newbie111

Hi again TheDarkNight I appear to have a virus again. Unfortunately, my Internet connection is down. This appears to be an ISP provider problem as my wireless isn't functioning properly. I'm responding from a second computer. AT&T is coming out to fix my problem tonight. I'll add more after the Internet is functioning. Newbie111

Yes indeed Dark Knight, my computer is running very well. I've installed Spyware Blaster and I hope that all will remain well. Thanks for all the help. Have a great year. Newbie111

I find on uninstall programs Java 6 Update 37 and Java 6 Update 37 (64-bit). I've uninstalled them both. I have Java 7 Update 9 present.

Thanks for the above informantion. I'm out of town until Friday night. I'll follow your recommendations when I return and post an update.

Security Checkup shows Adobe Reader out of date. I've checked for updates and it says I'm up to date. I'm running IE8 as I have a necessary program which isn't IE9 compatible. A program which I didn't install REIMAGE REPAIR just popped up. Control panel says it was installed on 12/30/2012. I use Secunia to check for out of date programs. I'm deleting it. I just re-ran Security Checkup. Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Anti-Virus Free Edition 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Secunia PSI (2.0.0.4003) Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 37 Java 7 Update 9 Adobe Flash Player 11.5.502.135 Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox (17.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe iolo Common Lib ioloServiceManager.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````

My computer seems to be running fine. Here's the Security Checkup text. Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Anti-Virus Free Edition 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Secunia PSI (2.0.0.4003) Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 37 Java 7 Update 9 Adobe Flash Player 11.5.502.135 Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox (17.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe iolo Common Lib ioloServiceManager.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````

C:\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\39EIPlug.dll Win32/Toolbar.MyWebSearch application C:\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\39EZSETP.dll Win32/Toolbar.MyWebSearch.Q application C:\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\NP39EISb.dll Win32/Toolbar.MyWebSearch application C:\Users\RAM DELL 8300\Desktop\7zip_installer_d162802.exe probably a variant of Win32/InstallIQ application C:\Users\RAM DELL 8300\Desktop\My Book data 11-24-12\My Book\OS\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\39EIPlug.dll Win32/Toolbar.MyWebSearch application C:\Users\RAM DELL 8300\Desktop\My Book data 11-24-12\My Book\OS\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\39EZSETP.dll Win32/Toolbar.MyWebSearch.Q application C:\Users\RAM DELL 8300\Desktop\My Book data 11-24-12\My Book\OS\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\NP39EISb.dll Win32/Toolbar.MyWebSearch application

The scan has completed. Here's the scan results. I didn't find this in the log file which is listed above. I went to List of found threats and copied and pasted it. The scan said it found 7 infected files.

I'm sorry I thought that the scanner was done. It's still running.

Here's the log. That's all there was. ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK Newbie111

I now was able to run mbar and no malware was detected! Yea.

The issue has been fixed! Here's the report. RogueKiller V8.4.2 _x64_ [Dec 31 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : RAM DELL 8300 [Admin rights] Mode : Scan -- Date : 01/01/2013 07:08:01 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 1 ¤¤¤ [PROXY IE] HKCU\[...]\Services\Microsoft\Internet Settings : ProxyServer ( ) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST31500341AS +++++ --- User --- [MBR] 61bcec13bbf84fc8c851e3925591bf41 [bSP] 21ba840a00dd2a6c9d7e5d6b81872e6d : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 13566 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27865088 | Size: 1417192 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[5]_S_01012013_02d0708.txt >> RKreport[1]_S_12312012_02d2156.txt ; RKreport[2]_S_01012013_02d0423.txt ; RKreport[3]_D_01012013_02d0423.txt ; RKreport[4]_S_01012013_02d0423.txt ; RKreport[5]_S_01012013_02d0708.txt Thanks Dark Night, The new year starts out well. Is there anything else that you want me to do?

