Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Oh, help, PLEASE!


(!)

RapunzlA51's Avatar
RapunzlA51 RapunzlA51 is offline
Member with 44 posts.
THREAD STARTER
 
Join Date: Dec 2003
05-Aug-2013, 01:58 PM #16
Nope - not all done. I'm not seeing the double underlines and Tuvaro nonsense, but AM still getting a new window and attempted redirect to "lnksrv" when I try to change pages - Firefox always alerts me that it has blocked an attempt to open a new window, but then the computer stays in that new empty window. The most recent one shows this:
hxxp://www.lnksr.com/sc?p=YTQxNzk0NTU4NjRchUriIeU4xX%2FMvdeOf%2FVAkNGbz1TAU8NJ2zhI8yTxlldwcHVOwg jLtF5lRWs8U7rLVhhrystKkIazZaVhkrE9GL598xH0JBBCrrqEC9V3irtwfVeAk%2FQvoSsOoam xTPd8b635rLKvaASsOyF0VWOPu%2B4DipojoktA1rA4l1UVqE6qP%2BSoRqFaa1hAbfcZftMdCP dxqCmxdVcOWieOmXjyitoypHABBrxlqnfs08Ir8wz6IczO2W6Rjzt5esK0D2LKrxNMmi8mobgYy 8CWYLD1vQKYHBiTGqkI9sw3uEQLxA%3D%3D&t=1&ndom=0

Last edited by Cookiegal; 05-Aug-2013 at 02:46 PM..
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,184 posts.
 
Join Date: Aug 2003
05-Aug-2013, 02:46 PM #17
I've edited your post. Please do not post live lnks to potentially malicious sites.
RapunzlA51's Avatar
RapunzlA51 RapunzlA51 is offline
Member with 44 posts.
THREAD STARTER
 
Join Date: Dec 2003
05-Aug-2013, 03:36 PM #18
Sorry! I thought it might provide insight/information into the problem.
ALL prior issues still exist. It appeared that Tuvaro was gone, but it's back again too.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,184 posts.
 
Join Date: Aug 2003
05-Aug-2013, 03:47 PM #19
It's fine to post it just don't make it a clickable link as I have done.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,536 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
05-Aug-2013, 06:11 PM #20
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
RapunzlA51's Avatar
RapunzlA51 RapunzlA51 is offline
Member with 44 posts.
THREAD STARTER
 
Join Date: Dec 2003
06-Aug-2013, 09:00 PM #21
Here's the JRT log - nothing there! b This is really frustrating and confusing!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.4 (08.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Sharon on Tue 08/06/2013 at 20:47:53.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/06/2013 at 20:54:07.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,536 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
07-Aug-2013, 02:04 AM #22
try this

Please download Malwarebytes' Anti-Malware to your desktop
from HERE orHERE

Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

Update Malwarebytes' Anti-Malware. Launch Malwarebytes' Anti-Malware. Then click Finish.

If an update is found, it will download and install the latest version. Press Update to make sure the latest database is loaded.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad.
Please include this log in your next reply.

It might ask you to reboot to finish cleaning. Please do so. ( Press YES on the alert)
If you receive an (Error Loading xxxxxxxxxx .dll) error on reboot please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it continues on every boot
RapunzlA51's Avatar
RapunzlA51 RapunzlA51 is offline
Member with 44 posts.
THREAD STARTER
 
Join Date: Dec 2003
07-Aug-2013, 02:49 PM #23
When I tried to copy the log (there were 8 items, all starting with ADW) I lost it. Re-scanned and now it's showing nothing else to remove. Fingers crossed!
RapunzlA51's Avatar
RapunzlA51 RapunzlA51 is offline
Member with 44 posts.
THREAD STARTER
 
Join Date: Dec 2003
07-Aug-2013, 02:55 PM #24
OK - appears that whatever was causing the redirect to "lnksrv" pages may be gone, but TUVARO is still there. Next?
Here is what the Malware log shows:
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.07.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Sharon :: SHARON-PC [administrator]

Protection: Enabled

8/7/2013 2:36:43 PM
mbam-log-2013-08-07 (14-36-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222643
Time elapsed: 3 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,536 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
07-Aug-2013, 05:14 PM #25
where are you seeing tuvaro

lets see what this finds & fixes

Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Hereto your Desktop.

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on renamed combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...
RapunzlA51's Avatar
RapunzlA51 RapunzlA51 is offline
Member with 44 posts.
THREAD STARTER
 
Join Date: Dec 2003
09-Aug-2013, 08:06 AM #26
Tuvaro shows up on almost every website/page. I've taken a screen shot and will post it for you. Redirect to "lnksrv" also still active. Took screen shot of that too.
I haven't edited anything and apologize for my clumsy old fingers. When I tried to Ctrl C to copy that last log, I wound up placing a C on the now clean blank page ... and notepad doesn't have an undo so I had no alternative but to run the scan again, and copy the new log.
I will be away in the mountains until Monday with (blissfully) no cell phone, wi-fi, or other access and no lap top. Enjoy your weekend (I will!) and I will download and run Combofix on Monday.
Thank you for your patience and help so far!
Sharon
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,536 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
09-Aug-2013, 08:16 AM #27
post the screenshot when you can, so I can see what is going on, because nothing obvious is showing in the logs so far

hopefully Combofix will show the what I suspect to be hidden Firefox extensions
RapunzlA51's Avatar
RapunzlA51 RapunzlA51 is offline
Member with 44 posts.
THREAD STARTER
 
Join Date: Dec 2003
13-Aug-2013, 10:27 AM #28
OK - now this is just stupid (on my part). I can't figure out how to share my screenshots (now saved as jpgs) - it asks for a URL of the image to insert?
RapunzlA51's Avatar
RapunzlA51 RapunzlA51 is offline
Member with 44 posts.
THREAD STARTER
 
Join Date: Dec 2003
13-Aug-2013, 11:06 AM #29
Here is the ComboFix log
ComboFix 13-08-12.01 - Sharon 08/13/2013 10:52:13.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6005.4027 [GMT -4:00]
Running from: c:\users\Sharon\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\AEC87300E2.sys
c:\users\Sharon\AppData\Local\.#
c:\users\Sharon\AppData\Local\.#\MBX@178C@A21C30.###
c:\users\Sharon\AppData\Local\.#\MBX@178C@A21C40.###
c:\users\Sharon\AppData\Local\.#\MBX@178C@A21C50.###
c:\users\Sharon\AppData\Local\.#\MBX@178C@A21C60.###
c:\users\Sharon\AppData\Local\.#\MBX@2F4@241C30.###
c:\users\Sharon\AppData\Local\.#\MBX@2F4@241C40.###
c:\users\Sharon\AppData\Local\.#\MBX@2F4@241C50.###
c:\users\Sharon\AppData\Local\.#\MBX@2F4@241C60.###
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
.
.
((((((((((((((((((((((((( Files Created from 2013-07-13 to 2013-08-13 )))))))))))))))))))))))))))))))
.
.
2013-08-13 15:01 . 2013-08-13 15:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-07 18:26 . 2013-08-07 18:26 -------- d-----w- c:\users\Sharon\AppData\Local\Programs
2013-08-07 18:26 . 2013-08-07 18:26 -------- d-----w- c:\users\Sharon\AppData\Roaming\Malwarebytes
2013-08-07 18:25 . 2011-07-08 11:55 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2013-08-07 18:25 . 2013-08-07 18:25 -------- d-----w- c:\programdata\Malwarebytes
2013-08-07 18:25 . 2013-08-07 18:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-07 18:25 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-07 00:08 . 2013-08-07 00:08 -------- d-----w- c:\windows\ERUNT
2013-07-16 14:41 . 2013-07-17 14:18 -------- d-----w- c:\windows\system32\drivers\N360x64\1404000.028
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-16 14:42 . 2012-10-26 01:45 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-07-10 21:42 . 2011-01-12 15:34 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-07-07 15:14 . 2013-07-07 15:14 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-07-07 15:14 . 2013-07-07 15:14 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-07 15:14 . 2010-12-02 12:01 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-07 15:14 . 2010-12-02 12:01 312232 ----a-w- c:\windows\system32\javaws.exe
2013-07-07 15:14 . 2010-12-02 12:01 189352 ----a-w- c:\windows\system32\javaw.exe
2013-07-07 15:14 . 2010-12-02 12:01 188840 ----a-w- c:\windows\system32\java.exe
2013-07-07 15:13 . 2013-07-07 15:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-07 15:13 . 2012-08-02 11:51 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-07-07 15:13 . 2010-12-02 12:01 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-13 03:27 . 2012-04-17 19:30 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-13 03:27 . 2011-07-31 11:44 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 23:43 . 2013-07-10 21:41 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-11 23:43 . 2013-07-10 21:41 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-06-11 23:42 . 2013-07-10 21:41 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-06-11 23:42 . 2013-07-10 21:41 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26 . 2013-07-10 21:41 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-06-11 23:26 . 2013-07-10 21:41 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:26 . 2013-07-10 21:41 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-06-11 23:25 . 2013-07-10 21:41 19238912 ----a-w- c:\windows\system32\mshtml.dll
2013-06-11 23:25 . 2013-07-10 21:41 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-06-11 23:25 . 2013-07-10 21:41 855552 ----a-w- c:\windows\system32\jscript.dll
2013-06-11 23:25 . 2013-07-10 21:41 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:25 . 2013-07-10 21:41 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-06-11 23:25 . 2013-07-10 21:41 526336 ----a-w- c:\windows\system32\ieui.dll
2013-06-11 23:25 . 2013-07-10 21:41 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-06-11 23:25 . 2013-07-10 21:41 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-06-11 23:25 . 2013-07-10 21:41 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-06-11 23:25 . 2013-07-10 21:41 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-11 23:25 . 2013-07-10 21:41 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-06-11 22:51 . 2013-07-10 21:41 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50 . 2013-07-10 21:41 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-07 03:22 . 2013-07-10 21:41 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-07 02:37 . 2013-07-10 21:41 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-06-05 03:34 . 2013-07-10 11:42 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 11:42 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 11:42 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-05-21 19:35 . 2013-01-22 02:43 49240 ----a-w- c:\windows\system32\drivers\AntiLog64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\users\Sharon\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\users\Sharon\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\users\Sharon\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"Standby"="c:\program files (x86)\Common Files\Corel\Standby\Standby.exe" [2010-06-27 105632]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-03-26 295512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru nOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-07-21 165184]
.
c:\users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
Dropbox.lnk - c:\users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe /startdesktopidv /startup [2013-5-8 4023848]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
Secure Backup and Share Status.lnk - c:\program files\SecureBackupShare\ComcastSecureBackupSharestat.exe [2011-12-15 4800232]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\KEYCRY~1\KeyCrypt32(2).dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe ;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ ssudbus.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Driver s\RtsUStor.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ ssudmdm.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNA TIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\Wa tAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNA TIVE\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\window s\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\ windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS [x]
S1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SY SNATIVE\drivers\AntiLog64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys ;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [x]
S1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\win dows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys [x]
S1 ComcastSecureBackupShareFilter;ComcastSecureBackupShareFilter;c:\windows\sy stem32\DRIVERS\ComcastSecureBackupShare.sys;c:\windows\SYSNATIVE\DRIVERS\Co mcastSecureBackupShare.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130810.001\IDSvia64.sys; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130810.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windo ws\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windo ws\SYSNATIVE\Drivers\N360x64\1404000.028\SYMNETS.SYS [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ComcastSecureBackupSharebackup;Comcast Secure Backup & Share Backup Service;c:\program files\SecureBackupShare\ComcastSecureBackupSharebackup.exe;c:\program files\SecureBackupShare\ComcastSecureBackupSharebackup.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\ TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIV ERS\bcmvwl64.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\driver s\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVE RS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVER S\CtClsFlt.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIV ERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIV ERS\Impcd.sys [x]
S3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYS NATIVE\DRIVERS\KeyCrypt64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DR IVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows \SYSNATIVE\drivers\mbam.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 03:27]
.
2013-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-11 02:26]
.
2013-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-11 02:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\ComcastSecureBackupShare]
@="{72bcb80d-7778-eb4a-ec51-22340ad33e07}"
[HKEY_CLASSES_ROOT\CLSID\{72bcb80d-7778-eb4a-ec51-22340ad33e07}]
2011-12-16 00:44 4345576 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\ComcastSecureBackupShare2]
@="{b723586e-9ca0-5b27-341a-4990a8c342cf}"
[HKEY_CLASSES_ROOT\CLSID\{b723586e-9ca0-5b27-341a-4990a8c342cf}]
2011-12-16 00:44 4345576 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\ComcastSecureBackupShare3]
@="{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}"
[HKEY_CLASSES_ROOT\CLSID\{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}]
2011-12-16 00:44 4345576 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 164016 ----a-w- c:\users\Sharon\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 164016 ----a-w- c:\users\Sharon\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 164016 ----a-w- c:\users\Sharon\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 164016 ----a-w- c:\users\Sharon\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\KEYCRY~1\KeyCrypt64(2).dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.1.1
FF - ProfilePath - c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\mwkpewb9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{D8278076-BC68-4484-9233-6E7F1628B56C} - (no file)
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
c:\users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch Utility Application.lnk - c:\users\Sharon\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{41534932-2D56-3600-76A7-7A786E7484D7} - (no file)
ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files (x86)\Coupons\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_ 7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
@SACL=
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-13 11:04:17
ComboFix-quarantined-files.txt 2013-08-13 15:04
.
Pre-Run: 454,062,178,304 bytes free
Post-Run: 454,951,620,608 bytes free
.
- - End Of File - - 0A0C5F76D61566D0C8EBAEDD0C601ED1
D41D8CD98F00B204E9800998ECF8427E
RapunzlA51's Avatar
RapunzlA51 RapunzlA51 is offline
Member with 44 posts.
THREAD STARTER
 
Join Date: Dec 2003
19-Aug-2013, 09:59 AM #30
Bump - a week gone by
Just trying to bump this back up. It's been a whole week since I posted my Combofix log
Thanks!
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
about blank, firefox crashes, tuvaro, what else

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