Page 7 of 9 FirstFirst ... 3456789 LastLast
Results 61 to 70 of 81

Thread: Youtube popup havoc

  1. #61
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    I am on my Win 7 laptop and just put my mouse on the command prompt, right clicked it and on the list of options the second one from the top after Open was Run As Administrator

    Lets take a breather, tell me how your system is running now, do you still have Messenger Opening up in Russian, are there other things in Russian trying to open up ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  2. #62
    Member
    Join Date
    Sep 2014
    Posts
    45

    Default Got it figured out...

    I figured out how to run as administrator. The Results: Windows resource protection did not find any integrity violation.

    I still have the messenger on the task bar, but not opening. Nothing in Russian. Everything seems to be operating smoothly. I have attached a screenshot of the icon on the task bar. I pulled it out to be seen better.
    Attached Images Attached Images

  3. #63
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    I cant see it to well, but you can right click on anything in the taskbar and select unpin

    Suzy, I would like you to run a program called SilentRunners, it will list all your start up programs

    Download Silent Runners to your desktop.
    1. Right click on the zip file and select extract
    2. Extract it to your desktop
    3. Then Right click on Silent Runners and select open and let it run
    4. If your AV queries the script, allow it to run. It's not malicious.
    5. It will create a file named Startup Programs, and will notify when the scan is complete.
    6. Copy the log from the Startup Programs file back in this thread.
    Last edited by ken545; 2014-09-30 at 04:00.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  4. #64
    Member
    Join Date
    Sep 2014
    Posts
    45

    Default Silent Runners

    "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/
    Operating System: Microsoft Windows 7 Professional Service Pack 1 (64-bit)
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    Spybot-S&D Cleaning = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [Safer-Networking Ltd.]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    RTHDVCPL = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [Realtek Semiconductor]
    AdobeAAMUpdater-1.0 = "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [Adobe Systems Incorporated]
    EKIJ5000StatusMonitor = C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [Eastman Kodak Company]
    AdAwareTray = "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe" [Lavasoft]

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
    IAStorIcon = C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [Intel Corporation]
    (Default) = (empty string) [file not found]
    Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
    QuickTime Task = "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime [Apple Computer, Inc.]
    Adobe Creative Cloud = "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true [Adobe Systems Incorporated]
    ArcSoft Connection Service = C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [ArcSoft Inc.]
    EKStatusMonitor = C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [Eastman Kodak Company]
    ArcSoft MediaImpression Monitor = C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe [ArcSoft, Inc.]
    SDTray = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [Safer-Networking Ltd.]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

    {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
    -> {HKLM...CLSID} = Windows Live ID Sign-in Helper
    \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
    -> {HKLM...Wow...CLSID} = Windows Live ID Sign-in Helper
    \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

    {B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
    -> {HKLM...CLSID} = Office Document Cache Handler
    \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [MS]
    -> {HKLM...Wow...CLSID} = Office Document Cache Handler
    \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [MS]

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

    {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
    -> {HKLM...CLSID} = Windows Live ID Sign-in Helper
    \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
    -> {HKLM...Wow...CLSID} = Windows Live ID Sign-in Helper
    \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

    {B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
    -> {HKLM...CLSID} = Office Document Cache Handler
    \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [MS]
    -> {HKLM...Wow...CLSID} = Office Document Cache Handler
    \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [MS]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

    AccExtIco1\(Default) = {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}
    -> {HKLM...CLSID} = AccExtIco1 Class
    \InProcServer32\(Default) = C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [null data]

    AccExtIco2\(Default) = {853B7E05-C47D-4985-909A-D0DC5C6D7303}
    -> {HKLM...CLSID} = AccExtIco2 Class
    \InProcServer32\(Default) = C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [null data]

    AccExtIco3\(Default) = {42D38F2E-98E9-4382-B546-E24E4D6D04BB}
    -> {HKLM...CLSID} = AccExtIco3 Class
    \InProcServer32\(Default) = C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [null data]

    SkyDrive1\(Default) = {F241C880-6982-4CE5-8CF7-7085BA96DA5A}
    -> {HKCU...CLSID} = UpToDateOverlayHandler Class
    \InProcServer32\(Default) = C:\Users\Computer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll [MS]

    SkyDrive2\(Default) = {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}
    -> {HKCU...CLSID} = SyncingOverlayHandler Class
    \InProcServer32\(Default) = C:\Users\Computer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll [MS]

    SkyDrive3\(Default) = {BBACC218-34EA-4666-9D7A-C78F2274A524}
    -> {HKCU...CLSID} = ErrorOverlayHandler Class
    \InProcServer32\(Default) = C:\Users\Computer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll [MS]

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

    SkyDrive1\(Default) = {F241C880-6982-4CE5-8CF7-7085BA96DA5A}
    -> {HKCU...Wow...CLSID} = UpToDateOverlayHandler Class
    \InProcServer32\(Default) = C:\Users\Computer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll [MS]

    SkyDrive2\(Default) = {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}
    -> {HKCU...Wow...CLSID} = SyncingOverlayHandler Class
    \InProcServer32\(Default) = C:\Users\Computer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll [MS]

    SkyDrive3\(Default) = {BBACC218-34EA-4666-9D7A-C78F2274A524}
    -> {HKCU...Wow...CLSID} = ErrorOverlayHandler Class
    \InProcServer32\(Default) = C:\Users\Computer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll [MS]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

    {A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class
    -> {HKLM...CLSID} = DesktopContext Class
    \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NVIDIA Corporation]

    {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension
    -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension
    \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation]

    {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL [MS]

    {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
    -> {HKLM...CLSID} = Microsoft Office Metadata Handler
    \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

    {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
    -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler
    \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

    {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
    -> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
    \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS]

    {506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
    -> {HKLM...CLSID} = ImageExtractorShellExt Class
    \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]

    {D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
    -> {HKLM...CLSID} = CInfoTipShellExt Class
    \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]

    {7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} = Nameext
    -> {HKLM...CLSID} = Enterprise Projects
    \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL [MS]

    {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS]

    {5BD933E7-F18F-4D3B-A16B-B1A40B04764E} = KodakPrintShellExtensionNative
    -> {HKLM...CLSID} = KodakPrintShellExtensionNative
    \InProcServer32\(Default) = C:\Program Files (x86)\Kodak\AiO\Center\Inkjet.ShellExtension.Native_Win64.dll [Eastman Kodak Company]

    {44176360-2BBF-4EC1-93CE-384B8681A0BC} = SDECon64
    -> {HKLM...CLSID} = Spybot-S&D Explorer Integration
    \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [Safer-Networking Ltd.]

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

    {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
    -> {HKLM...Wow...CLSID} = (no title provided)
    \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll [MS]

    {506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
    -> {HKLM...Wow...CLSID} = ImageExtractorShellExt Class
    \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]

    {D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
    -> {HKLM...Wow...CLSID} = CInfoTipShellExt Class
    \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]

    {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
    -> {HKLM...Wow...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
    \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL [MS]

    {00020D75-0000-0000-C000-000000000046} = Microsoft Outlook Desktop Icon Handler
    -> {HKLM...Wow...CLSID} = Microsoft Outlook
    \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\MLSHEXT.DLL [MS]

    {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
    -> {HKLM...Wow...CLSID} = Outlook File Icon Extension
    \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL [MS]

    {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
    -> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler
    \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

    {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
    -> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler
    \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

    {00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)
    -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
    \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [file not found]

    {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim
    -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Shim
    \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [file not found]

    {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim
    -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Editor Shim
    \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [file not found]

    {00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim
    -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
    \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [file not found]

    {44176360-2BBF-4EC1-93CE-384B8681A0BC} = SDECon32
    -> {HKLM...Wow...CLSID} = Spybot-S&D Explorer Integration
    \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll [Safer-Networking Ltd.]

    HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

    <<!>> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945}
    -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter
    \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS]

    HKCU\Software\Classes\*\shellex\ContextMenuHandlers\

    SkyDriveEx\(Default) = {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}
    -> {HKCU...CLSID} = SkyDriveEx
    \InProcServer32\(Default) = C:\Users\Computer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll [MS]
    -> {HKCU...Wow...CLSID} = SkyDriveEx
    \InProcServer32\(Default) = C:\Users\Computer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll [MS]

    HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

    AccExt\(Default) = {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4}
    -> {HKLM...CLSID} = AccExt Class
    \InProcServer32\(Default) = C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [null data]

    SDECon32\(Default) = {44176360-2BBF-4EC1-93CE-384B8681A0BC}
    -> {HKLM...CLSID} = Spybot-S&D Explorer Integration
    \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [Safer-Networking Ltd.]
    -> {HKLM...Wow...CLSID} = Spybot-S&D Explorer Integration
    \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll [Safer-Networking Ltd.]

    SDECon64\(Default) = {44176360-2BBF-4EC1-93CE-384B8681A0BC}
    -> {HKLM...CLSID} = Spybot-S&D Explorer Integration
    \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [Safer-Networking Ltd.]
    -> {HKLM...Wow...CLSID} = Spybot-S&D Explorer Integration
    \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll [Safer-Networking Ltd.]

    HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

    AdAwareContextMenu\(Default) = {5B64240D-5B36-4B9F-A75F-4925B6A53D5B}
    -> {HKLM...CLSID} = AdAwareContextMenu Class
    \InProcServer32\(Default) = C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareShellExtension.dll [Lavasoft]

    HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\

    SkyDriveEx\(Default) = {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}
    -> {HKCU...CLSID} = SkyDriveEx
    \InProcServer32\(Default) = C:\Users\Computer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll [MS]
    -> {HKCU...Wow...CLSID} = SkyDriveEx
    \InProcServer32\(Default) = C:\Users\Computer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll [MS]

    HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\

    SkyDriveEx\(Default) = {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}
    -> {HKCU...CLSID} = SkyDriveEx
    \InProcServer32\(Default) = C:\Users\Computer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll [MS]
    -> {HKCU...Wow...CLSID} = SkyDriveEx
    \InProcServer32\(Default) = C:\Users\Computer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll [MS]

    HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

    NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}
    -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension
    \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation]

    HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
    -> {HKLM...Wow...CLSID} = PDF Shell Extension
    \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

    HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

    AccExt\(Default) = {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4}
    -> {HKLM...CLSID} = AccExt Class
    \InProcServer32\(Default) = C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [null data]

    SDECon32\(Default) = {44176360-2BBF-4EC1-93CE-384B8681A0BC}
    -> {HKLM...CLSID} = Spybot-S&D Explorer Integration
    \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [Safer-Networking Ltd.]
    -> {HKLM...Wow...CLSID} = Spybot-S&D Explorer Integration
    \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll [Safer-Networking Ltd.]

    SDECon64\(Default) = {44176360-2BBF-4EC1-93CE-384B8681A0BC}
    -> {HKLM...CLSID} = Spybot-S&D Explorer Integration
    \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [Safer-Networking Ltd.]
    -> {HKLM...Wow...CLSID} = Spybot-S&D Explorer Integration
    \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll [Safer-Networking Ltd.]


    Group Policies {GPedit.msc branch and setting}:
    -----------------------------------------------

    Note: detected settings may not have any effect.

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

    NoDrives = (REG_DWORD) dword:0x00000000
    {unrecognized setting}

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

    NoDrives = (REG_DWORD) dword:0x00000000
    {unrecognized setting}

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

    DisableRegistryTools = (REG_DWORD) dword:0x00000000
    {unrecognized setting}


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop may be disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
    HKCU\Control Panel\Desktop\
    Wallpaper = C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg


    Windows Portable Device AutoPlay Handlers
    -----------------------------------------

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

    ArcSoftMediaImpressionArrival\
    Provider = ArcSoft MediaImpression
    InvokeProgID = MediaImpressionImport
    InvokeVerb = open
    HKLM\SOFTWARE\Classes\MediaImpressionImport\shell\open\command\(Default) = C:\Program Files (x86)\Kodak\MediaImpression\MediaImpression.exe [ArcSoft, Inc.]

    MSLivePhotoAcquireDropHandler\
    Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
    InvokeProgID = Microsoft.LivePhotoAcqDTShim.1
    InvokeVerb = open
    HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}
    -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
    \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [file not found]

    MSLiveShowPicturesOnArrival\
    Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
    InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1
    InvokeVerb = open
    HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
    -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
    \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [file not found]

    MSPlayCDAudioOnArrival\
    Provider = @wmploc.dll,-6502
    InvokeProgID = WMP.AudioCD
    InvokeVerb = play
    HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

    MSPlayDVDMovieOnArrival\
    Provider = @wmploc.dll,-6502
    InvokeProgID = WMP.DVD
    InvokeVerb = play
    HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]

    MSPlaySuperVideoCDMovieOnArrival\
    Provider = @wmploc.dll,-6502
    InvokeProgID = WMP.VCD
    InvokeVerb = play
    HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

    MSPlayVideoCDMovieOnArrival\
    Provider = @wmploc.dll,-6502
    InvokeProgID = WMP.VCD
    InvokeVerb = play
    HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

    MSWMPBurnCDOnArrival\
    Provider = @wmploc.dll,-6502
    InvokeProgID = WMP.BurnCD
    InvokeVerb = Burn
    HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]

    SpybotScanFiles\
    Provider = Spybot - Search & Destroy
    InvokeProgID = SpybotFilesScanner
    InvokeVerb = scanfiles
    HKLM\SOFTWARE\Classes\SpybotFilesScanner\shell\scanfiles\command\(Default) = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe" [Safer-Networking Ltd.]

  5. #65
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    I see some things related to Windows Live but not for Messenger

    You dont need the 32 bit

    --RogueKiller--

    • Download & SAVE to your Desktop RogueKiller or 32 BIT
      • Quit all programs that you may have started.
      • Please disconnect any USB or external drives from the computer before you run this scan!
      • For Vista or Windows 7, right-click and select "Run as Administrator to start"
      • For Windows XP, double-click to start.
      • Wait until Prescan has finished ...
      • Then Click on "Scan" button
      • Wait until the Status box shows "Scan Finished"
      • Click on "Report" and copy/paste the content of the Notepad into your next reply.
      • The log should be found in RKreport[1].txt on your Desktop
      • Exit/Close RogueKiller+
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  6. #66
    Member
    Join Date
    Sep 2014
    Posts
    45

    Default

    Quote Originally Posted by ken545 View Post
    [*] Download & SAVE to your Desktop RogueKiller
    When I click on the Rogue Killer link I get a unable to connect error. I can connect to other web pages without difficulty.

    Suzy

  7. #67
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Me to, the site may be down


    Well we have been going round and round with this, did you unpin Messenger from your taskbar ? As long as you feel things are running ok and no more stuff from Russia showing up, you may be ok. Sometimes the only way to guarantee a totally clean computer is to do a format and reinstall of windows. If you have your windows CD or the Recovery CD that came with your computer I can link you to a nice site to help you do this, if not a good option would be to take your computer to a local shop and have them do it for you.

    Or we could try a System Restore to restore your system back before all this has happened, it may fix it or it may not,the russian stuff may be gone but we may have to do additional cleaning because I am sure there was stuff to remove prior to you getting infected with that russian garbage. FYI , a big percentage of the malware going around comes from russia or the uKraine

    These are your Restore Points, you posted on 9/22 and said that 2 days ago you where watching uTube and this stuff started so may a restore point prior to 9/20

    19-09-2014 05:53:43 Scheduled Checkpoint <--If there is one even a week or so prior to this date I would use it
    20-09-2014 02:30:14 PerforMax Cleaner
    20-09-2014 02:32:24 Windows Live Essentials
    20-09-2014 02:38:00 Windows Live Essentials
    20-09-2014 02:39:09 Windows Live Essentials
    20-09-2014 02:40:17 Installed DirectX
    20-09-2014 02:40:53 Installed DirectX
    20-09-2014 02:41:32 Installed DirectX
    20-09-2014 02:44:11 WLSetup
    20-09-2014 04:45:25 AA11
    20-09-2014 06:17:16 PerforMax Cleaner
    22-09-2014 17:00:54 Removed Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit



    http://windows.microsoft.com/en-us/w...system-restore


    Let me know what you decide
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #68
    Member
    Join Date
    Sep 2014
    Posts
    45

    Default Restore

    Let's try a system restore. I'll pick a point prior to then and restore it, then if you could let me know if it worked, please. I'll start doing that now.

    Suzy

  9. #69
    Member
    Join Date
    Sep 2014
    Posts
    45

    Default Can't find any before...

    Quote Originally Posted by SuzyQ View Post
    Let's try a system restore. I'll pick a point prior to then and restore it, then if you could let me know if it worked, please. I'll start doing that now.

    Suzy

    I can't find any restore points prior to 9/23 in the list it gives me.

  10. #70
    Member
    Join Date
    Sep 2014
    Posts
    45

    Default And yes...

    Yes, the Messenger is unpinned from the taskbar.

    Suzy

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •