Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

F_IN_BOX.dll


  • This topic is locked This topic is locked
47 replies to this topic

#1 mcgtron

mcgtron

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 25 January 2013 - 02:18 PM

Boopme,

Attached are the log files you requested.

Thanks,

Matt

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:05 PM

Posted 25 January 2013 - 05:26 PM

Hi Matt!

I am currently reviewing your logs and should hopefully have some instructions for you to complete shortly.

-ST

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:05 PM

Posted 25 January 2013 - 05:46 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

If you do not use the following programs, then I'd recommend removing them from your computer.

  • AddThis Toolbar
  • Google Toolbar for Internet Explorer
  • iWon Toolbar
  • Microsoft Live Search Toolbar
  • SpyHunter
  • Unity Web Player
  • Wise Registry Cleaner 7.62
  • Yahoo! Toolbar
Please let me know if you don't remove any of them as I will need to adjust my script below accordingly.




ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
File::
c:\program files (x86)\iWonIE\bar\1.bin\idSrcAs.dll
c:\program files (x86)\AddThis Toolbar\Helper.dll
c:\program files (x86)\AddThis Toolbar\Toolbar.dll
c:\progra~2\iWonIE\bar\1.bin\idbar.dll
c:\program files (x86)\GamingWonderland\bar\1.bin\gtbar.dll
DirLook::
c:\users\Sydney\AppData\Roaming\School Zone Preferences
c:\users\Sydney\AppData\Local\CrashDumps
c:\users\Guest\AppData\Roaming\Template
c:\users\Guest\AppData\Local\CrashDumps
c:\users\Jeff\AppData\Roaming\Template
FileLook::
c:\users\Sabrina\AppData\Local\temp\1.tmp\F_IN_BOX.dll
c:\windows\system32\drivers\30740795.sys
Suspect::[102]
c:\users\Sabrina\AppData\Local\temp\1.tmp\F_IN_BOX.dll
c:\windows\system32\drivers\30740795.sys
Folder::
c:\program files (x86)\iWonIE\
c:\program files (x86)\AddThis Toolbar
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fa887e92-8f5f-4ec9-99ca-09be0e4120d6}"=-
[-HKEY_CLASSES_ROOT\clsid\{fa887e92-8f5f-4ec9-99ca-09be0e4120d6}]
[-HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{4ACB7285-8557-43C3-80DA-22D40B15DC77}]
[-HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6ddd1607-02d6-46b8-94a4-dc371e78bca1}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9EBF8AAF-0A31-4786-909A-97A0EF101743}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fc130ee2-5a2a-45a7-8e09-d2ca06c795a8}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{44843b6e-d44a-4b4f-bca4-559c86633dc6}"=-
"{B43176CC-4D9E-493B-A636-D9CBFE39C6DA}"=-
"{a899079d-206f-43a6-be6a-07e0fa648ea0}"=-
[-HKEY_CLASSES_ROOT\clsid\{44843b6e-d44a-4b4f-bca4-559c86633dc6}]
[-HKEY_CLASSES_ROOT\clsid\{b43176cc-4d9e-493b-a636-d9cbfe39c6da}]
[-HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{58E510FE-36D8-4DEF-9385-CD04A1F555A3}]
[-HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar]
[-HKEY_CLASSES_ROOT\clsid\{a899079d-206f-43a6-be6a-07e0fa648ea0}]
Driver::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Running aswMBR.exe

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image



NEXT:



Please let me know how things are running in your next reply as well as the above requested files.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#4 mcgtron

mcgtron
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 25 January 2013 - 07:07 PM

Hello ST! You can just call me matt, or mcg is fine too. Thanks a lot for helping me with this. I'm the guy that everyone in the family brings their virus-landen PCs to so that I can fix them. I'm usually pretty good (thanks to lots of reading on bleeping) but this nasty sucker is beyond my abilities. I really appreciate the help of volunteers like yourself.

OK - I uninstalled everything you asked me to, except for the iWon toolbar which gave me a "module not specified" error (or something like that)when I tried.

Unfortunately, I also had to run ComboFix again. The reason is that uninstalling that stuff blocked my internet access. The taskbar icon & network center showed connectivity, but I couldn't use IE, and I tried to update Malwarebytes and that gave an error. I tried to reboot, but it didn't work. In the past I have learned that Combofix has a way of getting my internet access back when stuff like this happens - so I ran it. I sure hope that it didn't mess up anything you want to do here.

