Utalkinto0me

January 11, 2013

It's a Dell laptop. Perhaps I can try to search for the files online to download.

January 11, 2013

Ok I will update the programs, I do not have a W7 disk

January 11, 2013

Below is the log from the security check, thanks!

Results of screen317's Security Check version 0.99.56

Windows 7 x64 (UAC is enabled)

Out of date service pack!!

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

(On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

JavaFX 2.1.1

Java 6 Update 30

Java 7 Update 5

Java version out of Date!

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox 14.0.1 Firefox out of Date!

Google Chrome 18.0.1025.162

Google Chrome 18.0.1025.168

Google Chrome 23.0.1271.95

Google Chrome 23.0.1271.97

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

January 11, 2013

Hello,

Thank you for your prompt response. Are the files I'm missing available through the Microsoft website or no? I'm not sure if I know anyone with the same operating system.

Below is the Adwcleaner log

# AdwCleaner v2.105 - Logfile created 01/11/2013 at 14:31:58

# Updated 08/01/2013 by Xplode

# Operating system : Windows 7 Home Premium (64 bits)

# User : Steve - STEVE-PC

# Boot Mode : Normal

# Running from : C:\Users\Steve\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder

Folder Deleted : C:\Users\Steve\AppData\Local\APN

Folder Deleted : C:\Users\Steve\AppData\Roaming\Media Finder

Folder Deleted : C:\Users\Steve\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com

Folder Deleted : C:\Users\Steve\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Mp3Tube

Key Deleted : HKCU\Software\FREEzeFrogSA

Key Deleted : HKCU\Software\MediaFinder

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\SOFTWARE\Classes\MF

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

File : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\08qmohf3.default\prefs.js

C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\08qmohf3.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1848 octets] - [11/01/2013 13:01:25]

AdwCleaner[s1].txt - [1905 octets] - [11/01/2013 14:31:58]

########## EOF - C:\AdwCleaner[s1].txt - [1965 octets] ##########

January 11, 2013

Hello,

Below is the log that was made after I followed your steps. I do not have a windows 7 disk unfortunately. Also, there was nothing listed below that I would want to keep, thanks so much for your time and help! I dont know what I would have done without you/this forum, please let me know how best to proceed, thanks!

# AdwCleaner v2.105 - Logfile created 01/11/2013 at 13:01:25

# Updated 08/01/2013 by Xplode

# Operating system : Windows 7 Home Premium (64 bits)

# User : Steve - STEVE-PC

# Boot Mode : Normal

# Running from : C:\Users\Steve\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\ProgramData\Ask

Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder

Folder Found : C:\Users\Steve\AppData\Local\APN

Folder Found : C:\Users\Steve\AppData\Roaming\Media Finder

Folder Found : C:\Users\Steve\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com

Folder Found : C:\Users\Steve\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Mp3Tube

Key Found : HKCU\Software\FREEzeFrogSA

Key Found : HKCU\Software\MediaFinder

Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder

Key Found : HKCU\Software\Softonic

Key Found : HKLM\SOFTWARE\Classes\MF

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

File : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\08qmohf3.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1719 octets] - [11/01/2013 13:01:25]

########## EOF - C:\AdwCleaner[R1].txt - [1779 octets] ##########

January 10, 2013

After following your directions this is what came up;

SystemLook 30.07.11 by jpshortstuff

Log created at 18:18 on 10/01/2013 by Steve

Administrator - Elevation successful

========== Filefind ==========

Searching for "sfcfiles.dll"

No files found.

Searching for "ipsec.sys"

No files found.

Searching for "psched.sys"

No files found.

-= EOF =-

Please let me know how best to proceed, thank you so much for your time and assistance!

January 10, 2013

heres also the log in case you needed that....thanks so much!

ComboFix 13-01-08.01 - Steve 01/09/2013 22:32:11.3.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2008.949 [GMT -5:00]

Running from: c:\users\Steve\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\3dc1393cebfa9c23bf222f01152b2abb_c

c:\users\Steve\Documents\ppt98CA.tmp

.

-- Previous Run --

.

c:\windows\SysWow64\sfcfiles.dll . . . is missing!!

.

c:\windows\system32\drivers\ipsec.sys . . . is missing!!

.

c:\windows\system32\drivers\psched.sys . . . is missing!!

.

--------

.

((((((((((((((((((((((((( Files Created from 2012-12-10 to 2013-01-10 )))))))))))))))))))))))))))))))

.

2013-01-10 04:06 . 2013-01-10 04:06 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-01-10 04:06 . 2013-01-10 04:06 -------- d-----w- c:\users\Mcx1-STEVE-PC\AppData\Local\temp

2013-01-10 04:06 . 2013-01-10 04:06 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-10 02:20 . 2013-01-10 03:18 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1BFF81EB-31D5-4480-9C72-425C735F1E4F}\offreg.dll

2013-01-10 02:16 . 2013-01-10 02:16 0 ----a-w- c:\windows\SysWow64\shoC0A1.tmp

2013-01-10 01:59 . 2013-01-10 01:58 972264 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3BA3517B-DA89-4805-97E7-50F819BA5E8D}\gapaengine.dll

2013-01-10 01:58 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1BFF81EB-31D5-4480-9C72-425C735F1E4F}\mpengine.dll

2013-01-08 22:06 . 2013-01-08 22:06 -------- d-----w- C:\FRST

2013-01-08 01:00 . 2013-01-08 01:00 -------- d-----w- c:\users\Steve\AppData\Local\Downloaded Installations

2013-01-08 00:14 . 2013-01-08 00:14 -------- d-----w- c:\users\Steve\AppData\Local\Programs

2013-01-07 19:59 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-12-19 17:25 . 2012-12-19 17:25 -------- d-----w- c:\program files (x86)\SaveValet

2012-12-17 15:30 . 2013-01-08 00:26 -------- d-----w- c:\users\Steve\AppData\Roaming\ICAClient

2012-12-15 06:56 . 2013-01-08 22:31 -------- d-----w- c:\users\Steve\AppData\Local\Spotify

2012-12-15 06:56 . 2013-01-08 23:01 -------- d-----w- c:\users\Steve\AppData\Roaming\Spotify

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-08 21:20 . 2012-05-21 00:11 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-01-08 21:20 . 2011-08-16 16:02 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2012-06-19 421888]

"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2012-10-01 581080]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-01-24 560128]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728]

R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]

R3 Ca522bv;CA522B WebCam Driver;c:\windows\system32\Drivers\Ca522bv.sys [x]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]

R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]

R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 VCam_WDM;e2eSoft VCam;c:\windows\system32\DRIVERS\VCam_WDM.sys [2010-07-01 98528]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2009-03-03 89600]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2012-10-01 1162712]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-09 215552]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-21 21:20]

.

2013-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1698877334-3457181771-1186608743-1001Core.job

- c:\users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-10 21:54]

.

2013-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1698877334-3457181771-1186608743-1001UA.job

- c:\users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-10 21:54]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-18 368640]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-26 487424]

"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]

.

------- Supplementary Scan -------

.

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyServer = http=127.0.0.1:60222

uInternet Settings,ProxyOverride = *.local

IE: &D&ownload &with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm

IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\08qmohf3.default\

FF - prefs.js: browser.search.defaulturl - hxxp://u-search.net/?a=1&e=1&q=

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://u-search.net/?a=1&e=1

FF - prefs.js: keyword.URL - hxxp://u-search.net/?a=1&e=1&q=

FF - ExtSQL: 2012-11-11 10:22; {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}; c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\08qmohf3.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

FF - user.js: browser.search.defaultengine - u-Search

FF - user.js: browser.search.defaultenginename - u-Search

FF - user.js: browser.search.order.1 - u-Search

FF - user.js: browser.newtab.url - hxxp://u-search.net/?a=1&e=1

FF - user.js: browser.startup.homepage - hxxp://u-search.net/?a=1&e=1

FF - user.js: browser.search.defaulturl - hxxp://u-search.net/?a=1&e=1&q=

FF - user.js: keyword.URL - hxxp://u-search.net/?a=1&e=1&q=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

SafeBoot-72503152.sys

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1698877334-3457181771-1186608743-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1698877334-3457181771-1186608743-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-09 23:09:59

ComboFix-quarantined-files.txt 2013-01-10 04:09

ComboFix2.txt 2012-04-10 13:39

.

Pre-Run: 188,240,347,136 bytes free

Post-Run: 188,213,227,520 bytes free

.

- - End Of File - - 3DA506E67DB91DE3DA1BD88D9C1D997B

January 10, 2013

ok here it is