Have a happy New Year yourself. The program asks me to kook at the differerent tabs and delete items with the buttons. I haven't done that until you suggest. Here we go Dark Knight. See the report. Newbie111 RogueKiller V8.4.2 _x64_ [Dec 31 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : RAM DELL 8300 [Admin rights] Mode : Scan -- Date : 12/31/2012 21:56:35 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [PROXY IE] HKCU\[...]\Services\Microsoft\Internet Settings : ProxyServer ( ) -> FOUND [HJPOL] HKLM\[...]\Services\Microsoft\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\Services\Microsoft\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST31500341AS +++++ --- User --- [MBR] 61bcec13bbf84fc8c851e3925591bf41 [bSP] 21ba840a00dd2a6c9d7e5d6b81872e6d : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 13566 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27865088 | Size: 1417192 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_12312012_02d2156.txt >> RKreport[1]_S_12312012_02d2156.txt

Sorry Dark Night here's copy and paste. Combofix ComboFix 12-12-30.01 - RAM DELL 8300 12/30/2012 6:49.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12270.10014 [GMT -8:00] Running from: c:\users\RAM DELL 8300\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\RAM DELL 8300\g2mdlhlpx.exe c:\users\RAM DELL 8300\GoToAssistDownloadHelper.exe . . ((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-30 ))))))))))))))))))))))))))))))) . . 2012-12-30 14:54 . 2012-12-30 14:54 -------- d-----w- c:\users\ROBERT~1.MIN\AppData\Local\temp 2012-12-30 14:54 . 2012-12-30 14:54 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-12-30 14:54 . 2012-12-30 14:54 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp 2012-12-30 14:54 . 2012-12-30 14:54 -------- d-----w- c:\users\DRC9B2~1~MIN\AppData\Local\temp 2012-12-30 14:54 . 2012-12-30 14:54 -------- d-----w- c:\users\Dr\AppData\Local\temp 2012-12-30 14:54 . 2012-12-30 14:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-30 14:30 . 2012-12-30 14:31 -------- d-----w- C:\rei 2012-12-30 14:30 . 2012-12-30 14:30 -------- d-----w- c:\program files\Reimage 2012-12-30 14:14 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-30 14:14 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-30 14:14 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-30 14:14 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-28 11:53 . 2012-12-28 11:53 -------- d-----w- c:\users\RAM DELL 8300\AppData\Local\Programs 2012-12-12 13:42 . 2012-12-12 13:42 -------- d-----w- c:\windows\Migration 2012-12-12 03:19 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-12 03:19 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-10 17:50 . 2012-12-10 17:50 -------- d-----w- c:\users\RAM DELL 8300\AppData\Local\Western_Digital 2012-12-10 17:43 . 2012-12-10 17:43 -------- d-----w- c:\program files (x86)\Western Digital 2012-12-10 17:43 . 2012-12-10 17:43 -------- d-----w- c:\program files\Western Digital 2012-12-10 17:11 . 2012-12-10 17:49 -------- d-----w- c:\programdata\Western Digital 2012-12-10 16:04 . 2012-02-09 21:58 35000 ----a-w- c:\windows\system32\mxntdfg.exe 2012-12-05 19:25 . 2012-12-05 19:25 -------- d-----w- c:\users\RAM DELL 8300\AppData\Roaming\Catalina Marketing Corp 2012-12-05 19:25 . 2012-12-05 19:24 489712 ----a-w- c:\users\RAM DELL 8300\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe 2012-12-02 19:41 . 2012-11-20 06:17 262112 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll 2012-12-02 15:51 . 2012-12-02 15:51 -------- d-----w- c:\programdata\xml_param 2012-12-02 15:45 . 2012-12-02 15:45 -------- d-----w- c:\users\RAM DELL 8300\AppData\Roaming\Wondershare Video Converter Ultimate 2012-12-02 15:43 . 2012-12-02 15:43 -------- d-----w- c:\users\RAM DELL 8300\AppData\Local\Wondershare 2012-12-02 15:43 . 2012-12-02 15:43 -------- d-----w- c:\program files\Common Files\Wondershare 2012-12-02 15:42 . 2012-09-21 18:25 727952 ----a-w- c:\windows\SysWow64\WSCM64.dll 2012-12-02 15:42 . 2012-09-21 18:25 159120 ----a-w- c:\windows\SysWow64\WSCM32.dll 2012-12-02 15:42 . 2012-12-07 16:50 -------- d-----w- c:\programdata\Wondershare Video Converter Ultimate 2012-12-02 15:42 . 2012-12-02 15:42 -------- d-----w- c:\program files (x86)\Wondershare 2012-12-01 21:07 . 2012-12-01 21:07 -------- d-----w- c:\users\RAM DELL 8300\AppData\Roaming\Sony Corporation 2012-12-01 21:07 . 2012-12-02 02:10 -------- d-----w- c:\programdata\Sony Corporation . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-16 07:26 . 2012-03-31 21:32 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-16 07:26 . 2011-10-26 17:13 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-15 00:49 . 