Windows Security Centre wont turn on

Hello again, i just run the aswMBR scan and will attach the report below.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-16 23:03:49
-----------------------------
23:03:49.883 OS Version: Windows x64 6.1.7601 Service Pack 1
23:03:49.883 Number of processors: 2 586 0x170A
23:03:49.883 ComputerName: HILS-PC UserName: hils
23:03:51.193 Initialize success
23:03:58.666 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:03:58.666 Disk 0 Vendor: TOSHIBA_MK5055GSX FG000D Size: 476940MB BusType: 11
23:03:58.681 Disk 0 MBR read successfully
23:03:58.681 Disk 0 MBR scan
23:03:58.697 Disk 0 Windows VISTA default MBR code
23:03:58.697 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
23:03:58.712 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
23:03:58.728 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30800325
23:03:58.744 Disk 0 scanning C:\Windows\system32\drivers
23:04:07.698 Service scanning
23:04:41.893 Modules scanning
23:04:41.893 Disk 0 trace - called modules:
23:04:41.924 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
23:04:41.940 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c36060]
23:04:41.940 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800467b1f0]
23:04:41.940 Scan finished successfully
23:05:29.193 Disk 0 MBR has been saved successfully to "C:\Users\hils\Desktop\MBR.dat"
23:05:29.193 The log file has been saved successfully to "C:\Users\hils\Desktop\aswMBR.txt"


This is the aswMBR scan

Please standby. I will get one of our helpers to respond to your problem.

Thank you

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
I guess I'll have to handle this one. Please explain to me what you did to try to resolve this issue.
We can run a few basic scans to see what's happening with your computer.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
***************************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
****************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Hello Superdave, thank you in advance. So far there is very little I have been able to do, i did run my mcafee scan which reckoned there was no problems?! Yet I can't turn on my anti virus and if I'm not in safe mode I can't do anything because of the windows command prompt box that keeps coming up and if I say no it simply re-opens if I simply try to close it, the box re-opens. Will follow the instructions above now.

Ok. Please run MBAM in Safe mode first.

Ok will do, have posted the superantispyware scan log as was following instrutions, will do the MBAM one now

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/18/2012 at 00:15 AM

Application Version : 5.0.1150

Core Rules Database Version : 8614
Trace Rules Database Version: 6426

Scan type : Complete Scan
Total Scan Time : 02:15:05

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 479
Memory threats detected : 0
Registry items scanned : 66499
Registry threats detected : 0
File items scanned : 237637
File threats detected : 133

Adware.Tracking Cookie
C:\Users\hils\AppData\Roaming\Microsoft\Windows\Cookies\5UNHSOVW.txt [ /revsci.net ]
C:\Users\hils\AppData\Roaming\Microsoft\Windows\Cookies\F3S46WYK.txt [ /tacoda.at.atwola.com ]
C:\Users\hils\AppData\Roaming\Microsoft\Windows\Cookies\UVI5PFXA.txt [ /media6degrees.com ]
C:\Users\hils\AppData\Roaming\Microsoft\Windows\Cookies\01F8CUBS.txt [ /ru4.com ]
C:\Users\hils\AppData\Roaming\Microsoft\Windows\Cookies\HNCOKGDU.txt [ /tribalfusion.com ]
C:\Users\hils\AppData\Roaming\Microsoft\Windows\Cookies\T4OB827Y.txt [ /carphonewarehouse.112.2o7.net ]
C:\Users\hils\AppData\Roaming\Microsoft\Windows\Cookies\AINZNIDE.txt [ /doubleclick.net ]
C:\Users\hils\AppData\Roaming\Microsoft\Windows\Cookies\T7SL6LG1.txt [ /ad.yieldmanager.com ]
C:\Users\hils\AppData\Roaming\Microsoft\Windows\Cookies\LVH4HI4O.txt [ /invitemedia.com ]
C:\Users\hils\AppData\Roaming\Microsoft\Windows\Cookies\0SW0QBQL.txt [ /atdmt.com ]
C:\Users\hils\AppData\Roaming\Microsoft\Windows\Cookies\IOCQEFVQ.txt [ /ar.atwola.com ]
C:\Users\hils\AppData\Roaming\Microsoft\Windows\Cookies\MALGJMI0.txt [ /adbrite.com ]
C:\Users\hils\AppData\Roaming\Microsoft\Windows\Cookies\STC9WSN2.txt [ /collective-media.net ]
C:\Users\hils\AppData\Roaming\Microsoft\Windows\Cookies\E3U3MCFA.txt [ /www.googleadservices.com ]
C:\Users\hils\AppData\Roaming\Microsoft\Windows\Cookies\SNNB7MNG.txt [ /at.atwola.com ]
C:\Users\hils\AppData\Roaming\Microsoft\Windows\Cookies\EZX3B5KM.txt [ /serving-sys.com ]
C:\Users\hils\AppData\Roaming\Microsoft\Windows\Cookies\NPUJCP32.txt [ /interclick.com ]
C:\Users\hils\AppData\Roaming\Microsoft\Windows\Cookies\KE2IWTAL.txt [ /lucidmedia.com ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\8EU60JN1.txt [ Cookie:hils@server.lon.liveperson.net/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\GNCUP7VC.txt [ Cookie:hils@yahooads.valuead.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\I3B2XVCF.txt [ Cookie:hils@myroitracking.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\UCIY11J5.txt [ Cookie:hils@tripod.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\O1CAULBO.txt [ Cookie:hils@fr.sitestat.com/eurosport/yahoouk/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\0W0XAKPA.txt [ Cookie:hils@specificclick.net/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\QJJRZ79M.txt [ Cookie:hils@questionmarket.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\KZN5S99E.txt [ Cookie:hils@www.googleadservices.com/pagead/conversion/1059948546/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\MM4UH7VP.txt [ Cookie:hils@fastclick.net/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\WE1A83QU.txt [ Cookie:hils@liveperson.net/hc/54407827 ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\C002BXTF.txt [ Cookie:hils@uk.at.atwola.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\9FPVY6NX.txt [ Cookie:hils@247realmedia.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\L1ZJUKRJ.txt [ Cookie:hils@track.omguk.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\H9BQT536.txt [ Cookie:hils@microsoftwllivemkt.112.2o7.net/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\MRX5QOMI.txt [ Cookie:hils@tribalfusion.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\0RFERWL9.txt [ Cookie:hils@www4.smartadserver.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\0BGRHLL7.txt [ Cookie:hils@dmtracker.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\NI6RRIP0.txt [ Cookie:hils@imageceu1.247realmedia.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\I6Z9YXGD.txt [ Cookie:hils@openstat.net/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\W9P49X27.txt [ Cookie:hils@www.googleadservices.com/pagead/conversion/1030874900/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\5BK66X8K.txt [ Cookie:hils@bs.serving-sys.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\GR9LJ882.txt [ Cookie:hils@advertising.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\T8MBKXNT.txt [ Cookie:hils@ad.yieldmanager.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\BG60Q19O.txt [ Cookie:hils@adinterax.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\HBD6E1SL.txt [ Cookie:hils@imrworldwide.com/cgi-bin ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\16M7AVKU.txt [ Cookie:hils@www.googleadservices.com/pagead/conversion/1046062273/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\DK6XZQ88.txt [ Cookie:hils@www.googleadservices.com/pagead/conversion/949795866/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZVKH73UI.txt [ Cookie:hils@invitemedia.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\71RD7DRY.txt [ Cookie:hils@smartadserver.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\NFR02TRJ.txt [ Cookie:hils@audience2media.com/servlet/ajrotator/track/pt1131895 ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\K7H0NIBY.txt [ Cookie:hils@adserve.tescofinance.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\REA7XI6V.txt [ Cookie:hils@skyscanner.net/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\9944BM9V.txt [ Cookie:hils@tradetracker.net/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\XV5OS7SZ.txt [ Cookie:hils@statse.webtrendslive.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\VZYTZL92.txt [ Cookie:hils@in.getclicky.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\APN7T6WX.txt [ Cookie:hils@amazon-adsystem.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\BFJ69JHS.txt [ Cookie:hils@www.googleadservices.com/pagead/conversion/1070494787/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\CQQF3TPR.txt [ Cookie:hils@www.googleadservices.com/pagead/conversion/1032023683/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\BWO5LQBF.txt [ Cookie:hils@www.googleadservices.com/pagead/conversion/1014875047/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\P79A3ETO.txt [ Cookie:hils@yieldmanager.net/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\IO75KPA7.txt [ Cookie:hils@adbrite.