Windows Security Center can't be started because of virus/malware

Page 2 of 13 FirstFirst 123412 ... LastLast

  1. cottonball
    Posts : 2,470
    Windows 7 Home Premium
       New #11

    Those entries in RogueKiller are of no consequence. Just let them be.

    Please run SystemLook once again. This time, use the following:

    Code:
    :filefind
wscsvc.dll
    Seems unusual that there are no wscsvc files showing in the query. It could be my mistake by not showing the .dll extension.


    Also, do you have the file wscui.cpl in the system?

    Go to Start, and in the Search box, type: wscui.cpl
    If present in the list of programs, above Search, right click and select: Open with Control Panel

    What happens?

    If the Service Center does not start, set the Startup type to: Automatic (Delayed start), and then see if you can press the Start button. It is currently set as: Deaktivert

    What happens.

    If still the same issue, please download Microsoft Security Essentials:
    Microsoft Security Essentials - Microsoft Windows

    Install the program, update it, and run a Scan.

    Does the scan show any malware?...hopefully not.

    Is Security Center still the same?
    Last edited by cottonball; 24 Jan 2013 at 12:28.
      My Computer
    Quote Quote

  3. Crumble
    Posts : 55
    Windows 7 Ultimate, 32bit
    Thread Starter
       New #12

    Okey, I found a file called wscui.cpl as you said, and I opened it "with control panel". What happened was that the Control Panel opened, like this:



    It still says that the Security Center is deactivated. So I did what you told me to: set the startup type to delayed start. Then it was possible to press the start button, but after maybe 2 seconds it was deactivated again.

    And I ran the SystemLook test again, here is the result:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 04:02 on 25/01/2013 by siri1802
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "wscsvc.dll"
    C:\Windows\System32\wscsvc.dll --a---- 73728 bytes [23:31 13/07/2009] [01:16 14/07/2009] 6F5D49EFE0E7164E03AE773A3FE25340
    C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_1c47c79e105aef4c\wscsvc.dll --a---- 73728 bytes [23:31 13/07/2009] [01:16 14/07/2009] 6F5D49EFE0E7164E03AE773A3FE25340

    -= EOF =-


    I have now reinstalled Microsoft Security Essentials - and it still won't open. Or - it opens in half a second before it closes again. I managed to press printscreen before it closed though, and this is what it looked like:




    As the program close down so fast, I don't have the time to press "update", and at least not run a scan I'm afraid.

    I am sure there must be some malware that automatically closes and unables my security-program.

    And also the screen driver stops responding all the time and is then recovered again. I don't know if it has any connection with my other problems.
      My Computer
    Quote Quote

  4. cottonball
    Posts : 2,470
    Windows 7 Home Premium
       New #13

    ...there must be some malware that automatically closes and unables my security-program...

    That is what it looks like.

    When you ran Malwarebytes and some threats were found, is the log with those results still available?
    The log is automatically saved and can be viewed by clicking the MBAM Logs tab.

    If it is available, please post the info.


    Now, let's go after the malware...

    Please download ComboFix:
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    IMPORTANT!!! Save to your Desktop <<<

    If using a notebook, make sure it is connected to wall-power (AC power), or a UPS system.


    Disable any AntiVirus and AntiSpyware applications, since they may interfere with ComboFix.

    Info on disabling protection programs:
    Topic:
    http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html
    Topic:
    http://www.bleepingcomputer.com/forums/topic114351.html

    To run ComboFix, right-click on ComboFix.exe and select: Run as Administrator
    Click on Yes, to continue scanning for malware.
    The scan make take a while, since it has some 50+ stages.

    When finished, CF produces a report.
    Please provide a copy of the C:\ComboFix.txt in your reply.
     
