and select "Run as Administrator").

At the command prompt type (or copy and paste) the following and press Enter after each line:

*cd C:\Windows\SysWow64
Control.exe
Exit*

Write down the error message if any and post it in your reply.


----------



## nickpgood (Aug 25, 2011)

The error message is as in the title 

{26EE0668-A00A-44D7-9371-BEB064C98683}

No Such interface supported

Am still running the last scan. Unfortunately my computer is set to sleep if not used for 15 minutes (which I can't chjange because I can't access the control panel) so i's taking ages


----------



## JSntgRvr (Jul 1, 2003)

I googled this error message and it seems you are not the only one with this problem. I still believe it is a registry problem.

Open a command prompt as you did before. At the prompt copy and paste the following and press Enter:

*for %a in (c:\Windows\System32\*.dll) do regsvr32.exe /s "%a"*

It should take a while to register these libraries. Once finished, type *Exit* and press Enter to return to Windows. Restart and test.

If still having problems, please download *SystemLook* from *here* and save it to your Desktop.


Right click *SystemLook_x64.exe* and select "Run as Administrator" to run it.
Copy the content of the following codebox into the main textfield:


> :Regfind
> {21EC2020-3AEA-1069-A2DD-08002B30309D}
> Control.exe
> 
> ...



Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------

