[A] IE9 stopped working error, Chrome times out, can't get online

Inactive
By Jason_618
Feb 25, 2013
Topic Status:
Not open for further replies.
  1. Jason_618

    Jason_618 Newcomer, in training Topic Starter Posts: 59

    Checked in the c drive folder like it said but its not there
  2. Broni

    Broni Malware Annihilator Posts: 46,155   +251

    Redo rKill and Combofix one more time.
  3. Jason_618

    Jason_618 Newcomer, in training Topic Starter Posts: 59

    Will do sorry
  4. Broni

    Broni Malware Annihilator Posts: 46,155   +251

    Not your fault. It happens sometimes.
  5. Jason_618

    Jason_618 Newcomer, in training Topic Starter Posts: 59

    RKILL Log


    Rkill 2.4.7 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2013 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 02/26/2013 04:18:18 PM in x64 mode.
    Windows Version: Windows 7 Ultimate Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * Windows Defender Disabled

    [HKLM\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware" = dword:00000001

    Checking Windows Service Integrity:

    * Base Filtering Engine (BFE) is not Running.
    Startup Type set to: Automatic

    * DHCP Client (Dhcp) is not Running.
    Startup Type set to: Automatic

    * DNS Client (Dnscache) is not Running.
    Startup Type set to: Automatic

    * COM+ Event System (EventSystem) is not Running.
    Startup Type set to: Automatic

    * Windows Firewall (MpsSvc) is not Running.
    Startup Type set to: Automatic

    * Network Connections (Netman) is not Running.
    Startup Type set to: Manual

    * Network Store Interface Service (nsi) is not Running.
    Startup Type set to: Automatic

    * Windows Defender (WinDefend) is not Running.
    Startup Type set to: Automatic

    * Security Center (wscsvc) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    * Windows Update (wuauserv) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    * Ancillary Function Driver for Winsock (AFD) is not Running.
    Startup Type set to: System

    * Windows Firewall Authorization Driver (mpsdrv) is not Running.
    Startup Type set to: Manual

    * NetBT (NetBT) is not Running.
    Startup Type set to: System

    * NSI proxy service driver. (nsiproxy) is not Running.
    Startup Type set to: System

    * NetIO Legacy TDI Support Driver (tdx) is not Running.
    Startup Type set to: System

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * HOSTS file entries found:

    127.0.0.1 localhost

    Program finished at: 02/26/2013 04:18:24 PM
    Execution time: 0 hours(s), 0 minute(s), and 6 seconds(s)
  6. Jason_618

    Jason_618 Newcomer, in training Topic Starter Posts: 59

    ComboFix Log



    ComboFix 13-02-26.01 - jrybak 02/26/2013 16:20:26.2.8 - x64 MINIMAL
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8124.7191 [GMT -6:00]
    Running from: c:\users\jrybak\Desktop\Jason_rybak.exe
    AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
    SP: COMODO Antivirus *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-26 to 2013-02-26 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-26 22:23 . 2013-02-26 22:23--------d-----w-c:\users\Default\AppData\Local\temp
    2013-02-26 21:31 . 2013-02-26 21:56--------d-----w-C:\ComboFix
    2013-02-26 05:53 . 2013-02-26 05:53--------d-----w-C:\VTRoot
    2013-02-26 05:51 . 2013-02-26 05:51--------d-----w-c:\program files (x86)\Common Files\COMODO
    2013-02-26 05:36 . 2013-02-26 05:37--------d-s---w-c:\programdata\Shared Space
    2013-02-26 05:34 . 2013-02-26 05:34--------d-----w-c:\program files\COMODO
    2013-02-26 05:34 . 2013-02-26 05:35--------d-----w-c:\programdata\COMODO
    2013-02-26 05:33 . 2013-02-26 05:33--------d-----w-c:\users\jrybak\AppData\Local\Comodo
    2013-02-26 05:32 . 2013-02-26 05:3856072----a-w-c:\windows\system32\certsentry.dll
    2013-02-26 05:32 . 2013-02-26 05:3847368----a-w-c:\windows\SysWow64\certsentry.dll
    2013-02-26 05:32 . 2013-02-26 05:38--------d-----w-c:\program files (x86)\Comodo
    2013-02-26 05:32 . 2013-02-26 05:321700352----a-w-c:\windows\SysWow64\gdiplus.dll
    2013-02-26 05:32 . 2013-02-26 05:32--------d-----w-c:\programdata\Comodo Downloader
    2013-02-25 16:46 . 2013-01-09 01:10996352----a-w-c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-25 16:46 . 2013-01-08 22:01768000----a-w-c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-25 16:40 . 2013-01-05 05:535553512----a-w-c:\windows\system32\ntoskrnl.exe
    2013-02-25 16:40 . 2013-01-05 05:003967848----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2013-02-25 16:40 . 2013-01-05 05:003913064----a-w-c:\windows\SysWow64\ntoskrnl.exe
    2013-02-25 16:40 . 2013-01-04 03:263153408----a-w-c:\windows\system32\win32k.sys
    2013-02-25 16:40 . 2013-01-03 06:001913192----a-w-c:\windows\system32\drivers\tcpip.sys
    2013-02-25 16:40 . 2013-01-03 06:00288088----a-w-c:\windows\system32\drivers\FWPKCLNT.SYS
    2013-02-25 16:39 . 2013-01-04 05:46215040----a-w-c:\windows\system32\winsrv.dll
    2013-02-25 16:39 . 2013-01-04 04:515120----a-w-c:\windows\SysWow64\wow32.dll
    2013-02-25 16:39 . 2013-01-04 02:4725600----a-w-c:\windows\SysWow64\setup16.exe
    2013-02-25 16:39 . 2013-01-04 02:477680----a-w-c:\windows\SysWow64\instnm.exe
    2013-02-25 16:39 . 2013-01-04 02:472048----a-w-c:\windows\SysWow64\user.exe
    2013-02-25 16:39 . 2013-01-04 02:4714336----a-w-c:\windows\SysWow64\ntvdm64.dll
    2013-02-24 10:26 . 2013-02-08 00:289162192----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE2E3824-54E6-43E2-A4D7-D90871E9E8B7}\mpengine.dll
    2013-01-31 18:44 . 2012-07-26 04:55785512----a-w-c:\windows\system32\drivers\Wdf01000.sys
    2013-01-31 18:44 . 2012-07-26 04:5554376----a-w-c:\windows\system32\drivers\WdfLdr.sys
    2013-01-31 18:44 . 2012-07-26 04:472560----a-w-c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2013-01-31 18:44 . 2012-07-26 02:369728----a-w-c:\windows\system32\Wdfres.dll
    2013-01-31 18:18 . 2012-12-16 17:1146080----a-w-c:\windows\system32\atmlib.dll
    2013-01-31 18:18 . 2012-12-16 14:45367616----a-w-c:\windows\system32\atmfd.dll
    2013-01-31 18:18 . 2012-12-16 14:13295424----a-w-c:\windows\SysWow64\atmfd.dll
    2013-01-31 18:18 . 2012-12-16 14:1334304----a-w-c:\windows\SysWow64\atmlib.dll
    2013-01-31 18:17 . 2012-07-26 02:2687040----a-w-c:\windows\system32\drivers\WUDFPf.sys
    2013-01-31 18:17 . 2012-07-26 02:26198656----a-w-c:\windows\system32\drivers\WUDFRd.sys
    2013-01-31 18:17 . 2012-07-26 03:0884992----a-w-c:\windows\system32\WUDFSvc.dll
    2013-01-31 18:17 . 2012-07-26 03:08194048----a-w-c:\windows\system32\WUDFPlatform.dll
    2013-01-31 18:17 . 2012-07-26 03:0845056----a-w-c:\windows\system32\WUDFCoinstaller.dll
