Jump to content

kathygry

Honorary Members
 View Profile  See their activity

  • Posts

    23

  • Joined

  • Last visited

Reputation

0 Neutral
  1. kathygry
    Thank you so, so much for all your help. We will be upgrading to the pro version for all the computers and implement the changes you've suggested that we are not currently doing. Have a wonderful day )
  2. kathygry
    Okay, I rebooted just fine. The browsers all seem to be okay.
  3. kathygry
    When I try to copy/paste from the A2 computer, I get an error message "Illegal operation attempted on a registry key that has been marked for deletion." I get that message when I try to open Chrome, IE or Firefox. I was able to save it to a flashdrive and get it to you from K1's computer. ComboFix 12-06-14.01 - Owner 06/15/2012 18:09:22.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3874.2411 [GMT -5:00] Running from: c:\users\Owner\Desktop\ComboFix.exe AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401} SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\data c:\data\com.mufumbo.craigslist.notification.android\tmp\webcache\ApplicationCache.db c:\program files (x86)\Mozilla Maintenance Service c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe c:\program files (x86)\Mozilla Maintenance Service\Uninstall.exe c:\program files (x86)\Mozilla Maintenance Service\updater.ini c:\users\Owner\AppData\Roaming\Microsoft\~DFK2a997.tmp c:\users\Owner\AppData\Roaming\Microsoft\1eaadjc.dll c:\users\Owner\AppData\Roaming\Microsoft\bass.dll c:\users\Owner\AppData\Roaming\Microsoft\engine_vx.dll c:\users\Owner\AppData\Roaming\Microsoft\kfgresk.dll c:\users\Owner\AppData\Roaming\Microsoft\mjcriu.dll c:\users\Owner\AppData\Roaming\Microsoft\peaadje.dll c:\users\Owner\AppData\Roaming\Microsoft\qwadjb.dll c:\users\Owner\AppData\Roaming\Microsoft\rsaadjd.dll c:\users\Owner\Documents\~WRL2386.tmp . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_MozillaMaintenance -------\Service_MozillaMaintenance . . ((((((((((((((((((((((((( Files Created from 2012-05-16 to 2012-06-16 ))))))))))))))))))))))))))))))) . . 2012-06-16 00:17 . 2012-06-16 00:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-15 14:46 . 2012-05-15 06:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{35F66965-32DA-4857-8E7F-AC0BDDDE9E2D}\mpengine.dll 2012-06-15 14:39 . 2012-02-23 15:18 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-06-15 02:17 . 2012-06-15 02:17 -------- d-----w- c:\users\Owner\AppData\Local\Mozilla 2012-06-14 15:43 . 2012-06-14 15:43 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes 2012-06-14 15:43 . 2012-06-14 15:43 -------- d-----w- c:\programdata\Malwarebytes 2012-06-14 15:43 . 2012-06-15 00:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-14 15:43 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-12 17:53 . 2012-06-12 17:53 -------- d-----w- c:\users\Owner\AppData\Local\ElevatedDiagnostics 2012-06-10 16:31 . 2012-06-10 16:31 -------- d-----w- c:\users\amyvest 2012-06-10 01:32 . 2012-06-10 01:32 -------- d-----w- C:\aws 2012-06-06 01:18 . 2012-06-06 01:18 225280 ----atw- c:\users\Owner\AppData\Roaming\Microsoft\AdjMmsVista.dll 2012-05-29 20:25 . 2012-06-15 14:21 -------- d-----w- c:\users\Owner\.gstreamer-0.10 2012-05-29 20:25 . 2012-06-15 22:06 -------- d-----w- c:\users\Owner\AppData\Roaming\ZumoCast 2012-05-29 20:24 . 2012-05-29 20:24 -------- d-----w- c:\program files (x86)\Zecter 2012-05-29 20:23 . 2012-05-29 20:23 -------- d-----w- C:\New folder 2012-05-29 17:00 . 2012-05-29 17:00 411368 ----a-w- c:\windows\SysWow64\deploytk.dll 2012-05-29 17:00 . 2012-05-29 17:00 -------- d-----w- c:\program files (x86)\Java 2012-05-28 20:01 . 2012-05-28 20:01 -------- d-----w- C:\Playlists 2012-05-28 20:01 . 2012-05-28 20:01 -------- d-----w- C:\Albums 2012-05-28 19:43 . 2012-05-28 19:43 -------- d-----w- C:\.tempPath 2012-05-28 00:54 . 2012-05-28 00:54 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-05-27 15:01 . 2012-05-29 22:36 -------- d-----w- C:\Messaging 2012-05-27 01:52 . 2012-05-29 22:25 -------- d-----w- C:\.android_secure 2012-05-25 13:23 . 2012-05-29 22:25 -------- d-----w- C:\videos 2012-05-23 16:17 . 2012-05-29 22:26 -------- d-----w- C:\.motorolagalleryonlinecache . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-16 01:35 . 2012-01-01 22:47 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-06-08 01:45 . 2012-01-02 17:36 148664 ----a-w- c:\windows\SysWow64\WRusr.dll 2012-06-08 01:45 . 2012-01-02 17:36 112656 ----a-w- c:\windows\system32\drivers\WRkrn.sys 2012-06-08 01:45 . 2012-01-02 17:36 101808 ----a-w- c:\windows\system32\WRusr.dll 2012-05-06 02:25 . 2012-04-23 16:07 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-06 02:25 . 2012-01-16 22:15 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-06 02:24 . 2012-05-06 02:24 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-16 13:08 . 2012-04-16 13:08 18944 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe 2012-03-31 06:05 . 2012-05-13 00:50 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-31 04:39 . 2012-05-13 00:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-31 04:39 . 2012-05-13 00:50 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-31 03:10 . 2012-05-13 00:50 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-03-30 11:35 . 2012-05-13 00:38 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C585D593-E7F3-4852-A200-561686EE02E4}] 2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-01-04 6497592] "ZumoCast"="c:\program files (x86)\Zecter\ZumoCast\ZumoLauncher.lnk" [2012-05-29 1974] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992] "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032] "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472] "SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-06-08 684240] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2012-05-29 149280] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-1 548528] FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-10-15 12862] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-23 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-23 136176] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [x] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-05-30 3048136] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x] S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280] S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2012-06-08 684240] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 02:25] . 2012-06-16 c:\windows\Tasks\Final Media Player Update Checker.job - c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2012-04-16 19:24] . 2012-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-23 01:39] . 2012-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-23 01:39] . 2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1055315187-1178725972-164923703-1000Core.job - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-30 01:44] . 2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1055315187-1178725972-164923703-1000UA.job - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-30 01:44] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024] "combofix"="c:\combofix\CF351.3XE" [2010-11-20 345088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.yahoo.com/?ilc=8 mStart Page = hxxp://www.yahoo.com/?ilc=8 mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 66.90.132.162 66.90.130.101 FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ig0j8csb.default\ . . ------- File Associations ------- . inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %* txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{9427041a-a8dc-4d06-9a68-93873486e957} - (no file) Toolbar-Locked - (no file) Toolbar-10 - (no file) Toolbar-Locked - (no file) Toolbar-10 - (no file) WebBrowser-{9427041A-A8DC-4D06-9A68-93873486E957} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe AddRemove-MozillaMaintenanceService - c:\program files (x86)\Mozilla Maintenance Service\uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe . ************************************************************************** . Completion time: 2012-06-15 20:39:56 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-16 01:39 . Pre-Run: 154,032,975,872 bytes free Post-Run: 153,636,458,496 bytes free . - - End Of File - - 9244C9227967C2F19676972700F1019B . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe . ************************************************************************** . Completion time: 2012-06-15 20:39:56 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-16 01:39 . Pre-Run: 154,032,975,872 bytes free Post-Run: 153,636,458,496 bytes free . - - End Of File - - 9244C9227967C2F19676972700F1019B
  4. kathygry
    Okay, problem! I was able to download Combofix and install on Desk 3. When I went to disable the Webroot Antivirus, I wasn't able to tell if I had been successful. It asked for that anti scam numerics/alpha characters. After I put those in, there was no error message, so I proceeded to run the Combofix. The program took a LONG time to complete. AT least 2.5 hours, from start to log. When I went to copy the log and download to this forum, it said that the browser was marked for deletion. All three that I normally use, IE, Firefox and Chrome, said the same thing. I stopped when the error message popped up. I tried to copy the log to a flash drive and copy the information through the K1 computer and I wasn't successful. So, I don't know how to get the information to you, so you can let me know what's going on. Since I don't want to make things any worse, I've come to a stopping point. I'm going to close the A2 computer and not do anything more with it until I hear from you. I hope this post has explained the situation clearly.
