Zbot.gen!AP and Fraud.Fedexword

[LiquidTension]

Hi Maureen,

Before we proceed, I would like you to please run the following programme, and post back the log generated.

SystemLook

• Please download SystemLook (x64) and save the file to your desktop.
• Right-Click SystemLook_x64.exe and select
  
  Run as administrator to run the programme.
• Copy the entire contents of the codebox below and paste into the textfield.
  

  :filefind
  *18967481.sys*
  *20358622.sys*
  *83227107.sys*
  *18967481.sys*
  *20358622.sys*
  *83227107.sys*
  
  ::csinfo

• Click the
  
  button to start the scan.
• Upon completion, a log (SystemLook.txt) will open. Copy the contents of the log and paste in your next reply.
• Click the
  
  button.

 

[mla34]

Hi, Adam,
Here you go -


SystemLook 30.07.11 by jpshortstuff
Log created at 20:03 on 27/06/2014 by The Arnolds
Administrator - Elevation successful

========== filefind ==========

Searching for " *18967481.sys*"
No files found.

Searching for " *20358622.sys*"
No files found.

Searching for " *83227107.sys*"
No files found.

Searching for " *18967481.sys*"
No files found.

Searching for " *20358622.sys*"
No files found.

Searching for " *83227107.sys*"
No files found.

Searching for " ::csinfo "
No files found.

-= EOF =-

 

[LiquidTension]

Hi Maureen,

I typed AdwCleaner[SO] but got "no results found". I'm so sorry if I did something to make it disappear.

Please copy and paste the following text into the search bar: AdwCleaner[S0]
The "0" is in fact the number zero, not the letter "O".


STEP 1

Farbar Recovery Scan Tool (FRST) Script

• Press the Windows Key
  
  + r on your keyboard at the same time. Type Notepad and click OK.
• Copy the entire contents of the codebox below and paste into the Notepad document.
  

  start
  Task: {C42AE82E-A9C3-41AE-9CB8-686FA2E84F4E} - \Security Center Update - 2120148171 No Task File <==== ATTENTION
  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\18967481.sys => ""="Driver"
  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20358622.sys => ""="Driver"
  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83227107.sys => ""="Driver"
  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\18967481.sys => ""="Driver"
  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\20358622.sys => ""="Driver"
  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\83227107.sys => ""="Driver"
  end

• Click File, Save As and type fixlist.txt as the File Name.
• Important: The file must be saved in the same location as FRST64.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

• Right-Click FRST64.exe and select
  
  Run as administrator to run the programme.
• Click Fix.
• A log (Fixlog.txt) will open on your desktop.Copy the contents of the log and paste in your next reply.

STEP 2

Update/Remove Java

• Download the latest version of
  
  Java from here.
• Press the Windows Key
  
  + r on your keyboard at the same time. Type appwiz.cpl and click OK.
• Search for and uninstall the following programmes (if present):
  • Java 7 Update 51
  • Java™ 6 Update 27

STEP 3

Malwarebytes Anti-Malware (MBAM)

• Please download Malwarebytes Anti-Malware Free to your desktop (this will update your current version).
• Double-click mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
• Launch the programme and select Update.
• Once updated, click the Settings tab and tick Scan for rootkits.
• Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
• Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
• If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
• Upon completion of the scan (or after the reboot), click the History tab.
• Click Application Logs and double-click theScan Log.
• Click Copy to Clipboard and paste the log in your next reply.

STEP 4

ESET Online Scan
Note: This scan will take a significant amount of time to complete. Please do not browse the Internet whilst your resident protection is disabled.

• Please download ESET Online Scan and save the file to your desktop.
• Temporarily disable your anti-virus software. For instructions, please refer to the following link.
• Double-click esetsmartinstaller_enu.exe to run the programme.
• Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then press Start.
• Agree to the Terms of Use once more and click Start. Allow components to download.
• Click Hide advanced settings. Your settings should match that of the image below.
• Ensure Remove found threats is unchecked.
  