    2013-01-31 18:17 . 2012-07-26 03:08229888----a-w-c:\windows\system32\WUDFHost.exe
    2013-01-31 18:17 . 2012-07-26 03:08744448----a-w-c:\windows\system32\WUDFx.dll
    2013-01-31 17:47 . 2012-11-01 05:432002432----a-w-c:\windows\system32\msxml6.dll
    2013-01-31 17:44 . 2012-08-24 18:13154480----a-w-c:\windows\system32\drivers\ksecpkg.sys
    2013-01-31 17:44 . 2012-08-24 18:09458712----a-w-c:\windows\system32\drivers\cng.sys
    2013-01-31 17:44 . 2012-08-24 18:05340992----a-w-c:\windows\system32\schannel.dll
    2013-01-31 17:44 . 2012-08-24 18:031448448----a-w-c:\windows\system32\lsasrv.dll
    2013-01-31 17:44 . 2012-08-24 16:57247808----a-w-c:\windows\SysWow64\schannel.dll
    2013-01-31 17:44 . 2012-08-24 16:5722016----a-w-c:\windows\SysWow64\secur32.dll
    2013-01-31 17:44 . 2012-08-24 16:5396768----a-w-c:\windows\SysWow64\sspicli.dll
    2013-01-31 17:43 . 2012-10-03 17:44216576----a-w-c:\windows\system32\ncsi.dll
    2013-01-31 17:43 . 2012-10-03 17:44246272----a-w-c:\windows\system32\netcorehc.dll
    2013-01-31 17:43 . 2012-10-03 16:42156672----a-w-c:\windows\SysWow64\ncsi.dll
    2013-01-31 17:43 . 2012-10-03 17:4470656----a-w-c:\windows\system32\nlaapi.dll
    2013-01-31 17:43 . 2012-10-03 17:44303104----a-w-c:\windows\system32\nlasvc.dll
    2013-01-31 17:43 . 2012-10-03 17:4418944----a-w-c:\windows\system32\netevent.dll
    2013-01-31 17:43 . 2012-10-03 17:42569344----a-w-c:\windows\system32\iphlpsvc.dll
    2013-01-31 17:43 . 2012-10-03 16:4218944----a-w-c:\windows\SysWow64\netevent.dll
    2013-01-31 17:43 . 2012-10-03 16:42175104----a-w-c:\windows\SysWow64\netcorehc.dll
    2013-01-31 17:43 . 2012-10-03 16:0745568----a-w-c:\windows\system32\drivers\tcpipreg.sys
    2013-01-31 17:43 . 2012-01-13 07:1252224----a-w-c:\windows\SysWow64\nlaapi.dll
    2013-01-31 17:42 . 2012-11-20 05:48307200----a-w-c:\windows\system32\ncrypt.dll
    2013-01-31 17:42 . 2012-11-20 04:51220160----a-w-c:\windows\SysWow64\ncrypt.dll
    2013-01-31 17:42 . 2012-08-21 21:01245760----a-w-c:\windows\system32\OxpsConverter.exe
    2013-01-31 17:42 . 2012-08-31 18:191659760----a-w-c:\windows\system32\drivers\ntfs.sys
    2013-01-31 17:42 . 2012-08-11 00:56715776----a-w-c:\windows\system32\kerberos.dll
    2013-01-31 17:42 . 2012-08-10 23:56542208----a-w-c:\windows\SysWow64\kerberos.dll
    2013-01-31 17:42 . 2012-11-22 05:44800768----a-w-c:\windows\system32\usp10.dll
    2013-01-31 17:42 . 2012-11-22 04:45626688----a-w-c:\windows\SysWow64\usp10.dll
    2013-01-31 17:41 . 2012-10-09 18:1755296----a-w-c:\windows\system32\dhcpcsvc6.dll
    2013-01-31 17:41 . 2012-10-09 18:17226816----a-w-c:\windows\system32\dhcpcore6.dll
    2013-01-31 17:41 . 2012-10-09 17:4044032----a-w-c:\windows\SysWow64\dhcpcsvc6.dll
    2013-01-31 17:41 . 2012-10-09 17:40193536----a-w-c:\windows\SysWow64\dhcpcore6.dll
    2013-01-31 17:41 . 2012-08-24 18:05220160----a-w-c:\windows\system32\wintrust.dll
    2013-01-31 17:41 . 2012-08-24 16:57172544----a-w-c:\windows\SysWow64\wintrust.dll
    2013-01-31 17:41 . 2012-11-09 05:45750592----a-w-c:\windows\system32\win32spl.dll
    2013-01-31 17:41 . 2012-11-09 04:43492032----a-w-c:\windows\SysWow64\win32spl.dll
    2013-01-31 17:41 . 2012-11-02 05:59478208----a-w-c:\windows\system32\dpnet.dll
    2013-01-31 17:41 . 2012-11-02 05:11376832----a-w-c:\windows\SysWow64\dpnet.dll
    2013-01-31 17:39 . 2012-06-02 05:41184320----a-w-c:\windows\system32\cryptsvc.dll
    2013-01-31 17:39 . 2012-06-02 05:41140288----a-w-c:\windows\system32\cryptnet.dll
    2013-01-31 17:39 . 2012-06-02 05:411464320----a-w-c:\windows\system32\crypt32.dll
    2013-01-31 17:39 . 2012-06-02 04:36140288----a-w-c:\windows\SysWow64\cryptsvc.dll
    2013-01-31 17:39 . 2012-06-02 04:361159680----a-w-c:\windows\SysWow64\crypt32.dll
    2013-01-31 17:39 . 2012-06-02 04:36103936----a-w-c:\windows\SysWow64\cryptnet.dll
    2013-01-31 17:39 . 2012-11-23 03:1368608----a-w-c:\windows\system32\taskhost.exe
    2013-01-31 17:39 . 2012-09-25 22:4778336----a-w-c:\windows\SysWow64\synceng.dll
    2013-01-31 17:39 . 2012-09-25 22:4695744----a-w-c:\windows\system32\synceng.dll
    2013-01-31 16:48 . 2013-01-31 16:48--------d-----w-c:\users\jrybak\AppData\Local\Lenovo
    2013-01-31 16:43 . 2013-01-31 16:4353248----a-r-c:\users\jrybak\AppData\Roaming\Microsoft\Installer\{0369F866-2CE0-4EB9-B426-88FA122C6E82}\ARPPRODUCTICON.exe
    2013-01-31 16:43 . 2013-01-31 16:4353248----a-r-c:\users\jrybak\AppData\Roaming\Microsoft\Installer\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}\ARPPRODUCTICON.exe
    2013-01-31 16:37 . 2012-12-06 03:0539792----a-w-c:\windows\system32\tpinspm.dll
    2013-01-31 16:37 . 2012-12-06 03:0560272----a-w-c:\windows\system32\ibmpmsvc.exe
    2013-01-31 16:37 . 2012-12-06 03:0542824----a-w-c:\windows\system32\drivers\ibmpmdrv.sys
    2013-01-31 16:37 . 2012-12-06 03:0572048----a-w-c:\windows\system32\ibmpmctl.exe
    2013-01-31 16:35 . 2010-10-15 01:261395760----a-w-c:\windows\system32\drivers\SynTP.sys
    2013-01-31 16:35 . 2010-10-15 01:24107816----a-w-c:\windows\SysWow64\SynTPCOM.dll
    2013-01-31 16:35 . 2010-10-15 01:24215336----a-w-c:\windows\system32\SynTPAPI.dll
    2013-01-31 16:35 . 2010-10-15 01:24273704----a-w-c:\windows\system32\SynCtrl.dll
    2013-01-31 16:35 . 2010-10-15 01:24218408----a-w-c:\windows\SysWow64\SynCtrl.dll
    2013-01-31 16:35 . 2010-10-15 01:24400168----a-w-c:\windows\system32\SynCOM.dll
    2013-01-31 16:35 . 2010-10-15 01:24173352----a-w-c:\windows\SysWow64\SynCOM.dll
    2013-01-31 16:35 . 2013-01-31 16:35--------d-----w-c:\program files\Synaptics
    2013-01-31 16:33 . 2009-08-07 15:491721576----a-w-c:\windows\system32\WdfCoInstaller01009.dll
    2013-01-31 16:33 . 2012-10-18 05:19177976----a-w-c:\windows\system32\SynTPCo14.dll
    2013-01-31 16:33 . 2011-09-15 00:111048576----a-w-c:\windows\system32\syndata.bin
    2013-01-31 16:33 . 2012-10-18 05:1944344----a-w-c:\windows\system32\drivers\Smb_driver_Intel.sys
    2013-01-30 03:01 . 2013-02-25 16:08--------dc----w-c:\users\jrybak\AppData\Local\MigWiz
    2013-01-29 21:26 . 2013-01-29 21:26--------d-----w-c:\program files\Common Files\SPBA
    2013-01-29 21:26 . 2013-01-29 21:26--------d-----w-c:\program files (x86)\Common Files\SPBA
    2013-01-29 21:26 . 2013-01-29 21:30--------d-----w-c:\program files\ThinkVantage Fingerprint Software
    2013-01-29 20:49 . 2013-02-26 22:07--------d-----r-c:\users\Public
    2013-01-28 16:48 . 2012-01-14 04:4168864----a-w-c:\windows\system32\drivers\stream.sys
    2013-01-28 16:40 . 2013-01-28 16:40--------d-----w-c:\programdata\Intel
    2013-01-28 16:37 . 2013-01-28 16:37--------d-----w-c:\program files (x86)\Cisco
    2013-01-28 16:31 . 2013-01-28 16:31--------d-----w-c:\program files\AuthenTec
    2013-01-28 16:30 . 2012-05-30 19:42569152----a-w-c:\windows\system32\drivers\iaStor.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-26 21:13 . 2012-03-29 15:30691568----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2013-02-26 21:13 . 2011-05-19 13:5871024----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-25 17:00 . 2010-03-25 04:5770004024----a-w-c:\windows\system32\MRT.exe
    2013-02-23 15:12 . 2012-05-29 13:43861088----a-w-c:\windows\SysWow64\npDeployJava1.dll
    2013-02-23 15:12 . 2010-05-18 15:18782240----a-w-c:\windows\SysWow64\deployJava1.dll
    2013-01-25 04:43 . 2013-01-25 04:4343216----a-w-c:\windows\system32\cmdcsr.dll
    2013-01-25 04:43 . 2013-01-25 04:43461384----a-w-c:\windows\system32\guard64.dll
    2013-01-25 04:43 . 2013-01-25 04:43354752----a-w-c:\windows\SysWow64\guard32.dll
    2013-01-25 04:42 . 2013-01-25 04:4245776----a-w-c:\windows\system32\cmdkbd64.dll
    2013-01-25 04:42 . 2013-01-25 04:42326352----a-w-c:\windows\system32\cmdvrt64.dll
    2013-01-25 04:42 . 2013-01-25 04:4240656----a-w-c:\windows\SysWow64\cmdkbd32.dll
    2013-01-25 04:42 . 2013-01-25 04:42263888----a-w-c:\windows\SysWow64\cmdvrt32.dll
    2013-01-17 07:28 . 2010-03-24 23:55273840------w-c:\windows\system32\MpSigStub.exe
    2013-01-17 01:51 . 2013-01-17 01:5195752----a-w-c:\windows\system32\drivers\inspect.sys