2011-12-27 18:31 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-12 04:16 . 2011-12-27 12:57 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-09 20:09 . 2012-11-24 07:21 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-12-07 07:58 . 2012-11-24 05:38 57144 ----a-w- c:\windows\system32\iolobtdfg.exe 2012-12-07 07:57 . 2012-11-24 05:38 25744 ----a-w- c:\windows\system32\smrgdf.exe 2012-12-07 07:42 . 2012-11-30 13:45 2155248 ----a-w- c:\windows\system32\Incinerator64.dll 2012-12-07 07:42 . 2012-11-24 05:38 2097032 ----a-w- c:\windows\SysWow64\Incinerator32.dll 2012-11-29 01:51 . 2012-11-29 01:51 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2012-11-29 01:51 . 2012-11-29 01:51 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-11-29 01:51 . 2012-11-29 01:51 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-11-29 01:51 . 2012-11-29 01:51 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-11-24 05:21 . 2012-11-24 05:21 74703 ----a-w- c:\windows\SysWow64\mfc45.dat 2012-11-21 15:03 . 2012-11-21 15:03 53248 ----a-r- c:\users\RAM DELL 8300\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-11-06 16:52 . 2012-05-20 23:37 35240 ----a-w- c:\windows\system32\LMIport.dll 2012-11-06 16:52 . 2012-05-20 23:37 88008 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2012-11-06 16:52 . 2012-05-20 23:37 83880 ----a-w- c:\windows\system32\LMIinit.dll 2012-11-02 16:52 . 2012-11-02 16:52 191984 ----a-w- c:\windows\system32\javaws.exe 2012-11-02 16:52 . 2012-11-02 16:52 172528 ----a-w- c:\windows\system32\javaw.exe 2012-11-02 16:52 . 2012-11-02 16:52 172528 ----a-w- c:\windows\system32\java.exe 2012-11-02 16:52 . 2012-07-01 19:09 544240 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-11-02 16:52 . 2011-10-26 17:23 525808 ----a-w- c:\windows\system32\deployJava1.dll 2012-11-02 16:49 . 2012-11-02 16:49 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-02 16:49 . 2012-09-06 13:16 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-11-02 16:49 . 2012-07-01 19:07 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-11-01 17:59 . 2012-11-24 05:38 82160 ----a-w- c:\windows\system32\drivers\PDFsFilter.sys 2012-11-01 17:59 . 2012-11-24 05:38 69000 ----a-w- c:\windows\system32\offreg.dll 2012-11-01 17:59 . 2012-11-24 05:38 56200 ----a-w- c:\windows\SysWow64\offreg.dll 2012-10-31 01:49 . 2012-11-21 15:11 142656 ----a-w- c:\windows\system32\SSCbFsNetRdr3.dll 2012-10-31 01:49 . 2012-11-21 15:11 224576 ----a-w- c:\windows\SysWow64\SSCbFsNetRdr3.dll 2012-10-31 01:49 . 2012-11-21 15:11 191808 ----a-w- c:\windows\system32\SSCbFsMntNtf3.dll 2012-10-31 01:49 . 2012-11-21 15:11 159040 ----a-w- c:\windows\SysWow64\SSCbFsMntNtf3.dll 2012-10-31 01:48 . 2012-11-21 15:10 347456 ----a-w- c:\windows\system32\drivers\sscbfs3.sys 2012-10-25 11:12 . 2012-10-25 11:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 11:12 . 2012-10-25 11:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-22 21:02 . 2012-10-22 21:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2012-10-17 09:31 . 2012-11-02 16:05 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EB372B61-565A-4B97-9C02-F5CE650F421C}\mpengine.dll 2012-10-16 08:38 . 2012-11-27 23:37 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-27 23:37 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-27 23:37 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-15 11:48 . 2012-10-15 11:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2012-10-09 18:17 . 2012-11-16 06:19 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 18:17 . 2012-11-16 06:19 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-16 06:19 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-16 06:19 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-10-05 11:32 . 2012-10-05 11:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys 2012-10-04 16:40 . 2012-12-12 03:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-10-03 17:56 . 2012-11-16 06:19 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-03 17:44 . 2012-11-16 06:19 70656 ----a-w- c:\windows\system32\nlaapi.dll 2012-10-03 17:44 . 2012-11-16 06:19 303104 ----a-w- c:\windows\system32\nlasvc.dll 2012-10-03 17:44 . 2012-11-16 06:19 246272 ----a-w- c:\windows\system32\netcorehc.dll 2012-10-03 17:44 . 2012-11-16 06:19 18944 ----a-w- c:\windows\system32\netevent.dll 2012-10-03 17:44 . 2012-11-16 06:19 216576 ----a-w- c:\windows\system32\ncsi.dll 2012-10-03 17:42 . 2012-11-16 06:19 569344 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-10-03 16:42 . 2012-11-16 06:19 18944 ----a-w- c:\windows\SysWow64\netevent.dll 2012-10-03 16:42 . 