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\3FRF5M07.txt [ Cookie:hils@www.googleadservices.com/pagead/conversion/1072573918/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\T19A6V8D.txt [ Cookie:hils@www.skyscanner.net/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\LI0TSZ5Y.txt [ Cookie:hils@snap9.advertserve.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZDVO26XJ.txt [ Cookie:hils@collective-media.net/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\UJYC3BZ1.txt [ Cookie:hils@swindonadvertiser.co.uk/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\949KIAA2.txt [ Cookie:hils@adtech.de/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\39TE01G4.txt [ Cookie:hils@c.atdmt.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\M4PD3IHO.txt [ Cookie:hils@fr.sitestat.com/eurosport/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\DDMIW1DK.txt [ Cookie:hils@www.swindonadvertiser.co.uk/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\21CXTNIN.txt [ Cookie:hils@2o7.net/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\QM66URGC.txt [ Cookie:hils@ads.audience2media.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\VELES2YU.txt [ Cookie:hils@adserver.adtechus.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\562ZMKQ2.txt [ Cookie:hils@statcounter.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\SQFYYNI4.txt [ Cookie:hils@www.googleadservices.com/pagead/conversion/1070086859/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\81EKLNPN.txt [ Cookie:hils@serving-sys.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\23ED33B5.txt [ Cookie:hils@www.googleadservices.com/pagead/conversion/1053098132/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\0SKOHEBL.txt [ Cookie:hils@liveperson.net/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\GE07MN0J.txt [ Cookie:hils@apmebf.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\P33HXOWV.txt [ Cookie:hils@virginmedia.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\41SB151Q.txt [ Cookie:hils@mediaplex.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\NZ8M9T2A.txt [ Cookie:hils@www.googleadservices.com/pagead/conversion/1005994815/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\SCMQNZCL.txt [ Cookie:hils@tracking.dc-storm.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\DHRJJA0H.txt [ Cookie:hils@h.atdmt.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\SFPFY6P5.txt [ Cookie:hils@xiti.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\4E422WDG.txt [ Cookie:hils@pornhub.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\4JCC9IBP.txt [ Cookie:hils@ksexpo.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\SS65YL12.txt [ Cookie:hils@lucidmedia.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\CQC7TL7L.txt [ Cookie:hils@tacoda.at.atwola.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\264KBTSR.txt [ Cookie:hils@liveperson.net/hc/77610830 ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\SGLRSLR2.txt [ Cookie:hils@rambler.ru/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\CZG5HS33.txt [ Cookie:hils@casalemedia.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\6CISLCSY.txt [ Cookie:hils@ar.atwola.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\T1M1LPBO.txt [ Cookie:hils@hotlog.ru/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\89QSTJ6H.txt [ Cookie:hils@clicksor.com/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\RF7LA9JJ.txt [ Cookie:hils@tescostores.122.2o7.net/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z8PGO5T3.txt [ Cookie:hils@www.googleadservices.com/pagead/conversion/1032645171/ ]
C:\USERS\HILS\AppData\Roaming\Microsoft\Windows\Cookies\Low\hils@google[6].txt [ Cookie:hils@google.com/accounts/ ]
C:\USERS\HILS\Cookies\F3S46WYK.txt [ Cookie:hils@tacoda.at.atwola.com/ ]
C:\USERS\HILS\Cookies\HNCOKGDU.txt [ Cookie:hils@tribalfusion.com/ ]
C:\USERS\HILS\Cookies\T4OB827Y.txt [ Cookie:hils@carphonewarehouse.112.2o7.net/ ]
C:\USERS\HILS\Cookies\T7SL6LG1.txt [ Cookie:hils@ad.yieldmanager.com/ ]
C:\USERS\HILS\Cookies\LVH4HI4O.txt [ Cookie:hils@invitemedia.com/ ]
C:\USERS\HILS\Cookies\IOCQEFVQ.txt [ Cookie:hils@ar.atwola.com/ ]
C:\USERS\HILS\Cookies\MALGJMI0.txt [ Cookie:hils@adbrite.com/ ]
C:\USERS\HILS\Cookies\STC9WSN2.txt [ Cookie:hils@collective-media.net/ ]
C:\USERS\HILS\Cookies\E3U3MCFA.txt [ Cookie:hils@www.googleadservices.com/pagead/conversion/1004466265/ ]
C:\USERS\HILS\Cookies\EZX3B5KM.txt [ Cookie:hils@serving-sys.com/ ]
C:\USERS\HILS\Cookies\KE2IWTAL.txt [ Cookie:hils@lucidmedia.com/ ]
ad.yieldmanager.com [ C:\USERS\HILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\HILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\HILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\HILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\HILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\HILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\HILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\HILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\HILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\HILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\HILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\HILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\HILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\HILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\HILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\HILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\HILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\HILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\HILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\HILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\HILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\HILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\HILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ds.serving-sys.com [ C:\USERS\HILS\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NFAX5T94 ]
media.mtvnservices.com [ C:\USERS\HILS\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NFAX5T94 ]
www.pornhub.com [ C:\USERS\HILS\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NFAX5T94 ]