    2013-01-17 01:51 . 2013-01-17 01:51699880----a-w-c:\windows\system32\drivers\cmdguard.sys
    2013-01-17 01:51 . 2013-01-17 01:5148360----a-w-c:\windows\system32\drivers\cmdhlp.sys
    2013-01-17 01:51 . 2013-01-17 01:5123176----a-w-c:\windows\system32\drivers\cmderd.sys
    2013-01-04 04:43 . 2013-02-25 16:3944032----a-w-c:\windows\apppatch\acwow64.dll
    2012-12-14 22:49 . 2010-06-03 04:4624176----a-w-c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32129272----a-w-c:\users\jrybak\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32129272----a-w-c:\users\jrybak\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32129272----a-w-c:\users\jrybak\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32129272----a-w-c:\users\jrybak\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-09-24 5998144]
    "IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-05-03 112152]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
    "gbrspcontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2013-01-15 1851088]
    .
    c:\users\jrybak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\jrybak\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-6-13 1090848]
    Start GeekBuddy.lnk - c:\program files (x86)\Comodo\GeekBuddy\launcher.exe [2013-2-14 49360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableCAD"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoWelcomeScreen"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification PackagesREG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
    .
    R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-25 834544]
    R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [x]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2013-01-17 699880]
    R1 dqBridge;dqBridge;c:\windows\system32\DRIVERS\dqbridge.sys [2010-01-19 57408]
    R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
    R2 AMPPALR3;IntelÆ CentrinoÆ Wireless BluetoothÆ + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-03-15 659976]
    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-04-23 135952]
    R2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [2013-02-14 70352]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2013-01-24 2074256]
    R2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2013-01-15 1851088]
    R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-09-22 165032]
    R2 KjsUpdateService2;AppLife Update Service 2.0;c:\program files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe [2011-08-02 12800]
    R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-07-27 50536]
    R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
    R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-07-27 74088]
    R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2010-04-30 6237800]
    R2 OKI OPHG DCS Loader;OKI OPHG DCS Loader;c:\windows\system32\spool\DRIVERS\x64\3\OPHGLDCS.EXE [2007-05-30 20480]
    R2 QDLService2kLenovo;Qualcomm Gobi 2000 Download Service (Lenovo);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [2011-05-23 1688384]
    R2 ScrProj;Lenovo USB Display Screen Projector;c:\program files\Lenovo\ThinkPad USB Port Replicator with Digital Video\dqscrproj.exe [2010-01-15 88576]
    R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-31 13128]
    R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
    R2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
    R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-09-30 12728]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-03 2533400]
    R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-06-25 3325232]
    R3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-12-14 163072]
    R3 AMPPAL;IntelÆ CentrinoÆ Wireless BluetoothÆ + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-03-15 198144]
    R3 AMPPALP;IntelÆ CentrinoÆ Wireless BluetoothÆ + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2012-03-15 198144]
    R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 32768]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2011-09-19 54824]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-12-02 35104]
    R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-06-30 292864]
    R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-01-25 158928]
    R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
    R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-09-24 320576]
    R3 dqusb;Driver for dCute_Lenovo;c:\windows\system32\DRIVERS\dqusb.sys [2009-08-06 29688]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2012-02-02 509104]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-08-21 1436424]
    R3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2009-05-11 118016]
    R3 lvlddrv;Lenovo DsplyFltDrv Filter Driver;c:\windows\system32\DRIVERS\lvlddrv.sys [2010-01-19 94784]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2010-04-20 22528]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2010-03-13 38536]
    R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-09-24 1666112]
    R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-09-24 1665088]
    R3 qcusbnetlno2k;Gobi 2000 USB-NDIS miniport(05C6-9205);c:\windows\system32\DRIVERS\qcusbnetlno2k.sys [2011-05-23 444416]
    R3 qcusbserlno2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9205);c:\windows\system32\DRIVERS\qcusbserlno2k.sys [2011-05-23 231040]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-30 126392]
    R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 41536]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
    R3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 12288]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-27 1255736]
    S0 ALvldr;ALvldr;c:\windows\system32\DRIVERS\ALvldr.sys [2010-01-19 28736]
    S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2012-09-24 29512]
    S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-03-30 23664]
    S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2013-01-17 23176]
    S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
    S3 qcfilterlno2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9205);c:\windows\system32\DRIVERS\qcfilterlno2k.sys [2009-12-08 6400]
    S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2012-10-18 44344]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-26 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 21:13]
    .
    2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-18 17:33]
    .
    2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-18 17:33]
    .
    2013-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3105217994-110608102-3963826688-1868Core.job
    - c:\users\jrybak\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-29 13:52]
    .
    2013-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3105217994-110608102-3963826688-1868UA.job
    - c:\users\jrybak\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-29 13:52]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32162552----a-w-c:\users\jrybak\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32162552----a-w-c:\users\jrybak\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32162552----a-w-c:\users\jrybak\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32162552----a-w-c:\users\jrybak\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-15 307768]
    "PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2012-09-21 85864]
    "Lenovo dCute"="c:\program files\Lenovo\ThinkPad USB Port Replicator with Digital Video\dCute.exe" [2010-01-15 686080]
    "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2011-06-10 5990200]
    "AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2012-09-07 63376]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-01-25 1451728]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///E:/launch.ocx
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-02-26 16:25:45
    ComboFix-quarantined-files.txt 2013-02-26 22:25
    ComboFix2.txt 2013-02-26 22:07
    .
    Pre-Run: 25,675,624,448 bytes free
    Post-Run: 25,609,347,072 bytes free
    .
    - - End Of File - - 760B19B372981D016DD74C7014A6D3E4
  7. Broni