Please let me know what I should do now.

I hope you are having a great start to your weekend.

:)

-Matt

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:05 PM

Posted 27 January 2013 - 02:39 PM

HI Matt!

Apologizes for the delay.

I'm glad to be of assistance. :)

OK - I uninstalled everything you asked me to, except for the iWon toolbar which gave me a "module not specified" error (or something like that)when I tried.

Okay, thanks for that information.

Could you please let me know what's going on with your computer? Do you currently have internet access on the computer? Were you able to get ComboFix to run again?

Let me know. I should be on for a bit this afternoon.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 mcgtron

mcgtron
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 27 January 2013 - 04:07 PM

Good day, ST!

After running combofix I was able to use IE and access the internet for a while. But then it was blocking me again. I haven't done anything with it since it began blocking internet access. I am typing this on a different computer. I have the infected computer turned off until you give me new instructions, because I'm not sure what the virus is doing at this point.

Thanks,

Matt

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:05 PM

Posted 27 January 2013 - 04:15 PM

Hi Matt!

Any chance you could copy that log file onto a flash drive, so that i could take a look at the contents of the ComboFix log?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 mcgtron

mcgtron
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 27 January 2013 - 04:18 PM

Sure. Just give me a couple of minutes...

#9 mcgtron

mcgtron
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 27 January 2013 - 04:24 PM

ComboFix 13-01-24.02 - Sabrina 01/25/2013 18:37:21.4.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3965.2689 [GMT -5:00]
Running from: c:\users\Sabrina\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-25 to 2013-01-25 )))))))))))))))))))))))))))))))
.
.
2013-01-25 23:51 . 2013-01-25 23:51 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-01-25 23:51 . 2013-01-25 23:51 -------- d-----w- c:\users\Sydney\AppData\Local\temp
2013-01-25 23:51 . 2013-01-25 23:51 -------- d-----w- c:\users\Sabrina\AppData\Local\temp
2013-01-25 23:51 . 2013-01-25 23:51 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-01-25 23:51 . 2013-01-25 23:51 -------- d-----w- c:\users\Jeff\AppData\Local\temp
2013-01-25 23:51 . 2013-01-25 23:51 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-01-25 23:51 . 2013-01-25 23:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-25 23:27 . 2013-01-25 23:27 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A466A091-36C6-49AE-9194-98147AE9A897}\offreg.dll
2013-01-25 18:33 . 2013-01-08 02:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A466A091-36C6-49AE-9194-98147AE9A897}\mpengine.dll
2013-01-25 16:40 . 2013-01-25 16:39 972264 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4BD2F39B-B1A7-40AA-8B74-2A852EABB5D1}\gapaengine.dll
2013-01-25 16:37 . 2013-01-25 16:37 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-01-25 16:37 . 2013-01-25 16:37 -------- d-----w- c:\program files\Microsoft Security Client
2013-01-25 13:48 . 2013-01-25 13:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-25 13:48 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-25 05:47 . 2013-01-25 13:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-01-25 05:47 . 2013-01-25 05:49 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2013-01-25 02:38 . 2013-01-25 02:38 -------- d-----w- c:\programdata\Sophos
2013-01-25 00:04 . 2013-01-25 00:04 208216 ----a-w- c:\windows\system32\drivers\30740795.sys
2013-01-24 03:59 . 2013-01-15 07:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{335EC8E3-B077-426E-9BD7-880FD51B39CF}\mpengine.dll
2013-01-21 17:09 . 2013-01-21 17:10 -------- d-----w- c:\users\Sydney\AppData\Roaming\School Zone Preferences
2013-01-21 16:49 . 2013-01-21 16:49 -------- d-----w- c:\users\Sydney\AppData\Local\CrashDumps
2013-01-19 11:08 . 2013-01-19 11:08 -------- d-----w- c:\users\Guest\AppData\Roaming\Template
2013-01-19 10:33 . 2013-01-19 10:33 -------- d-----w- c:\users\Guest\AppData\Local\CrashDumps
2013-01-18 18:57 . 2013-01-18 18:57 -------- d-----w- c:\users\Jeff\AppData\Roaming\Template
2013-01-09 02:51 . 2012-11-20 04:21 253952 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 02:51 . 2012-11-20 04:22 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 02:50 . 2012-11-23 01:54 2770432 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 02:50 . 2012-11-02 10:47 1869824 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 02:50 . 2012-11-02 10:47 1794560 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 02:50 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 02:50 . 2012-11-02 10:19 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-06 03:16 . 2013-01-06 03:16 -------- d-----w- c:\users\Sydney\AppData\Local\Apple
2013-01-03 01:43 . 2013-01-03 01:43 -------- d-----w- c:\users\Sydney\AppData\Local\Eastman Kodak Company
2013-01-03 00:27 . 2013-01-03 00:27 -------- d-----w- c:\program files\iPod
2013-01-03 00:26 . 2013-01-03 00:28 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-03 00:26 . 2013-01-03 00:27 -------- d-----w- c:\program files\iTunes
2013-01-03 00:26 . 2013-01-03 00:27 -------- d-----w- c:\program files (x86)\iTunes
2013-01-03 00:19 . 2013-01-03 00:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-03 00:19 . 2013-01-03 00:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-03 00:19 . 2013-01-03 00:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-03 00:19 . 2013-01-03 00:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-03 00:19 . 2013-01-03 00:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-03 00:19 . 2013-01-03 00:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-03 00:19 . 2013-01-03 00:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-01-03 00:18 . 2013-01-03 00:19 -------- d-----w- c:\program files (x86)\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 08:18 . 2012-06-11 00:28 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 08:18 . 2011-07-23 14:30 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 08:02 . 2006-11-02 12:35 67599240 ----a-w- c:\windows\system32\mrt.exe
2012-12-16 13:31 . 2012-12-22 08:00 48128 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 13:12 . 2012-12-22 08:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-16 11:08 . 2012-12-22 08:00 368128 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 10:50 . 2012-12-22 08:00 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-11-14 07:06 . 2012-12-13 08:02 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 08:02 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 08:02 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 08:02 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 08:02 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 08:02 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 08:02 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 08:02 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 08:02 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 08:02 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 08:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 08:02 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 08:02 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 08:02 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 08:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 08:02 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 08:02 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 08:02 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 08:02 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 08:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 08:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 08:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-13 01:45 . 2012-12-12 10:16 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-13 01:29 . 2012-12-12 10:16 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 10:45 . 2012-12-12 10:15 477696 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 10:45 . 2012-12-12 10:15 68096 ----a-w- c:\windows\system32\dpnathlp.dll
2012-11-02 10:18 . 2012-12-12 10:15 376320 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-11-02 08:59 . 2012-12-12 10:15 26112 ----a-w- c:\windows\system32\dpnsvr.exe
2012-11-02 08:26 . 2012-12-12 10:15 23040 ----a-w- c:\windows\SysWow64\dpnsvr.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6ddd1607-02d6-46b8-94a4-dc371e78bca1}]
c:\program files (x86)\iWonIE\bar\1.bin\idSrcAs.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fc130ee2-5a2a-45a7-8e09-d2ca06c795a8}]
c:\progra~2\iWonIE\bar\1.bin\idbar.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{44843b6e-d44a-4b4f-bca4-559c86633dc6}"= "c:\program files (x86)\iWonIE\bar\1.bin\idbar.dll" [BU]
"{a899079d-206f-43a6-be6a-07e0fa648ea0}"= "c:\program files (x86)\GamingWonderland\bar\1.bin\gtbar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{44843b6e-d44a-4b4f-bca4-559c86633dc6}]
.
[HKEY_CLASSES_ROOT\clsid\{a899079d-206f-43a6-be6a-07e0fa648ea0}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-06-19 2234840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sh4native Sh4Removal
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Sabrina\Desktop\Virus Removal\EmsisoftEmergencyKit\Run\a2ddax64.sys [2012-09-17 23208]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 08:18]
.
2013-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-18 17:22]
.
2013-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-18 17:22]
.
2013-01-23 c:\windows\Tasks\HPCeeScheduleForSabrina.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-11-07 19:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-12 15853088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-12 82464]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2013-01-25 18:55:06
ComboFix-quarantined-files.txt 2013-01-25 23:55
ComboFix2.txt 2013-01-25 02:32
.
Pre-Run: 355,592,118,272 bytes free
Post-Run: 356,290,220,032 bytes free
.
- - End Of File - - 515CB4613AB97076A65F0A87DC6114A9

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:05 PM

Posted 27 January 2013 - 04:31 PM

Thanks for that log file.

A few posts prior you mentioned you were being blocked again. Can you elaborate on it blocking you?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 mcgtron

mcgtron
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 27 January 2013 - 04:37 PM

The taskbar icon shows connectivity. Network and Sharing Center shows Internet access. However, if I open a browser I get a Page Cannot Be Displayed message. If I open a scanner like Malwarebytes, and try to run the update tool, it gives an error saying it cannot connect to the server.

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:05 PM

Posted 27 January 2013 - 04:43 PM

HI!

Okay, please give this a try:

Press the Windows Logo in the bottom left corner of your screen.
In the Posted Image box, enter command and right click on Command Prompt and select Run as Administrator.

Copy/Paste the following bolded text into the command window followed by ENTER.

NETSH WINSOCK RESET CATALOG
netsh int ip reset resetlog.txt


Please reboot your computer after running the above command and see if your internet is restored.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 mcgtron

mcgtron
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 27 January 2013 - 05:17 PM

ST,

It worked! I'm able to connect to the internet again.

Thank you.

-Matt

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:05 PM

Posted 27 January 2013 - 05:20 PM

Perfect!

Can you please perform the instructions in this post here: http://www.bleepingcomputer.com/forums/topic482996.html/page__view__findpost__p__2957979

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 mcgtron

mcgtron
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 27 January 2013 - 07:22 PM

OK, ST - here is the Combofix log. BTW, during its run, Combofix said it was uploading a file for analysis. Was that expected? I've never seen it do that before.

ComboFix 13-01-27.03 - Sabrina 01/27/2013 18:30:07.5.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3965.2329 [GMT -5:00]
Running from: c:\users\Sabrina\Desktop\ComboFix.exe
Command switches used :: c:\users\Sabrina\Desktop\cfscript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\progra~2\iWonIE\bar\1.bin\idbar.dll"
"c:\program files (x86)\AddThis Toolbar\Helper.dll"
"c:\program files (x86)\AddThis Toolbar\Toolbar.dll"
"c:\program files (x86)\GamingWonderland\bar\1.bin\gtbar.dll"
"c:\program files (x86)\iWonIE\bar\1.bin\idSrcAs.dll"
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AddThis Toolbar
c:\program files (x86)\iWonIE
c:\program files (x86)\iWonIE\bar\1.bin\idauxstb.dll
c:\program files (x86)\iWonIE\bar\1.bin\idbrstub.dll
c:\program files (x86)\iWonIE\bar\1.bin\iddatact.dll
c:\program files (x86)\iWonIE\bar\1.bin\iddlghk.dll
c:\program files (x86)\iWonIE\bar\1.bin\iddyn.dll
c:\program files (x86)\iWonIE\bar\1.bin\idfeedmg.dll
c:\program files (x86)\iWonIE\bar\1.bin\idhighin.exe
c:\program files (x86)\iWonIE\bar\1.bin\idhtml.dll
c:\program files (x86)\iWonIE\bar\1.bin\idhtmlmu.dll
c:\program files (x86)\iWonIE\bar\1.bin\idhttpct.dll
c:\program files (x86)\iWonIE\bar\1.bin\ididle.dll
c:\program files (x86)\iWonIE\bar\1.bin\idimpipe.exe
c:\program files (x86)\iWonIE\bar\1.bin\idmedint.exe
c:\program files (x86)\iWonIE\bar\1.bin\idmlbtn.dll
c:\program files (x86)\iWonIE\bar\1.bin\idmsg.dll
c:\program files (x86)\iWonIE\bar\1.bin\idradio.dll
c:\program files (x86)\iWonIE\bar\1.bin\idregiet.dll
c:\program files (x86)\iWonIE\bar\1.bin\idscript.dll
c:\program files (x86)\iWonIE\bar\1.bin\idskin.dll
c:\program files (x86)\iWonIE\bar\1.bin\idskplay.exe
c:\program files (x86)\iWonIE\bar\1.bin\idtpinst.dll
c:\program files (x86)\iWonIE\bar\1.bin\iduabtn.dll
c:\program files (x86)\iWonIE\bar\1.bin\LOGO.BMP
c:\program files (x86)\iWonIE\bar\Message\COMMON.T8S
c:\program files (x86)\iWonIE\bar\Settings\s_pid.dat
c:\users\Sabrina\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-12-27 to 2013-01-27 )))))))))))))))))))))))))))))))
.
.
2013-01-27 23:45 . 2013-01-27 23:45 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2CFAFE3-AEB8-4A8B-89C2-7FD15864BA73}\offreg.dll
2013-01-27 23:43 . 2013-01-27 23:43 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-01-27 23:43 . 2013-01-27 23:43 -------- d-----w- c:\users\Sydney\AppData\Local\temp
2013-01-27 23:43 . 2013-01-27 23:43 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-01-27 23:43 . 2013-01-27 23:43 -------- d-----w- c:\users\Jeff\AppData\Local\temp
2013-01-27 23:43 . 2013-01-27 23:43 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-01-27 23:43 . 2013-01-27 23:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-27 22:26 . 2013-01-08 02:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2CFAFE3-AEB8-4A8B-89C2-7FD15864BA73}\mpengine.dll
2013-01-25 23:55 . 2013-01-27 23:51 -------- d-----w- c:\users\Sabrina\AppData\Local\temp
2013-01-25 18:33 . 2013-01-08 02:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-25 16:40 . 2013-01-25 16:39 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4BD2F39B-B1A7-40AA-8B74-2A852EABB5D1}\gapaengine.dll
2013-01-25 16:37 . 2013-01-25 16:37 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-01-25 16:37 . 2013-01-25 16:37 -------- d-----w- c:\program files\Microsoft Security Client
2013-01-25 13:48 . 2013-01-25 13:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-25 13:48 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-25 05:47 . 2013-01-25 13:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-01-25 05:47 . 2013-01-25 05:49 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2013-01-25 02:38 . 2013-01-25 02:38 -------- d-----w- c:\programdata\Sophos
2013-01-25 00:04 . 2013-01-25 00:04 208216 ----a-w- c:\windows\system32\drivers\30740795.sys
2013-01-24 03:59 . 2013-01-15 07:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{335EC8E3-B077-426E-9BD7-880FD51B39CF}\mpengine.dll
2013-01-21 17:09 . 2013-01-21 17:10 -------- d-----w- c:\users\Sydney\AppData\Roaming\School Zone Preferences
2013-01-21 16:49 . 2013-01-21 16:49 -------- d-----w- c:\users\Sydney\AppData\Local\CrashDumps
2013-01-19 11:08 . 2013-01-19 11:08 -------- d-----w- c:\users\Guest\AppData\Roaming\Template
2013-01-19 10:33 . 2013-01-19 10:33 -------- d-----w- c:\users\Guest\AppData\Local\CrashDumps
2013-01-18 18:57 . 2013-01-18 18:57 -------- d-----w- c:\users\Jeff\AppData\Roaming\Template
2013-01-09 02:51 . 2012-11-20 04:21 253952 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 02:51 . 2012-11-20 04:22 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 02:50 . 2012-11-23 01:54 2770432 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 02:50 . 2012-11-02 10:47 1869824 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 02:50 . 2012-11-02 10:47 1794560 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 02:50 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 02:50 . 2012-11-02 10:19 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-06 03:16 . 2013-01-06 03:16 -------- d-----w- c:\users\Sydney\AppData\Local\Apple
2013-01-03 01:43 . 2013-01-03 01:43 -------- d-----w- c:\users\Sydney\AppData\Local\Eastman Kodak Company
2013-01-03 00:27 . 2013-01-03 00:27 -------- d-----w- c:\program files\iPod
2013-01-03 00:26 . 2013-01-03 00:28 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-03 00:26 . 2013-01-03 00:27 -------- d-----w- c:\program files\iTunes
2013-01-03 00:26 . 2013-01-03 00:27 -------- d-----w- c:\program files (x86)\iTunes
2013-01-03 00:19 . 2013-01-03 00:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-03 00:19 . 2013-01-03 00:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-03 00:19 . 2013-01-03 00:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-03 00:19 . 2013-01-03 00:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-03 00:19 . 2013-01-03 00:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-03 00:19 . 2013-01-03 00:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-03 00:19 . 2013-01-03 00:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-01-03 00:18 . 2013-01-03 00:19 -------- d-----w- c:\program files (x86)\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 08:18 . 2012-06-11 00:28 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 08:18 . 2011-07-23 14:30 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 08:02 . 2006-11-02 12:35 67599240 ----a-w- c:\windows\system32\mrt.exe
2012-12-16 13:31 . 2012-12-22 08:00 48128 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 13:12 . 2012-12-22 08:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-16 11:08 . 2012-12-22 08:00 368128 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 10:50 . 2012-12-22 08:00 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-11-14 07:06 . 2012-12-13 08:02 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 08:02 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 08:02 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 08:02 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 08:02 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 08:02 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 08:02 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 08:02 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 08:02 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 08:02 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 08:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 08:02 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 08:02 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 08:02 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 08:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 08:02 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 08:02 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 08:02 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 08:02 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 08:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 08:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 08:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-13 01:45 . 2012-12-12 10:16 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-13 01:29 . 2012-12-12 10:16 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 10:45 . 2012-12-12 10:15 477696 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 10:45 . 2012-12-12 10:15 68096 ----a-w- c:\windows\system32\dpnathlp.dll
2012-11-02 10:18 . 2012-12-12 10:15 376320 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-11-02 08:59 . 2012-12-12 10:15 26112 ----a-w- c:\windows\system32\dpnsvr.exe
2012-11-02 08:26 . 2012-12-12 10:15 23040 ----a-w- c:\windows\SysWow64\dpnsvr.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\drivers\30740795.sys ---
Company: Kaspersky Lab, GERT
File Description: Kaspersky Lab Mini Driver
File Version: 2.8.4.0 built by: WinDDK
Product Name: Kaspersky Lab Mini Driver
Copyright: Copyright © Kaspersky Lab, GERT
Original Filename: klmd.sys
File size: 208216
Created time: 2013-01-25 00:04
Modified time: 2013-01-25 00:04
MD5: F146E2BA475893DD77B2370DC1211FC6
SHA1: B34C5CDBC9597694131FD20562DB201F62E6D1FE
.
---- Directory of c:\users\Guest\AppData\Local\CrashDumps ----
.
2013-01-19 10:33 . 2013-01-19 10:33 650166 ----a-w- c:\users\Guest\AppData\Local\CrashDumps\BejeweledTwist.exe.4980.dmp
.
---- Directory of c:\users\Guest\AppData\Roaming\Template ----
.
2007-01-23 20:02 . 2007-01-23 20:02 9728 ---ha-r- c:\users\Guest\AppData\Roaming\Template\Normal.wpt
.
---- Directory of c:\users\Jeff\AppData\Roaming\Template ----
.
2007-01-23 20:02 . 2007-01-23 20:02 9728 ---ha-r- c:\users\Jeff\AppData\Roaming\Template\Normal.wpt
.
---- Directory of c:\users\Sydney\AppData\Local\CrashDumps ----
.
2013-01-21 16:49 . 2013-01-21 16:49 650130 ----a-w- c:\users\Sydney\AppData\Local\CrashDumps\PeggleNights.exe.3504.dmp
.
---- Directory of c:\users\Sydney\AppData\Roaming\School Zone Preferences ----
.
2013-01-21 17:11 . 2013-01-21 17:29 276 ----a-w- c:\users\Sydney\AppData\Roaming\School Zone Preferences\18101_8_1_1113_120\cache\18101_8_1_1113_120.hof
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6ddd1607-02d6-46b8-94a4-dc371e78bca1}]
c:\program files (x86)\iWonIE\bar\1.bin\idSrcAs.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fc130ee2-5a2a-45a7-8e09-d2ca06c795a8}]
c:\progra~2\iWonIE\bar\1.bin\idbar.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-06-19 2234840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sh4native Sh4Removal
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Sabrina\Desktop\Virus Removal\EmsisoftEmergencyKit\Run\a2ddax64.sys [2012-09-17 23208]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 08:18]
.
2013-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-18 17:22]
.
2013-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-18 17:22]
.
2013-01-23 c:\windows\Tasks\HPCeeScheduleForSabrina.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-11-07 19:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-12 15853088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-12 82464]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files (x86)\Hewlett-Packard\KBD\kbd.exe
.
**************************************************************************
.
Completion time: 2013-01-27 18:55:48 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-27 23:55
ComboFix2.txt 2013-01-25 23:55
ComboFix3.txt 2013-01-25 02:32
.
Pre-Run: 356,802,007,040 bytes free
Post-Run: 356,584,054,784 bytes free
.
- - End Of File - - 75A75E450ECF57C981A924C4270FB0DF
Upload was successful




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users