Author Topic: [Resolved] paladium security has taken over. cant update windows...  (Read 6833 times)

Offline 32skidoo

  • Bronze Member
  • Posts: 20
Re: [Resolved] paladium security has taken over. cant update windows...
« Reply #15 on: February 10, 2011, 11:23:33 AM »
 :p woo hoo!! the scan ran through! Here's the log. Thanks so much! Do you have any reccommendations as to what kind of anti virus/anti spyware I should use?

ComboFix 11-02-09.05 - Alex & Debbie 10/02/2011  11:06:01.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1014.353 [GMT -6:00]
Running from: c:\documents and settings\Alex & Debbie\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\docume~1\ALEX&D~1\LOCALS~1\Temp\winbdm.dll
c:\documents and settings\Alex & Debbie\Application Data\Marvell Lan Driver2.exe
c:\documents and settings\Alex & Debbie\Application Data\Microsoft\conhost.exe
c:\documents and settings\Alex & Debbie\Application Data\palladium.exe
c:\documents and settings\Alex & Debbie\Application Data\PaX0FWHOq.exe
c:\documents and settings\Alex & Debbie\Local Settings\Application Data\{127FD0DD-E163-4938-B482-DC3DE18C2A52}
c:\documents and settings\Alex & Debbie\Local Settings\Application Data\{127FD0DD-E163-4938-B482-DC3DE18C2A52}\chrome.manifest
c:\documents and settings\Alex & Debbie\Local Settings\Application Data\{127FD0DD-E163-4938-B482-DC3DE18C2A52}\chrome\content\_cfg.js
c:\documents and settings\Alex & Debbie\Local Settings\Application Data\{127FD0DD-E163-4938-B482-DC3DE18C2A52}\chrome\content\overlay.xul
c:\documents and settings\Alex & Debbie\Local Settings\Application Data\{127FD0DD-E163-4938-B482-DC3DE18C2A52}\install.rdf
c:\documents and settings\Alex & Debbie\Local Settings\Temp\winbdm.dll
c:\documents and settings\NetworkService\Application Data\eOqiyH.exe
c:\documents and settings\NetworkService\Application Data\HA1TVbqS.exe
c:\documents and settings\NetworkService\Application Data\HBN7Rpzg.exe
c:\documents and settings\NetworkService\Application Data\IPQgQQ.exe
c:\documents and settings\NetworkService\Application Data\jE7Vhngx.exe
c:\documents and settings\NetworkService\Application Data\q4OWnc26Rg.exe
c:\program files\AutocompletePro
c:\program files\AutocompletePro\64\AutocompletePro64.dll
c:\program files\AutocompletePro\AutocompletePro.dll
c:\program files\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files\AutocompletePro\FireFoxExtension.exe
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files\AutocompletePro\support@predictad.com\install.rdf
c:\program files\AutocompletePro\unins000.dat
c:\program files\AutocompletePro\unins000.exe
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
c:\windows\efujasuqeboqut.dll
c:\windows\system32\sshnas21.dll
c:\windows\system32\winphost.dll
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\xmslav.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS


(((((((((((((((((((((((((   Files Created from 2011-01-10 to 2011-02-10  )))))))))))))))))))))))))))))))
.