    Broni Malware Annihilator Posts: 46,155   +251

    Looks good.

    Before we proceed I need to know how computer is doing?
  8. Jason_618

    Jason_618 Newcomer, in training Topic Starter Posts: 59

    I am still sitting in safe mode should I re boot in reg mode?
  9. Broni

    Broni Malware Annihilator Posts: 46,155   +251

    Go ahead and let me know how it goes.
  10. Jason_618

    Jason_618 Newcomer, in training Topic Starter Posts: 59

    In safe mode with networking I can get online

    not in safe mode I cannot get online, still getting this error


    Files that help describe the problem:
    C:\Users\jrybak\AppData\Local\Temp\WERB8D3.tmp.WERInternalMetadata.xml
    C:\Users\jrybak\AppData\Local\Temp\WERCD9B.tmp.appcompat.txt
    C:\Users\jrybak\AppData\Local\Temp\WERCDFA.tmp.mdmp

    Read our privacy statement online:
    http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

    If the online privacy statement is not available, please read our privacy statement offline:
    C:\Windows\system32\en-US\erofflps.txt
  11. Broni

    Broni Malware Annihilator Posts: 46,155   +251

    Straight safe mode doesn't provide internet connection.
    Safe mode with networking does.
    What about normal mode?
     
  12. Jason_618

    Jason_618 Newcomer, in training Topic Starter Posts: 59

    Correct safe mode with network I can get online, normal mode I get that same eroor message listed above
  13. Broni

    Broni Malware Annihilator Posts: 46,155   +251

    Please download Farbar Service Scanner Download Link and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center/Action Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
  14. Jason_618

    Jason_618 Newcomer, in training Topic Starter Posts: 59

    Farbar Service Scanner Version: 20-02-2013
    Ran by jrybak (administrator) on 26-02-2013 at 17:35:19
    Running from "C:\Users\jrybak\Desktop"
    Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  15. Broni

    Broni Malware Annihilator Posts: 46,155   +251

    That looks good.
    When exactly are you getting this?
  16. Jason_618

    Jason_618 Newcomer, in training Topic Starter Posts: 59

    I click on internet explorer, I get a message that says Internet Explorer Has Stopped Working, I click close it just pops back up until I close out the IE window, then this time I got this message

    iexplore.exe application error

    The instruction at 0x6c1497bc referenced memory at 0x0000000c. The memory could not be read.

    click on ok to terminate the program
  17. Broni

    Broni Malware Annihilator Posts: 46,155   +251

    I see....

    Are you saying that it works fine in safe mode with networking?
  18. Jason_618

    Jason_618 Newcomer, in training Topic Starter Posts: 59

    I did not get that erro this time, I got that error last time when closed the explorer window, this time I got that last error message and I did not get the one you just listed above
     
  19. Broni

    Broni Malware Annihilator Posts: 46,155   +251

    It's not clear.
    Can you use IE in normal mode now?
  20. Jason_618

    Jason_618 Newcomer, in training Topic Starter Posts: 59

    Sorry,

    I cannot use internet explorer in normal mode
    I can use internet explorer in safe mode w/ networking
  21. Jason_618

    Jason_618 Newcomer, in training Topic Starter Posts: 59

    I got that last error message while in normal mode, I clicked on internet explorer, got the message that said internet explorer has stopped working, then closed the explorer window and got that memory error message
  22. Broni

    Broni Malware Annihilator Posts: 46,155   +251

    OK, go back to safe mode with networking.

    Reset Internet Explorer.
    Go here: http://support.microsoft.com/kb/923737 and run "FixIt" procedure.
    Make sure you follow ALL steps listed there.

    Restart in normal mode and see if IE will work now.
  23. Jason_618

    Jason_618 Newcomer, in training Topic Starter Posts: 59

    Ok I am on it, additional info is that Chrome & Firefox will connect to internet either, they both time out
  24. Jason_618

    Jason_618 Newcomer, in training Topic Starter Posts: 59

    Followed I fix it manuel as the little program wont work in safe mode

    IE still goes immediately to windows explorer has stopped working error when I try to open it in normal mode.
  25. Jason_618

    Jason_618 Newcomer, in training Topic Starter Posts: 59

    I know no attachments but I think this needs sent, this is what I get when I click the close button on the windows has stopped working message.....again al in normal mode

    Attached Files:

Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.