Have posted the MBAM log below,

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.17.08

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
hils :: HILS-PC [administrator]

Protection: Disabled

18/05/2012 00:52:29
mbam-log-2012-05-18 (00-52-29).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 445090
Time elapsed: 1 hour(s), 11 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*********************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Hi here is the first one, checkup.txt pasted below moving onto the next instructions now.
Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 29
Java version out of date!
Adobe Flash Player 10.0.45.2 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

Combofix still says mcafee is running but I've gone into msconfig and unchecked anything that says mcafee what should I do now? Do I carry on with combo even though it's warned me? Stuck..........?

I've been trying for over an hour and I cannot run combofix as it says mcfee is still running, the actual name of the software is BT NetProtect Plus run by McAfee (still has the same logo as McAfee). Please help

The log shows that there is no Anti-Virus on your computer but this may not be accurate. What AV are you running? Here's a program that will get rid of all traces of McAfee. If you still have problems with McAfee run ComboFix in any case.

McAfee Consumer Products Removal Tool - Use on McAfee, AOL distributions of McAfee, CA distributions of McAfee - McAfee Consumer Products Removal tool (MCPR.exe)

Well that's typical Combofix suddenly decided to run so have posted log below, I didn't stop it and use the McAfee removal tool as to be really honest I fell asleep at the computer, if you think I should do that and re-run combofix then of course I will. I'll wait and see what you say first. Thank you again.