2011-02-10 04:23 . 2010-12-21 00:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-10 04:23 . 2011-02-10 04:23   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-02-10 04:23 . 2010-12-21 00:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-02-10 01:36 . 2011-02-10 01:36   --------   d-sh--w-   c:\documents and settings\Administrator\IETldCache
2011-02-09 20:51 . 2009-08-07 01:23   274288   ----a-w-   c:\windows\system32\mucltui.dll
2011-02-09 20:44 . 2011-02-09 20:44   181   ----a-w-   c:\documents and settings\NetworkService\Application Data\9764.bat
2011-02-09 20:35 . 2011-02-09 20:35   139   ----a-w-   c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_9140000.bat
2011-02-09 18:09 . 2011-02-09 18:09   388096   ----a-r-   c:\documents and settings\Alex & Debbie\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-09 18:08 . 2011-02-09 18:08   --------   d-----w-   c:\program files\Trend Micro
2011-02-09 17:44 . 2011-02-09 17:44   185   ----a-w-   c:\documents and settings\NetworkService\Application Data\6653.bat
2011-02-09 17:30 . 2011-02-09 17:30   --------   d-----w-   c:\documents and settings\Alex & Debbie\Local Settings\Application Data\Temp
2011-02-09 03:44 . 2011-02-09 03:44   181   ----a-w-   c:\documents and settings\NetworkService\Application Data\5839.bat
2011-02-09 02:44 . 2011-02-09 02:44   185   ----a-w-   c:\documents and settings\Alex & Debbie\Application Data\2073.bat
2011-02-09 01:44 . 2011-02-09 01:44   --------   d-sh--w-   c:\documents and settings\NetworkService\IETldCache
2011-02-09 01:44 . 2011-02-09 01:44   189   ----a-w-   c:\documents and settings\NetworkService\Application Data\4844.bat
2011-02-09 00:44 . 2011-02-09 00:44   185   ----a-w-   c:\documents and settings\NetworkService\Application Data\5801.bat
2011-02-09 00:37 . 2011-02-09 00:37   --------   d-sh--w-   c:\documents and settings\Alex & Debbie\IECompatCache
2011-02-09 00:33 . 2011-02-09 00:33   --------   d-sh--w-   c:\documents and settings\Alex & Debbie\PrivacIE
2011-02-09 00:30 . 2011-02-09 00:30   --------   d-sh--w-   c:\documents and settings\LocalService\IETldCache
2011-02-09 00:29 . 2011-02-09 00:29   --------   d-sh--w-   c:\documents and settings\Alex & Debbie\IETldCache
2011-02-09 00:24 . 2010-10-18 11:10   7680   -c----w-   c:\windows\system32\dllcache\iecompat.dll
2011-02-09 00:22 . 2010-05-06 10:41   12800   -c----w-   c:\windows\system32\dllcache\xpshims.dll
2011-02-09 00:22 . 2010-05-06 10:41   247808   -c----w-   c:\windows\system32\dllcache\ieproxy.dll
2011-02-09 00:22 . 2010-05-06 10:41   743424   -c----w-   c:\windows\system32\dllcache\iedvtool.dll
2011-02-09 00:19 . 2011-02-09 00:22   --------   dc-h--w-   c:\windows\ie8
2011-02-09 00:09 . 2011-02-09 00:09   179   ----a-w-   c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_4212312.bat
2011-02-08 23:57 . 2011-02-08 23:57   --------   d-----w-   c:\program files\Common Files\Java
2011-02-08 23:56 . 2010-11-13 00:53   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-02-08 23:44 . 2011-02-08 23:44   185   ----a-w-   c:\documents and settings\NetworkService\Application Data\3581.bat
2011-01-26 13:27 . 2011-01-26 13:27   139   ----a-w-   c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_340625.bat
2011-01-26 13:22 . 2011-01-26 13:22   179   ----a-w-   c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_63250.bat
2011-01-25 14:07 . 2011-01-25 14:07   181   ----a-w-   c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_770857859.bat
2011-01-25 14:07 . 2011-01-25 14:07   207   ----a-w-   c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_770856796.bat
2011-01-25 14:06 . 2011-01-25 14:06   219   ----a-w-   c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_770846156.bat
2011-01-25 14:06 . 2011-01-25 14:06   139   ----a-w-   c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_770820906.bat
2011-01-25 14:06 . 2011-01-25 14:06   207   ----a-w-   c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_770797734.bat
2011-01-21 14:44 . 2011-01-21 14:44   439296   -c----w-   c:\windows\system32\dllcache\shimgvw.dll
2011-01-16 17:19 . 2011-01-16 17:19   137   ----a-w-   c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_4833578.bat
2011-01-16 16:29 . 2011-01-16 16:29   0   ----a-w-   c:\windows\system32\ConduitEngine.tmp

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2008-04-25 20:33   439296   ----a-w-   c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-04-25 20:33   290048   ----a-w-   c:\windows\system32\atmfd.dll
2010-12-31 13:14 . 2008-04-25 20:33   1864064   ----a-w-   c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2008-04-25 20:33   301568   ----a-w-   c:\windows\system32\kerberos.dll
2010-12-20 17:26 . 2008-04-25 20:33   730112   ----a-w-   c:\windows\system32\lsasrv.dll
2010-12-09 14:30 . 2008-04-25 20:33   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2010-11-18 18:12 . 2008-04-26 01:44   81920   ----a-w-   c:\windows\system32\isign32.dll
2010-11-12 22:34 . 2009-03-06 07:16   73728   ----a-w-   c:\windows\system32\javacpl.cpl
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SightSpeed"="c:\program files\Dell Video Chat\DellVideoChat.exe" [2008-08-15 4812664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-11 1347584]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-11 16859648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-23 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-23 354840]
"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2008-12-23 92696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2008-11-05 623912]
"WLSS"="c:\program files\Wireless Select Switch\WLSS.exe" [2008-09-18 546088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-30 604776]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2004-6-16 28672]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"=

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [06/03/2009 1:18 AM 14248]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [06/03/2009 2:56 AM 5088480]
R3 OA004Afx;Provides a software interface to control audio effects of OA004 camera.;c:\windows\system32\drivers\OA004Afx.sys [06/03/2009 2:55 AM 148056]
R3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\system32\drivers\OA004Ufd.sys [06/03/2009 2:55 AM 144672]
R3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\system32\drivers\OA004Vid.sys [06/03/2009 2:55 AM 269760]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [06/03/2009 2:56 AM 158720]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040000};PCD5SRVC{3F6A8B78-EC003E00-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [25/07/2008 5:05 PM 22240]
.
Contents of the 'Scheduled Tasks' folder

2010-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-11-21 c:\windows\Tasks\FRU Task 2004-06-17 01:06ewlett-Packard2004-06-17 01:06p officejet 6100 seriesD66655067F78228D3716D2BFC2C61DA319188DBF244477626.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2004-06-17 00:06]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - d:\spyware\HijackThis.exe
AddRemove-Install Manager - c:\program files\Install Manager\in.stallmanager.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-10 11:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040000}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3972)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\NMSAccess.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Completion time: 2011-02-10  11:19:48 - machine was rebooted
ComboFix-quarantined-files.txt  2011-02-10 17:19

Pre-Run: 57,254,060,032 bytes free
Post-Run: 57,134,624,768 bytes free

- - End Of File - - 9D70DA38F7A62760DB3C88C94BC4FAA4

Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • Posts: 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: [Resolved] paladium security has taken over. cant update windows...
« Reply #16 on: February 10, 2011, 12:08:50 PM »
I might have missed it, but I didn't see anything installed from PC Doctor yet there is a driver file running for one of their products. The product is in fact, an unspecified product and hasn't been rated safe or not...regardless, PC Doctor is known to interfere with other security products. I recommend the Microsoft Security Essentials for you and it's complete enough that you needn't worry about installing any other real time protection for spyware/malware of any kind. If you do know for a fact that you installed one of their products, please uninstall it before we install the MSE.

Please open a blank Notepad by clicking start-->run...Then, in the run box type Notepad.exe and click "OK".
Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated. Thanks!
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall



File::
c:\documents and settings\NetworkService\Application Data\9764.bat
c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_9140000.bat
c:\documents and settings\NetworkService\Application Data\6653.bat
c:\documents and settings\NetworkService\Application Data\5839.bat
c:\documents and settings\Alex & Debbie\Application Data\2073.bat
c:\documents and settings\NetworkService\Application Data\4844.bat
c:\documents and settings\NetworkService\Application Data\5801.bat
c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_4212312.bat
 c:\documents and settings\NetworkService\Application Data\3581.bat
c:\documents and settings\NetworkService\Application Data\3581.bat
c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_340625.bat
c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_63250.bat
c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_770857859.bat
c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_770856796.bat
c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_770846156.bat
c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_770820906.bat
c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_770797734.bat
c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_4833578.bat
c:\windows\system32\ConduitEngine.tmp

Registry::
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@=-
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@=-
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@=-

Reglock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-13

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

Offline 32skidoo

  • Bronze Member
  • Posts: 20
Re: [Resolved] paladium security has taken over. cant update windows...
« Reply #17 on: February 10, 2011, 03:26:36 PM »
ok that went off without a hitch. here's the log;
ComboFix 11-02-09.05 - Alex & Debbie 10/02/2011  15:14:59.3.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1014.450 [GMT -6:00]
Running from: c:\documents and settings\Alex & Debbie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Alex & Debbie\Desktop\CFScript.txt

FILE ::
"c:\documents and settings\Alex & Debbie\Application Data\2073.bat"
"c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_340625.bat"
"c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_4212312.bat"
"c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_4833578.bat"
"c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_63250.bat"
"c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_770797734.bat"
"c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_770820906.bat"
"c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_770846156.bat"
"c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_770856796.bat"
"c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_770857859.bat"
"c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_9140000.bat"
"c:\documents and settings\NetworkService\Application Data\3581.bat"
"c:\documents and settings\NetworkService\Application Data\4844.bat"
"c:\documents and settings\NetworkService\Application Data\5801.bat"
"c:\documents and settings\NetworkService\Application Data\5839.bat"
"c:\documents and settings\NetworkService\Application Data\6653.bat"
"c:\documents and settings\NetworkService\Application Data\9764.bat"
"c:\windows\system32\ConduitEngine.tmp"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Alex & Debbie\Application Data\2073.bat
c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_340625.bat
c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_4212312.bat
c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_4833578.bat
c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_63250.bat
c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_770797734.bat
c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_770820906.bat
c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_770846156.bat
c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_770856796.bat
c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_770857859.bat
c:\documents and settings\Alex & Debbie\Application Data\Microsoft\gb_9140000.bat
c:\documents and settings\NetworkService\Application Data\3581.bat
c:\documents and settings\NetworkService\Application Data\4844.bat
c:\documents and settings\NetworkService\Application Data\5801.bat
c:\documents and settings\NetworkService\Application Data\5839.bat
c:\documents and settings\NetworkService\Application Data\6653.bat
c:\documents and settings\NetworkService\Application Data\9764.bat
c:\windows\system32\ConduitEngine.tmp

.
(((((((((((((((((((((((((   Files Created from 2011-01-10 to 2011-02-10  )))))))))))))))))))))))))))))))
.