    Notes:
    1. Please do not mouse-click the ComboFix window while it is running. This action may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
    3. CF disconnects your machine from the Internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


    ComboFix User's Guide:
    ComboFix: A guide and tutorial on using ComboFix
     


    Next, please run the AdwCleaner program:
    http://general-changelog-team.fr/fr/downloads

    It searches and removes unwanted toolbars, programs, adwares, and browser hijackers, and is compatible with Windows XP, Vista, 7, versions 32 and 64 bits.

    After downloading, save AdwCleaner to the Desktop
    Double-click on the program to run it
    Click the Search button
    When done a text file opens.

    Please post the content of the AdwCleaner[Sn].txt in your reply.

    Note: You can also find the reports at C:\AdwCleaner[Sn].txt (S = search, n = order number), or, C:\AdwCleaner[Rn].txt (R = remove, n = order number)


    I currently live in the USA, do you live in Europe's Scandinavian Penninsula? There seems to be a time zone difference in our communications.
      My Computer
    Quote Quote

  6. UsernameIssues
    Posts : 10,485
    W7 Pro SP1 64bit
       New #14

    @Crumble,
    Have you followed the suggest in post 2?

    You can probably use a USB flash drive - so you don't even have to burn a CD/DVD. There are nasties out there that can hide from MSE, Malwarebytes, rootkit detectors..... These particular nasties load before the operating system loads, so they can hide themselves from most anything running on top of the operating system. This is why there are several scanners that check things out while your operating system is not loaded.

    WDO is not perfect, but it is free, relatively fast, easy to use and from the maker of your OS

    :::returns to lurking:::
      My Computer
    Quote Quote

  7. cottonball
    Posts : 2,470
    Windows 7 Home Premium
       New #15

    @UsernameIssues,

    Thanks for the WDO reminder.

    Had looked at it here:
    Windows Defender Offline

    Then, got busy trying to see if the problem could be resolved otherwise. However, the situation does look as if there is malware still involved.

    It is a good idea, though. It could be run now, and if it comes up clean, and the issue is not resolved, then go back to ComboFix.
      My Computer
    Quote Quote

  8. Crumble
    Posts : 55
    Windows 7 Ultimate, 32bit
    Thread Starter
       New #16

    Sounds great UsernameIssues :) , but I have some questions:
    1. Will the USB flash drive get infected by the malware if I connect it to my computer?
    2. I already have a program called "Windows Defender" - is this the same program you are talking about? The only problem is that like Security Center, this program won't open either..

    Should I just try the ComboFix since I don't have my USB flash drive with me now? Or should I start with the WDO? :)


    cottonball, yes - I'm from the Europe's Scandinavian Penninsula, but I live in Asia for the time being, hence the time zone difference
    Last edited by Crumble; 25 Jan 2013 at 03:20.
      My Computer
    Quote Quote

  10. UsernameIssues
    Posts : 10,485
    W7 Pro SP1 64bit
       New #17

    The order that you try things in doesn't much matter at this point.

    WDO is different than WD.
    What is Windows Defender Offline&#63;
    WDO contains an operating system (network drivers, graphics drivers...) all of which stay on the CD/DVD/USB media that you put it on. Then you boot the computer to that media.

    It would be best to create the WDO bootable USB flash drive using a clean computer... but the same would be true for burning a CD or DVD. Be sure that you copy any files that are on the USB flash drive to somewhere safe because the WDO build process will format the USB flash drive. A tiny USB flash drive will do - you only need 250MB.
      My Computer
    Quote Quote

  11. Crumble
    Posts : 55
    Windows 7 Ultimate, 32bit
    Thread Starter
       New #18

    Good. I have now run the ComboFix and got the following result:

    ComboFix 13-01-24.02 - siri1802 25.01.2013 10:27:10.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.47.1044.18.2003.1298 [GMT 1:00]
    Kjører fra: c:\users\siri1802\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\3002.abs
    c:\programdata\3002.xml
    .
    Infisert kopi av c:\windows\system32\userinit.exe ble funnet og desinfisert
    Gjenopprettet kopi fra - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    .
    .
    ((((((((((((((((((((((((((( Filer Opprettet Fra 2012-12-25 til 2013-01-25 )))))))))))))))))))))))))))))))))
    .
    .
    2013-01-25 09:34 . 2013-01-25 09:34 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-01-22 03:23 . 2013-01-22 03:23 -------- d-----w- c:\program files\iPod
    2013-01-22 03:22 . 2013-01-22 03:23 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2013-01-22 03:22 . 2013-01-22 03:23 -------- d-----w- c:\program files\iTunes
    2013-01-19 11:48 . 2013-01-19 11:48 -------- d-----w- c:\users\siri1802\AppData\Roaming\Malwarebytes
    2013-01-19 11:47 . 2013-01-19 11:47 -------- d-----w- c:\programdata\Malwarebytes
    2013-01-19 11:47 . 2013-01-19 11:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-01-19 11:47 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-01-19 11:39 . 2013-01-19 11:39 -------- d-----w- c:\users\siri1802\AppData\Local\Programs
    2013-01-18 09:09 . 2013-01-18 09:09 -------- d-----w- c:\program files\Common Files\Java
    2013-01-18 09:08 . 2013-01-18 09:08 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-01-16 10:17 . 2013-01-16 10:17 -------- d-----w- c:\program files\WinPcap
    2013-01-16 04:00 . 2013-01-16 04:00 -------- d-----w- c:\program files\MSECache
    2013-01-14 03:06 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
    2013-01-14 03:06 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
    2013-01-13 15:06 . 2012-11-22 04:45 626688 ----a-w- c:\windows\system32\usp10.dll
    2013-01-13 15:06 . 2012-11-23 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
    2013-01-13 15:02 . 2012-12-07 12:20 2576384 ----a-w- c:\windows\system32\gameux.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-25 09:35 . 2012-09-24 09:51 17408 ----a-w- c:\windows\system32\rpcnetp.exe
    2013-01-25 09:35 . 2012-09-25 07:30 58288 ----a-w- c:\windows\system32\rpcnet.dll
    2013-01-18 09:08 . 2012-09-25 07:27 859552 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-01-18 09:08 . 2011-05-20 14:10 780192 ----a-w- c:\windows\system32\deployJava1.dll
    2013-01-13 14:39 . 2012-09-24 22:16 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-13 14:39 . 2011-05-20 14:10 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-11-09 04:42 . 2012-12-12 03:10 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-02 05:11 . 2012-12-12 03:10 376832 ----a-w- c:\windows\system32\dpnet.dll
    2013-01-19 16:36 . 2013-01-19 16:35 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}"= "c:\program files\BitTorrentControl_v12\prxtbBitT.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}]
    2011-05-09 09:49 176936 ----a-w- c:\program files\BitTorrentControl_v12\prxtbBitT.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}"= "c:\program files\BitTorrentControl_v12\prxtbBitT.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}"= "c:\program files\BitTorrentControl_v12\prxtbBitT.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Spotify"="c:\users\siri1802\AppData\Roaming\Spotify\Spotify.exe" [2012-10-29 7880664]
    "Spotify Web Helper"="c:\users\siri1802\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-29 1199576]
    "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
    "Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\SEARCH~1\Datamngr\datamngr.dll c:\progra~1\SEARCH~1\Datamngr\IEBHO.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
    @="Service"
    .
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
    R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    .
    .
    --- Andre tjenester/drivere lastet i minnet ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-01-24 07:40 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
    .
    Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
    .
    2013-01-25 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-24 14:39]
    .
    2013-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-10-07 15:20]
    .
    2013-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-10-07 15:20]
    .
    2013-01-25 c:\windows\Tasks\IKOPXBS.job
    - c:\windows\system32\deskperfm.dll [2012-09-24 22:13]
    .
    .
    ------- Tilleggsskanning -------
    .
    uStart Page = hxxp://google.no/
    mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={035FCF41-1554-11E2-A7E2-0023AE27B879}
    uInternet Settings,ProxyOverride = *.local
    IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
    IE: Se&nd til OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.11.1
    FF - ProfilePath - c:\users\siri1802\AppData\Roaming\Mozilla\Firefox\Profiles\3pt7z1m9.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: browser.search.selectedEngine - BitTorrentControl_v12 Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3225826&SearchSource=2&CUI=SB_CUI&q=
    FF - ExtSQL: !HIDDEN! 2012-09-25 10:35; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension
    user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);FF - user.js: extentions.y2layers.installId - 695d8d28-0b01-4564-9510-72b1c5231f33
    FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,ezLooker,pagerage,buzzdock,toprelatedtopics,YontooNewOffers
    FF - user.js: extensions.autoDisableScopes - 14
    .
    - - - - TOMME PEKERE FJERNET - - - -
    .
    Toolbar-10 - (no file)
    HKLM-Run-Aimersoft Helper Compact.exe - c:\program files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
    .
    .
    .
    --------------------- LÅSTE REGISTERNØKLER ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe ,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Andre Kjørende Prosesser ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\AEADISRV.EXE
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\rpcnet.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\sppsvc.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\ehome\ehRecvr.exe
    .
    **************************************************************************
    .
    Tidspunkt ferdig: 2013-01-25 10:40:46 - maskinen ble startet på nytt
    ComboFix-quarantined-files.txt 2013-01-25 09:40
    .
    Pre-Run: 15*018*688*512 byte ledig
    Post-Run: 15*445*389*312 byte ledig
    .
    - - End Of File - - 0F1B2B13D1F75DAA6F6351F45DEFE969



    [B]The program deleted some unwanted files I think.
      My Computer
    Quote Quote

  12. Crumble
    Posts : 55
    Windows 7 Ultimate, 32bit
    Thread Starter
       New #19

    I then ran the AdwCleaner as you suggested:[/B]

    # AdwCleaner v2.108 - Logfile created 01/25/2013 at 10:57:08
    # Updated 24/01/2013 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
    # User : siri1802 - SIRIS-PC
    # Boot Mode : Normal
    # Running from : C:\Users\siri1802\Downloads\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\END
    File Found : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
    File Found : C:\Users\siri1802\AppData\Roaming\Mozilla\Firefox\Profiles\3pt7z1m9.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
    File Found : C:\Users\siri1802\AppData\Roaming\Mozilla\Firefox\Profiles\3pt7z1m9.default\searchplugins\Conduit.xm l
    File Found : C:\Users\siri1802\AppData\Roaming\Mozilla\Firefox\Profiles\3pt7z1m9.default\searchplugins\Search_Res ults.xml
    File Found : C:\Users\siri1802\AppData\Roaming\Mozilla\Firefox\Profiles\3pt7z1m9.default\searchplugins\SweetIm.xm l
    Folder Found : C:\Program Files\1ClickDownload
    Folder Found : C:\Program Files\BitTorrentControl_v12
    Folder Found : C:\Program Files\Conduit
    Folder Found : C:\Program Files\Searchqu Toolbar
    Folder Found : C:\Program Files\SweetIM
    Folder Found : C:\Program Files\WhiteSmoke_US_New
    Folder Found : C:\Program Files\Yontoo
    Folder Found : C:\ProgramData\boost_interprocess
    Folder Found : C:\ProgramData\SweetIM
    Folder Found : C:\ProgramData\Tarma Installer
    Folder Found : C:\Users\siri1802\AppData\Local\Conduit
    Folder Found : C:\Users\siri1802\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
    Folder Found : C:\Users\siri1802\AppData\Local\Ilivid
    Folder Found : C:\Users\siri1802\AppData\LocalLow\BitTorrentControl_v12
    Folder Found : C:\Users\siri1802\AppData\LocalLow\Conduit
    Folder Found : C:\Users\siri1802\AppData\LocalLow\searchquband
    Folder Found : C:\Users\siri1802\AppData\LocalLow\Searchqutoolbar
    Folder Found : C:\Users\siri1802\AppData\LocalLow\WhiteSmoke_US_New
    Folder Found : C:\Users\siri1802\AppData\Roaming\Mozilla\Firefox\Profiles\3pt7z1m9.default\CT3225826
    Folder Found : C:\Users\siri1802\AppData\Roaming\Mozilla\Firefox\Profiles\3pt7z1m9.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}
    Folder Found : C:\Users\siri1802\AppData\Roaming\Mozilla\Firefox\Profiles\3pt7z1m9.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
    Folder Found : C:\Users\siri1802\AppData\Roaming\Mozilla\Firefox\Profiles\3pt7z1m9.default\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
    Folder Found : C:\Users\siri1802\AppData\Roaming\Mozilla\Firefox\Profiles\3pt7z1m9.default\extensions\OneClickDownl oad@OneClickDownload.com
    Folder Found : C:\Users\siri1802\AppData\Roaming\Mozilla\Firefox\Profiles\3pt7z1m9.default\extensions\plugin@yontoo .com
    Folder Found : C:\Users\siri1802\AppData\Roaming\Mozilla\Firefox\Profiles\3pt7z1m9.default\Searchqutoolbar
    Folder Found : C:\Users\siri1802\AppData\Roaming\Mozilla\Firefox\Profiles\3pt7z1m9.default\Smartbar
    Folder Found : C:\Users\siri1802\AppData\Roaming\Mozilla\Firefox\Profiles\3pt7z1m9.default\SweetPacksToolbarData
    Folder Found : C:\Users\siri1802\AppData\Roaming\OpenCandy
    Folder Found : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
    Folder Found : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}

    ***** [Registry] *****

    Data Found : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
    Data Found : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll
    Key Found : HKCU\Software\1ClickDownload
    Key Found : HKCU\Software\AppDataLow\Software\BitTorrentControl_v12
    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
    Key Found : HKCU\Software\AppDataLow\Software\SmartBar
    Key Found : HKCU\Software\AppDataLow\Software\WhiteSmoke_US_New
    Key Found : HKCU\Software\AppDataLow\Toolbar
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\DataMngr_Toolbar
    Key Found : HKCU\Software\ilivid
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKCU\Software\Softonic
    Key Found : HKLM\Software\BitTorrentControl_v12
    Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Found : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
    Key Found : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
    Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Found : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
    Key Found : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
    Key Found : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
    Key Found : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
    Key Found : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
    Key Found : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
    Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
    Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
    Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
    Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
    Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
    Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
    Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
    Key Found : HKLM\SOFTWARE\Classes\sim-packages
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3225826
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3244149
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
    Key Found : HKLM\Software\Iminent
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33AB742A-8D0F-44D0-ACB5-897D3DFC346B}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95E32D64-21FF-481F-BB17-A76F49B0F7BD}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CA08590-D917-4BEA-828D-9734E696C1AD}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A4B7BDF1-C8A0-47CB-811A-D87756A3E97F}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2}
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
      My Computer
    Quote Quote

  13. Crumble
    Posts : 55
    Windows 7 Ultimate, 32bit
    Thread Starter
       New #20

    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\547B38670606DF14AA57B0BB83F3AE4D
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentControl_v12 Toolbar
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US_New Toolbar
    Key Found : HKLM\Software\WhiteSmoke_US_New
    Key Found : HKU\S-1-5-21-4278792135-2590523476-2833556063-1002\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Found : HKU\S-1-5-21-4278792135-2590523476-2833556063-1002\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{462BE121-2B54-4218-BF00-B9BF8135B23F}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={035FCF41-1554-11E2-A7E2-0023AE27B879}

    -\\ Mozilla Firefox v18.0.1 (en-US)

    File : C:\Users\siri1802\AppData\Roaming\Mozilla\Firefox\Profiles\3pt7z1m9.default\prefs.js