  
  
• Allow virus signature database to download and for the scan to finish. Please be patient as this can take some time.
• Upon completion, click List of found threats. If no threats were found, skip the next two bullet points.
• Click Export to text file... and save the file to your desktop, naming it something unique such as MyEsetScan.
• Push the Back button.
• Place a checkmark next to Uninstall application on close and click Finish.
• Re-enable your anti-virus software.
• Copy the contents of the log and paste in your next reply.

======================================================

STEP 5

Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• AdwCleaner[S0]
• Fixlog.txt
• MBAM Scan log
• ESET Online Scan log

 

[mla34]

Hi, Adam,
I got the same "No results found" when I searched for the AdwCleaner[S0]. I must have screwed this up. So sorry.

I'm sending the first task results now so if the computer has to reboot for the next steps I won't lose this!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-06-2014 02
Ran by The Arnolds at 2014-06-28 09:32:05 Run:3
Running from C:\Users\The Arnolds\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
Task: {C42AE82E-A9C3-41AE-9CB8-686FA2E84F4E} - \Security Center Update - 2120148171 No Task File <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\18967481.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20358622.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83227107.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\18967481.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\20358622.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\83227107.sys => ""="Driver"
end
*****************

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C42AE82E-A9C3-41AE-9CB8-686FA2E84F4E}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C42AE82E-A9C3-41AE-9CB8-686FA2E84F4E}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2120148171' => Key deleted successfully.
'HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\18967481.sys' => Key deleted successfully.
'HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\20358622.sys' => Key deleted successfully.
'HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\83227107.sys' => Key deleted successfully.
'HKLM\System\CurrentControlSet\Control\SafeBoot\Network\18967481.sys' => Key deleted successfully.
'HKLM\System\CurrentControlSet\Control\SafeBoot\Network\20358622.sys' => Key deleted successfully.
'HKLM\System\CurrentControlSet\Control\SafeBoot\Network\83227107.sys' => Key deleted successfully.

==== End of Fixlog ====

 

[mla34]

Hi, Adam,
Java asked if I wanted to run the program and that it may put my computer at risk. I clicked no and copied this. Should I do something?

Java Plug-in 10.60.2.19
Using JRE version 1.7.0_60-b19 Java HotSpot(TM) Client VM
User home directory = C:\Users\The Arnolds
----------------------------------------------------
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
q: hide console
r: reload policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
----------------------------------------------------
calling downloadEagerorAll

 

[mla34]

Hi, Adam,

On Malwarebytes scan, do I uncheck Use Advanced Heuristics Engine (Shuriken) and Scan within archives or leave them checked?

 

[mla34]

Adam,

Just as a side note, when I am sitting here working on the homework you have given me, the computer "ticks" away, as if it is processing stuff, even if I am not running anything or doing anything. Maybe it has always done that but I don't think so. Just thought I would mention it. I don't want to move forward with the rest of the tasks until I hear back from you about the Java and Malwarebytes questions. Thanks!

 

[LiquidTension]

Hi Maureen,

Java asked if I wanted to run the program and that it may put my computer at risk. I clicked no and copied this. Should I do something?

Was this during the installation of the updated version, or the uninstalling of the outdated version?

Which versions of Java do you have on your computer? Press the Windows Key + r on your keyboard. Type appwiz.cpl and click Ok. Note down all installed versions of Java in your next reply.

I will answer your other questions once you have responded to the above.

 

[mla34]

Hi, Adam,

It was after I did the install from the link you provided. I have not done any install yet.
Below is what is listed:

Java 7 Update 60
Java(TM) 6 Update 27 (64-bit)

Will wait to hear back from you before doing the Malwarebytes and ESET steps just in case there is something else I should do before those.

Thanks.

 

[mla34]

Correction

It was after I did the install from the link you provided. I have not done any uninstall yet.

 

[LiquidTension]

Hi Maureen,

It was after I did the install from the link you provided. I have not done any uninstall yet.

Lets uninstall all versions for now. Please proceed with the uninstall instructions, ensuring you uninstall the version you just installed as well. We can come back to the installation of the latest version at the end.

On Malwarebytes scan, do I uncheck Use Advanced Heuristics Engine (Shuriken) and Scan within archives or leave them checked?

Please leave both options checked.

