Jump to content

flash51

Honorary Members
  • Posts

    30
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Good morning, Here is the ESET SCAN. Four threats were found. The last two would be false positives, aren't they? Uniblue has long been removed. What a PITA that program was. Made the system slower, not faster 2-3 years ago. C:\Program Files (x86)\RealArcade\Installer\bin\OCSetupHlp.dll Win32/OpenCandy application C:\Users\Frank\AppData\Roaming\Uniblue\PowerSuite\_temp\ub.exe multiple threats C:\Users\Frank\Desktop\Install\Gadgets\cnet_StickyNotes_zip.exe a variant of Win32/InstallCore.D application C:\Users\Frank\Desktop\Install\WinZip\WinZip155.exe a variant of Win32/OpenInstall application RE: The printer. I've already uninstalled the driver. And reinstalled, I thought that fixed it. But, no. You may have noticed, I have the option to run this PC remotely with LogMeIn. Would you like me to do that with any of your future suggestions after I leave today? Many, many thanks for your time and patience. ~flash51
  2. Hi Gringo, The ESET scan likely will take overnight. It's already found on "threat" (Wins32/OpenCandy application). It's been running an hour and reports being 28% done. I'd like you to know, on Wednesday I have a tight schedule - and the start of a business trip. I'll try to tend to this threat in the morning. My printer is still acting up - but I can't find a pattern to report to you. Somethings print, others don't. I have to print a CD label tonight so, I have to keep at it for a while. Thanks, Frank
  3. Hi Gringo, The ESET scan likely will take overnight. It's already found on "threat" (Wins32/OpenCandy application). It's been running an hour and reports being 28% done. I'd like you to know, on Wednesday I have a tight schedule - and the start of a business trip. I'll try to attend to this threat in the morning. My printer is still acting up - but I can't find a pattern to report to you. Somethings print, others don't. I have to print a CD label tonight so, I have to keep at it for a while. Thanks, Frank
  4. Hi Gringo, I got the printer working again by uninstalling the Epson driver, rebooting and reinstalling the driver. The only lingering issues are: 1) fonts that display pixelated. I'm pasting a screen capture. They usually clear up immediately by scrolling or page up/down; and 2) Do you know of any reason why my mouse would randomly send double clicks on a single-click press? Maybe I'll re-install the mouse driver. Did you find anything in the CClean and HiJackThis reports? Thanks, flash51
  5. Trying to solve printer issue. The link you provided at three options from HP. Not sure which to use so, I've tried two. The HP Hardware Diagnostics Utility cannot find my printer. And, the HP Print and Scan Doctor cannot find my printer. And, I cannot print a text file. I cannot print a test page from the printer properties dialog box. The HP web page suggests a series of plugging/unplugging both the USB cable and the power cable - as well as the printer power switch. I've done all of that. And rebooted my PC. Nothing helps. You should note this. The Epson printer utility recognizes the printer, reports remaining ink quantities for each color AND it will print a nozzle check. Windows acknowledges when I plug and unplug the USB cable. It chimes up (connect) or down (disconnect) as I plug/unplug the cable. I've plugged it in to USB ports both on the back (where it always belongs) and on the front panel. But I can't print. So, I'm wondering - is the print queue fouled up, even though there are no documents in the print queue dialog box, except the one text file or print test page. I have been cancelling each unsuccessful print attempt. (sorry about the spelling errors). Any suggestions? It seems you may have responded to my earlier posts (I got a pop up notice). I'll check for that now. ~flash51
  6. OMT - may or may not berelated. My browser is not displaying fonts correctly. They will get fuzzy, pixelated, and blurred with pixels of various colors. It is intermittent - refreshing the screen and/or scrolling the web page often clears up the blur. Sorry - but you asked how things are going. ~frank
  7. Hello Gringo, Your instructions next have asked for the HijackThis report. I will post it below my comments here. Your instructions also asked for a summary (How is the computer doing now?) - which I will give, including some repeated information. In general, the computer seems to be running fine - with the exception of not being able to print. I will address that matter in sequence. I have been using Firefox (19.0.2) for several days without any of the annoying pop-ups that started this mess. I sometimes use Internet Explorer - also with no problems. I mentioned an issue with the Enter/Return key not creating a new line in my previous post. That post was created with IE. This post is created with FF and the Enter/Return key is working fine. Next in your list of instructions is the printer issue. I will tackle that immediately next. I am hoping we are near the end. Business will take me away from the this PC starting Wednesday March 27. Best, Flash51/Frank Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 5:13:29 PM, on 3/26/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16521) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\System32\spool\drivers\x64\3\E_S10IC2.EXE C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\spool\DRIVERS\x64\3\E_DPPE03.EXE C:\Windows\system32\spool\DRIVERS\x64\3\E_S10RN2.EXE C:\Users\Frank\Desktop\Install\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe O4 - Startup: Dropbox.lnk = Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: ZipCloud.lnk = C:\Program Files (x86)\ZipCloud\ZipCloud.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.photobiz.com/global/uploader/24/ImageUploader5.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://imagecatcher.brightroom.com/ImageUploader4.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe O23 - Service: Computer Backup (ZipCloud) (BackupStack) - Just Develop It - C:\Program Files (x86)\ZipCloud\BackupStack.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing) O23 - Service: Comcast Secure Backup & Share Backup Service (ComcastSecureBackupSharebackup) - Secure Backup and Share - C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: HDD & SSD access service - Unknown owner - (no file) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10387 bytes
  8. Hello Gringo, (hmm, wondering why my Enter key isn't moving cursor to a new line, again. Oh well.)...... I'm picking up with your message of 3/19/13 at 6:21PM. Sorry for the delay, but work and travel calls. I hope to move through the rest of this process this evening. .... a quick update. Photoshop CS6 came back to life and launched without me taking any action other than shutting down the computer overnight last week. ..... I have now run CCLEANER with all default checks/ticks as you specified. I am still not able to print ... but I haven't taken the steps you specified. I will get to that in sequence of your posts. ...... I also ran a Quick Scan with MBAM. Nothing was found. I will paste the log text here and move to the next step with is to run HiJack this. Thank you. .......................... ======================================================== 2013/03/26 06:33:18 -0500 NANO2 Frank MESSAGE Starting protection 2013/03/26 06:33:19 -0500 NANO2 Frank MESSAGE Protection started successfully 2013/03/26 06:33:19 -0500 NANO2 Frank MESSAGE Starting IP protection 2013/03/26 06:33:36 -0500 NANO2 Frank MESSAGE IP Protection started successfully 2013/03/26 11:47:28 -0500 NANO2 Frank MESSAGE Executing scheduled update: Daily 2013/03/26 11:47:52 -0500 NANO2 Frank MESSAGE Scheduled update executed successfully: database updated from version v2013.03.25.13 to version v2013.03.26.11 2013/03/26 11:47:52 -0500 NANO2 Frank MESSAGE Starting database refresh 2013/03/26 11:47:52 -0500 NANO2 Frank MESSAGE Stopping IP protection 2013/03/26 11:47:57 -0500 NANO2 Frank MESSAGE IP Protection stopped successfully 2013/03/26 11:48:35 -0500 NANO2 Frank MESSAGE Database refreshed successfully 2013/03/26 11:48:35 -0500 NANO2 Frank MESSAGE Starting IP protection 2013/03/26 11:48:51 -0500 NANO2 Frank MESSAGE IP Protection started successfully 2013/03/26 16:47:30 -0500 NANO2 Frank MESSAGE Starting database refresh 2013/03/26 16:47:30 -0500 NANO2 Frank MESSAGE Stopping IP protection 2013/03/26 16:47:31 -0500 NANO2 Frank MESSAGE IP Protection stopped successfully 2013/03/26 16:47:34 -0500 NANO2 Frank MESSAGE Database refreshed successfully 2013/03/26 16:47:34 -0500 NANO2 Frank MESSAGE Starting IP protection 2013/03/26 16:47:45 -0500 NANO2 Frank MESSAGE IP Protection started successfully
  9. Sorry, I haven't replied. Work and life suddenly got very busy. I am running both Malwarebytes and Msft Security Essentials - simultaneously (I hope that's a wise thing to do). I am visiting only a few, known web sites - sites I need to visit to conduct my business - so I *should* be safe. I haven't had time to run the printer procedure. The Adobe Photoshop CS6 problem (would not launch) went away - it now launches fine. I think the problem arose because I had a ccleaner dialog box open waiting further instructions from you. Which, BTW, I don't believe I have an answer from you on the question of why ccleaner was targeting and listing (among other applications) my previous Photoshop version (CS4). I don't want to delete CS4. Is that what ccleaner is trying to do? I will be working very long days through this weekend and won't be able to tend to these issues as hard as you or I would like. Please be patient, yes, I do need some extra time. Thanks. Frank
  10. I glanced at this article but didn't read. My trouble is with an epson, not an HP. Printer. Not sure if that link is for generic instructions.
  11. Hi Gringo, I've got some issues with CCLeaner related to cleaning out temporary files. First, two small points. 1) Your instructions say don't install Yahoo toolbar. But the install option given by ccleaner is for Google Chrome, not Yahoo Toolbar. 2) There is an additional box with an option to "intelligent scan cookies" (approximately) in order to save passwords for e.g. email accounts, etc. The ccleaner recommendation is to Yes, intelligent scan. I went with the recommendation. This info should be in your instructions, I think. Bigger issue: is the selection of items. In this case, it is best for me to paste a screen capture of the dialog (despite forum suggestions not to do so). There are some items on here that I don't want to delete - such as Adobe Photoshop CS3 and CS4. And RegEdit. So, at this point in your instructions, I am cancelling, stopping. (Maybe I'll choose Analyze if I have time.) I suspect that only temporary files will be deleted - but I can't take a chance with having to reinstall so much software that I need. Can you clarify why ccleaner has targeted Photoshop? Is it just temp files or the entire application? I'm on a work deadline right now and I have to get some things done for tomorrow. So, for tonight, I will stop before completing ccleaner. Also, I will have to wait until Wednesday or Thursday to check out your link about my printing issues. Thanks. Wait: I'm hitting a high frustration point right now. I don't think the forum will let me paste my screen capture because when I click "Post" I get an error message saying the post is "too short." Second, and worse, Photoshop CS6 will not launch!! (I wanted to create a jpeg of the screen capture.) So, now I have a printer not working, my photo software (my livelihood) won't launch and I have no time to deal with either now. Hope you have some suggestions. Until tomorrow, ~flash51 p.s. Did you get my PayPal donation?
  12. I am now going forward with the program removal and clean up from your last post. The printing issue has NOT been resolved - the USB injet still isn't working. I have printed your instructions on a wireless laserjet.
  13. Hi, I cannot print the instructions on my wired (USB) Epson injet printer. I cannot print from Notepad or Adobe Reader. I cannot print a test page from the printer Properties box. I can, however, print to a wireless laserjet printer via my wireless network. I checked the cables to the Epson. The printer utility is showing me ink quantities - so I'm guessing the printer is talking to the PC. I've captured (Alt+PrintScreen) the Epson print que dialog box and pasted it below. Did we change or delete anything that would effect the printer? I have not taken any of the steps in your last post, which begins with removing four (4) programs. ~flash51/fm
  14. Hi Gringo, I'm pasting the results from the ComboFix ClearJavaScript procedure. I will be away from my computer for a while and will re-install and test Firefox and (maybe) Chrome later today. Thanks for your help. Frank/Flash51 ComboFix 13-03-19.01 - Frank 03/19/2013 12:55:08.2.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2065 [GMT -5:00] Running from: c:\users\Frank\Desktop\ComboFix.exe Command switches used :: c:\users\Frank\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-02-19 to 2013-03-19 ))))))))))))))))))))))))))))))) . . 2013-03-19 18:07 . 2013-03-19 18:07 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp 2013-03-19 18:07 . 2013-03-19 18:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-19 03:16 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{39F89B7E-CA12-4AA2-9B8C-8CFA2F89C3B0}\mpengine.dll 2013-03-18 03:12 . 2013-03-18 03:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-03-18 03:12 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-18 01:29 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-03-15 01:46 . 2013-03-15 01:46 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-03-14 23:31 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-14 08:02 . 2013-03-14 08:02 -------- d-----w- c:\program files\Microsoft Silverlight 2013-03-14 08:02 . 2013-03-14 08:02 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2013-03-12 20:37 . 2013-03-12 20:38 -------- d-----w- c:\users\Frank\AppData\Local\Deployment 2013-03-12 19:59 . 2013-03-12 19:59 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys 2013-03-12 19:48 . 2012-12-03 02:36 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3AA81B14-8490-4DCB-99DD-AE9674218612}\gapaengine.dll 2013-03-12 19:44 . 2013-03-12 19:44 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-12 19:08 . 2013-03-12 19:31 -------- d-----w- c:\users\Frank\AppData\Roaming\player 2013-03-12 19:08 . 2013-03-12 19:08 -------- d-----w- c:\program files (x86)\Tuguu SL 2013-03-12 19:04 . 2013-03-12 19:34 -------- d-----w- c:\program files\Updater By SweetPacks 2013-03-12 19:03 . 2013-03-12 19:03 -------- d-----w- c:\users\Frank\AppData\Local\Supreme Savings 2013-03-12 19:03 . 2013-03-12 19:31 -------- d-----w- c:\program files (x86)\Supreme Savings 2013-03-12 13:55 . 2013-03-12 13:55 -------- d-----w- c:\users\Frank\AppData\Roaming\LavasoftStatistics 2013-03-12 13:53 . 2013-03-16 20:17 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus 2013-03-12 13:53 . 2013-03-12 20:00 -------- d-----w- c:\programdata\Downloaded Installations 2013-03-06 04:54 . 2013-03-06 04:54 -------- d-----w- c:\users\Frank\AppData\Roaming\com.erclab.air.phototransferapp 2013-03-06 04:52 . 2013-03-06 04:52 -------- d-----w- c:\program files (x86)\Erclab 2013-03-06 02:05 . 2013-03-19 18:00 103004 ----a-w- c:\users\Frank\Network_Meter_Data.js 2013-02-27 21:55 . 2013-01-04 06:11 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2013-02-27 21:55 . 2013-01-04 06:11 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2013-02-27 21:55 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll 2013-02-27 21:55 . 2013-01-13 19:24 221184 ----a-w- c:\windows\system32\UIAnimation.dll 2013-02-27 21:53 . 2013-01-13 19:37 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-14 08:05 . 2011-04-16 05:49 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-03-12 21:05 . 2012-04-10 01:27 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-12 21:05 . 2011-06-03 23:24 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-12 19:44 . 2012-05-01 16:09 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-03-12 19:44 . 2010-05-26 02:05 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-02-12 05:45 . 2013-03-14 01:39 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-14 01:39 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-14 01:39 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-14 01:39 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-14 01:39 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-14 01:39 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-04 12:52 . 2012-12-06 17:03 88448 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2013-02-04 12:52 . 2012-12-06 17:03 35688 ----a-w- c:\windows\system32\LMIport.dll 2013-02-04 12:52 . 2012-12-06 17:03 84328 ----a-w- c:\windows\system32\LMIinit.dll 2013-01-30 10:53 . 2009-10-03 16:25 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-20 21:59 . 2013-01-20 21:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-01-20 21:59 . 2010-10-25 03:25 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-01-05 05:53 . 2013-02-13 01:11 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-05 05:00 . 2013-02-13 01:11 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00 . 2013-02-13 01:11 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-01-04 05:46 . 2013-02-13 01:11 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-01-04 04:51 . 2013-02-13 01:11 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-01-04 04:43 . 2013-02-13 01:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-01-04 03:26 . 2013-02-13 01:11 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-01-04 02:47 . 2013-02-13 01:11 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-01-04 02:47 . 2013-02-13 01:11 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-01-04 02:47 . 2013-02-13 01:11 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-01-04 02:47 . 2013-02-13 01:11 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-01-03 06:00 . 2013-02-13 01:11 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-01-03 06:00 . 2013-02-13 01:11 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK] @="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}" [HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}] 2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-19 834544] R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HDD & SSD access service;HDD & SSD access service; [x] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-08-24 15928] R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760] R3 FIXUSTOR;FIXUSTOR;c:\windows\system32\DRIVERS\fixustor.sys [2010-08-30 14592] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-10-29 1038088] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-01-07 45408] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 Spyder2;ColorVision Spyder2;c:\windows\system32\DRIVERS\Spyder2.sys [2007-01-17 15360] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-12 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-03-12 14456] S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2008-06-23 173096] S1 ComcastSecureBackupShareFilter;ComcastSecureBackupShareFilter;c:\windows\system32\DRIVERS\ComcastSecureBackupShare.sys [2011-12-16 66552] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080] S2 BackupStack;Computer Backup (ZipCloud);c:\program files (x86)\ZipCloud\BackupStack.exe [2013-02-28 32808] S2 ComcastSecureBackupSharebackup;Comcast Secure Backup & Share Backup Service;c:\program files\SecureBackupShare\ComcastSecureBackupSharebackup.exe [2011-12-16 16104] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-02-04 376168] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-11-15 5716848] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2011-10-06 77352] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [2012-08-24 14944] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-11-22 245280] S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-11-02 13312] S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\DRIVERS\WUSB54GCv3.sys [2008-12-04 797184] . . Contents of the 'Scheduled Tasks' folder . 2013-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 21:05] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK] @="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}" [HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}] 2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare] @="{72bcb80d-7778-eb4a-ec51-22340ad33e07}" [HKEY_CLASSES_ROOT\CLSID\{72bcb80d-7778-eb4a-ec51-22340ad33e07}] 2011-12-16 01:44 4345576 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare2] @="{b723586e-9ca0-5b27-341a-4990a8c342cf}" [HKEY_CLASSES_ROOT\CLSID\{b723586e-9ca0-5b27-341a-4990a8c342cf}] 2011-12-16 01:44 4345576 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare3] @="{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}" [HKEY_CLASSES_ROOT\CLSID\{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}] 2011-12-16 01:44 4345576 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RAVCpl64.exe" [2008-05-20 6296064] "EPSON Stylus Photo 2200"="c:\windows\system32\spool\DRIVERS\x64\3\E_S10IC2.EXE" [2003-05-27 99840] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-01-24 477600] "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-10-10 57928] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uStart Page = about:blank uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{EA4F65D9-3687-4513-8E9E-37EF48673499}: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{EA4F65D9-3687-4513-8E9E-37EF48673499}\B456970275563747: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . ShellIconOverlayIdentifiers-{4d87b7a7-23f1-470c-aa45-96b25b9bd138} - (no file) AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-03-19 13:10:51 ComboFix-quarantined-files.txt 2013-03-19 18:10 ComboFix2.txt 2013-03-19 02:37 . Pre-Run: 41,920,671,744 bytes free Post-Run: 41,871,970,304 bytes free . - - End Of File - - 43ECB68E73D60A4ECC0BC0E54786D461
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.