Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: A bunch of UAC popups from fpdownload.macromedia.com/get/shockwave  (Read 23082 times)

0 Members and 1 Guest are viewing this topic.

goodie2010

    Topic Starter


    Beginner

    Good Day,

    So last night, while on a piano website i start getting a bunch of UAC popups that went something like,  Do you want to allow the following program  to make changes to your computer?  fpdownload.macromedia.com/get/shockwave/cabs/flash....     that's not a quote, it had some other things on the end.  Anyways I declined access but it kept popping up, one time i came back to computer and I had around 20 popups of UAC asking if i wanted to allow Adobe to make changes.  I googled the crap out of fpdownload and surprisingly most sites were saying it was safe. :(    Anyways I was still suspicious, a couple of sites said it was a problem but those weren't the same links i had, they were fpdownload.macromedia but they didn't have shockwave and they seemed to have some more harsh problems accompanied with their virus.  So after the majority of sites saying the UAC was safe, I allowed access.   Nothing happened!  So I thought I was good, I ran malwarebytes and superantispyware.  Malwarebytes found nothing, superantispyware found some some cookies.  So I thought I was fine, then later that night all these UAC consents from fpdownload.macromedia started popping up again, i woke up this morning, computer was off, i started up, clicked resume and had a atleast 30 uac's to allow fpdownload.

    Here are my logs, since i did malwarebytes last night and it didn't find anything, i didn't it again.


    DDS


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Owner at 10:29:48 on 2012-08-31
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4008.1510 [GMT -4:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\GFNEXSrv.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\taskhost.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\TECO\Teco.exe
    C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    C:\Users\Owner\AppData\Local\Skillbrains\lightshot\3.0.0.0\LightShot.exe
    C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
    C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\windows\System32\alg.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    C:\Program Files (x86)\STOPzilla!\STOPzilla.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\windows\system32\DllHost.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\windows\System32\svchost.exe -k secsvcs
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\windows\system32\svchost.exe -k AxInstSVGroup
    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\windows\system32\taskmgr.exe
    C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    C:\$Recycle.Bin\S-1-5-21-383216099-2733633658-1331451555-1000\$fe701b6b144cd079585b9e196f361888\U
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\conhost.exe
    C:\windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y
    uInternet Settings,ProxyOverride = <local>
    mWinlogon: Userinit=userinit.exe,
    BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    uRun: [LightShot] C:\Users\Owner\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
    uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
    mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    LSP: C:\windows\system32\idmmbc.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    TCP: DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{42DC5299-B72D-45A6-96F2-5E7E9658F9EA} : DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{42DC5299-B72D-45A6-96F2-5E7E9658F9EA}\D4A402F6E602055616368647275656 : DhcpNameServer = 192.168.43.1
    TCP: Interfaces\{42DC5299-B72D-45A6-96F2-5E7E9658F9EA}\D4A4055616368647275656 : DhcpNameServer = 192.168.43.1
    TCP: Interfaces\{42DC5299-B72D-45A6-96F2-5E7E9658F9EA}\D6A616E64627F69646 : DhcpNameServer = 192.168.43.1
    TCP: Interfaces\{9846802C-EA34-4101-93C1-285F66728A2F} : DhcpNameServer = 192.168.42.129
    TCP: Interfaces\{C21BEDC8-19D6-4D37-A721-97C73D482AD5} : DhcpNameServer = 192.168.42.129
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    BHO-X64:     IDM Helper - No File
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO-X64:     0x1 - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
    mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\057jrvt7.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - *Blocked Russian URL*/yandsearch?win=28&clid=1855511&text=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Owner\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\057jrvt7.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}\plugins\npLightshot.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110788
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - 326ac83000000000000074de2badb40a
    FF - user.js: extensions.BabylonToolbar_i.hardId - 326ac83000000000000074de2badb40a
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15419
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.172:54:58
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
    R2 GFNEXSrv;GFNEX Service;C:\Windows\System32\GFNEXSrv.exe --> C:\Windows\System32\GFNEXSrv.exe [?]
    R2 IDMWFP;IDMWFP;C:\windows\system32\DRIVERS\idmwfp.sys --> C:\windows\system32\DRIVERS\idmwfp.sys [?]
    R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-11-21 126392]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-11-21 2656280]
    R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
    R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
    R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
    R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-11-21 57216]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
    R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-1 828856]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-21 136176]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-21 136176]
    S3 ivusb;Initio Driver for USB Default Controller;C:\windows\system32\DRIVERS\ivusb.sys --> C:\windows\system32\DRIVERS\ivusb.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-2 114144]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
    S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-08-31 07:32:25   69000   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5113528E-8A02-4701-92FD-AFE665ACF31A}\offreg.dll
    2012-08-31 07:31:46   9310152   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5113528E-8A02-4701-92FD-AFE665ACF31A}\mpengine.dll
    2012-08-31 04:21:44   --------   d--h--w-   C:\windows\AxInstSV
    2012-08-30 23:48:55   475136   ----a-w-   C:\Users\Owner\AppData\Local\qxoubxtxem.exe
    2012-08-29 12:03:03   73696   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
    2012-08-29 12:03:01   192592   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
    2012-08-29 12:03:01   114144   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
    2012-08-29 12:03:00   421200   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
    2012-08-29 12:02:59   770384   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
    2012-08-22 06:05:25   --------   d-----w-   C:\Program Files (x86)\MixMeister BPM Analyzer
    2012-08-22 05:49:14   --------   d-----w-   C:\Program Files (x86)\Abyssmedia
    2012-08-22 05:35:37   --------   d-----w-   C:\Program Files (x86)\Pistonsoft BPM Detector
    2012-08-15 11:16:26   503808   ----a-w-   C:\windows\System32\srcore.dll
    2012-08-15 11:16:26   43008   ----a-w-   C:\windows\SysWow64\srclient.dll
    2012-08-15 11:16:22   751104   ----a-w-   C:\windows\System32\win32spl.dll
    2012-08-15 11:16:22   67072   ----a-w-   C:\windows\splwow64.exe
    2012-08-15 11:16:22   559104   ----a-w-   C:\windows\System32\spoolsv.exe
    2012-08-15 11:16:22   492032   ----a-w-   C:\windows\SysWow64\win32spl.dll
    2012-08-15 11:16:18   59392   ----a-w-   C:\windows\System32\browcli.dll
    2012-08-15 11:16:18   41984   ----a-w-   C:\windows\SysWow64\browcli.dll
    2012-08-15 11:16:18   3148800   ----a-w-   C:\windows\System32\win32k.sys
    2012-08-15 11:16:18   136704   ----a-w-   C:\windows\System32\browser.dll
    2012-08-15 11:16:17   956928   ----a-w-   C:\windows\System32\localspl.dll
    .
    ==================== Find3M  ====================
    .
    2012-07-27 10:55:00   70304   ----a-w-   C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-27 10:55:00   419488   ----a-w-   C:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-03 17:46:44   24904   ----a-w-   C:\windows\System32\drivers\mbam.sys
    2012-06-29 03:56:34   2312704   ----a-w-   C:\windows\System32\jscript9.dll
    2012-06-29 03:49:11   1392128   ----a-w-   C:\windows\System32\wininet.dll
    2012-06-29 03:48:07   1494528   ----a-w-   C:\windows\System32\inetcpl.cpl
    2012-06-29 03:43:49   173056   ----a-w-   C:\windows\System32\ieUnatt.exe
    2012-06-29 03:39:48   2382848   ----a-w-   C:\windows\System32\mshtml.tlb
    2012-06-29 00:16:58   1800704   ----a-w-   C:\windows\SysWow64\jscript9.dll
    2012-06-29 00:09:01   1129472   ----a-w-   C:\windows\SysWow64\wininet.dll
    2012-06-29 00:08:59   1427968   ----a-w-   C:\windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04:43   142848   ----a-w-   C:\windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00:45   2382848   ----a-w-   C:\windows\SysWow64\mshtml.tlb
    2012-06-06 06:06:16   2004480   ----a-w-   C:\windows\System32\msxml6.dll
    2012-06-06 06:06:16   1881600   ----a-w-   C:\windows\System32\msxml3.dll
    2012-06-06 06:02:54   1133568   ----a-w-   C:\windows\System32\cdosys.dll
    2012-06-06 05:05:52   1390080   ----a-w-   C:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52   1236992   ----a-w-   C:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06   805376   ----a-w-   C:\windows\SysWow64\cdosys.dll
    2012-06-02 22:15:31   2622464   ----a-w-   C:\windows\System32\wucltux.dll
    2012-06-02 22:15:08   99840   ----a-w-   C:\windows\System32\wudriver.dll
    2012-06-02 19:19:42   186752   ----a-w-   C:\windows\System32\wuwebv.dll
    2012-06-02 19:15:12   36864   ----a-w-   C:\windows\System32\wuapp.exe
    .
    ============= FINISH: 10:30:19.07 ===============



    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/9/2011 8:47:19 AM
    System Uptime: 8/30/2012 10:20:54 PM (12 hours ago)
    .
    Motherboard: Intel Corporation |  | Oneonta Falls
    Processor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz | CPU 1 | 2200/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 450 GiB total, 288.887 GiB free.
    D: is CDROM ()
    E: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Realtek PCIe FE Family Controller
    Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_FC661179&REV_05\1E010000364CE00000
    Manufacturer: Realtek
    Name: Realtek PCIe FE Family Controller
    PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_FC661179&REV_05\1E010000364CE00000
    Service: RTL8167
    .
    ==== System Restore Points ===================
    .
    RP92: 8/14/2012 9:24:39 AM - Windows Update
    RP93: 8/16/2012 11:33:11 AM - Windows Update
    RP94: 8/19/2012 8:40:33 AM - StopZILLA! Restore Point.
    RP95: 8/21/2012 4:56:43 PM - Windows Update
    RP96: 8/26/2012 8:40:32 AM - StopZILLA! Restore Point.
    RP97: 8/28/2012 5:40:10 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Apple Software Update
    Ares 2.1.7
    Bejeweled 3
    BPM Counter 1.6.0.0
    Chuzzle Deluxe
    ConvertXtoDVD 3.6.4.158
    D3DX10
    DAEMON Tools Lite
    FATE - The Traitor Soul
    Fishdom (TM) 2
    Google Chrome
    Google Update Helper
    HijackThis 2.0.2
    InfraRecorder
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    IrfanView (remove only)
    Java Auto Updater
    Java(TM) 6 Update 25
    Junk Mail filter update
    Label@Once 1.0
    lightshot-3.0.0.0
    Malwarebytes Anti-Malware version 1.62.0.1300
    Mesh Runtime
    Microsoft Office 2010
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
    MixMeister BPM Analyzer 1.0
    Mozilla Firefox 15.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 7 Premium
    neroxml
    Norton PC Checkup
    Paint XP version 1.1
    Penguins!
    Pistonsoft BPM Detector 1.0
    Plants vs. Zombies - Game of the Year
    PlayItAll media player 1.0.5
    PlayReady PC Runtime x86
    Polar Bowler
    QuickTime
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Realtek WLAN Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    STOPzilla
    Tom Clancy's Splinter Cell
    Toshiba App Place
    TOSHIBA Application Installer
    TOSHIBA Assist
    Toshiba Book Place
    TOSHIBA Bulletin Board
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    Toshiba Laptop Checkup
    TOSHIBA Media Controller
    TOSHIBA Media Controller Plug-in
    Toshiba Online Backup
    TOSHIBA Quality Application
    TOSHIBA Recovery Media Creator
    TOSHIBA ReelTime
    TOSHIBA Resolution+ Plug-in for Windows Media Player
    TOSHIBA Service Station
    TOSHIBA Sleep Utility
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    TOSHIBA Wireless LAN Indicator
    TOSHIBARegistration
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update Installer for WildTangent Games App
    Virtual Villagers 5 - New Believers
    WildTangent Games
    WildTangent Games App (Toshiba Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 4.01 (32-bit)
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    Zuma's Revenge
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/31/2012 3:42:17 AM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 107.
    8/31/2012 3:42:17 AM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
    8/31/2012 10:23:23 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004]  - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
    8/30/2012 10:21:23 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  is3srv
    8/26/2012 10:56:40 AM, Error: ACPI [10]  - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.
    .
    ==== End Of File ===========================



    # AdwCleaner v2.000 - Logfile created 08/31/2012 at 10:32:35
    # Updated 30/08/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Owner - OWNER-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Owner\Documents\Downloads\Programs\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
    File Found : C:\user.js
    File Found : C:\Users\Owner\AppData\Local\funmoods-speeddial.crx
    Folder Found : C:\ProgramData\Babylon
    Folder Found : C:\Users\Owner\AppData\Local\Babylon
    Folder Found : C:\Users\Owner\AppData\LocalLow\Search Settings
    Folder Found : C:\Users\Owner\AppData\Roaming\Babylon
    Folder Found : C:\Users\Owner\AppData\Roaming\OpenCandy

    ***** [Registry] *****

    Key Found : HKCU\Software\Zugo
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Found : HKLM\Software\Babylon
    Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Found : HKLM\Software\Freeze.com
    Key Found : HKLM\SOFTWARE\Software
    Key Found : HKU\S-1-5-21-383216099-2733633658-1331451555-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Registry is clean.

    -\\ Mozilla Firefox v15.0 (en-US)

    Profile name : default
    File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\057jrvt7.default\prefs.js

    Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
    Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
    Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110788");
    Found : user_pref("extensions.BabylonToolbar_i.hardId", "326ac83000000000000074de2badb40a");
    Found : user_pref("extensions.BabylonToolbar_i.id", "326ac83000000000000074de2badb40a");
    Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15419");
    Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
    Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
    Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
    Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
    Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
    Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
    Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.172:54:58");
    Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
    Found : user_pref("extensions.kango.storage.CachedhxxpRequ est.hxxp://ring-tools.info/addons/firefox/update.x[...]
    Found : user_pref("extensions.kango.storage.CachedhxxpRequ est.hxxp://ring-tools.info/addons/firefox/update.x[...]
    Found : user_pref("extensions.kango.storage.CachedhxxpRequ est.hxxp://ring-tools.info/scripts/qa.php?product_[...]
    Found : user_pref("extensions.kango.storage.CachedhxxpRequ est.hxxp://ring-tools.info/scripts/qa.php?product_[...]
    Found : user_pref("extensions.kango.storage.script_loader. data", "\"[]\"");
    Found : user_pref("extensions.kango.storage.statistics.use r_guid", "\"{07E7BE69-C56E-FF1A-4912-4A95F888EBBF}[...]
    Found : user_pref("extensions.kango.storage.statistics.use r_stat_sent", "\"Sun Jun 03 2012 08:19:29 GMT-0400[...]

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    -\\ Chromium v [Unable to get version]

    File : C:\Users\Owner\AppData\Local\Chromium\User Data\Default\Preferences

    [OK] File is clean.

    -\\ Opera v [Unable to get version]

    File : C:\Users\Owner\AppData\Roaming\Opera\Opera\operaprefs.ini

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [4018 octets] - [31/08/2012 10:32:35]

    ########## EOF - C:\AdwCleaner[R1].txt - [4078 octets] ##########

    Dr Jay

    • Malware Removal Specialist


    • Specialist
    • Moderator emeritus
    • Thanked: 119
    • Experience: Guru
    • OS: Windows 10
    Re: A bunch of UAC popups from fpdownload.macromedia.com/get/shockwave
    « Reply #1 on: August 31, 2012, 09:42:47 AM »
    Hello hello!

    Remove the Adware:
    • Please close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
    Please post the log.


    ComboFix
     
    Please download ComboFix by sUBs
    From BleepingComputer.com
     
    Please save the file to your Desktop, but rename it first to svchost.exe
     
    Important information about ComboFix
     
    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix
     
    Safe Mode:
     
    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.
     
    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")
     
    Re-downloading:
     
    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.
     
    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.


    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
    ~Dr Jay

    goodie2010

      Topic Starter


      Beginner

      Re: A bunch of UAC popups from fpdownload.macromedia.com/get/shockwave
      « Reply #2 on: August 31, 2012, 10:20:56 AM »
      Hi, thanks for your help Drag Master Jay!

      # AdwCleaner v2.000 - Logfile created 08/31/2012 at 12:03:16
      # Updated 30/08/2012 by Xplode
      # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
      # User : Owner - OWNER-PC
      # Boot Mode : Normal
      # Running from : C:\Users\Owner\Documents\Downloads\Programs\adwcleaner.exe
      # Option [Delete]


      ***** [Services] *****


      ***** [Files / Folders] *****

      File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
      File Deleted : C:\user.js
      File Deleted : C:\Users\Owner\AppData\Local\funmoods-speeddial.crx
      Folder Deleted : C:\ProgramData\Babylon
      Folder Deleted : C:\Users\Owner\AppData\Local\Babylon
      Folder Deleted : C:\Users\Owner\AppData\LocalLow\Search Settings
      Folder Deleted : C:\Users\Owner\AppData\Roaming\Babylon
      Folder Deleted : C:\Users\Owner\AppData\Roaming\OpenCandy

      ***** [Registry] *****

      Key Deleted : HKCU\Software\Zugo
      Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
      Key Deleted : HKLM\Software\Babylon
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
      Key Deleted : HKLM\Software\Freeze.com
      Key Deleted : HKLM\SOFTWARE\Software

      ***** [Internet Browsers] *****

      -\\ Internet Explorer v9.0.8112.16421

      Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
      Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
      Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
      Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
      Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
      Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
      Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

      -\\ Mozilla Firefox v15.0 (en-US)

      Profile name : default
      File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\057jrvt7.default\prefs.js

      C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\057jrvt7.default\user.js ... Deleted !

      Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
      Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
      Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110788");
      Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "326ac83000000000000074de2badb40a");
      Deleted : user_pref("extensions.BabylonToolbar_i.id", "326ac83000000000000074de2badb40a");
      Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15419");
      Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
      Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
      Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
      Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
      Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
      Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
      Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
      Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.172:54:58");
      Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
      Deleted : user_pref("extensions.kango.storage.CachedhxxpRequ est.hxxp://ring-tools.info/addons/firefox/update.x[...]
      Deleted : user_pref("extensions.kango.storage.CachedhxxpRequ est.hxxp://ring-tools.info/addons/firefox/update.x[...]
      Deleted : user_pref("extensions.kango.storage.CachedhxxpRequ est.hxxp://ring-tools.info/scripts/qa.php?product_[...]
      Deleted : user_pref("extensions.kango.storage.CachedhxxpRequ est.hxxp://ring-tools.info/scripts/qa.php?product_[...]
      Deleted : user_pref("extensions.kango.storage.script_loader. data", "\"[]\"");
      Deleted : user_pref("extensions.kango.storage.statistics.use r_guid", "\"{07E7BE69-C56E-FF1A-4912-4A95F888EBBF}[...]
      Deleted : user_pref("extensions.kango.storage.statistics.use r_stat_sent", "\"Sun Jun 03 2012 08:19:29 GMT-0400[...]

      -\\ Google Chrome v [Unable to get version]

      File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

      [OK] File is clean.

      -\\ Chromium v [Unable to get version]

      File : C:\Users\Owner\AppData\Local\Chromium\User Data\Default\Preferences

      [OK] File is clean.

      -\\ Opera v [Unable to get version]

      File : C:\Users\Owner\AppData\Roaming\Opera\Opera\operaprefs.ini

      [OK] File is clean.

      *************************

      AdwCleaner[R1].txt - [4143 octets] - [31/08/2012 10:32:35]
      AdwCleaner[R2].txt - [4203 octets] - [31/08/2012 12:02:47]
      AdwCleaner[S1].txt - [4775 octets] - [31/08/2012 12:03:16]

      ########## EOF - C:\AdwCleaner[S1].txt - [4835 octets] ##########







      ComboFix 12-08-30.05 - Owner 08/31/2012  12:09:31.1.4 - x64
      Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4008.2592 [GMT -4:00]
      Running from: c:\users\Owner\Desktop\svchost.exe.exe
      SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
      SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
       * Created a new restore point
      .
      .
      (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\$recycle.bin\S-1-5-21-383216099-2733633658-1331451555-1000\$fe701b6b144cd079585b9e196f361888\@
      c:\$recycle.bin\S-1-5-21-383216099-2733633658-1331451555-1000\$fe701b6b144cd079585b9e196f361888\n
      c:\$recycle.bin\S-1-5-21-383216099-2733633658-1331451555-1000\$fe701b6b144cd079585b9e196f361888\U\00000001.@
      c:\$recycle.bin\S-1-5-21-383216099-2733633658-1331451555-1000\$fe701b6b144cd079585b9e196f361888\U\80000000.@
      c:\$recycle.bin\S-1-5-21-383216099-2733633658-1331451555-1000\$fe701b6b144cd079585b9e196f361888\U\800000cb.@
      c:\users\Owner\AppData\Local\PackSetup.exe
      c:\users\Owner\AppData\Local\qxoubxtxem.exe
      c:\users\Owner\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
      c:\users\Owner\AppData\Roaming\inst.exe
      c:\users\Owner\AppData\Roaming\vso_ts_preview.xml
      .
      .
      (((((((((((((((((((((((((   Files Created from 2012-07-28 to 2012-08-31  )))))))))))))))))))))))))))))))
      .
      .
      2012-08-31 16:14 . 2012-08-31 16:14   --------   d-----w-   c:\users\Default\AppData\Local\temp
      2012-08-31 15:19 . 2012-08-31 15:19   --------   d-----w-   c:\programdata\McAfee
      2012-08-31 15:19 . 2012-08-31 15:19   --------   d-----w-   c:\programdata\McAfee Security Scan
      2012-08-31 15:19 . 2012-08-31 15:19   --------   d-----w-   c:\program files (x86)\McAfee Security Scan
      2012-08-31 15:02 . 2012-08-31 16:03   --------   d--h--w-   c:\windows\AxInstSV
      2012-08-31 07:31 . 2012-08-23 08:26   9310152   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{5113528E-8A02-4701-92FD-AFE665ACF31A}\mpengine.dll
      2012-08-29 12:03 . 2012-08-29 12:03   73696   ----a-w-   c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
      2012-08-29 12:03 . 2012-08-29 12:03   192592   ----a-w-   c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
      2012-08-29 12:03 . 2012-08-29 12:03   114144   ----a-w-   c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
      2012-08-29 12:03 . 2012-08-29 12:03   421200   ----a-w-   c:\program files (x86)\Mozilla Firefox\msvcp100.dll
      2012-08-29 12:02 . 2012-08-29 12:03   770384   ----a-w-   c:\program files (x86)\Mozilla Firefox\msvcr100.dll
      2012-08-22 06:05 . 2012-08-22 06:05   --------   d-----w-   c:\program files (x86)\MixMeister BPM Analyzer
      2012-08-22 05:49 . 2012-08-22 05:49   --------   d-----w-   c:\program files (x86)\Abyssmedia
      2012-08-22 05:35 . 2012-08-22 05:35   --------   d-----w-   c:\program files (x86)\Pistonsoft BPM Detector
      2012-08-15 11:16 . 2012-05-05 08:36   503808   ----a-w-   c:\windows\system32\srcore.dll
      2012-08-15 11:16 . 2012-05-05 07:46   43008   ----a-w-   c:\windows\SysWow64\srclient.dll
      2012-08-15 11:16 . 2012-02-11 06:43   751104   ----a-w-   c:\windows\system32\win32spl.dll
      2012-08-15 11:16 . 2012-02-11 06:36   559104   ----a-w-   c:\windows\system32\spoolsv.exe
      2012-08-15 11:16 . 2012-02-11 06:36   67072   ----a-w-   c:\windows\splwow64.exe
      2012-08-15 11:16 . 2012-02-11 05:43   492032   ----a-w-   c:\windows\SysWow64\win32spl.dll
      2012-08-15 11:16 . 2012-07-18 18:15   3148800   ----a-w-   c:\windows\system32\win32k.sys
      2012-08-15 11:16 . 2012-07-04 22:16   73216   ----a-w-   c:\windows\system32\netapi32.dll
      2012-08-15 11:16 . 2012-07-04 22:13   59392   ----a-w-   c:\windows\system32\browcli.dll
      2012-08-15 11:16 . 2012-07-04 22:13   136704   ----a-w-   c:\windows\system32\browser.dll
      2012-08-15 11:16 . 2012-07-04 21:14   41984   ----a-w-   c:\windows\SysWow64\browcli.dll
      2012-08-15 11:16 . 2012-05-14 05:26   956928   ----a-w-   c:\windows\system32\localspl.dll
      .
      .
      .
      ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-08-31 15:19 . 2012-07-17 07:58   696520   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
      2012-08-31 15:19 . 2011-07-27 03:34   73416   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      2012-08-16 15:34 . 2012-03-02 03:11   62134624   ----a-w-   c:\windows\system32\MRT.exe
      2012-07-03 17:46 . 2012-03-09 11:59   24904   ----a-w-   c:\windows\system32\drivers\mbam.sys
      2012-06-09 05:43 . 2012-07-15 11:36   14172672   ----a-w-   c:\windows\system32\shell32.dll
      2012-06-06 06:06 . 2012-07-15 11:36   2004480   ----a-w-   c:\windows\system32\msxml6.dll
      2012-06-06 06:06 . 2012-07-15 11:36   1881600   ----a-w-   c:\windows\system32\msxml3.dll
      2012-06-06 06:02 . 2012-07-15 11:36   1133568   ----a-w-   c:\windows\system32\cdosys.dll
      2012-06-06 05:05 . 2012-07-15 11:36   1390080   ----a-w-   c:\windows\SysWow64\msxml6.dll
      2012-06-06 05:05 . 2012-07-15 11:36   1236992   ----a-w-   c:\windows\SysWow64\msxml3.dll
      2012-06-06 05:03 . 2012-07-15 11:36   805376   ----a-w-   c:\windows\SysWow64\cdosys.dll
      2012-06-02 22:19 . 2012-06-21 22:20   38424   ----a-w-   c:\windows\system32\wups.dll
      2012-06-02 22:19 . 2012-06-21 22:20   2428952   ----a-w-   c:\windows\system32\wuaueng.dll
      2012-06-02 22:19 . 2012-06-21 22:20   57880   ----a-w-   c:\windows\system32\wuauclt.exe
      2012-06-02 22:19 . 2012-06-21 22:20   44056   ----a-w-   c:\windows\system32\wups2.dll
      2012-06-02 22:19 . 2012-06-21 22:20   701976   ----a-w-   c:\windows\system32\wuapi.dll
      2012-06-02 22:15 . 2012-06-21 22:20   2622464   ----a-w-   c:\windows\system32\wucltux.dll
      2012-06-02 22:15 . 2012-06-21 22:20   99840   ----a-w-   c:\windows\system32\wudriver.dll
      2012-06-02 19:19 . 2012-06-21 22:20   186752   ----a-w-   c:\windows\system32\wuwebv.dll
      2012-06-02 19:15 . 2012-06-21 22:20   36864   ----a-w-   c:\windows\system32\wuapp.exe
      .
      .
      (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "LightShot"="c:\users\Owner\AppData\Local\Skillbrains\lightshot\LightShot.exe" [2011-03-16 195072]
      "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-23 6591800]
      "ares"="c:\program files (x86)\Ares\Ares.exe" [2010-10-27 1015808]
      "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
      "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-07-15 1938274]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
      "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
      "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
      "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2007-06-29 286720]
      .
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
      McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 5 (0x5)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
      @=""
      .
      R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [2011-09-26 74768]
      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
      R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-21 136176]
      R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys

      R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
      R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-21 136176]
      R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
      R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
      R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-26 114144]
      R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
      R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-14 413800]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
      R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
      R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-21 1255736]
      R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
      S0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [2011-09-26 74768]
      S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]
      S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-15 283200]
      S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
      S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
      S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
      S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
      S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [2010-09-10 162824]
      S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 145008]
      S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
      S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]
      S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
      S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
      S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
      S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
      S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-02-03 82816]
      S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
      S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-11-03 1103464]
      S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
      S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
      S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
      S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
      .
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-21 21:55]
      .
      2012-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-21 21:55]
      .
      2012-08-31 c:\windows\Tasks\update-S-1-5-21-383216099-2733633658-1331451555-1000.job
      - c:\program files (x86)\Skillbrains\Updater\Updater.exe [2012-01-17 03:09]
      .
      2012-08-31 c:\windows\Tasks\update-sys.job
      - c:\program files (x86)\Skillbrains\Updater\Updater.exe [2012-01-17 03:09]
      .
      .
      --------- X64 Entries -----------
      .
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
      @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
      [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
      2011-05-30 16:50   22408   ----a-w-   c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
      "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440]
      "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
      "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
      "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
      "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "LoadAppInit_DLLs"=0x0
      .
      ------- Supplementary Scan -------
      .
      uInternet Settings,ProxyOverride = <local>
      IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
      IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
      LSP: c:\windows\system32\idmmbc.dll
      FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\057jrvt7.default\
      FF - prefs.js: browser.search.selectedEngine - Google
      FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
      FF - prefs.js: keyword.URL - *Blocked Russian URL*/yandsearch?win=28&clid=1855511&text=
      FF - prefs.js: network.proxy.type - 0
      .
      - - - - ORPHANS REMOVED - - - -
      .
      Toolbar-Locked - (no file)
      Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
      Toolbar-Locked - (no file)
      HKLM-Run-(Default) - (no file)
      HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
      HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
      HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
      HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
      HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
      HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
      HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
      HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
      .
      .
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
      "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_USERS\S-1-5-21-383216099-2733633658-1331451555-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
      @Denied: (Full) (Everyone)
      "scansk"=hex(0):d0,f3,8a,0c,25,a7,1c,03,dd,93,cf,d9,5a,f0,80,e4,85,ab,64,0d,03,
         6f,64,f9,29,c7,4a,38,bd,21,7a,93,af,87,be,1f,25,e9,12,34,00,00,00,00,00,00,\
      .
      [HKEY_USERS\S-1-5-21-383216099-2733633658-1331451555-1000_Classes\Wow6432Node\CLSID\{8b57a127-b7f1-400a-b4a2-69c783f20fcb}]
      @Denied: (Full) (Everyone)
      @Allowed: (Read) (RestrictedCode)
      "Model"=dword:00000049
      "Therad"=dword:00000015
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
      @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.10"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker4"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      Completion time: 2012-08-31  12:16:59
      ComboFix-quarantined-files.txt  2012-08-31 16:16
      .
      Pre-Run: 312,372,957,184 bytes free
      Post-Run: 312,228,642,816 bytes free
      .
      - - End Of File - - 6A87775ED81DB18BA2CEC7AA5F75489D

      Dr Jay

      • Malware Removal Specialist


      • Specialist
      • Moderator emeritus
      • Thanked: 119
      • Experience: Guru
      • OS: Windows 10
      Re: A bunch of UAC popups from fpdownload.macromedia.com/get/shockwave
      « Reply #3 on: August 31, 2012, 10:46:13 AM »
      Scan for malware

      Please download Malwarebytes Anti-Malware from HERE.


      Double Click mbam-setup.exe to install the application.
      • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
      • If an update is found, it will download and install the latest version.
      • Once the program has loaded, select "Perform Quick Scan", then click Scan.
      • The scan may take some time to finish,so please be patient.
      • When the scan is complete, click OK, then Show Results to view the results.
      • Make sure that everything is checked, and click Remove Selected.
      • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
      • Please save the log to a location you will remember.
      • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
      • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
      • Copy and paste the entire report in your next reply.
      ESET Online Scan
       
      Please run a free online scan with the ESET Online Scanner
      • Tick the box next to YES, I accept the Terms of Use
      • Click Start
      • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
      • Click Start or wait for the scanner to load.
      • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
      • Click Scan (This scan can take several hours, so please be patient)
      • Once the scan is completed, there are a couple of things to keep in mind:
      • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
      • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
      • Open the logfile from wherever you saved it
      • Copy and paste the contents in your next reply.
      ~Dr Jay

      goodie2010

        Topic Starter


        Beginner

        Re: A bunch of UAC popups from fpdownload.macromedia.com/get/shockwave
        « Reply #4 on: August 31, 2012, 11:27:46 AM »
        i keep getting illegal operation on registry file can't be opened, there set for deletion, i get that trying to run malwarebytes the online cleaner you listed.  I have an older version of mbytes should i run that?

        goodie2010

          Topic Starter


          Beginner

          Re: A bunch of UAC popups from fpdownload.macromedia.com/get/shockwave
          « Reply #5 on: August 31, 2012, 11:30:46 AM »
          as a matter of fact, i cant run any virus software (cccleaner, hijackthis, mbytes, sas) i click on all and get illegal operation on reg. marked for deletion.  I notice all the icons have that UAC looking shield on them.

          Dr Jay

          • Malware Removal Specialist


          • Specialist
          • Moderator emeritus
          • Thanked: 119
          • Experience: Guru
          • OS: Windows 10
          Re: A bunch of UAC popups from fpdownload.macromedia.com/get/shockwave
          « Reply #6 on: September 01, 2012, 04:38:31 AM »
          I don't know if you got this, but I wrote the following above:

          Quote
          NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

          Please reboot the computer, and try the tools again.
          ~Dr Jay

          goodie2010

            Topic Starter


            Beginner

            Re: A bunch of UAC popups from fpdownload.macromedia.com/get/shockwave
            « Reply #7 on: September 01, 2012, 07:17:31 PM »
            sorry for the delay, it took Eset a really long time, but it found some things.  thanks so much Drag Master J (sounds like a rapper, lol)  My logs are below, I have a question, you put do the mbytes quick scan, so that's what i did, usually i do full scan, in the future is there any rule of when to do the full vs quick scan? Also mbytes is highly approved here at Computer Hope but these bugs never showed up in mbytes. Do I need to purchase mbytes professional or are all these different removal apps good in certain areas, like eset might be good for this bug, but mbytes better for another.  Before this, i've been using Mbytes and SAS, i've noticed a few times mbytes caught something sas didn't and vice versa.   

            Malwarebytes Anti-Malware 1.62.0.1300
            www.malwarebytes.org

            Database version: v2012.09.01.06

            Windows 7 Service Pack 1 x64 NTFS
            Internet Explorer 9.0.8112.16421
            Owner :: OWNER-PC [administrator]

            9/1/2012 2:16:45 PM
            mbam-log-2012-09-01 (14-16-45).txt

            Scan type: Quick scan
            Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
            Scan options disabled: P2P
            Objects scanned: 198541
            Time elapsed: 2 minute(s), 38 second(s)

            Memory Processes Detected: 0
            (No malicious items detected)

            Memory Modules Detected: 0
            (No malicious items detected)

            Registry Keys Detected: 0
            (No malicious items detected)

            Registry Values Detected: 0
            (No malicious items detected)

            Registry Data Items Detected: 0
            (No malicious items detected)

            Folders Detected: 0
            (No malicious items detected)

            Files Detected: 0
            (No malicious items detected)

            (end)



            ESET SCAN


            C:\Program Files (x86)\FLVPlayer\FLVPlayer.exe   a variant of Win32/InstallCore.A application   cleaned by deleting - quarantined
            C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-383216099-2733633658-1331451555-1000\$fe701b6b144cd079585b9e196f361888\n.vir   Win64/Sirefef.AP trojan   cleaned by deleting - quarantined
            C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-383216099-2733633658-1331451555-1000\$fe701b6b144cd079585b9e196f361888\U\[email protected]   Win64/Sirefef.AL trojan   cleaned by deleting - quarantined
            C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-383216099-2733633658-1331451555-1000\$fe701b6b144cd079585b9e196f361888\U\[email protected]   Win64/Sirefef.AH trojan   cleaned by deleting - quarantined
            C:\Qoobox\Quarantine\C\Users\Owner\AppData\Local\qxoubxtxem.exe.vir   Win32/Adware.SecurityShield.D application   cleaned by deleting - quarantined
            C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6f41d511-2ea3b00f   Win32/Adware.SecurityShield.D application   deleted - quarantined
            C:\Users\Owner\Documents\Downloads\Programs\AdvancedPCTweaker_Setup.exe   a variant of Win32/Adware.AdvPCTweak application   cleaned by deleting - quarantined
            C:\Users\Owner\Downloads\PlayItAllSetup.exe   Win32/Toolbar.Zugo application   cleaned by deleting - quarantined



            Dr Jay

            • Malware Removal Specialist


            • Specialist
            • Moderator emeritus
            • Thanked: 119
            • Experience: Guru
            • OS: Windows 10
            Re: A bunch of UAC popups from fpdownload.macromedia.com/get/shockwave
            « Reply #8 on: September 02, 2012, 04:09:08 PM »
            ComboFix Script
             
            • Close any open browsers.
            • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
            • Open notepad and copy/paste the text in the codebox below into it:
              Quote
              ClearJavaCache::
            • Save this as CFScript.txt, in the same location as ComboFix.exe


            • Referring to the picture above, drag CFScript into ComboFix.exe
            • When finished, it shall produce a log for you at C:\ComboFix.txt
            • Please post the contents of the log in your next reply.
            ~Dr Jay

            goodie2010

              Topic Starter


              Beginner

              Re: A bunch of UAC popups from fpdownload.macromedia.com/get/shockwave
              « Reply #9 on: September 05, 2012, 10:55:46 AM »
              sorry for delay,




