Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

JAVA/CVE-2013-0422.C


  • This topic is locked This topic is locked
42 replies to this topic

#1 Scooter74

Scooter74

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:24 AM

Posted 06 February 2013 - 10:12 AM

Hello,

I have McAfee Internet security suite anti-virus, and it hasn't detected anything....But, when I run Microsofts Security esentials it finds "Exploit:JAVA/CVE-2013-0422.C and says it removed it.

The issue is that everytime I run it again, it finds it again. Not sure if this is important but here are a few observations:

Microsoft only finds it when doing the full scan, not the quick scan
When I try to restore a previous state of windows, it tells me the restore was unsucessful. I have tried to use multiple different restore dates.
I downloaded and ran Malware Bytes and it found : trojen HKCR/SP on its first scan. all other scans have come up clean.

I will attach the DDS file.

Thank you

Attached Files

  • Attached File  dds.txt   22.38KB   3 downloads


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:24 AM

Posted 09 February 2013 - 10:02 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
 
Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
 
 
* IMPORTANT !!! Save ComboFix.exe to your Desktop
 
IMPORTANT....
 
1. Close any open browsers.
 
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
 
3. Do not install any other programs until this if fixed.
 
How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html
 
Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall
 
Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
 
 
Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===
 
Third party programs if not up to date can be the cause infiltration of an infection.
 
Please run this security check for my review.
 
Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===
 
Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.
 
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  •  
    Please post the logs for my review.


    #3 Scooter74

    Scooter74
    • Topic Starter

    • Members
    • 113 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:24 AM

    Posted 09 February 2013 - 06:05 PM

    NASDAQ,

     

    thanks for the help.  Here are the files you requested, I have two for the adwcleaner, one was before the deletion and then the report after.  I mistakening saved the before, but figured I would include it.

     

    thanks!

     

    ComboFix

     