2011-02-10 04:23 . 2010-12-21 00:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-10 04:23 . 2011-02-10 04:23   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-02-10 04:23 . 2010-12-21 00:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-02-10 01:36 . 2011-02-10 01:36   --------   d-sh--w-   c:\documents and settings\Administrator\IETldCache
2011-02-09 20:51 . 2009-08-07 01:23   274288   ----a-w-   c:\windows\system32\mucltui.dll
2011-02-09 18:09 . 2011-02-09 18:09   388096   ----a-r-   c:\documents and settings\Alex & Debbie\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-09 18:08 . 2011-02-09 18:08   --------   d-----w-   c:\program files\Trend Micro
2011-02-09 17:30 . 2011-02-09 17:30   --------   d-----w-   c:\documents and settings\Alex & Debbie\Local Settings\Application Data\Temp
2011-02-09 01:44 . 2011-02-09 01:44   --------   d-sh--w-   c:\documents and settings\NetworkService\IETldCache
2011-02-09 00:37 . 2011-02-09 00:37   --------   d-sh--w-   c:\documents and settings\Alex & Debbie\IECompatCache
2011-02-09 00:33 . 2011-02-09 00:33   --------   d-sh--w-   c:\documents and settings\Alex & Debbie\PrivacIE
2011-02-09 00:30 . 2011-02-09 00:30   --------   d-sh--w-   c:\documents and settings\LocalService\IETldCache
2011-02-09 00:29 . 2011-02-09 00:29   --------   d-sh--w-   c:\documents and settings\Alex & Debbie\IETldCache
2011-02-09 00:24 . 2010-10-18 11:10   7680   -c----w-   c:\windows\system32\dllcache\iecompat.dll
2011-02-09 00:22 . 2010-12-20 23:59   12800   -c----w-   c:\windows\system32\dllcache\xpshims.dll
2011-02-09 00:22 . 2010-12-20 23:59   247808   -c----w-   c:\windows\system32\dllcache\ieproxy.dll
2011-02-09 00:22 . 2010-12-20 23:59   743424   -c----w-   c:\windows\system32\dllcache\iedvtool.dll
2011-02-09 00:19 . 2011-02-09 00:22   --------   dc-h--w-   c:\windows\ie8
2011-02-08 23:57 . 2011-02-08 23:57   --------   d-----w-   c:\program files\Common Files\Java
2011-02-08 23:56 . 2010-11-13 00:53   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-01-21 14:44 . 2011-01-21 14:44   439296   -c----w-   c:\windows\system32\dllcache\shimgvw.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2008-04-25 20:33   439296   ----a-w-   c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-04-25 20:33   290048   ----a-w-   c:\windows\system32\atmfd.dll
2010-12-31 13:14 . 2008-04-25 20:33   1864064   ----a-w-   c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2008-04-25 20:33   301568   ----a-w-   c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2008-04-25 20:33   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2008-04-25 20:33   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2008-04-25 20:33   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2008-04-25 20:33   730112   ----a-w-   c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2008-04-25 20:33   385024   ----a-w-   c:\windows\system32\html.iec
2010-12-09 15:15 . 2008-04-25 20:33   718336   ----a-w-   c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2008-04-25 20:33   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2008-04-25 20:33   2148864   ----a-w-   c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2008-04-14 00:01   2027008   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2010-11-18 18:12 . 2008-04-26 01:44   81920   ----a-w-   c:\windows\system32\isign32.dll
2010-11-12 22:34 . 2009-03-06 07:16   73728   ----a-w-   c:\windows\system32\javacpl.cpl
.

(((((((((((((((((((((((((((((   SnapShot@2011-02-10_17.15.26   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 01:41 . 2009-07-12 01:41   97280              c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2011-02-10 18:25 . 2011-02-10 18:25   16384              c:\windows\Temp\Perflib_Perfdata_7fc.dat
- 2008-04-25 20:33 . 2011-02-10 04:37   79188              c:\windows\system32\perfc009.dat
+ 2008-04-25 20:33 . 2011-02-10 18:29   79188              c:\windows\system32\perfc009.dat
- 2008-04-25 20:33 . 2009-03-08 10:31   66560              c:\windows\system32\mshtmled.dll
+ 2008-04-25 20:33 . 2010-12-20 23:59   66560              c:\windows\system32\mshtmled.dll
- 2007-08-14 00:54 . 2010-05-06 10:41   55296              c:\windows\system32\msfeedsbs.dll
+ 2007-08-14 00:54 . 2010-12-20 23:59   55296              c:\windows\system32\msfeedsbs.dll
- 2008-04-25 20:33 . 2010-05-06 10:41   25600              c:\windows\system32\jsproxy.dll
+ 2008-04-25 20:33 . 2010-12-20 23:59   25600              c:\windows\system32\jsproxy.dll
+ 2007-08-14 00:54 . 2010-12-20 23:59   66560              c:\windows\system32\dllcache\mshtmled.dll
- 2007-08-14 00:54 . 2009-03-08 10:31   66560              c:\windows\system32\dllcache\mshtmled.dll
+ 2009-04-25 00:56 . 2010-12-20 23:59   55296              c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-04-25 00:56 . 2010-05-06 10:41   55296              c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-08-14 00:44 . 2010-12-20 23:59   43520              c:\windows\system32\dllcache\licmgr10.dll
- 2007-08-14 00:54 . 2010-05-06 10:41   25600              c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-14 00:54 . 2010-12-20 23:59   25600              c:\windows\system32\dllcache\jsproxy.dll
+ 2011-02-10 18:08 . 2011-02-10 18:08   49936              c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2009-03-06 07:22 . 2009-03-06 07:22   49936              c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2011-02-10 18:08 . 2011-02-10 18:08   35600              c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2009-03-06 07:22 . 2009-03-06 07:22   35600              c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2011-02-10 18:07 . 2011-02-10 18:07   49152              c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2009-03-06 07:21 . 2011-02-10 18:03   25214              c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\MSWorks.exe
- 2009-03-06 07:21 . 2009-03-06 07:21   25214              c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\MSWorks.exe
+ 2007-11-28 02:34 . 2007-11-28 02:34   13152              c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F990_worksup.dll
+ 2007-11-28 02:31 . 2007-11-28 02:31   14176              c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F839_WkImgL90.dll
+ 2011-02-10 18:02 . 2010-05-06 10:41   12800              c:\windows\ie8updates\KB2482017-IE8\xpshims.dll
+ 2011-02-10 18:02 . 2009-03-08 10:31   66560              c:\windows\ie8updates\KB2482017-IE8\mshtmled.dll
+ 2011-02-10 18:02 . 2010-05-06 10:41   55296              c:\windows\ie8updates\KB2482017-IE8\msfeedsbs.dll
+ 2011-02-10 18:02 . 2009-03-08 10:34   43008              c:\windows\ie8updates\KB2482017-IE8\licmgr10.dll
+ 2011-02-10 18:02 . 2010-05-06 10:41   25600              c:\windows\ie8updates\KB2482017-IE8\jsproxy.dll
+ 2008-04-25 20:33 . 2010-03-10 06:15   420352              c:\windows\system32\vbscript.dll
- 2008-04-25 20:33 . 2009-03-08 10:33   420352              c:\windows\system32\vbscript.dll
- 2008-04-25 20:33 . 2011-02-10 04:37   464078              c:\windows\system32\perfh009.dat
+ 2008-04-25 20:33 . 2011-02-10 18:29   464078              c:\windows\system32\perfh009.dat
- 2008-04-25 20:33 . 2010-05-06 10:41   206848              c:\windows\system32\occache.dll
+ 2008-04-25 20:33 . 2010-12-20 23:59   206848              c:\windows\system32\occache.dll
+ 2008-04-25 20:33 . 2010-12-20 23:59   611840              c:\windows\system32\mstime.dll
- 2008-04-25 20:33 . 2010-05-06 10:41   611840              c:\windows\system32\mstime.dll
+ 2007-08-14 00:54 . 2010-12-20 23:59   602112              c:\windows\system32\msfeeds.dll
+ 2008-04-25 20:33 . 2009-12-09 05:53   726528              c:\windows\system32\jscript.dll
- 2008-04-25 20:33 . 2009-03-08 10:33   726528              c:\windows\system32\jscript.dll
- 2008-04-25 20:33 . 2010-05-06 10:41   184320              c:\windows\system32\iepeers.dll
+ 2008-04-25 20:33 . 2010-12-20 23:59   184320              c:\windows\system32\iepeers.dll
- 2008-04-25 20:33 . 2010-05-06 10:41   387584              c:\windows\system32\iedkcs32.dll
+ 2008-04-25 20:33 . 2010-12-20 23:59   387584              c:\windows\system32\iedkcs32.dll
+ 2008-04-25 20:33 . 2010-12-20 12:55   173568              c:\windows\system32\ie4uinit.exe
+ 2009-03-06 07:12 . 2010-12-20 23:59   916480              c:\windows\system32\dllcache\wininet.dll
- 2009-03-06 07:12 . 2010-05-06 10:41   916480              c:\windows\system32\dllcache\wininet.dll
+ 2009-03-06 07:13 . 2010-03-10 06:15   420352              c:\windows\system32\dllcache\vbscript.dll
- 2009-03-06 07:13 . 2009-03-08 10:33   420352              c:\windows\system32\dllcache\vbscript.dll
+ 2007-08-14 00:44 . 2010-12-20 23:59   206848              c:\windows\system32\dllcache\occache.dll
- 2007-08-14 00:44 . 2010-05-06 10:41   206848              c:\windows\system32\dllcache\occache.dll
+ 2009-04-16 21:39 . 2010-12-09 15:15   718336              c:\windows\system32\dllcache\ntdll.dll
- 2007-08-14 00:54 . 2010-05-06 10:41   611840              c:\windows\system32\dllcache\mstime.dll
+ 2007-08-14 00:54 . 2010-12-20 23:59   611840              c:\windows\system32\dllcache\mstime.dll
+ 2009-04-25 00:56 . 2010-12-20 23:59   602112              c:\windows\system32\dllcache\msfeeds.dll
- 2009-03-06 07:13 . 2009-03-08 10:33   726528              c:\windows\system32\dllcache\jscript.dll
+ 2009-03-06 07:13 . 2009-12-09 05:53   726528              c:\windows\system32\dllcache\jscript.dll
- 2007-08-14 00:54 . 2010-05-06 10:41   184320              c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-14 00:54 . 2010-12-20 23:59   184320              c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-14 00:39 . 2010-12-20 23:59   387584              c:\windows\system32\dllcache\iedkcs32.dll
- 2007-08-14 00:39 . 2010-05-06 10:41   387584              c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-14 00:39 . 2010-12-20 12:55   173568              c:\windows\system32\dllcache\ie4uinit.exe
+ 2011-02-10 18:08 . 2011-02-10 18:08   140288              c:\windows\Installer\2a56b7.msi
+ 2011-02-10 18:00 . 2011-02-10 18:00   248832              c:\windows\Installer\2a5674.msi
+ 2009-03-06 07:21 . 2011-02-10 18:03   693600              c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksWP.exe
- 2009-03-06 07:21 . 2009-03-06 07:21   693600              c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksWP.exe
+ 2009-03-06 07:21 . 2011-02-10 18:03   947552              c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksss.exe
- 2009-03-06 07:21 . 2009-03-06 07:21   947552              c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksss.exe
- 2009-03-06 07:21 . 2009-03-06 07:21   709984              c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksCal.exe