Just as a side note, when I am sitting here working on the homework you have given me, the computer "ticks" away, as if it is processing stuff, even if I am not running anything or doing anything.

This is not necessarily unusual, but we can look into it later.

For now, please uninstall all versions of Java, and proceed with Malwarebytes and ESET.

 

[mla34]

Good morning, Adam,
Here is the Malwarebytes log. I will get the ESET scan going and send it to you later when it is finished. Thanks.


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/29/2014
Scan Time: 9:06:58 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.29.03
Rootkit Database: v2014.06.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: The Arnolds

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 341446
Time Elapsed: 10 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

[mla34]

Hi, Adam,

Not sure what to check off here. Enable or Disable?

 

[LiquidTension]

Hi Maureen,

Please click Enable, and proceed.*

 

[mla34]

Hi, Adam,
Below is the ESET scan. Another note, the computer seems to be a bit slow booting up each time. Everything loads okay but it takes longer than it used to. Also, in the Notification Area I keep getting a "white flag" that is the Action Center - it still tells me "PWS:Win32/Zbot is found on my PC
Thanks for your help and patience!

C:\AdwCleaner\Quarantine\C\chatzum_nt.exe.vir OSX/ChatZum.C potentially unwanted application
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

 

[LiquidTension]

Hi Maureen,

C:\AdwCleaner\Quarantine\C\chatzum_nt.exe.vir OSX/ChatZum.C potentially unwanted application
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

The first item is already quarantined, and the 4 below do not need to be removed.

Another note, the computer seems to be a bit slow booting up each time.

We can look into this later.


STEP 1

Temporary File Cleaner (TFC)

• Please download TFC and save the file to your desktop.
• Close any open windows.
• Double-click TFC.exe to run the programme.
• Click Start.
• Allow TFC to run interrupted.
• Upon completion, your computer will reboot automatically. If this does not happen, please manually reboot.
• Note: It is not unusual for a computer to reboot slower than usual immediately after running TFC.

STEP 2

ComboFix

• Note: Please read to the end of these instructions before running ComboFix.
• Please download ComboFix.
• Important: Save ComboFix.exe to your Desktop.
• Temporarily disable your anti-virus software. For instructions, please refer to the following link.
• Right-Click ComboFix.exe and select
  
  Run as administrator to run the programme.
• Follow the prompts.
• Allow ComboFix to complete it's removal routine (please refer to Important Notes:)
• Upon completion, a log (ComboFix.txt) will be created in the root directory (C:\). Copy the contents of the log and paste in your next reply.
• Re-enable your anti-virus software.

Important Notes:

• Do NOT mouse click ComboFix's window whilst it is running. This may cause it to stall.
• Do NOT use your computer whilst ComboFix is running.
• Your desktop/taskbar may disappear whilst ComboFix is running; this is normal.
  
  
• If you get the message Illegal operation attempted on registry key that has been marked for deletion please reboot your computer.
• ComboFix will disconnect your machine from the Internet as soon as it starts.
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
• If you are unable to access the Internet after running ComboFix, please reboot your computer.

Also, in the Notification Area I keep getting a "white flag" that is the Action Center - it still tells me "PWS:Win32/Zbot is found on my PC

After running ComboFix, please ensure you reboot your computer. Proceed by opening Microsoft Security Essentials, and run a scan (as you did earlier). Let me know how you get on.

======================================================

STEP 3

Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• ComboFix.txt
• MSE results

 

[mla34]

Hi, Adam,

I am sending the Combofix text alone in case it is too big to send along with the MSE scan results.

ComboFix 14-06-30.01 - The Arnolds 06/30/2014 11:19:13.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6057.3804 [GMT -4:00]
Running from: c:\users\The Arnolds\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6426\AddOnDownloaded\073fb38f-0e69-479d-bca1-4f81ec9dcbf6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\0bb0beb6-da93-477d-980d-15bb6e2df09c.dll
c:\programdata\PCDr\6426\AddOnDownloaded\0d06f79c-d0e6-4610-9a2b-d8f1a48f4252.dll
c:\programdata\PCDr\6426\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll
c:\programdata\PCDr\6426\AddOnDownloaded\1b0b3c38-2b97-4f8d-954b-06296209b73d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll
c:\programdata\PCDr\6426\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll
c:\programdata\PCDr\6426\AddOnDownloaded\2a6b5d0b-a2fc-4bdd-b3fe-6bbefb85b7e4.dll
c:\programdata\PCDr\6426\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll
c:\programdata\PCDr\6426\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll
c:\programdata\PCDr\6426\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll
c:\programdata\PCDr\6426\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll
c:\programdata\PCDr\6426\AddOnDownloaded\434373b7-17f4-4a5e-9e8f-2c1bb65cd9e5.dll
c:\programdata\PCDr\6426\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll
c:\programdata\PCDr\6426\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll
c:\programdata\PCDr\6426\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll
c:\programdata\PCDr\6426\AddOnDownloaded\50441041-9037-4c34-842c-4a8523e700da.dll
c:\programdata\PCDr\6426\AddOnDownloaded\51fdf16e-ecb9-4fa4-8469-76fc9a22293b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\57d7325c-8462-4866-a9ca-3f9228775fed.dll
c:\programdata\PCDr\6426\AddOnDownloaded\59be3af2-87f2-4d3a-b380-7509f3d47c40.dll
c:\programdata\PCDr\6426\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\64882123-3c6f-4e15-8579-c6d1ba56c9de.dll
c:\programdata\PCDr\6426\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\7bd91bf5-79bd-4c68-b85b-3c132cdb258a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\7dbfef1a-6148-4748-a1b3-71627763a45a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\813755dc-2229-47a2-b85b-19d0aaa641c9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\872965c7-08b7-47fc-a74c-ff167590b71a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\8745715d-dc8a-4b32-b6a6-89cd3d0cc3c5.dll
c:\programdata\PCDr\6426\AddOnDownloaded\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
c:\programdata\PCDr\6426\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll
c:\programdata\PCDr\6426\AddOnDownloaded\9c07cc30-4011-4e36-a63d-e59077a22429.dll
c:\programdata\PCDr\6426\AddOnDownloaded\a61f44a8-21a3-4c4a-a04b-993dfb73bf96.dll
c:\programdata\PCDr\6426\AddOnDownloaded\a9de0c84-9a7c-4638-9653-13aa8cf56e80.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ad817bdc-639c-43e8-b06b-897bcb5b8f23.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ae67b364-b69e-471e-b177-2459120b84d4.dll
c:\programdata\PCDr\6426\AddOnDownloaded\aeffdb78-a789-4b6a-b2c2-f85f9b4863e6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b2152f30-7380-4987-8fcf-e4c06952615d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b4cc2a4a-87f5-49cd-935c-18f1a80e65b7.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ba005e12-3139-4327-9f7a-9f2ea6a6c841.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bc1b45ef-7c18-4b8a-95cd-f77c43d4f7df.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bc6fc708-5b6b-4a72-b336-09b3089baa7a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bea3f575-677a-4c92-89ca-7be8480c11a9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bf647bd7-dfb5-4746-a6b4-b7c2fdbbf3b1.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c4211805-b43b-471d-81af-4e0589f8607b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c6bf01ba-05a7-4930-b8dd-7c5fd03e97ac.dll
c:\programdata\PCDr\6426\AddOnDownloaded\cdda52ec-6ccd-425a-8c72-b7bbdc8b3acd.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d114d5a6-2ec4-4056-a365-d6281d97c6b6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d34c0cf7-889f-43dd-9283-b2b6f442aae3.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d460bca3-24f0-49a7-beed-a064fad82750.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ddb9fe5d-525c-4d5d-ac37-0bd10f2864f8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\dfc97e68-74cd-4807-807f-ac146d81ec5d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e0db530c-27fc-4e55-af38-073796a09e9d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e45cd45a-4d7c-4802-881f-74582b847e5c.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e5847967-7dc8-4833-8ca6-09af078c1bcb.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e5a71f43-c979-4b3d-a544-9ed1dc6dc4c8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ef78c3e8-1d94-4219-8070-7617e119bba4.dll
c:\programdata\PCDr\6426\AddOnDownloaded\f06c5597-1a85-4d1f-ac16-a6fdd2a6bedc.dll
c:\programdata\PCDr\6426\AddOnDownloaded\f12de547-df4d-4236-9129-baac054f90ab.dll
c:\programdata\PCDr\6426\AddOnDownloaded\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll
.
.
((((((((((((((((((((((((( Files Created from 2014-05-28 to 2014-06-30 )))))))))))))))))))))))))))))))
.
.
2014-06-30 15:32 . 2014-06-30 15:32 -------- d-----w- c:\users\Greg\AppData\Local\temp
2014-06-30 15:32 . 2014-06-30 15:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-16 22:58 . 2014-06-22 23:39 -------- d-----w- c:\program files (x86)\ERUNT
2014-06-14 10:42 . 2014-06-14 10:42 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-06-11 08:05 . 2014-05-30 09:45 2768384 ----a-w- c:\windows\system32\iertutil.dll
2014-06-09 20:17 . 2014-06-09 20:17 -------- d-----w- c:\program files\iPod
2014-06-09 20:17 . 2014-06-09 20:18 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-09 20:17 . 2014-06-09 20:18 -------- d-----w- c:\program files\iTunes
2014-06-09 20:17 . 2014-06-09 20:18 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-12 12:11 . 2013-11-12 22:48 588496 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-06-12 07:02 . 2011-12-09 22:02 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-05-26 22:20 . 2012-03-30 22:28 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-26 22:20 . 2011-10-12 12:14 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-12 11:25 . 2012-04-14 23:06 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-02 07:30 . 2012-02-11 02:27 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-12 02:22 . 2014-05-14 17:31 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-14 17:31 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-14 17:31 29184 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 17:31 136192 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 17:31 28160 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 17:31 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 17:31 31232 ----a-w- c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 17:31 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 17:31 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21444224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2014-05-08 40312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-29 885760]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-26 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\my dell\pcdsrvc_x64.pkms;c:\program files\my dell\pcdsrvc_x64.pkms [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech QuickCam S5500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 22:20]
.
2014-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-11 00:19]
.
2014-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-11 00:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-12 12:11 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-12 12:11 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-12 12:11 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-29 2055016]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://forums.spybot.info/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\The Arnolds\AppData\Roaming\Mozilla\Firefox\Profiles\3r6yn46d.default\
FF - prefs.js: browser.startup.homepage - hxxp://home.ancestry.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{D3412D80-CF3B4A27-06020200}_0]
"ImagePath"="\??\c:\program files\my dell\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-06-30 11:41:55
ComboFix-quarantined-files.txt 2014-06-30 15:41
.
Pre-Run: 864,975,683,584 bytes free
Post-Run: 864,553,349,120 bytes free
.
- - End Of File - - E4A473133DEC4E1E9BFB7C153653FD5B
5C616939100B85E558DA92B899A0FC36

 

[mla34]

Hi, Adam,

MSE did not find any threats on the computer. According to the history, the last time something was found was on June 16 - PWS:Win32/Zbot and TrojanDownloader:Win32/Kuluoz.D. Both were removed. However I had not run a scan so I'm not sure how it picked those up. I have not run a scan since I started working with you.

Anyway, the computer boots a bit slower than usual and I still find that the icons in the Notification Area are not consistently loading. Not an issue with me, unless it is an issue with you. I just find it odd.

Let me know what my next bit of homework is! Thanks!

 

[mla34]

Hi, Adam,

Ok, so I was looking through my documents to find a medication file for my mother and saw that within My Documents Library folder I have My Pictures, My Videos, and My Music. I now have a shortcut listed for each, along with the original folder, but the original folders are all locked and I am told Access Denied. Help?

 

[mla34]

Hi, Adam,

I came onto the computer to check to see if there was something in my email. I get a blank page when I click on the email icon. Nothing. At first I got the
about:Blank Page but now there is nothing in the location bar. Any ideas on this? I can get my email on my IPad but sent myself some pictures from the IPad that I wanted to d/l onto the desktop. I will shut the computer off again and wait to hear from you. It seems things are still strange! Thanks!