    ComboFix 13-02-07.02 - Scott 02/09/2013  17:29:11.1.4 - x64
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7860.5765 [GMT -5:00]
    Running from: c:\users\Scott\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\ism_0_llatsni.pad
    c:\users\Scott\GoToAssistDownloadHelper.exe
    .
    .
    (((((((((((((((((((((((((   Files Created from 2013-01-09 to 2013-02-09  )))))))))))))))))))))))))))))))
    .
    .
    2013-02-09 22:36 . 2013-02-09 22:36 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-09 21:26 . 2013-02-09 21:26 -------- d-----w- c:\program files (x86)\ESET
    2013-02-09 21:25 . 2013-02-09 21:25 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-02-08 12:37 . 2013-01-18 17:15 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{30DDF1B7-69A3-4921-9144-FEBCCEF243DA}\mpengine.dll
    2013-02-05 22:04 . 2013-02-05 22:04 -------- d-----w- c:\users\Scott\AppData\Roaming\Malwarebytes
    2013-02-05 22:04 . 2013-02-05 22:04 -------- d-----w- c:\programdata\Malwarebytes
    2013-02-05 22:03 . 2013-02-05 22:03 -------- d-----w- c:\users\Scott\AppData\Local\Programs
    2013-02-05 22:01 . 2013-02-05 22:01 16200 ----a-w- c:\windows\stinger.sys
    2013-02-05 22:00 . 2013-02-05 22:08 -------- d-----w- c:\program files (x86)\stinger
    2013-02-05 21:34 . 2013-02-05 21:34 -------- d-----w- c:\users\Scott\AppData\Roaming\McAFee TechCheck
    2013-02-05 21:32 . 2000-05-22 06:00 244416 ----a-w- c:\windows\SysWow64\Msflxgrd.ocx
    2013-02-05 21:32 . 2000-05-22 06:00 203976 ----a-w- c:\windows\SysWow64\RICHTX32.OCX
    2013-02-05 21:32 . 1999-05-07 06:00 140288 ----a-w- c:\windows\SysWow64\comdlg32.ocx
    2013-02-05 21:32 . 2013-02-05 21:35 -------- d-----w- c:\users\Scott\AppData\Roaming\TechCheck
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-09 21:25 . 2012-11-24 20:22 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2013-02-09 21:25 . 2011-05-01 12:08 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2013-02-02 21:27 . 2011-02-01 18:46 5120 ---ha-w- c:\users\Scott\comdrv8z.bin
    2013-01-17 06:28 . 2010-04-28 19:45 273840 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-10 00:15 . 2010-04-28 23:26 67599240 ----a-w- c:\windows\system32\MRT.exe
    2012-12-26 14:55 . 2010-08-25 19:43 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2012-12-26 14:52 . 2010-08-25 19:43 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2012-12-26 14:51 . 2010-08-25 19:43 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2012-12-26 14:51 . 2010-08-25 19:43 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2012-12-26 14:50 . 2010-08-25 19:43 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2012-12-26 14:49 . 2010-08-25 19:43 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2012-12-26 14:49 . 2010-08-25 19:43 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2012-12-26 14:48 . 2010-08-25 19:43 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2012-12-25 13:53 . 2012-04-12 20:39 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-12-16 17:11 . 2012-12-21 13:31 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-21 13:31 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 13:31 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 13:31 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-07 13:20 . 2013-01-09 19:40 441856 ----a-w- c:\windows\system32\Wpc.dll
    2012-12-07 13:15 . 2013-01-09 19:40 2746368 ----a-w- c:\windows\system32\gameux.dll
    2012-12-07 12:26 . 2013-01-09 19:40 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
    2012-12-07 12:20 . 2013-01-09 19:40 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
    2012-12-07 11:20 . 2013-01-09 19:40 30720 ----a-w- c:\windows\system32\usk.rs
    2012-12-07 11:20 . 2013-01-09 19:40 43520 ----a-w- c:\windows\system32\csrr.rs
    2012-12-07 11:20 . 2013-01-09 19:40 23552 ----a-w- c:\windows\system32\oflc.rs
    2012-12-07 11:20 . 2013-01-09 19:40 45568 ----a-w- c:\windows\system32\oflc-nz.rs
    2012-12-07 11:20 . 2013-01-09 19:40 44544 ----a-w- c:\windows\system32\pegibbfc.rs
    2012-12-07 11:20 . 2013-01-09 19:40 20480 ----a-w- c:\windows\system32\pegi-fi.rs
    2012-12-07 11:20 . 2013-01-09 19:40 20480 ----a-w- c:\windows\system32\pegi-pt.rs
    2012-12-07 11:19 . 2013-01-09 19:40 20480 ----a-w- c:\windows\system32\pegi.rs
    2012-12-07 11:19 . 2013-01-09 19:40 46592 ----a-w- c:\windows\system32\fpb.rs
    2012-12-07 11:19 . 2013-01-09 19:40 40960 ----a-w- c:\windows\system32\cob-au.rs
    2012-12-07 11:19 . 2013-01-09 19:40 15360 ----a-w- c:\windows\system32\djctq.rs
    2012-12-07 11:19 . 2013-01-09 19:40 21504 ----a-w- c:\windows\system32\grb.rs
    2012-12-07 11:19 . 2013-01-09 19:40 55296 ----a-w- c:\windows\system32\cero.rs
    2012-12-07 11:19 . 2013-01-09 19:40 51712 ----a-w- c:\windows\system32\esrb.rs
    2012-12-07 10:46 . 2013-01-09 19:40 43520 ----a-w- c:\windows\SysWow64\csrr.rs
    2012-12-07 10:46 . 2013-01-09 19:40 30720 ----a-w- c:\windows\SysWow64\usk.rs
    2012-12-07 10:46 . 2013-01-09 19:40 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
    2012-12-07 10:46 . 2013-01-09 19:40 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
    2012-12-07 10:46 . 2013-01-09 19:40 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
    2012-12-07 10:46 . 2013-01-09 19:40 23552 ----a-w- c:\windows\SysWow64\oflc.rs
    2012-12-07 10:46 . 2013-01-09 19:40 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
    2012-12-07 10:46 . 2013-01-09 19:40 46592 ----a-w- c:\windows\SysWow64\fpb.rs
    2012-12-07 10:46 . 2013-01-09 19:40 20480 ----a-w- c:\windows\SysWow64\pegi.rs
    2012-12-07 10:46 . 2013-01-09 19:40 21504 ----a-w- c:\windows\SysWow64\grb.rs
    2012-12-07 10:46 . 2013-01-09 19:40 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
    2012-12-07 10:46 . 2013-01-09 19:40 15360 ----a-w- c:\windows\SysWow64\djctq.rs
    2012-12-07 10:46 . 2013-01-09 19:40 51712 ----a-w- c:\windows\SysWow64\esrb.rs
    2012-12-07 10:46 . 2013-01-09 19:40 55296 ----a-w- c:\windows\SysWow64\cero.rs
    2012-11-30 23:59 . 2011-05-18 22:34 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-30 05:45 . 2013-01-09 19:39 362496 ----a-w- c:\windows\system32\wow64win.dll
    2012-11-30 05:45 . 2013-01-09 19:39 243200 ----a-w- c:\windows\system32\wow64.dll
    2012-11-30 05:45 . 2013-01-09 19:39 13312 ----a-w- c:\windows\system32\wow64cpu.dll
    2012-11-30 05:45 . 2013-01-09 19:39 215040 ----a-w- c:\windows\system32\winsrv.dll
    2012-11-30 05:43 . 2013-01-09 19:39 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    2012-11-30 05:41 . 2013-01-09 19:39 424448 ----a-w- c:\windows\system32\KernelBase.dll
    2012-11-30 05:41 . 2013-01-09 19:39 1161216 ----a-w- c:\windows\system32\kernel32.dll
    2012-11-30 05:38 . 2013-01-09 19:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 19:39 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 19:39 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 19:39 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 19:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 19:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 19:39 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 19:39 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 19:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 19:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 19:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 19:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 19:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 19:39 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 19:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 19:39 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 19:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 19:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 19:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 19:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 19:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 19:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 19:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 19:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 19:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 19:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 19:39 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 19:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2012-11-30 04:54 . 2013-01-09 19:39 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2012-11-30 04:53 . 2013-01-09 19:39 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
    2012-11-30 04:45 . 2013-01-09 19:39 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 19:39 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 19:39 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 19:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 19:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 19:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 19:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 19:39 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 19:39 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 19:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 19:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 19:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-14 1534504]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 09104647
    *NewlyCreated* - 97166961
    *Deregistered* - 09104647
    *Deregistered* - 97166961
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-09 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files (x86)\Glary Utilities\initialize.exe [2011-05-24 05:26]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2009-12-30 200704]
    "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
    "IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-10-12 2075288]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5740&r=273604105026l0338z165t5961d54p
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5740&r=273604105026l0338z165t5961d54p
    uInternet Settings,ProxyOverride = *.local;192.168.*.*
    IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
    IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
    IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM
    IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM
    Trusted Zone: tantusnetworks.com\secure
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-40351999.sys
    SafeBoot-97166961.sys
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
       00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-02-09  17:38:07
    ComboFix-quarantined-files.txt  2013-02-09 22:38
    .
    Pre-Run: 399,748,927,488 bytes free
    Post-Run: 399,590,653,952 bytes free
    .
    - - End Of File - - 4D1194915D57873AA3E4F5A945B2FD40

     

    Security Check

     

     Results of screen317's Security Check version 0.99.57 
     Windows 7 Service Pack 1 x64 (UAC is enabled) 
     Internet Explorer 9 
    ``````````````Antivirus/Firewall Check:``````````````
     Windows Firewall Enabled! 
    McAfee Anti-Virus and Anti-Spyware  
     WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
     Auslogics Registry Cleaner  
     Java 7 Update 13 
     Java version out of Date!
     Adobe Reader 10.1.5 Adobe Reader out of Date! 
     Google Chrome 21.0.1180.89 
     Google Chrome 24.0.1312.57 
    ````````Process Check: objlist.exe by Laurent```````` 
    `````````````````System Health check`````````````````
     Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````

     

    ADW (before deletion)

     

    # AdwCleaner v2.111 - Logfile created 02/09/2013 at 17:49:52
    # Updated 05/02/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Scott - ACER_LAPTOP
    # Boot Mode : Normal
    # Running from : C:\Users\Scott\Desktop\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Found : C:\ProgramData\Partner

    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Google Chrome v24.0.1312.57

    File : C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [698 octets] - [09/02/2013 17:49:52]

    ########## EOF - C:\AdwCleaner[R1].txt - [757 octets] ##########

     

     

    ADW (after deletion)

     

    # AdwCleaner v2.111 - Logfile created 02/09/2013 at 17:53:26
    # Updated 05/02/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Scott - ACER_LAPTOP
    # Boot Mode : Normal
    # Running from : C:\Users\Scott\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\ProgramData\Partner