+ 2009-03-06 07:21 . 2011-02-10 18:03   709984              c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksCal.exe
+ 2007-11-28 02:33 . 2007-11-28 02:33   173408              c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F378_WkProof.dll
+ 2007-11-28 02:19 . 2007-11-28 02:19   161120              c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F366_wkcvqr01.dll
+ 2007-11-28 02:19 . 2007-11-28 02:19   972128              c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F365_wkcvqd01.dll
+ 2007-11-28 02:33 . 2007-11-28 02:33   132448              c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F22623_WkImg90.dll
+ 2007-11-28 02:34 . 2007-11-28 02:34   972128              c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F20987_wkwpqd.dll
+ 2007-11-28 02:34 . 2007-11-28 02:34   161120              c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F20985_wkwpqrtf.dll
+ 2011-02-10 18:02 . 2009-03-08 10:33   420352              c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2011-02-10 18:02 . 2009-05-26 11:40   382840              c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
+ 2011-02-10 18:02 . 2009-05-26 11:40   231288              c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2011-02-10 18:08 . 2008-07-08 13:02   382840              c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2011-02-10 18:08 . 2008-07-08 13:02   231288              c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2011-02-10 18:08 . 2009-06-22 06:44   726528              c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2011-02-10 18:01 . 2008-07-08 13:02   382840              c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2011-02-10 18:01 . 2008-07-08 13:02   231288              c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2011-02-10 18:01 . 2009-03-08 10:33   726528              c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2011-02-10 18:02 . 2010-05-06 10:41   916480              c:\windows\ie8updates\KB2482017-IE8\wininet.dll
+ 2011-02-10 18:02 . 2010-07-05 13:16   382840              c:\windows\ie8updates\KB2482017-IE8\spuninst\updspapi.dll
+ 2011-02-10 18:02 . 2010-07-05 13:15   231288              c:\windows\ie8updates\KB2482017-IE8\spuninst\spuninst.exe
+ 2011-02-10 18:02 . 2010-05-06 10:41   206848              c:\windows\ie8updates\KB2482017-IE8\occache.dll
+ 2011-02-10 18:02 . 2010-05-06 10:41   611840              c:\windows\ie8updates\KB2482017-IE8\mstime.dll
+ 2011-02-10 18:02 . 2010-05-06 10:41   599040              c:\windows\ie8updates\KB2482017-IE8\msfeeds.dll
+ 2011-02-10 18:02 . 2010-05-06 10:41   247808              c:\windows\ie8updates\KB2482017-IE8\ieproxy.dll
+ 2011-02-10 18:02 . 2010-05-06 10:41   184320              c:\windows\ie8updates\KB2482017-IE8\iepeers.dll
+ 2011-02-10 18:02 . 2010-05-06 10:41   743424              c:\windows\ie8updates\KB2482017-IE8\iedvtool.dll
+ 2011-02-10 18:02 . 2010-05-06 10:41   387584              c:\windows\ie8updates\KB2482017-IE8\iedkcs32.dll
+ 2011-02-10 18:02 . 2010-05-05 13:30   173056              c:\windows\ie8updates\KB2482017-IE8\ie4uinit.exe
+ 2008-04-25 20:33 . 2010-12-20 23:59   1210880              c:\windows\system32\urlmon.dll
+ 2008-04-25 20:33 . 2010-12-20 23:59   5961216              c:\windows\system32\mshtml.dll
+ 2007-08-14 00:34 . 2010-12-20 23:59   1991680              c:\windows\system32\iertutil.dll
+ 2009-03-06 07:12 . 2010-12-20 23:59   1210880              c:\windows\system32\dllcache\urlmon.dll
+ 2009-03-06 07:14 . 2010-12-09 13:38   2192768              c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-03-06 07:14 . 2010-12-09 13:07   2027008              c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-03-06 07:14 . 2010-12-09 13:07   2069376              c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-03-06 07:14 . 2010-12-09 13:42   2148864              c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-03-06 07:12 . 2010-12-20 23:59   5961216              c:\windows\system32\dllcache\mshtml.dll
+ 2009-04-25 00:56 . 2010-12-20 23:59   1991680              c:\windows\system32\dllcache\iertutil.dll
+ 2010-11-24 16:51 . 2010-11-24 16:51   2190336              c:\windows\Installer\2a5692.msp
- 2009-03-06 07:21 . 2009-03-06 07:21   1099104              c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksSb.exe
+ 2009-03-06 07:21 . 2011-02-10 18:03   1099104              c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksSb.exe
+ 2009-03-06 07:21 . 2011-02-10 18:03   1242464              c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe
- 2009-03-06 07:21 . 2009-03-06 07:21   1242464              c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe
+ 2007-11-28 02:33 . 2007-11-28 02:33   2901344              c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F22194_wksssdb.dll
+ 2011-02-10 18:02 . 2010-05-06 10:41   1209344              c:\windows\ie8updates\KB2482017-IE8\urlmon.dll
+ 2011-02-10 18:02 . 2010-05-06 10:41   5950976              c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
+ 2011-02-10 18:02 . 2010-05-06 10:41   1985536              c:\windows\ie8updates\KB2482017-IE8\iertutil.dll
+ 2009-03-06 07:14 . 2010-12-09 13:38   2192768              c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-03-06 07:14 . 2010-12-09 13:07   2027008              c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-03-06 07:14 . 2010-12-09 13:07   2069376              c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-03-06 07:14 . 2010-12-09 13:42   2148864              c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-04-25 00:45 . 2011-02-10 18:03   37443528              c:\windows\system32\MRT.exe
+ 2007-08-14 00:54 . 2010-12-21 11:29   11080704              c:\windows\system32\ieframe.dll
+ 2009-04-25 00:56 . 2010-12-21 11:29   11080704              c:\windows\system32\dllcache\ieframe.dll
+ 2008-09-24 18:05 . 2008-09-24 18:05   16381440              c:\windows\Installer\2a56be.msp
+ 2008-08-11 17:49 . 2008-08-11 17:49   22457344              c:\windows\Installer\2a56a0.msp
+ 2011-02-10 18:06 . 2011-02-10 18:06   20303872              c:\windows\Installer\2a5699.msp
+ 2011-02-10 18:01 . 2011-02-10 18:01   15710720              c:\windows\Installer\2a567a.msp
+ 2006-10-27 21:26 . 2006-10-27 21:26   16870712              c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.4518\MSO.DLL
+ 2011-02-10 18:02 . 2010-05-06 10:41   11076096              c:\windows\ie8updates\KB2482017-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SightSpeed"="c:\program files\Dell Video Chat\DellVideoChat.exe" [2008-08-15 4812664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-11 1347584]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-11 16859648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-23 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-23 354840]
"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2008-12-23 92696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2008-11-05 623912]
"WLSS"="c:\program files\Wireless Select Switch\WLSS.exe" [2008-09-18 546088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-30 604776]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2004-6-16 28672]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"=