  5. kathygry
    I knew having more than one anti virus program is bad, but was unaware there was more than one installed. This is my daughter's computer. I removed one. Computer running slow. Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.14.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Owner :: OWNER-PC [administrator] Protection: Enabled 6/15/2012 9:27:37 AM mbam-log-2012-06-15 (09-27-37).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 223874 Time elapsed: 3 minute(s), 19 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 4 HKCR\Interface\{66666666-6666-6666-6666-660066226658} (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  6. kathygry
    Computer seems to be running great! It's not slow and that "Mywebseach" is gone. ComboFix 12-06-13.05 - Robert 06/13/2012 23:24:44.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1139 [GMT -5:00] Running from: c:\users\Robert\Desktop\ComboFix.exe Command switches used :: c:\users\Robert\Desktop\CFScript.txt AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-05-14 to 2012-06-14 ))))))))))))))))))))))))))))))) . . 2012-06-14 04:30 . 2012-06-14 04:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-13 18:38 . 2012-06-13 18:38 -------- d-----w- c:\users\Robert\AppData\Roaming\HPAppData 2012-06-13 15:29 . 2012-06-13 15:29 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\CrashDumps 2012-06-12 17:45 . 2012-06-12 17:45 -------- d-----w- c:\users\Robert\AppData\Roaming\Malwarebytes 2012-06-12 17:45 . 2012-06-12 17:45 -------- d-----w- c:\programdata\Malwarebytes 2012-06-12 17:45 . 2012-06-12 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-12 17:45 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-09 16:25 . 2012-06-09 16:26 -------- d-----w- c:\users\kgav 2012-06-08 20:01 . 2012-06-08 20:01 -------- dc-h--w- c:\programdata\{534D3919-DB8B-4E09-99D4-DD45918CCE66} 2012-06-08 19:58 . 2004-11-13 01:29 939368 ----a-w- c:\windows\system32\flash.ocx 2012-06-04 16:44 . 2012-06-04 16:44 -------- d-----w- c:\users\Robert\AppData\Local\CrashDumps 2012-06-04 16:41 . 2012-06-04 16:41 -------- d-----w- c:\windows\system32\Adobe 2012-06-04 02:09 . 2012-06-09 00:36 -------- d-----w- c:\windows\system32\drivers\NIS\1307010.005 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-14 04:32 . 2011-12-05 02:29 12984 ----a-w- c:\windows\system32\drivers\SWDUMon.sys 2012-06-04 02:11 . 2009-01-27 21:31 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-05-26 18:04 . 2009-08-18 16:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll 2012-05-26 18:04 . 2009-08-18 16:24 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-04-03 08:16 . 2012-05-11 23:10 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-03 08:16 . 2012-05-11 23:10 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-02 13:36 . 2012-05-11 23:10 2044928 ----a-w- c:\windows\system32\win32k.sys 2012-03-30 12:39 . 2012-05-11 23:10 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-03-20 23:28 . 2012-05-11 23:10 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-12 39408] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2000-01-01 233472] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux3"=wdmaud.drv . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2009-04-29 21:38 188728 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler] 2008-06-16 13:03 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2011-05-10 07:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor] 2009-08-05 16:27 1644088 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon] 2007-08-22 21:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] 2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] 2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] 2008-08-14 22:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2008-08-14 22:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2008-05-28 02:58 4269296 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager] 2009-02-03 18:05 233304 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-05-22 19:49 13539872 ----a-w- c:\windows\System32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-05-22 19:49 92704 ----a-w- c:\windows\System32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] 2008-05-22 19:49 526880 ----a-w- c:\windows\System32\nvsvc.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro] 2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-02-01 05:13 385024 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2008-01-15 16:26 4874240 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection] 2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 05:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-07-29 17:31 17361032 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SQ931STI] 2007-01-24 19:24 151552 ----a-w- c:\windows\SQ931STI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg] 2007-04-07 09:56 54936 ----a-w- c:\windows\System32\jureg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-06-12 22:14 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2009-06-03 12:46 251240 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter] 2009-04-11 05:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection] 2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "FirewallOverride"=dword:00000001 . S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPService REG_MULTI_SZ HPSLPSVC . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2011-08-07 21:24 114176 ----a-w- c:\windows\System32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2012-06-14 c:\windows\Tasks\DriverUpdate Startup.job - c:\program files\DriverUpdate\DriverUpdate.exe [2011-09-07 17:33] . 2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-12 23:19] . 2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-12 23:19] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 Trusted Zone: intuit.com\ttlc Trusted Zone: turbotax.com TCP: DhcpNameServer = 66.90.132.162 66.90.130.101 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-13 23:32 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(10660) c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\rundll32.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\windows\system32\atashost.exe c:\program files\Microsoft\BingBar\SeaPort.EXE c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe c:\windows\system32\java.exe c:\program files\TomTom HOME 2\TomTomHOMEService.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\DRIVERS\xaudio.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\system32\WUDFHost.exe c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\system32\DllHost.exe c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\conime.exe c:\windows\ehome\ehmsas.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe . ************************************************************************** . Completion time: 2012-06-13 23:38:21 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-14 04:38 ComboFix2.txt 2012-06-13 17:52 ComboFix3.txt 2012-06-13 15:01 . Pre-Run: 246,044,762,112 bytes free Post-Run: 246,309,527,552 bytes free . - - End Of File - - ECF8DD63C654484947EB538EDEF9C6E5
  7. kathygry
    I'm going to be out of the house until later this evening. I will do this when I return and have it ready for you tomorrow morning. Thank you for all your help so far!
  8. kathygry
    Is Mywebsearch malware?
  9. kathygry
    No
  10. kathygry
    ComboFix 12-06-13.04 - Robert 06/13/2012 12:43:00.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1723 [GMT -5:00] Running from: c:\users\Robert\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\jucheck.exe c:\windows\system32\jusched.exe c:\windows\system32\uninstall.exe . . ((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 ))))))))))))))))))))))))))))))) . . 2012-06-13 17:50 . 2012-06-13 17:50 -------- d-----w- c:\users\Robert\AppData\Local\temp 2012-06-13 17:50 . 2012-06-13 17:50 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2012-06-13 17:50 . 2012-06-13 17:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-13 17:34 . 2012-06-13 17:34 -------- d-----w- c:\users\Robert\AppData\Roaming\HPAppData 2012-06-13 15:29 . 2012-06-13 15:29 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\CrashDumps 2012-06-12 17:45 . 2012-06-12 17:45 -------- d-----w- c:\users\Robert\AppData\Roaming\Malwarebytes 2012-06-12 17:45 . 2012-06-12 17:45 -------- d-----w- c:\programdata\Malwarebytes 2012-06-12 17:45 . 2012-06-12 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-12 17:45 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-09 16:25 . 2012-06-09 16:26 -------- d-----w- c:\users\kgav 2012-06-08 20:01 . 2012-06-08 20:01 -------- dc-h--w- c:\programdata\{534D3919-DB8B-4E09-99D4-DD45918CCE66} 2012-06-08 19:58 . 2004-11-13 01:29 939368 ----a-w- c:\windows\system32\flash.ocx 2012-06-04 16:44 . 2012-06-04 16:44 -------- d-----w- c:\users\Robert\AppData\Local\CrashDumps 2012-06-04 16:41 . 2012-06-04 16:41 -------- d-----w- c:\windows\system32\Adobe 2012-06-04 02:09 . 2012-06-09 00:36 -------- d-----w- c:\windows\system32\drivers\NIS\1307010.005 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-13 17:32 . 2011-12-05 02:29 12984 ----a-w- c:\windows\system32\drivers\SWDUMon.sys 2012-06-04 02:11 . 2009-01-27 21:31 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-05-26 18:04 . 2009-08-18 16:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll 2012-05-26 18:04 . 2009-08-18 16:24 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-04-03 08:16 . 2012-05-11 23:10 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-03 08:16 . 2012-05-11 23:10 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-02 13:36 . 2012-05-11 23:10 2044928 ----a-w- c:\windows\system32\win32k.sys 2012-03-30 12:39 . 2012-05-11 23:10 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-03-20 23:28 . 2012-05-11 23:10 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{2558d83c-097c-4cf1-9163-ce5ecc36ace2}"= "c:\program files\MapQuest Toolbar\mapquesttb.dll" [2009-03-11 1291560] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn5\YTNavAssist.dll" [2011-03-16 214840] "{f897eb0e-a3a4-46c3-80eb-2729699d8892}"= "c:\program files\SmileBox_EN\prxtbSmi0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{2558d83c-097c-4cf1-9163-ce5ecc36ace2}] [HKEY_CLASSES_ROOT\mapquestTb.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{e3a72ce3-87ab-41bc-a506-d0c507d265f3}] [HKEY_CLASSES_ROOT\mapquestTb.AOLTBSearch] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}] [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin] . [HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F}] 2011-10-26 16:27 3974040 ----a-w- c:\program files\ShopAtHome\tbcore3U.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bd3fd433-147a-482e-a192-614f26e2310c}] 2009-03-11 19:39 1291560 ----a-w- c:\program files\MapQuest Toolbar\mapquesttb.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f897eb0e-a3a4-46c3-80eb-2729699d8892}] 2011-05-09 09:49 176936 ----a-w- c:\program files\SmileBox_EN\prxtbSmi0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{9302e698-7e00-43ab-b867-c6e759bc2ada}"= "c:\program files\MapQuest Toolbar\mapquesttb.dll" [2009-03-11 1291560] "{311B58DC-A4DC-4B04-B1B5-60299AD3D803}"= "c:\program files\ShopAtHome\tbcore3U.dll" [2011-10-26 3974040] "{f897eb0e-a3a4-46c3-80eb-2729699d8892}"= "c:\program files\SmileBox_EN\prxtbSmi0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{9302e698-7e00-43ab-b867-c6e759bc2ada}] [HKEY_CLASSES_ROOT\mapquestTb.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{e3a72ce3-87ab-41bc-a506-d0c507d265f3}] [HKEY_CLASSES_ROOT\mapquestTb.AOLToolBand] . [HKEY_CLASSES_ROOT\clsid\{311b58dc-a4dc-4b04-b1b5-60299ad3d803}] [HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome.3] [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] [HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome] . [HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{9302E698-7E00-43AB-B867-C6E759BC2ADA}"= "c:\program files\MapQuest Toolbar\mapquesttb.dll" [2009-03-11 1291560] "{311B58DC-A4DC-4B04-B1B5-60299AD3D803}"= "c:\program files\ShopAtHome\tbcore3U.dll" [2011-10-26 3974040] "{F897EB0E-A3A4-46C3-80EB-2729699D8892}"= "c:\program files\SmileBox_EN\prxtbSmi0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{9302e698-7e00-43ab-b867-c6e759bc2ada}] [HKEY_CLASSES_ROOT\mapquestTb.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{e3a72ce3-87ab-41bc-a506-d0c507d265f3}] [HKEY_CLASSES_ROOT\mapquestTb.AOLToolBand] . [HKEY_CLASSES_ROOT\clsid\{311b58dc-a4dc-4b04-b1b5-60299ad3d803}] [HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome.3] [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] [HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome] . [HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-12 39408] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2000-01-01 233472] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2011-8-7 66864] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux3"=wdmaud.drv . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2009-04-29 21:38 188728 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler] 2008-06-16 13:03 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2011-05-10 07:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor] 2009-08-05 16:27 1644088 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon] 2007-08-22 21:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] 2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] 2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] 2008-08-14 22:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2008-08-14 22:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2008-05-28 02:58 4269296 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager] 2009-02-03 18:05 233304 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-05-22 19:49 13539872 ----a-w- c:\windows\System32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-05-22 19:49 92704 ----a-w- c:\windows\System32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] 2008-05-22 19:49 526880 ----a-w- c:\windows\System32\nvsvc.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro] 2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-02-01 05:13 385024 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2008-01-15 16:26 4874240 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection] 2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 05:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-07-29 17:31 17361032 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SQ931STI] 2007-01-24 19:24 151552 ----a-w- c:\windows\SQ931STI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg] 2007-04-07 09:56 54936 ----a-w- c:\windows\System32\jureg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-06-12 22:14 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2009-06-03 12:46 251240 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter] 2009-04-11 05:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection] 2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPService REG_MULTI_SZ HPSLPSVC . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2011-08-07 21:24 114176 ----a-w- c:\windows\System32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2012-06-13 c:\windows\Tasks\DriverUpdate Startup.job - c:\program files\DriverUpdate\DriverUpdate.exe [2011-09-07 17:33] . 2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-12 23:19] . 2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-12 23:19] . . ------- Supplementary Scan ------- . uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZUchr999&ptb=Ktxn7stKj9Bn04iWVwyasw&si=$ù mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 Trusted Zone: intuit.com\ttlc Trusted Zone: turbotax.com TCP: DhcpNameServer = 66.90.132.162 66.90.130.101 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll . - - - - ORPHANS REMOVED - - - - . AddRemove-SLABCOMM - c:\windows\system32\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-13 12:50 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2012-06-13 12:52:13 ComboFix-quarantined-files.txt 2012-06-13 17:52 ComboFix2.txt 2012-06-13 15:01 . Pre-Run: 249,109,999,616 bytes free Post-Run: 249,066,881,024 bytes free . - - End Of File - - 355BF37BD388E541E17AA6F965B4B8B3
  11. kathygry
    I'm running a full scan on Desk 3. When I restarted after Combofix, I noticed that "Mywebsearch" is back. When that is done, I'll send the abbreviated Combofix log. There are a 2 viruses, so far that have been detected.
  12. kathygry
    It says the post is too long. What can I delete from the log, after copy/paste?
  13. kathygry
    I could not disable the Norton Antispyware. I didn't run the Combofix because of this. I was able to disable the anti virus. I followed the instructions in your email and still couldn't get to the antispyware. Help??
  14. kathygry
    Okay, I ran another scan. Results below. I didn't tick the boxes, so nothing was removed. When I was rebooting, the computer graphics were similiar to puzzle pieces? It's the best way I can describe it. It appears to be okay now. Run time is great. Once again, I haven't taken any more action. I didn't know if you wanted to look at the log first. Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.12.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Robert :: AMY-PC [administrator] 6/12/2012 6:54:05 PM mbam-log-2012-06-12 (18-54-05).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 235727 Time elapsed: 4 minute(s), 12 second(s) Memory Processes Detected: 1 C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (PUP.MyWebSearch) -> 2872 -> Delete on reboot. Memory Modules Detected: 1 C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (PUP.MyWebSearch) -> Delete on reboot. Registry Keys Detected: 120 HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearchToolBar.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearchToolBar.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.IECookiesManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.IECookiesManager (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.DataControl.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.DataControl (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.HTMLMenu.2 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearch.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearch.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearchToolBar.ToolbarPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearchToolBar.ToolbarPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.PopSwatterSettingsControl.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.PopSwatterSettingsControl (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearch.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearch.PseudoTransparentPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.PopSwatterBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.PopSwatterBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\ScreenSaverControl.ScreenSaverInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\ScreenSaverControl.ScreenSaverInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearch.OutlookAddin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.KillerObjManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.KillerObjManager (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.HistoryKillerScheduler.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.HistoryKillerScheduler (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.HistorySwatterControlBar.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.HistorySwatterControlBar (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearch.ChatSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearch.ChatSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearch.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearch.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearch.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearch.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearch.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearch.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (PUP.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Detected: 10 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin (PUP.MyWebSearch) -> Data: C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|My Web Search Bar Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: ©Ž±#¥aI¶» äG\Ê -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 20 C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver\Images (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch (PUP.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar (PUP.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\ThirdPartyInstallers (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin (PUP.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar\2.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\ThirdPartyInstallers (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Avatar (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\History (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\IE9Mesg (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Message (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Overlay (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings (PUP.MyWebSearch) -> Quarantined and deleted successfully. Files Detected: 79 C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (PUP.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE (PUP.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (PUP.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Users\Robert\Downloads\MyFunCardsSetup2.3.96.3.ZUchr999 (1).exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Users\Robert\Downloads\MyFunCardsSetup2.3.96.3.ZUchr999 (2).exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Users\Robert\Downloads\MyFunCardsSetup2.3.96.3.ZUchr999.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3REGHK.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\INSTALL.RDF (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3AUXSTB.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3DLGHK.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3IEOVR.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3TPINST.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\MWSMLBTN.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\MWSUABTN.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\CM.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\WB.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\IE9Mesg\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Overlay\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully. (end)
  15. kathygry
    The computer seemed to download and run the program smoothly. However, I didn't run it as ADMIN. I thought I was saving the download from my download folder to my desktop and it started running. I didn't want to do anything to interrupt it, except disable my anti-virus, at the prompt. Let me know what I need to do to correct it. An FYI - I ran Malwarebytes on the Desktop 3 and it came up with 145 items that needed to be deleted. I went ahead and deleted them and have done nothing more than restart the computer. ComboFix 12-06-12.01 - Katie 06/12/2012 12:40:59.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.2085 [GMT -5:00] Running from: c:\users\Katie\Desktop\ComboFix.exe AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B} SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Katie\AppData\Roaming\ubot c:\users\Katie\Documents\~WRL0004.tmp c:\users\Katie\g2mdlhlpx.exe . . ((((((((((((((((((((((((( Files Created from 2012-05-12 to 2012-06-12 ))))))))))))))))))))))))))))))) . . 2012-06-12 17:50 . 2012-06-12 17:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-12 13:59 . 2012-06-12 13:59 -------- d-----w- c:\users\Katie\AppData\Roaming\Malwarebytes 2012-06-12 13:59 . 2012-06-12 13:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-12 13:59 . 2012-06-12 13:59 -------- d-----w- c:\programdata\Malwarebytes 2012-06-12 13:59 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-09 15:01 . 2012-06-09 15:02 -------- d-----w- c:\users\kag 2012-06-08 21:31 . 2012-06-08 21:31 -------- d-----w- c:\programdata\Linksys 2012-06-08 21:31 . 2012-06-08 21:31 -------- dc-h--w- c:\programdata\{534D3919-DB8B-4E09-99D4-DD45918CCE66} 2012-06-08 21:27 . 2012-06-08 21:27 -------- d-----w- c:\program files (x86)\Linksys 2012-06-08 21:27 . 2008-09-14 22:36 31544 ----a-w- c:\windows\system32\drivers\pnarp.sys 2012-06-08 21:26 . 2012-06-08 21:26 -------- d-----w- c:\program files (x86)\Common Files\Pure Networks Shared 2012-06-08 21:26 . 2008-09-14 22:36 33080 ----a-w- c:\windows\system32\drivers\purendis.sys 2012-06-08 21:26 . 2012-06-08 21:26 -------- d-----w- c:\programdata\Pure Networks 2012-06-07 00:34 . 2012-06-07 00:34 -------- d-----w- c:\program files (x86)\BillP Studios 2012-06-07 00:34 . 2012-06-07 00:34 -------- d-----w- c:\programdata\InstallMate 2012-06-06 21:00 . 2012-06-06 21:00 -------- d-----w- c:\users\Katie\AppData\Roaming\WinPatrol 2012-06-05 20:47 . 2012-06-05 20:47 -------- d-----w- c:\users\Katie\AppData\Roaming\Roxio Log Files 2012-06-05 14:37 . 2012-06-05 14:39 -------- d-----w- c:\programdata\ClubSanDisk 2012-05-28 22:12 . 2012-06-03 01:46 -------- d-----w- c:\users\Katie\AppData\Roaming\FileZilla 2012-05-23 18:30 . 2012-05-23 18:30 -------- d-----w- c:\users\Katie\AppData\Roaming\DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1 2012-05-23 18:30 . 2012-05-23 18:30 -------- d-----w- c:\program files (x86)\Domain Samurai 2012-05-22 11:12 . 2012-05-22 11:12 -------- d-----w- c:\program files (x86)\Market Samurai 2012-05-20 20:12 . 2012-05-20 20:12 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-05-20 20:12 . 2012-05-20 20:12 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-05-20 20:12 . 2012-05-20 20:12 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-05-20 20:12 . 2012-05-20 20:12 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-05-20 20:12 . 2012-05-20 20:12 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-05-20 20:12 . 2012-05-20 20:12 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-05-20 20:12 . 2012-05-20 20:12 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-05-20 20:12 . 2012-05-20 20:12 -------- d-----w- c:\program files (x86)\QuickTime . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-04 22:21 . 2012-04-16 14:21 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-04 22:21 . 2011-09-19 20:24 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-04 22:21 . 2012-04-16 15:21 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-19 09:50 . 2012-04-19 09:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-03-31 06:05 . 2012-05-11 20:28 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-31 04:39 . 2012-05-11 20:28 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-31 04:39 . 2012-05-11 20:28 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-31 03:10 . 2012-05-11 20:28 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-03-30 11:35 . 2012-05-11 20:22 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-03-25 19:01 . 2012-03-25 19:04 3971856 ----a-w- c:\windows\uninst.exe 2012-03-19 10:17 . 2012-03-19 10:17 383808 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2012-03-17 07:58 . 2012-05-11 20:24 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-06-11 22:17 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-11 2068536] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\users\Katie\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-03-17 137536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2012-04-15 374368] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-02 336384] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-09-14 648488] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-11 1104440] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696] R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 LinksysUpdater;Linksys Updater;c:\program files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-06-26 204800] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-12-29 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-02 365568] S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-03-23 2321520] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-07-05 227384] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-11 935480] S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-05-10 130560] S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-05-10 1858048] S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-05-10 483328] S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [x] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMPROTECTOR . Contents of the 'Scheduled Tasks' folder . 2012-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 22:21] . 2012-06-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-20376422-3325369977-1104121112-1001Core.job - c:\users\Katie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-07 17:58] . 2012-06-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-20376422-3325369977-1104121112-1001UA.job - c:\users\Katie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-07 17:58] . 2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-20376422-3325369977-1104121112-1001Core.job - c:\users\Katie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-19 20:16] . 2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-20376422-3325369977-1104121112-1001UA.job - c:\users\Katie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-19 20:16] . 2012-06-08 c:\windows\Tasks\HPCeeScheduleForKATIE-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . 2012-06-11 c:\windows\Tasks\HPCeeScheduleForKatie.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 66.90.132.162 66.90.130.101 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll FF - ProfilePath - c:\users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\2ar8eobq.default\ FF - prefs.js: browser.startup.homepage - hxxp://g.msn.com/HPNOT/1 FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B04f7b4c8-e7c6-453b-85f7-d7b688b949f4%7D&mid=07f53fa1a8c047d0854bc15632e80c5d-347d088d9fb6a82d5a74c0cc396ff3bbc231082a&ds=AVG&v=11.0.0.9〈=en&pr=pr&d=2012-04-23%2015%3A54%3A08&sap=ku&q= FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-06-12 12:54:09 ComboFix-quarantined-files.txt 2012-06-12 17:54 . Pre-Run: 559,189,884,928 bytes free Post-Run: 558,852,960,256 bytes free . - - End Of File - - 8C54C8C1D7EB569985340E9C3750C4E1
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.