2012-11-16 06:19 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll 2012-10-03 16:42 . 2012-11-16 06:19 156672 ----a-w- c:\windows\SysWow64\ncsi.dll 2012-10-03 16:07 . 2012-11-16 06:19 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2012-10-02 11:30 . 2012-10-02 11:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-11-29 07:20 222712 ----a-w- c:\users\RAM DELL 8300\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-11-29 07:20 222712 ----a-w- c:\users\RAM DELL 8300\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-11-29 07:20 222712 ----a-w- c:\users\RAM DELL 8300\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay] @="{69925D1B-6A0F-4413-861A-81AB98039DB9}" [HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}] 2012-10-31 01:49 159040 ----a-w- c:\windows\SysWOW64\SSCbFsMntNtf3.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SugarSync"="c:\program files (x86)\SugarSync\SugarSync.exe" [2012-12-21 12179144] "SkyDrive"="c:\users\RAM DELL 8300\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-11-29 255992] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-11-28 739936] "IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160] "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528] "BrowserPlugInHelper"="c:\program files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe" [2012-09-28 410472] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800] "WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2012-09-20 5236664] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Conversion to PDF with ScanSnap Organizer.lnk - c:\program files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2012-11-26 15360] ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2011-12-29 1097728] Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-13 291896] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled CardMinder Viewer.lnk - c:\program files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe [2011-12-29 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\SysWOW64\SSCbFsMntNtf3.dll" [2012-10-31 159040] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "EldosMountNotificator"= {C28617FD-4FE7-4043-AD51-C8132CE90106} - c:\windows\SysWOW64\SSCbFsMntNtf3.dll [2012-10-31 159040] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-09-20 1157056] R3 cpuz135;cpuz135;c:\users\RAMDEL~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976] R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-12-14 25072] R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2012-09-20 31152] R3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [2010-08-31 10752] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-27 1255736] R4 .AVQWindowsMonitorService;Fix-It Utilities Process Monitor;c:\program files (x86)\Avanquest\Fix-It\AVQWinMonEngine.exe [2012-09-18 311032] R4 ABBYY.Licensing.PDFTransformer.Classic.3.0;ABBYY PDF Transformer 3.0 Licensing Service;c:\program files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2009-04-27 759048] R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616] R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-06 375728] R4 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] R4 PxHlpa64;PxHlpa64;c:\windows\system32\Drivers\PxHlpa64.sys [2010-03-19 55856] R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000] R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944] R4 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2011-01-15 286504] R4 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\Drivers\SWIPsec.sys [2011-01-15 100128] R4 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\DRIVERS\swvnic.sys [2010-01-23 24600] R4 WDRulesService;WD Rules;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-09-20 1177536] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2012-07-26 30752] S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-03-22 49752] S2 AQFileRestoreSrv;AQFileRestoreSrv;c:\program files (x86)\Avanquest\Fix-It\AQFileRestoreSrv.exe [2012-09-18 81328] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336] S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-12-07 1053184] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-04-02 15928] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344] S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [2012-11-01 82160] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-11-28 479840] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360] S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-09-20 248248] S3 AQFileRestore;AQFileRestore;c:\windows\system32\DRIVERS\AQFileRestore.sys [2012-06-08 21120] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896] S3 cpuz134;cpuz134;c:\users\RAMDEL~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-06-08 406056] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2012-09-18 78648] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2012-09-18 15160] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976] S3 SSCBFS3;SugarSync CallBack File System driver v3;c:\windows\system32\DRIVERS\sscbfs3.sys [2012-10-31 347456] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-07 14464] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - CPUZ134 . Contents of the 'Scheduled Tasks' folder . 2012-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 07:26] . 2012-12-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09] . 2012-12-30 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-11-29 07:20 261624 ----a-w- c:\users\RAM DELL 8300\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-11-29 07:20 261624 ----a-w- c:\users\RAM DELL 8300\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-11-29 07:20 261624 ----a-w- c:\users\RAM DELL 8300\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay] @="{69925D1B-6A0F-4413-861A-81AB98039DB9}" [HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}] 2012-10-31 01:49 191808 ----a-w- c:\windows\System32\SSCbFsMntNtf3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp] @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}] 2012-12-21 01:25 1839816 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending] @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}] 2012-12-21 01:25 1839816 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared] @="{1574C9EF-7D58-488F-B358-8B78C1538F51}" [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}] 2012-12-21 01:25 1839816 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncSharedPending] @="{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}" [HKEY_CLASSES_ROOT\CLSID\{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}] 2012-12-21 01:25 1839816 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] "RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920] "RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504] "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-04-02 57928] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-21 1832760] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 2419512] "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816] "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 2114376] "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-12-27 5712896] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\system32\SSCbFsMntNtf3.dll" [2012-10-31 191808] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/advanced_search?hl=en uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = Trusted Zone: advisor.com Trusted Zone: iknowmed.com Trusted Zone: usoncology.com TCP: DhcpNameServer = 192.168.1.254 DPF: {319B9BA1-E335-4F8D-96CA-A89A1DFE778D} - hxxps://ikm07.usoncology.com/downloads/ikmSoundPlayer.cab DPF: {9A0F2B30-FEFF-42C8-9C56-F4FE3215C00C} - hxxps://ikm07.usoncology.com/downloads/ikmPrinter.cab DPF: {BB609657-8E59-4175-9E74-86BD28208880} - hxxps://ikm07.usoncology.com/downloads/ieWrapper.cab FF - ProfilePath - c:\users\RAM DELL 8300\AppData\Roaming\Mozilla\Firefox\Profiles\r22rk5lc.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en FF - ExtSQL: 2012-11-02 09:50; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF - ExtSQL: 2012-11-21 07:02; {F003DA68-8256-4b37-A6C4-350FA04494DF}; c:\program files\Logitech\SetPointP\LogiSmoothFirefoxExt FF - ExtSQL: 2012-12-02 07:42; {8D150B8F-EFE8-45a3-A4A3-053020F48FAC}; c:\program files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-Wondershare Helper Compact.exe - c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe Wow6432Node-HKU-Default-RunOnce-Fix-ItInstaller - c:\program files (x86)\Avanquest\Temp\FI_PRO_14.0.32.33_ENU.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) SSODL-EldosMountNotificator REG_SZ {C28617FD-4FE7-4043-AD51-C8132CE90106}- - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-12-30 06:57:05 ComboFix-quarantined-files.txt 2012-12-30 14:57 . Pre-Run: 1,225,917,415,424 bytes free Post-Run: 1,225,796,616,192 bytes free . - - End Of File - - 815D0A209C2BFE36F19FFBAC4C4E7586 Malwarebytes Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2012.12.30.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 RAM DELL 8300 :: RAMDELL8300-PC [administrator] Protection: Enabled 12/30/2012 7:13:25 PM mbam-log-2012-12-30 (19-13-25).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 700970 Time elapsed: 59 minute(s), 44 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Newbie111

I'm confused Dark Night. I posted combofix.txt and was unable to run mbar. I posted the screen shots showing what I was able to open but not run mbr. Is there any other log that I need to post. I'll post the log of my malwarebytes scan in case that is what you want. mbam-log-2012-12-30 (19-13-25).txt

My computer is running fine except for the need to hit Control-Alt-Delete when I restart and my icons don't respond or as noted above with mbar.exe. Also, my restart is very slow. Newbie111

Sorry for my problems in attaching files. Here's the Screen Shots. Newbie111 Malwarebytes mbar.pdf

Thanks for coming to help me out Dark Night. I've downloaded and run Combofix. See attached txt. I've downloaded Malwarebytes Mbar but am unable to run it. It unzips, opens up (as run administer) to Update Database but I'm unable to click on Update. I'm able to click Next and get to the Scan System screen but I'm unable to click on Scan. I've got to use Control-Alt-Delete to close the program. See attached screen shots. Newbie111 ComboFix.txt

Thanks for coming to help me out Dark Night. I've downloaded and run Combofix. See attached txt. I've downloaded Malwarebytes Mbar but am unable to run it. It unzips, opens up (as run administer) to Update Database but I'm unable to click on Update. I'm able to click Next and get to the Scan System screen but I'm unable to click on Scan. I've got to use Control-Alt-Delete to close the program. See attached screen shots. Newbie111

I previously had a virus and you helped remove it. I'm now running Malwarebytes Pro. I have a new problem now. When I restart my computer, when the desktop appears and I click on an icon nothing happens. This happens on the toolbar also. I open task manager and then I'm able to click on End Task, and although the no applications are shown as running and I go back to the desktop and I'm able to open my icons. I've run Malwarebytes and AVG. No viruses are found. I've tried to run older system restore points, the most recent have been successful but older restore points don't restore successfully. I'm running System 7 Home Premium, 64 bit OS. So how do I correct this problem? If it's not a virus what do I do next? Newbie111 Addendum: I just restarted my computer and after restart when icons weren't active I hit Control-Alt-Delete. The menu with Task Manager opened up. This time before I opened Task Manager I went back to the desk top and my icons were now functional. Why does Control-Alt-Delete allow the functions to now work? dds.txt attach.txt

I previously had a virus and you helped remove it. I'm now running Malwarebytes Pro. I have a new problem now. When I restart my computer, when the desktop appears and I click on an icon nothing happens. This happens on the toolbar also. I open task manager and then I'm able to click on End Task, and although the no applications are shown as running and I go back to the desktop and I'm able to open my icons. I've run Malwarebytes and AVG. No viruses are found. I've tried to run older system restore points, the most recent have been successful but older restore points don't restore successfully. I'm running System 7 Home Premium, 64 bit OS. So how do I correct this problem? If it's not a virus what do I do next? Newbie111

Thanks McC Following these and Bleeping Computers directions multiple threats were removed and the computer is working well now. I'm analyzing weaknesses on my other computers. newbie111

I had an infection on another computer recently and now I just got infected with a new virus, Win 7 Home Security 2012. It stopped me from running Malwarebytes and Avast didn't find the threat. I restarted in Safe Mode and ran Malwarebytes from a Flash Drive. It found 7 threats Trojan.Exe Shell.Gen Hyjack.Exe Shell.Gen Hijack.StartMenuInternet Do I Remove Selected? Or do something else/ Every once in a while the virus reruns and I try to stop it with Task Manager. Thanks

Last night I became infected with Vista Antivirus 2011. I'm running Malwarebytes, Avast and AdAware. While surfing the Internet Vista Antivirus 2011 pops up and takes control of my computer. I immediately ran a quick scan of Malwarebytes and it said no threats. Then all my programs closed and I couldn't open up Malwarebytes, IE8 or Mozilla Firefox. I searched the Malwarebytes forum from a different computer and found information on Vista Antivirus 2011. I couldn't figure out how to post a new topic last night so I went to sleep. This morning I wake up and the computer screen now shows no evidence of Vista Antivirus 2011. Task Manager showed Vista Antivirus 2011 isn't running and I'm able to open up Malwarebytes, IE8 and Mozilla Firefox. What happened overnight