    Found : user_pref("CT3225826.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM1ODY5Nzc1MSwidXVpZCI6Nzc2MDQ4NjQxMDE5NTQxLCJ[...]
    Found : user_pref("CT3225826.CBOpenMAMSettings.enc", "MA==");
    Found : user_pref("CT3225826.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Found : user_pref("CT3225826.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
    Found : user_pref("CT3225826.FirstTime", "true");
    Found : user_pref("CT3225826.FirstTimeFF3", "true");
    Found : user_pref("CT3225826.LoginRevertSettingsEnabled", true);
    Found : user_pref("CT3225826.RevertSettingsEnabled", true);
    Found : user_pref("CT3225826.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...]
    Found : user_pref("CT3225826.UserID", "UN61944506999088192");
    Found : user_pref("CT3225826.addressBarTakeOverEnabledInHidden", "true");
    Found : user_pref("CT3225826.browser.search.defaultthis.engineName", true);
    Found : user_pref("CT3225826.cbcountry_001.enc", "TlA=");
    Found : user_pref("CT3225826.cbfirsttime.enc", "U2F0IE9jdCAxMyAyMDEyIDIxOjE5OjExIEdNVCswMjAwIChTZW50cmFsZXVy[...]
    Found : user_pref("CT3225826.embeddedsData", "[{\"appId\":\"129830626805552092\",\"apiPermissions\":{\"cross[...]
    Found : user_pref("CT3225826.enableAlerts", "always");
    Found : user_pref("CT3225826.enableSearchFromAddressBar", "true");
    Found : user_pref("CT3225826.firstTimeDialogOpened", "true");
    Found : user_pref("CT3225826.fixPageNotFoundError", "true");
    Found : user_pref("CT3225826.fixPageNotFoundErrorInHidden", "true");
    Found : user_pref("CT3225826.fixUrls", true);
    Found : user_pref("CT3225826.installId", "fft6E8C.tmp.exe");
    Found : user_pref("CT3225826.installType", "XPE");
    Found : user_pref("CT3225826.isCheckedStartAsHidden", true);
    Found : user_pref("CT3225826.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Found : user_pref("CT3225826.isFirstTimeToolbarLoading", "false");
    Found : user_pref("CT3225826.isNewTabEnabled", true);
    Found : user_pref("CT3225826.isPerformedSmartBarTransition", "true");
    Found : user_pref("CT3225826.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Found : user_pref("CT3225826.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Found : user_pref("CT3225826.keyword", true);
    Found : user_pref("CT3225826.migrateAppsAndComponents", true);
      My Computer
    Quote Quote

 
Page 2 of 13 FirstFirst 123412 ... LastLast

  Related Discussions
Hi, I've recently had a virus on my laptop, AVG detected a few called trojan horse generic29.ajge I think i've managed to remove them through various types of malware programs and such but it has left me unable to activate the Windows Security Center and also my Windows Firewall isn't using...
Hey,Im a Rookie to when it comes to using programs to Get rid of certain viruses and programs, But recently i found out my Firewall and security center could not be started, I have used malware bytes, and a few other programs but this has only made it so that the firewall is accesiable now, I Was...
Hello, This is my first post and, as you can see from the title, I'm getting the message that my Windows Security Center service can't be started. In addition, when browsing the web, I will sometimes click on a link and be sent to a page other than the one I clicked on. I've read, here on...
background:I took your advice and ran it. Nothing detected. I decided to also do a full scan with MS Security Essentials and there were some items detected. Thnx! Issue : Oh btw, as I was navigating the Control Panel after all this I happened across the 'Action Center' and noticed that...
I click on the flag to turn it on but get that message... 'The Windows Security Center service can't be started.' Seems to have coincided with Firefox crashing REALLY FREQUENTLY too. I downloaded Malwarebytes' Anti-Malware and did a full scan. Here's the result: Malwarebytes'...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 19:39.
Find Us