    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Google Chrome v24.0.1312.57

    File : C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [825 octets] - [09/02/2013 17:49:52]
    AdwCleaner[R2].txt - [884 octets] - [09/02/2013 17:52:58]
    AdwCleaner[S1].txt - [818 octets] - [09/02/2013 17:53:26]

    ########## EOF - C:\AdwCleaner[S1].txt - [877 octets] ##########



    #4 nasdaq

    nasdaq

    • Malware Response Team
    • 39,576 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:10:24 AM

    Posted 10 February 2013 - 08:22 AM

    Java 7 Update 13 

     Java version out of Date!
    You have the latest Java version. The tool needs to be updated.
     
    Your version of Adobe Reader 10.1.5 may be good. Just check it out.
     
    Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.
     
    When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
    ===
     
    Please let me know if the problem persists.


    #5 Scooter74

    Scooter74
    • Topic Starter

    • Members
    • 113 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:24 AM

    Posted 10 February 2013 - 10:17 PM

    thanks NASDAQ,  I think there might still be an issue.

     

    I uninstalled JAVA went to reinstall the latest version, but keep getting the following error message at the end of the instill (removed and retried 3 times now)

     

    "Installer: Wrapper.CreateFile failed with error 5: Access is denied"

     

    Any ideas?

     

    thanks!



    #6 nasdaq

    nasdaq

    • Malware Response Team
    • 39,576 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:10:24 AM

    Posted 11 February 2013 - 08:22 AM

    Try the Download from this page.

     

    http://www.adobe.com/products/reader.html

     

    Execute the downloaded .exe file as an Administrator.



    #7 Scooter74

    Scooter74
    • Topic Starter

    • Members
    • 113 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:24 AM

    Posted 11 February 2013 - 08:26 AM

    Thank you NASDAQ,  I reinstalled the Reader using your link.

     

    The real problem was with JAVA.  I cant seem to get it reinstalled, and that was the application which gave me the error message above.  Any ideas?  Am i still infected?



    #8 nasdaq

    nasdaq

    • Malware Response Team
    • 39,576 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:10:24 AM

    Posted 11 February 2013 - 08:43 AM

    Download Revo Uninstaller and remove any trace of Java.
     
     
    ===
     
    The Download the installer from this page. Run it as an Administrator.
     
     
    Keep me posted.


    #9 Scooter74

    Scooter74
    • Topic Starter

    • Members
    • 113 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:24 AM

    Posted 11 February 2013 - 09:15 AM

    Just ran the program and tried to reinstall,  same as before.  installs JAVA "successfully" then as the installer closes I get the error message posted above.

     

    I have 6 window updates for office that won't install also, can that be caused by this same thing?



    #10 nasdaq

    nasdaq

    • Malware Response Team
    • 39,576 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:10:24 AM

    Posted 11 February 2013 - 09:41 AM

     
    Try the suggested fix by pigpig5442 on this link.
     
    ===
     
    Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action center
  • Windows Update
  • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


  • #11 Scooter74

    Scooter74
    • Topic Starter

    • Members
    • 113 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:24 AM

    Posted 11 February 2013 - 01:44 PM

    Ok, the java seems to have installed properly with the directions on that link you posted.  Thanks

     

    The office updates:

     

    Security Update for Excel 2003 (KB2687481)

    Security Update for Office 2003 (KB2726929)

    Security Update for Office 2003 (KB2760574)

    Security Update for Word 2003 (KB2760497)

    Update for Outlook 2003 Junk E-mail Filter (KB2760582)   **** I don't really use outlooks so this isn't even an issue

    Update for Outlook 2003 Junk E-mail Filter (KB2760754)

     

    still will not install.....

     

    Here is the log you asked for:

     

    Farbar Service Scanner Version: 10-02-2013
    Ran by Scott (administrator) on 11-02-2013 at 13:39:28
    Running from "C:\Users\Scott\Desktop"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is offline
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****



    #12 nasdaq

    nasdaq

    • Malware Response Team
    • 39,576 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:10:24 AM

    Posted 11 February 2013 - 01:55 PM

    Try to install only one update such as:

    Security Update for Excel 2003 (KB2687481)

     

    If not successful please post the exact error message.

     

    If no message is given, run the DDS tool and submit (paste) the attach.txt it may give us some information on this error.



    #13 Scooter74

    Scooter74
    • Topic Starter

    • Members
    • 113 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:24 AM

    Posted 11 February 2013 - 02:41 PM

    Thanks again for all this help!

     

    Tried to install the one update only and got the following error:

     

    Code 80070643

     

    Here is the DDS file

     

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/28/2010 12:21:19 PM
    System Uptime: 2/11/2013 12:29:20 PM (2 hours ago)
    .
    Motherboard: Acer            |  | Aspire 5740                   
    Processor: Intel® Core™ i5 CPU       M 430  @ 2.27GHz | CPU 1 | 2130/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 453 GiB total, 373.564 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP389: 2/6/2013 7:54:22 AM - Windows Update
    RP390: 2/7/2013 8:15:45 AM - Windows Update
    RP391: 2/8/2013 7:24:48 AM - Windows Update
    RP392: 2/9/2013 3:00:23 AM - Windows Update
    RP393: 2/9/2013 4:16:55 PM - Removed Java 7 Update 13
    RP394: 2/9/2013 4:25:03 PM - Installed Java 7 Update 13
    RP395: 2/10/2013 9:34:02 PM - Removed Java 7 Update 13
    RP396: 2/10/2013 9:55:20 PM - Removed Google Talk Plugin
    RP397: 2/10/2013 9:57:39 PM - Removed Skype Toolbars
    RP398: 2/10/2013 10:11:14 PM - Installed Java 7 Update 13
    RP399: 2/11/2013 3:00:25 AM - Windows Update
    RP400: 2/11/2013 8:57:32 AM - Revo Uninstaller's restore point - Java 7 Update 13
    RP401: 2/11/2013 8:57:44 AM - Removed Java 7 Update 13
    RP402: 2/11/2013 9:13:11 AM - Installed Java 7 Update 13
    RP403: 2/11/2013 1:24:12 PM - Removed Java 7 Update 13
    RP404: 2/11/2013 1:37:41 PM - Installed Java 7 Update 13
    RP405: 2/11/2013 2:33:14 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Acer Arcade Deluxe
    Acer Backup Manager
    Acer Crystal Eye webcam Ver:1.1.124.1120
    Acer ePower Management
    Acer eRecovery Management
    Acer GridVista
    Acer Registration
    Acer ScreenSaver
    Acer Updater
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader XI (11.0.01)
    Alcor Micro USB Card Reader
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASUS RT-N16 Wireless Router Utilities
    Auslogics Disk Defrag
    Auslogics Registry Cleaner
    Backup Manager Basic
    BitPim 1.0.7
    Bonjour
    Broadcom Gigabit NetLink Controller
    CCleaner
    Compatibility Pack for the 2007 Office system
    D3DX10
    Flight Test 5
    Garmin POI Loader
    Garmin USB Drivers
    Google Chrome
    HP LaserJet P1500 series
    HP Product Detection
    HPSSupply
    Identity Card
    ieSpell
    Intel® Control Center
    Intel® Graphics Media Accelerator Driver
    Intel® Management Engine Components
    Intel® Turbo Boost Technology Monitor
    Intel® Matrix Storage Manager
    iTunes
    Java 7 Update 13
    Java Auto Updater
    Jeppesen Services
    Jeppesen Services Update Manager
    Junk Mail filter update
    King Air B200 Trainer v12.00
    Launch Manager
    LG USB Modem driver
    Logbook Pro
    Logitech Harmony Remote Software 7
    LSI HDA Modem
    McAfee Internet Security Suite
    McAfee Virtual Technician
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Mouse and Keyboard Center
    Microsoft Office File Validation Add-In
    Microsoft Office Live Add-in 1.5
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works 6-9 Converter
    MobileMe Control Panel
    MotoCast
    MotoHelper 2.1.40 Driver 5.5.0
    MotoHelper MergeModules
    MOTOROLA MEDIA LINK
    Motorola Mobile Drivers Installation 5.5.0
    MrvlUsgTracking
    MrvlUsgTracking64
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyWinLocker
    NTI Backup Now 5
    NTI Backup Now Standard
    NTI Media Maker 8
    QuickTime
    Realtek High Definition Audio Driver
    Remote Control USB Driver
    Revo Uninstaller 1.94
    SCTDrivers64J10
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Shared C Run-time for x64
    Skype™ 5.10
    Synaptics Pointing Device Driver
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Welcome Center
    WIDCOMM Bluetooth Software
    Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
    Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407)
    Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/9/2013 5:36:09 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
    2/9/2013 5:35:34 PM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    2/9/2013 10:02:19 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:  An instance of the service is already running.
    2/5/2013 5:01:10 PM, Error: Service Control Manager [7034]  - The NTI IScheduleSvc service terminated unexpectedly.  It has done this 1 time(s).
    2/5/2013 5:01:10 PM, Error: Service Control Manager [7034]  - The NTI Backup Now 5 Scheduler Service service terminated unexpectedly.  It has done this 1 time(s).
    2/5/2013 5:01:10 PM, Error: Service Control Manager [7034]  - The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
    2/4/2013 9:54:25 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    2/4/2013 9:54:25 AM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    2/4/2013 9:54:25 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    2/4/2013 9:52:26 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
    2/4/2013 9:45:48 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
    2/4/2013 9:37:26 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
    2/4/2013 9:36:16 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk spldr Wanarpv6
    2/4/2013 8:51:42 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    2/4/2013 6:44:13 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
    2/4/2013 6:44:13 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    2/4/2013 6:44:13 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    2/4/2013 4:38:04 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
    2/4/2013 4:34:31 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    2/4/2013 4:34:31 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    2/4/2013 4:34:30 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    2/4/2013 4:34:30 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    2/4/2013 4:34:29 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/4/2013 4:34:20 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    2/4/2013 4:34:02 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache mfehidk mwlPSDFilter mwlPSDNServ mwlPSDVDisk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    2/4/2013 4:34:02 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
    2/4/2013 4:34:02 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
    2/4/2013 4:34:02 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
    2/4/2013 4:34:02 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
    2/4/2013 4:34:02 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
    2/4/2013 4:34:02 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
    2/4/2013 4:34:02 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
    2/4/2013 4:34:02 PM, Error: Service Control Manager [7001]  - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error:  A device attached to the system is not functioning.
    2/4/2013 4:34:02 PM, Error: Service Control Manager [7001]  - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:  The dependency service or group failed to start.
    2/4/2013 4:34:02 PM, Error: Service Control Manager [7001]  - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error:  The dependency service or group failed to start.
    2/4/2013 4:34:02 PM, Error: Service Control Manager [7001]  - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error:  The dependency service or group failed to start.
    2/4/2013 4:34:02 PM, Error: Service Control Manager [7001]  - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error:  The dependency service or group failed to start.
    2/4/2013 4:34:02 PM, Error: Service Control Manager [7001]  - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:  The dependency service or group failed to start.
    2/4/2013 4:34:02 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
    2/4/2013 4:34:02 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
    2/4/2013 4:34:02 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
    2/11/2013 3:02:39 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Office 2003 (KB2726929).
    2/11/2013 3:02:05 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Outlook 2003 Junk E-mail Filter (KB2760754).
    2/11/2013 3:01:54 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Outlook 2003 Junk E-mail Filter (KB2760582).
    2/11/2013 3:01:43 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Word 2003 (KB2760497).
    2/11/2013 3:01:33 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Office 2003 (KB2760574).
    2/11/2013 2:34:46 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Excel 2003 (KB2687481).
    2/11/2013 12:29:41 PM, Error: Microsoft-Windows-BitLocker-Driver [24620]  - Encrypted volume check: Volume information on E: cannot be read.
    2/10/2013 10:03:58 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
    2/10/2013 10:03:58 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
    .
    ==== End Of File ===========================
     



    #14 nasdaq

    nasdaq

    • Malware Response Team
    • 39,576 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:10:24 AM

    Posted 12 February 2013 - 08:51 AM

    Try these Microsoft fixes

     

     

    You receive an "Error 80070643" error message when you try to update Office 2003 by using Software Update Services

     

    http://support.microsoft.com/kb/903772

     

    Keep me posted.



    #15 Scooter74

    Scooter74
    • Topic Starter

    • Members
    • 113 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:24 AM

    Posted 13 February 2013 - 10:24 PM

    Ok, think I have it back up and running.....Thank you for all the time and help.






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users