              ComboFix 12-08-30.05 - Owner 09/04/2012  13:27:24.2.4 - x64
              Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4008.2688 [GMT -4:00]
              Running from: c:\users\Owner\Desktop\svchost.exe.exe
              Command switches used :: c:\users\Owner\Desktop\CFScript.txt
              SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
              .
              .
              (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              c:\users\Owner\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
              .
              .
              (((((((((((((((((((((((((   Files Created from 2012-08-04 to 2012-09-04  )))))))))))))))))))))))))))))))
              .
              .
              2012-09-04 17:42 . 2012-09-04 17:42   --------   d-----w-   c:\users\Default\AppData\Local\temp
              2012-09-04 16:03 . 2012-08-23 08:26   9310152   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{FC62E0E9-2064-49CC-9750-9518BBC9CD9C}\mpengine.dll
              2012-09-01 18:24 . 2012-09-01 18:24   --------   d-----w-   c:\program files (x86)\ESET
              2012-09-01 18:16 . 2012-09-01 18:16   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
              2012-09-01 18:16 . 2012-07-03 17:46   24904   ----a-w-   c:\windows\system32\drivers\mbam.sys
              2012-08-31 15:19 . 2012-08-31 15:19   --------   d-----w-   c:\programdata\McAfee
              2012-08-31 15:02 . 2012-08-31 16:03   --------   d--h--w-   c:\windows\AxInstSV
              2012-08-29 12:03 . 2012-08-29 12:03   73696   ----a-w-   c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
              2012-08-29 12:03 . 2012-08-29 12:03   192592   ----a-w-   c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
              2012-08-29 12:03 . 2012-08-29 12:03   114144   ----a-w-   c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
              2012-08-29 12:03 . 2012-08-29 12:03   421200   ----a-w-   c:\program files (x86)\Mozilla Firefox\msvcp100.dll
              2012-08-29 12:02 . 2012-08-29 12:03   770384   ----a-w-   c:\program files (x86)\Mozilla Firefox\msvcr100.dll
              2012-08-22 06:05 . 2012-08-22 06:05   --------   d-----w-   c:\program files (x86)\MixMeister BPM Analyzer
              2012-08-15 11:16 . 2012-05-05 08:36   503808   ----a-w-   c:\windows\system32\srcore.dll
              2012-08-15 11:16 . 2012-05-05 07:46   43008   ----a-w-   c:\windows\SysWow64\srclient.dll
              2012-08-15 11:16 . 2012-02-11 06:43   751104   ----a-w-   c:\windows\system32\win32spl.dll
              2012-08-15 11:16 . 2012-02-11 06:36   559104   ----a-w-   c:\windows\system32\spoolsv.exe
              2012-08-15 11:16 . 2012-02-11 06:36   67072   ----a-w-   c:\windows\splwow64.exe
              2012-08-15 11:16 . 2012-02-11 05:43   492032   ----a-w-   c:\windows\SysWow64\win32spl.dll
              2012-08-15 11:16 . 2012-07-18 18:15   3148800   ----a-w-   c:\windows\system32\win32k.sys
              2012-08-15 11:16 . 2012-07-04 22:16   73216   ----a-w-   c:\windows\system32\netapi32.dll
              2012-08-15 11:16 . 2012-07-04 22:13   59392   ----a-w-   c:\windows\system32\browcli.dll
              2012-08-15 11:16 . 2012-07-04 22:13   136704   ----a-w-   c:\windows\system32\browser.dll
              2012-08-15 11:16 . 2012-07-04 21:14   41984   ----a-w-   c:\windows\SysWow64\browcli.dll
              2012-08-15 11:16 . 2012-05-14 05:26   956928   ----a-w-   c:\windows\system32\localspl.dll
              .
              .
              .
              ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2012-08-31 15:19 . 2012-07-17 07:58   696520   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
              2012-08-31 15:19 . 2011-07-27 03:34   73416   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
              2012-08-16 15:34 . 2012-03-02 03:11   62134624   ----a-w-   c:\windows\system32\MRT.exe
              2012-06-09 05:43 . 2012-07-15 11:36   14172672   ----a-w-   c:\windows\system32\shell32.dll
              .
              .
              (((((((((((((((((((((((((((((   SnapShot@2012-08-31_16.14.50   )))))))))))))))))))))))))))))))))))))))))
              .
              - 2009-07-14 04:54 . 2012-08-30 16:18   16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
              + 2009-07-14 04:54 . 2012-09-04 00:18   16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
              - 2009-07-14 04:54 . 2012-08-30 16:18   49152              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
              + 2009-07-14 04:54 . 2012-09-04 00:18   49152              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
              + 2009-07-14 05:10 . 2012-09-01 17:57   37154              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
              + 2011-12-09 13:49 . 2012-09-01 17:57   9424              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-383216099-2733633658-1331451555-1000_UserData.bin
              - 2012-08-31 16:04 . 2012-08-31 16:04   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
              + 2012-09-01 17:55 . 2012-09-01 17:55   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
              + 2012-09-01 17:55 . 2012-09-01 17:55   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
              - 2012-08-31 16:04 . 2012-08-31 16:04   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
              - 2009-07-14 04:54 . 2012-08-30 16:18   114688              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
              + 2009-07-14 04:54 . 2012-09-04 00:18   114688              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
              + 2011-12-20 11:03 . 2012-09-02 22:17   262602              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
              + 2011-12-20 01:08 . 2012-09-03 07:50   280664              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
              - 2009-07-14 02:36 . 2012-08-31 02:25   624412              c:\windows\system32\perfh009.dat
              + 2009-07-14 02:36 . 2012-09-01 22:13   624412              c:\windows\system32\perfh009.dat
              + 2009-07-14 02:36 . 2012-09-01 22:13   106756              c:\windows\system32\perfc009.dat
              - 2009-07-14 02:36 . 2012-08-31 02:25   106756              c:\windows\system32\perfc009.dat
              + 2009-07-14 05:01 . 2012-09-01 17:54   229488              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
              - 2009-07-14 05:01 . 2012-08-31 16:03   229488              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
              + 2011-12-09 15:02 . 2012-09-01 17:54   65869404              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-383216099-2733633658-1331451555-1000-8192.dat
              - 2011-12-09 15:02 . 2012-08-31 16:03   65869404              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-383216099-2733633658-1331451555-1000-8192.dat
              .
              (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              *Note* empty entries & legit default entries are not shown
              REGEDIT4
              .
              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "LightShot"="c:\users\Owner\AppData\Local\Skillbrains\lightshot\LightShot.exe" [2011-03-16 195072]
              "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-23 6591800]
              "ares"="c:\program files (x86)\Ares\Ares.exe" [2010-10-27 1015808]
              "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
              "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-07-15 1938274]
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
              "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
              "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
              "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
              "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2007-06-29 286720]
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
              "Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
              "ConsentPromptBehaviorAdmin"= 5 (0x5)
              "ConsentPromptBehaviorUser"= 3 (0x3)
              "EnableUIADesktopToggle"= 0 (0x0)
              .
              [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
              Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
              .
              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
              @=""
              .
              R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
              R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-21 136176]
              R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys

              R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
              R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-21 136176]
              S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-15 283200]
              S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
              S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [2010-09-10 162824]
              S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 145008]
              S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
              .
              .
              Contents of the 'Scheduled Tasks' folder
              .
              2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
              - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-21 21:55]
              .
              2012-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
              - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-21 21:55]
              .
              2012-09-04 c:\windows\Tasks\update-S-1-5-21-383216099-2733633658-1331451555-1000.job
              - c:\program files (x86)\Skillbrains\Updater\Updater.exe [2012-01-17 03:09]
              .
              2012-09-04 c:\windows\Tasks\update-sys.job
              - c:\program files (x86)\Skillbrains\Updater\Updater.exe [2012-01-17 03:09]
              .
              .
              --------- X64 Entries -----------
              .
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
              @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
              [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
              2011-05-30 16:50   22408   ----a-w-   c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
              "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
              "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
              "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
              "HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
              "TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
              "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440]
              "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
              "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
              "Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
              "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
              "TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
              "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
              "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
              "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
              "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
              .
              ------- Supplementary Scan -------
              .
              uInternet Settings,ProxyOverride = <local>
              IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
              IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
              LSP: c:\windows\system32\idmmbc.dll
              TCP: DhcpNameServer = 10.0.0.1
              FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\057jrvt7.default\
              FF - prefs.js: browser.search.selectedEngine - Google
              FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
              FF - prefs.js: keyword.URL - *Blocked Russian URL*/yandsearch?win=28&clid=1855511&text=
              FF - prefs.js: network.proxy.type - 0
              .
              - - - - ORPHANS REMOVED - - - -
              .
              Toolbar-Locked - (no file)
              .
              .
              .
              [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
              "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
              .
              --------------------- LOCKED REGISTRY KEYS ---------------------
              .
              [HKEY_USERS\S-1-5-21-383216099-2733633658-1331451555-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
              @Denied: (Full) (Everyone)
              "scansk"=hex(0):d0,f3,8a,0c,25,a7,1c,03,dd,93,cf,d9,5a,f0,80,e4,85,ab,64,0d,03,
                 6f,64,f9,29,c7,4a,38,bd,21,7a,93,af,87,be,1f,25,e9,12,34,00,00,00,00,00,00,\
              .
              [HKEY_USERS\S-1-5-21-383216099-2733633658-1331451555-1000_Classes\Wow6432Node\CLSID\{8b57a127-b7f1-400a-b4a2-69c783f20fcb}]
              @Denied: (Full) (Everyone)
              @Allowed: (Read) (RestrictedCode)
              "Model"=dword:00000049
              "Therad"=dword:00000015
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
              @Denied: (A 2) (Everyone)
              @="FlashBroker"
              "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
              "Enabled"=dword:00000001
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
              @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
              @Denied: (A 2) (Everyone)
              @="Shockwave Flash Object"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
              @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
              "ThreadingModel"="Apartment"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
              @="0"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
              @="ShockwaveFlash.ShockwaveFlash.10"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
              @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
              @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
              @="1.0"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
              @="ShockwaveFlash.ShockwaveFlash"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
              @Denied: (A 2) (Everyone)
              @="Macromedia Flash Factory Object"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
              @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
              "ThreadingModel"="Apartment"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
              @="FlashFactory.FlashFactory.1"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
              @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
              @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
              @="1.0"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
              @="FlashFactory.FlashFactory"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
              @Denied: (A 2) (Everyone)
              @="IFlashBroker4"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
              @="{00020424-0000-0000-C000-000000000046}"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              "Version"="1.0"
              .
              [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
              @Denied: (Full) (Everyone)
              .
              Completion time: 2012-09-04  14:12:47
              ComboFix-quarantined-files.txt  2012-09-04 18:12
              ComboFix2.txt  2012-08-31 16:17
              .
              Pre-Run: 310,964,260,864 bytes free
              Post-Run: 310,539,313,152 bytes free
              .
              - - End Of File - - 294B07AB7B481582EBE8061E9733E77C

              Dr Jay

              • Malware Removal Specialist


              • Specialist
              • Moderator emeritus
              • Thanked: 119
              • Experience: Guru
              • OS: Windows 10
              Re: A bunch of UAC popups from fpdownload.macromedia.com/get/shockwave
              « Reply #10 on: September 05, 2012, 02:35:46 PM »
              ESET Online Scan
               
              Please run a free online scan with the ESET Online Scanner
              • Tick the box next to YES, I accept the Terms of Use
              • Click Start
              • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
              • Click Start or wait for the scanner to load.
              • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
              • Click Scan (This scan can take several hours, so please be patient)
              • Once the scan is completed, there are a couple of things to keep in mind:
              • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
              • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
              • Open the logfile from wherever you saved it
              • Copy and paste the contents in your next reply.
              Any more issues?

              We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

              Many of the things to note for us would be:

              • Slow computer
              • Error messages
              • Fake antivirus alerts or the icon in the system tray
              • svchost.exe running at 100%
              • System crashes or blue screen of death
              ~Dr Jay

              goodie2010

                Topic Starter


                Beginner

                Re: A bunch of UAC popups from fpdownload.macromedia.com/get/shockwave
                « Reply #11 on: September 06, 2012, 11:11:22 AM »
                Thanks JMJ, no threats were found, computer seems to running so/so i have over 80% of 500gb free, 4gb of ram but my when having say 10 tabs open in firefox at once my computer starts acting crazy.Multi tabs is how i've been doing things for years since i switched to firefox.  When I first got this laptop to test things, i recall having 23 tabs open at once before i saw memory issues, so now i dont understand why it can't handle pages.  youtube videos buffer during the videos several times with no other tabs open, pictures on sites seem slightly off sync to but that .  I don't think its a virus but you asked for a summary. thx