ComboFix 12-05-18.03 - hils 19/05/2012 2:36.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4061.2776 [GMT 1:00]
Running from: c:\users\hils\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\hils\AppData\Local\bsarhlrq.log
c:\users\hils\AppData\Local\ivpevkcy.log
c:\users\hils\AppData\Local\jmwrrkjy.log
c:\users\hils\AppData\Local\kjmkprmp.log
c:\users\hils\AppData\Local\nfkyxgvt.log
c:\users\hils\AppData\Local\ulqipdnp.log
c:\users\hils\AppData\Local\wehcccrs.log
c:\users\hils\AppData\Local\yoxaklnm\hummulwd.exe
c:\users\hils\AppData\Roaming\DataSafeDotNet.exe
c:\users\hils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hummulwd.exe
c:\users\hils\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-19 to 2012-05-19 )))))))))))))))))))))))))))))))
.
.
2012-05-17 23:50 . 2012-05-17 23:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-17 20:55 . 2012-05-17 20:55 -------- d-----w- c:\users\hils\AppData\Roaming\SUPERAntiSpyware.com
2012-05-17 20:54 . 2012-05-17 20:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-17 20:54 . 2012-05-17 20:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-17 14:17 . 2012-05-17 14:17 -------- d-----w- c:\windows\SysWow64\Profiles
2012-05-15 17:36 . 2012-05-19 01:42 -------- d-----w- c:\users\hils\AppData\Local\yoxaklnm
2012-05-11 20:39 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-11 20:39 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-11 20:39 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 20:39 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 20:39 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-11 20:39 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-11 20:38 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 20:38 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 20:38 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 20:38 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 20:38 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 20:38 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 20:38 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 23:26 . 2012-05-09 23:26 -------- d-----w- c:\users\hils\AppData\Roaming\Macrovision
2012-05-05 08:53 . 2012-05-05 08:53 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-03 06:50 . 2012-05-05 08:53 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-25 16:44 . 2012-04-25 16:44 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 17:02 . 2012-05-18 07:37 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{76E331DC-4D4B-47CB-95AA-F84C894F41F0}\mpengine.dll
2012-05-05 08:53 . 2011-10-26 13:49 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 14:56 . 2011-09-13 20:42 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 06:46 . 2012-04-12 07:07 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 07:07 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 07:07 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 07:07 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 07:07 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 07:07 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 07:07 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-12 07:11 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-12 07:10 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-12 07:11 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-12 07:11 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-12 07:11 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-12 07:11 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 07:11 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-12 07:11 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-23 09:18 . 2009-11-11 19:20 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 12:29 . 2010-08-29 11:00 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 12:29 . 2010-08-29 10:59 75936 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-02-22 12:29 . 2010-08-29 10:59 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-02-22 12:29 . 2010-08-29 10:59 647208 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-02-22 12:29 . 2010-08-29 10:59 487296 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 12:29 . 2010-08-29 10:59 289664 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-02-22 12:29 . 2010-08-29 10:59 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-22 12:29 . 2010-08-29 10:59 160792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-02-22 12:29 . 2010-08-29 10:59 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-01-21 213816]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\hils\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\hils\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\hils\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"HP Photosmart 5510d series (NET)"="c:\program files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe" [2011-08-16 2676584]
"Facebook Update"="c:\users\hils\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-26 137536]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\11\ISUSPM.exe" [2008-09-26 210208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"YMailAdvisor"="c:\program files (x86)\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2012-01-02 325728]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-08-17 165104]
.
c:\users\hils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]
Dropbox.lnk - c:\users\hils\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
Monitor Ink Alerts - HP Photosmart 5510d series (Network).lnk - c:\windows\system32\RunDll32.exe [2009-7-14 45568]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2010-01-11 155648]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2012-01-13 103440]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2011-03-23 517632]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-03-20 162192]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-08-17 656624]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 08:53]
.
2012-05-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1126304963-2780926433-1902465497-1001Core.job
- c:\users\hils\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-26 18:47]
.
2012-05-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1126304963-2780926433-1902465497-1001UA.job
- c:\users\hils\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-26 18:47]
.
2012-05-18 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\hils\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\hils\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\hils\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\hils\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2012-01-02 325728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20101124041759
DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} - hxxp://services.soft2print.com/Upload/Aurigma_7_0_37/ImageUploader7.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-HumMulwd - c:\users\hils\AppData\Local\yoxaklnm\hummulwd.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Yahoo! Mail - c:\windows\system32\regsvr32
AddRemove-YInstHelper - c:\windows\system32\regsvr32
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-05-19 02:53:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-19 01:53
.
Pre-Run: 303,910,367,232 bytes free
Post-Run: 303,569,629,184 bytes free
.
- - End Of File - - DA6F667B14682D9BC8CA9F170B93B0D6

Also now when I start up normally (ie not in safe mode) the command prompt is not there, which is good, I have not restarted the Mcafee as will wait to see what next instructions are. many thanks.

Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
  
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

Do I reactivate mcafee before I download rooter or continue without?

Well answered my own question there because i can't! Tried to and get the message The Windows Security Center service can't be started so will download and run Rooter without AV.

Have attached Rooter file below

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 7 Home Edition (6.1.7601) Service Pack 1
[32_bits] - Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.0.8112.16421
.
C:\ [Fixed-NTFS] .. ( Total:451 Go - Free:282 Go )
D:\ [CD_Rom]
.
Scan : 23:29.31
Path : C:\Users\hils\Desktop\Rooter.exe
User : hils ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ ???ç?????? (272)
______ ???ç?????? (416)
______ ???ç?????? (452)
______ ???ç?????? (464)
______ ???ç?????? (508)
______ ???ç?????? (528)
______ ???ç?????? (544)
______ ???ç?????? (552)
______ ???ç?????? (672)
______ ???ç?????? (748)
______ ???ç?????? (824)
______ ???ç?????? (868)
______ ???ç?????? (932)
______ ???ç?????? (992)
______ ???ç?????? (1008)
______ ???ç?????? (108)
______ ???ç?????? (204)
______ ???ç?????? (1124)
______ ???ç?????? (1240)
______ ???ç?????? (1268)
______ ???ç?????? (1312)
______ ???ç?????? (1432)
______ ???ç?????? (1524)
______ ???ç?????? (1596)
______ ???ç?????? (1652)
______ ???ç?????? (1680)
______ ???ç?????? (1820)
______ ???ç?????? (2940)
______ C:\Users\hils\Desktop\Rooter.exe (2476)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:41094144)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:41126400 | Length:15728640000)
\Device\Harddisk0\Partition3 (Start_Offset:15769766400 | Length:484337047040)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Adobe Flash Player Updater.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1126304963-2780926433-1902465497-1001Core.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1126304963-2780926433-1902465497-1001UA.job
C:\Windows\Tasks\HP Photo Creations Messager.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 23:29.53
.
C:\Rooter$\Rooter_2.txt - (19/05/2012 | 23:29.53)

Well answered my own question there because i can't! Tried to and get the message The Windows Security Center service can't be started so will download and run Rooter without AV.

The Security Center is not the same as your AV. Do you mean that you can't re-activate your AV?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Hi I can't get EST online scan to work as I have got as far as yes I accept terms of use then have checked the scan archives box but then there is no start button on the pop up box which contains these items I've tried expanding the box but it simply looks like the rest of the page with the info has been cut off? Been through EST help etc and restarted computer, retried and still there is no start button? Not sure what else to do ?

After giving up on EST went back to try and re-activate the McAfee and the message stated before ie "Windows Security Centre can't be started" has gone and McAfee is turned back on? Seems a little strange as I did nothing different to before when i tried to turn McAfee back on yet this time it's on? Went into C Panel, System and Security Action Centre and it says, Mcafee Network Firewall is currently turned on, Windows automatic updates on, McAfee Anti-Virus and Anti-Spyware reports that it is up to date and virus scanning is on, Windows Defender and McAfee Anti-Virus and Anti-Spyware both report that they are turned on. (then goes onto say that running two or more anti-spyware can cause comp to run slow), Internet Security Settings are set to their recommended levels, UAC will notify when programs try to make changes to computer.

Not sure whether this means everything is really ok or not and whether whatever it was has really gone from my computer. I can say the commmand prompt has gone and mcafee reckons it is all running ok.

went back to try and re-activate the McAfee and the message stated before ie "Windows Security Centre can't be started" has gone and McAfee is turned back on? Seems a little strange as I did nothing different to before when i tried to turn McAfee back on yet this time it's on? Went into C Panel, System and Security Action Centre and it says, Mcafee Network Firewall is currently turned on, Windows automatic updates on, McAfee Anti-Virus and Anti-Spyware reports that it is up to date and virus scanning is on, Windows Defender and McAfee Anti-Virus and Anti-Spyware both report that they are turned on. (then goes onto say that running two or more anti-spyware can cause comp to run slow), Internet Security Settings are set to their recommended levels,

Some security programs want to start their own Security Centre. That is probably the case with McAfee. Running more than one anti-spyware programs is ok if your computer has the capacity for it. I run three on mine with no problem. I would like to check why you can't run ESET.

Please download MiniToolBox to Desktop and run it.



Checkmark the following boxes:

• Flush DNS
  
• Report IE Proxy Settings
  
• Reset IE Proxy Settings
  
• List content of Hosts
  
• List IP Configuration
  
• Lst Last 10 Event Viewer Errors
  
• List Users, Partitions and Memory Size
  
  

Click Go and copy/paste the log (Result.txt) into your next post.
*************************************************************
Please download Farbar Service Scanner and run it on the computer with the issue.