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [06/03/2009 1:18 AM 14248]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [06/03/2009 2:56 AM 5088480]
R3 OA004Afx;Provides a software interface to control audio effects of OA004 camera.;c:\windows\system32\drivers\OA004Afx.sys [06/03/2009 2:55 AM 148056]
R3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\system32\drivers\OA004Ufd.sys [06/03/2009 2:55 AM 144672]
R3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\system32\drivers\OA004Vid.sys [06/03/2009 2:55 AM 269760]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [06/03/2009 2:56 AM 158720]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040000};PCD5SRVC{3F6A8B78-EC003E00-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [25/07/2008 5:05 PM 22240]
.
Contents of the 'Scheduled Tasks' folder

2010-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-11-21 c:\windows\Tasks\FRU Task 2004-06-17 01:06ewlett-Packard2004-06-17 01:06p officejet 6100 seriesD66655067F78228D3716D2BFC2C61DA319188DBF244477626.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2004-06-17 00:06]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-10 15:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040000}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
Completion time: 2011-02-10  15:24:10
ComboFix-quarantined-files.txt  2011-02-10 21:24
ComboFix2.txt  2011-02-10 17:19

Pre-Run: 56,766,353,408 bytes free
Post-Run: 56,732,012,544 bytes free

- - End Of File - - EDC11F5D32D0361D814DD56F6B924CF3





Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • Posts: 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: [Resolved] paladium security has taken over. cant update windows...
« Reply #18 on: February 10, 2011, 03:32:02 PM »
Things look good now...how's it look from your end? You didn't say whether you had installed some PC Doctor software or not. Did you?
Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-13

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

Offline 32skidoo

  • Bronze Member
  • Posts: 20
Re: [Resolved] paladium security has taken over. cant update windows...
« Reply #19 on: February 10, 2011, 03:51:03 PM »
I didnt install any pc doctor, however, my friend may have. i see spybot on here and thats it. Just gonna reboot it and see how start up is...Looks great! All is running well. Just one thing; in the search box in the top right corner it says "Search the web (babylon)". is that tied to anything you eliminated? Aside from that it seems all good!

Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • Posts: 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: [Resolved] paladium security has taken over. cant update windows...
« Reply #20 on: February 10, 2011, 04:02:50 PM »
Quote
Just one thing; in the search box in the top right corner it says "Search the web (babylon)". is that tied to anything you eliminated?
It is, but I don't see it remaining in the log. After you rebooted, is it still there? Tell me exactly which search box. The system search box or a search box in the browser?
Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-13

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

Offline 32skidoo

  • Bronze Member
  • Posts: 20
Re: [Resolved] paladium security has taken over. cant update windows...
« Reply #21 on: February 10, 2011, 04:10:19 PM »
it is still there after boot up.Its a browser search box its in the same line as the forward and back browser buttons and the address bar directly below the blue  strip across the top that contains the title of the window.

Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • Posts: 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: [Resolved] paladium security has taken over. cant update windows...
« Reply #22 on: February 10, 2011, 04:20:24 PM »
k, run dds once more and post that log only. Thanks!
Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-13

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

Offline 32skidoo

  • Bronze Member
  • Posts: 20
Re: [Resolved] paladium security has taken over. cant update windows...
« Reply #23 on: February 10, 2011, 04:38:44 PM »
I have deleted combofix etc. already and had downloaded and updated MSE so i just uninstalled MSE and downloaded dds again and ran a new scan. hope that doesnt mess anything up.dds log is as follows;



DDS (Ver_10-12-12.02) - NTFSx86 
Run by Alex & Debbie at 16:33:55.85 on 10/02/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1014.358 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\NMSAccess.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\PersistenceThread.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\Program Files\Wireless Select Switch\WLSS.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Video Chat\DellVideoChat.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Alex & Debbie\Local Settings\Temporary Internet Files\Content.IE5\C14B78SY\dds[1].scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [SightSpeed] "c:\program files\dell video chat\DellVideoChat.exe" -bootmode
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [PersistenceThread] c:\windows\system32\PersistenceThread.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BTMeter] c:\program files\battery meter\BTMeter.exe
mRun: [WLSS] c:\program files\wireless select switch\WLSS.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1297212663703
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-3-6 14248]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [2009-3-6 5088480]
R3 OA004Afx;Provides a software interface to control audio effects of OA004 camera.;c:\windows\system32\drivers\OA004Afx.sys [2009-3-6 148056]
R3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\system32\drivers\OA004Ufd.sys [2009-3-6 144672]
R3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\system32\drivers\OA004Vid.sys [2009-3-6 269760]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-3-6 158720]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040000};PCD5SRVC{3F6A8B78-EC003E00-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-7-25 22240]

=============== Created Last 30 ================

2011-02-10 22:07:51   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-02-09 21:28:42   --------   d-sha-r-   C:\cmdcons
2011-02-09 21:26:01   98816   ----a-w-   c:\windows\sed.exe
2011-02-09 21:26:01   89088   ----a-w-   c:\windows\MBR.exe
2011-02-09 21:26:01   256512   ----a-w-   c:\windows\PEV.exe
2011-02-09 21:26:01   161792   ----a-w-   c:\windows\SWREG.exe
2011-02-09 20:51:59   16736   ----a-w-   c:\windows\system32\mucltui.dll.mui
2011-02-09 20:51:58   274288   ----a-w-   c:\windows\system32\mucltui.dll
2011-02-09 18:08:59   --------   d-----w-   c:\program files\Trend Micro
2011-02-09 17:30:37   --------   d-----w-   c:\docume~1\alex&d~1\locals~1\applic~1\Temp
2011-02-09 00:37:18   --------   d-sh--w-   c:\documents and settings\alex & debbie\IECompatCache
2011-02-09 00:33:32   --------   d-sh--w-   c:\documents and settings\alex & debbie\PrivacIE
2011-02-09 00:29:26   --------   d-sh--w-   c:\documents and settings\alex & debbie\IETldCache
2011-02-09 00:24:23   7680   -c----w-   c:\windows\system32\dllcache\iecompat.dll
2011-02-09 00:23:48   --------   d-----w-   c:\windows\ie8updates
2011-02-09 00:22:44   12800   -c----w-   c:\windows\system32\dllcache\xpshims.dll
2011-02-09 00:22:42   743424   -c----w-   c:\windows\system32\dllcache\iedvtool.dll
2011-02-09 00:22:42   247808   -c----w-   c:\windows\system32\dllcache\ieproxy.dll
2011-02-09 00:19:16   --------   dc-h--w-   c:\windows\ie8
2011-02-08 23:56:51   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-01-21 14:44:37   439296   -c----w-   c:\windows\system32\dllcache\shimgvw.dll

==================== Find3M  ====================

2011-02-09 18:03:54   0   ----a-w-   c:\windows\Tnikuvogepuwidog.bin
2011-01-21 14:44:37   439296   ----a-w-   c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02   290048   ----a-w-   c:\windows\system32\atmfd.dll
2010-12-31 13:14:45   1864064   ----a-w-   c:\windows\system32\win32k.sys
2010-12-22 12:34:28   301568   ----a-w-   c:\windows\system32\kerberos.dll
2010-12-20 23:59:20   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-12-20 23:59:19   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00   730112   ----a-w-   c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26   385024   ----a-w-   c:\windows\system32\html.iec
2010-12-09 15:15:09   718336   ----a-w-   c:\windows\system32\ntdll.dll
2010-12-09 14:30:22   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26   2148864   ----a-w-   c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07   2027008   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2010-11-18 18:12:44   81920   ----a-w-   c:\windows\system32\isign32.dll

============= FINISH: 16:35:04.59 ===============

Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • Posts: 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: [Resolved] paladium security has taken over. cant update windows...
« Reply #24 on: February 10, 2011, 04:47:40 PM »
It certainly does. Remove combofix from the trash can. We aren't finished yet...
Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-13

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • Posts: 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: [Resolved] paladium security has taken over. cant update windows...
« Reply #25 on: February 10, 2011, 04:54:43 PM »
Please don't just go about doing things on your own regarding this troubleshooting endeavor. I will render explicit instructions for you until we finish.

For your search the web "Babylon" browser issue, look in the addons and plugins for it and uninstall it from there.

For the PC Doctor driver here:
S3 PCD5SRVC{3F6A8B78-EC003E00-05040000};PCD5SRVC{3F6A8B78-EC003E00-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [25/07/2008 5:05 PM 22240]
...we need to use combofix to remove it. Combofix should not be deleted until we finish. I will give instructions as to how you must go about uninstalling it.
Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-13

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

Offline 32skidoo

  • Bronze Member
  • Posts: 20
Re: [Resolved] paladium security has taken over. cant update windows...
« Reply #26 on: February 10, 2011, 05:21:13 PM »
ok sorry i jumped the gun a bit. I was able to delete babylon browser thing so that looks fine now.as for the pc doctor do i use the same drag and drop process as before with the cfsscript.txt?

Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • Posts: 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: [Resolved] paladium security has taken over. cant update windows...
« Reply #27 on: February 10, 2011, 05:26:24 PM »
Is combofix back on the desktop?
Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-13

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

Offline 32skidoo

  • Bronze Member
  • Posts: 20
Re: [Resolved] paladium security has taken over. cant update windows...
« Reply #28 on: February 10, 2011, 05:29:23 PM »
yup

Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • Posts: 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: [Resolved] paladium security has taken over. cant update windows...
« Reply #29 on: February 10, 2011, 05:42:21 PM »
Open another blank Notepad...Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Again, drag the text document over to your Combofix.exe

Combofix runs again automatically....post back the new log that will be generated. Thanks!

Remember...Do not mouseclick combofix's window while it's running.



KILLALL::

File::
c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms

Driver::
PCD5SRVC
Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-13

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven