1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

blue screen of death

Discussion in 'Virus & Other Malware Removal' started by crystalf2, Feb 10, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,852
    You still have java
    I have asked you to un install an old version that should have automatically uninstalled when the newer version was installed, but for some reason it didn't

    The reason to uninstall the others is that they are probably responsibe for the blue screens or at least the add on bits that come with them is.
     
  2. crystalf2

    crystalf2 Thread Starter

    Joined:
    Jan 25, 2012
    Messages:
    39
    the old java is uninstall and the new java is installed.
    so whats next.
    oh ok.
     
  3. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,852
    please run combofix as I asked you to in post number #44
     
  4. crystalf2

    crystalf2 Thread Starter

    Joined:
    Jan 25, 2012
    Messages:
    39
    i just tryed to download combo fix and my computer is not letting me.it gives me combo fix.exe is not commonly downloaded and could harm your computer and it tells me to delete the program.
     
  5. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,852
    Ignore that & save it, then run it
     
  6. crystalf2

    crystalf2 Thread Starter

    Joined:
    Jan 25, 2012
    Messages:
    39
    sorry but its not giving me any other option but to delete the program when i click download it comes run or save i do both and it still gives me no matter witch one i choose delete program.
     
  7. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,852
    just press save & then close the download bar
    you will find the file in your downloads folder
    I can assure you it is perfectly safe to run, it is just becasue the smart filter has been recently updated and until enough downlaods of this new version of combofix appear in teh records, it flags it up
     