• Press "Scan".
  
• It will create a log (FSS.txt) in the same directory the tool is run.
  
• Please copy and paste the log to your reply.
  

Mini Toolbox has run and have pasted log below,

MiniToolBox by Farbar Version: 18-01-2012
Ran by hils (administrator) on 20-05-2012 at 09:50:43
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel(R) WiFi Link 5100 AGN = Wireless Network Connection (Connected)
Broadcom NetLink (TM) Gigabit Ethernet = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : hils-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Intel(R) WiFi Link 5100 AGN
Physical Address. . . . . . . . . : 00-24-D6-09-CB-20
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::40fe:e23f:e525:4367%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.65(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 20 May 2012 09:46:16
Lease Expires . . . . . . . . . . : 21 May 2012 09:46:55
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 251667670
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-84-AE-90-00-26-B9-0E-91-82
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
Physical Address. . . . . . . . . : 00-26-B9-0E-91-82
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:73b8:3053:9d:a94a:1b13(Preferred)
Link-local IPv6 Address . . . . . : fe80::3053:9d:a94a:1b13%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: api.home
Address: 192.168.1.254

Name: google.com
Addresses: 173.194.41.134
173.194.41.129
173.194.41.142
173.194.41.130
173.194.41.137
173.194.41.131
173.194.41.135
173.194.41.132
173.194.41.128
173.194.41.133
173.194.41.136


Pinging google.com [173.194.41.130] with 32 bytes of data:
Reply from 173.194.41.130: bytes=32 time=338ms TTL=52
Reply from 173.194.41.130: bytes=32 time=36ms TTL=52

Ping statistics for 173.194.41.130:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 36ms, Maximum = 338ms, Average = 187ms
Server: api.home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70

Can you please run Farbar Service Scanner and post the log.

Very strange tried eset scan again and this time it would let me run it? Again did nothing different to time before when I tried. Anyway have pasted the result below.

C:\Qoobox\Quarantine\C\Users\hils\AppData\Local\yoxaklnm\hummulwd.exe.vir a variant of Win32/Kryptik.AFUS trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\hils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hummulwd.exe.vir a variant of Win32/Kryptik.AFUS trojan cleaned by deleting - quarantined

Superdave wrote:

Can you please run Farbar Service Scanner and post the log.

Have posted the Farbar log below;

Farbar Service Scanner Version: 17-05-2012
Ran by hils (administrator) on 21-05-2012 at 16:30:21
Running from "C:\Users\hils\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QPWTWKV"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

That looks good. Are there any other issues?

Thank you for all your help just wondered a couple of things, when I close down I get the message that it is waiting for background programmes to close but I've nothing open that I can see. Also how do I clean up any strange folders, I have two my videos files within my docs folder, two pictures ones and two my music files, but they all look like ghost files with a padlock on them I can't open them. When I click on them it says the relevant file is not accessible with a big red cross. My pics folder is within libraries not my documents, so I'm not sure what to do with these files.
Plus what else can I do to prevent these trojans getting on here again? Do very much appreciate all your help, many many thanks.

when I close down I get the message that it is waiting for background programmes to close but I've nothing open that I can see.

I have the same problem with IE. If I close IE and then shut down the computer, the next time I open IE I receive a message that IE was closed unexpectantly. It actually takes a while to close the process. You can see that by opening your Task Manager and watch how long it takes to close a particular program.

Also how do I clean up any strange folders, I have two my videos files within my docs folder, two pictures ones and two my music files, but they all look like ghost files with a padlock on them I can't open them. When I click on them it says the relevant file is not accessible with a big red cross. My pics folder is within libraries not my documents, so I'm not sure what to do with these files.

If you're sure the they are not needed files you can delete them with UnLocker below.
You can download and install Unlocker .

Plus what else can I do to prevent these trojans getting on here again? Do very much appreciate all your help, many many thanks.

Make sure that your AV program is kept up-to-date. I would suggest you keep SAS and MBAM. Update them and run them on a regular basis. There are more suggestions below.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
***********************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!