  8. crystalf2

    crystalf2 Thread Starter

    Joined:
    Jan 25, 2012
    Messages:
    39
    ComboFix 12-03-26.04 - crystal 03/27/2012 7:09.1.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4060.2376 [GMT -5:00]
    Running from: c:\users\crystal\Downloads\username123.exe.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\AMMYY
    c:\programdata\AMMYY\hr
    c:\programdata\AMMYY\hr3
    c:\programdata\AMMYY\settings3.bin
    c:\windows\assembly\temp\@
    c:\windows\assembly\temp\cfg.ini
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-27 to 2012-03-27 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-27 12:23 . 2012-03-27 12:23 -------- d-----w- c:\users\JERMAINE\AppData\Local\temp
    2012-03-27 12:23 . 2012-03-27 12:23 -------- d-----w- c:\users\johnny\AppData\Local\temp
    2012-03-27 12:23 . 2012-03-27 12:23 -------- d-----w- c:\users\hp\AppData\Local\temp
    2012-03-27 12:23 . 2012-03-27 12:23 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-27 12:23 . 2012-03-27 12:23 -------- d-----w- c:\users\debra\AppData\Local\temp
    2012-03-27 12:23 . 2012-03-27 12:23 -------- d-----w- c:\users\carlette\AppData\Local\temp
    2012-03-25 16:29 . 2012-03-25 16:29 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-03-25 16:29 . 2012-03-25 16:29 -------- d-----w- c:\program files (x86)\Java
    2012-03-25 14:43 . 2012-03-25 14:43 -------- d-----w- c:\programdata\1E380
    2012-03-24 19:52 . 2012-03-24 19:52 -------- d-----w- c:\programdata\iMesh
    2012-03-24 19:52 . 2012-03-24 19:54 -------- dc-h--w- c:\programdata\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF}
    2012-03-20 19:12 . 2012-03-20 19:12 -------- d-----w- c:\users\JERMAINE\AppData\Roaming\TeamViewer
    2012-03-13 17:18 . 2012-01-09 16:16 708096 ----a-w- c:\windows\system32\rdpencom.dll
    2012-03-13 17:18 . 2012-01-09 15:54 613376 ----a-w- c:\windows\SysWow64\rdpencom.dll
    2012-03-13 17:18 . 2012-01-09 14:27 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-12 19:21 . 2010-02-18 13:49 225280 ----a-w- c:\windows\system32\iphlpsvc.dll
    2012-03-12 19:21 . 2010-02-18 11:59 29696 ----a-w- c:\windows\system32\drivers\tunnel.sys
    2012-03-07 16:45 . 2010-09-16 18:26 40408 ----a-w- c:\windows\system32\CleanMFT64.exe
    2012-03-07 16:45 . 2008-09-18 04:17 658432 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
    2012-03-07 16:45 . 2008-04-02 22:54 1101824 ----a-w- c:\windows\SysWow64\UniBox210.ocx
    2012-03-07 16:45 . 2008-04-02 22:53 212992 ----a-w- c:\windows\SysWow64\UniBoxVB12.ocx
    2012-03-07 16:45 . 2008-04-02 22:53 880640 ----a-w- c:\windows\SysWow64\UniBox10.ocx
    2012-03-07 16:45 . 2004-08-04 14:00 506368 ----a-w- c:\windows\SysWow64\msxml.dll
    2012-03-07 16:45 . 2004-03-09 07:00 1081616 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
    2012-03-07 16:45 . 2012-03-07 16:45 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
    2012-03-07 16:44 . 2012-03-07 16:45 -------- d-----w- c:\users\johnny\FrostWire
    2012-03-07 16:44 . 2012-03-25 13:50 -------- d-----w- c:\users\johnny\.frostwire5
    2012-03-07 16:43 . 2012-03-07 16:44 -------- d-----w- c:\program files (x86)\Ask.com
    2012-03-07 16:43 . 2012-03-07 16:43 -------- d-----w- c:\users\johnny\AppData\Local\APN
    2012-03-07 16:43 . 2012-03-07 16:44 -------- d-----w- c:\program files (x86)\FrostWire 5
    2012-03-05 12:57 . 2012-03-25 13:49 -------- d-----w- c:\programdata\boost_interprocess
    2012-03-04 20:11 . 2012-03-04 20:11 -------- d-----w- c:\users\crystal\AppData\Roaming\MusicNet
    2012-03-04 20:11 . 2012-03-04 20:11 -------- d-----w- c:\programdata\18235
    2012-03-04 20:11 . 2012-03-04 20:11 -------- d-----w- c:\users\crystal\AppData\Local\iMesh
    2012-03-04 02:11 . 2012-03-04 02:11 -------- d-----w- c:\users\johnny\AppData\Roaming\MusicNet
    2012-03-04 02:11 . 2012-03-25 15:43 -------- d-----w- c:\users\johnny\AppData\Local\iMesh
    2012-03-04 02:10 . 2012-03-04 02:11 -------- d-----w- c:\program files (x86)\iMesh Applications
    2012-03-04 02:10 . 2012-03-04 02:10 -------- d-----w- c:\users\johnny\AppData\Local\PackageAware
    2012-03-01 01:59 . 2012-03-01 01:59 -------- d-----w- c:\users\JERMAINE\AppData\Roaming\Oberon Media
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-25 16:29 . 2011-12-19 12:11 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-03-24 05:53 . 2011-12-18 23:54 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-01-07 15:16 . 2011-03-29 00:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-01-03 14:25 . 2012-02-15 00:49 404992 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
    2012-02-27 08:49 89008 ----a-w- c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-01-03 22:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
    "{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll" [2012-02-27 89008]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-10-17 972080]
    "KGShareApp"="c:\program files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe" [2011-09-22 394752]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
    "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe" [2007-02-15 119296]
    "HP KEYBOARD"="c:\program files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE" [2008-09-27 468992]
    "Buttons & OSDs control application gen2"="c:\program files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\FastUserSwitching.exe" [2008-12-03 208896]
    "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
    "UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-10-17 1152296]
    "CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-10-17 189736]
    "DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
    "SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2008-07-25 1310720]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-24 1486392]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
    "SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    c:\users\johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    FrostWire On Startup.lnk - c:\program files (x86)\FrostWire 5\FrostWire.exe [2011-10-10 466944]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-5-14 1026600]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll c:\progra~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4157396609-548099475-2699287914-1001Core.job
    - c:\users\JERMAINE\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-18 23:51]
    .
    2012-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4157396609-548099475-2699287914-1001UA.job
    - c:\users\JERMAINE\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-18 23:51]
    .
    2012-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4157396609-548099475-2699287914-1003Core.job
    - c:\users\johnny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-19 00:03]
    .
    2012-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4157396609-548099475-2699287914-1003UA.job
    - c:\users\johnny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-19 00:03]
    .
    2012-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4157396609-548099475-2699287914-1005Core.job
    - c:\users\crystal\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-18 23:58]
    .
    2012-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4157396609-548099475-2699287914-1005UA.job
    - c:\users\crystal\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-18 23:58]
    .
    2012-02-29 c:\windows\Tasks\PCDRScheduledMaintenance.job
    - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 16:43]
    .
    2012-03-27 c:\windows\Tasks\RMSchedule.job
    - c:\program files (x86)\Registry Mechanic\RegMech.exe [2012-03-07 17:02]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-06 153624]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-06 225816]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-06 199704]
    "SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" [2008-07-26 3858432]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\progra~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=crossfire&pf=cndt
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-10 - (no file)
    Wow6432Node-HKCU-Run-HPSmartCenterBoot - _c:\program files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe
    Toolbar-10 - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{8AAF211B-043E02A9-05040000}]
    "ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC_x64.pkms"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
    "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
    c:\program files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE
    c:\windows\SysWOW64\rundll32.exe
    c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnProxy.exe
    c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
    c:\program files (x86)\Kodak\KODAK Share Button App\Listener.exe
    c:\program files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\OSDForm.exe
    c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe
    .
    **************************************************************************
    .
    Completion time: 2012-03-27 07:33:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-03-27 12:33
    .
    Pre-Run: 327,016,394,752 bytes free
    Post-Run: 332,933,152,768 bytes free
    .
    - - End Of File - - 00D40B5B047EB9E926D1560AC27C9595
     
  9. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,852
    I am sorry, but if you are not willing to uninstall the P2P programs, that are most likely to be responsible for the problems , then I can't help you any longer

    *Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
    * Click START then RUN
    * Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    [​IMG]

    This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

    go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

    and scan here http://secunia.com/vulnerability_scanning/online/ for out of date & vulnerable common applications on your computer and update whatever it suggests

    Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
     
  10. crystalf2

    crystalf2 Thread Starter

    Joined:
    Jan 25, 2012
    Messages:
    39
    combo fix uninstall
    recycle bin empty
    reboot and update up to date
    scan sucessfully
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1040379