Computers at home infected with PUM.Hijack.HomePageControl

[cpbunch]

Hi,

I've run the initial scans/tests starting on my husband's computer first. Should I make one post for each of the other two computers or do them all here one after the other. I'm assuming it will be the same infection etc. for all but not sure. I really appreciate any help and I've sent quite a few of my family and friends here.

Thanks again!
Michele

Here are the results for my husband's computer:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.22.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Dad :: HOME-DESKTOP [administrator]

7/22/2013 12:05:29 PM
mbam-log-2013-07-22 (12-05-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237492
Time elapsed: 4 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|Homepage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


---------------------------------------------------

# AdwCleaner v2.306 - Logfile created 07/22/2013 at 12:58:24
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Dad - HOME-DESKTOP
# Boot Mode : Normal
# Running from : C:\Users\Dad\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\x96n8jpf.default\searchplugins\Askcom.xml
Folder Deleted : C:\ProgramData\Ask

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\x96n8jpf.default\prefs.js

C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\x96n8jpf.default\user.js ... Deleted !

Deleted : user_pref("browser.search.order.1", "Ask.com");

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.23] : icon_url = "hxxp://www.ask.com/favicon.ico",
Deleted [l.26] : keyword = "ask.com",
Deleted [l.30] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=[...]
Deleted [l.31] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTer[...]

*************************

AdwCleaner[S1].txt - [3238 octets] - [22/07/2013 12:58:24]

########## EOF - C:\AdwCleaner[S1].txt - [3298 octets] ##########


----------------------------------------------------

 Results of screen317's Security Check version 0.99.70 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Disabled! 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````[/u]
 SpywareBlaster 5.0   
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Adobe Flash Player 11.8.800.94 
 Mozilla Firefox (22.0)
 Google Chrome 28.0.1500.71 
 Google Chrome 28.0.1500.72 
````````Process Check: objlist.exe by Laurent````````[/u] 
 Comodo Firewall cmdagent.exe
 Comodo Firewall cfp.exe
 Symantec Norton Online Backup NOBuAgent.exe 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please run the scans on one computer only. It's too confusing to try to clean two or more computer in the same thread.

Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
************************************************
Download Combofix from any of the links below, and save it to your DESKTOP. 
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

[cpbunch]

Thanks so much for the quick reply. I was able to run those two scans and here are the reports:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.0 (07.21.2013:1)
OS: Windows 7 Home Premium x64
Ran by Dad on Mon 07/22/2013 at 15:39:00.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3C7EE912-A84F-43D0-80E1-07EA93486D42}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5B0F69C4-B27B-49B3-A252-A2EEC2D29A76}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{3C7EE912-A84F-43D0-80E1-07EA93486D42}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Dad\AppData\Roaming\mozilla\firefox\profiles\x96n8jpf.default\minidumps [51 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/22/2013 at 15:46:18.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


----------------------------------------

ComboFix 13-07-22.01 - Dad 07/22/2013  16:01:02.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5619.3978 [GMT -4:00]
Running from: c:\users\Dad\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-22 to 2013-07-22  )))))))))))))))))))))))))))))))
.
.
2013-07-22 20:07 . 2013-07-22 20:07   --------   d-----w-   c:\users\Lilly\AppData\Local\temp
2013-07-22 20:07 . 2013-07-22 20:07   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-07-22 19:38 . 2013-07-22 19:38   --------   d-----w-   c:\windows\ERUNT
2013-07-22 16:24 . 2013-07-22 16:24   --------   d-----w-   c:\program files\CCleaner
2013-07-16 23:29 . 2013-07-16 23:29   --------   d-----w-   c:\users\Dad\AppData\Local\Diagnostics
2013-07-10 01:59 . 2013-05-27 05:50   1011712   ----a-w-   c:\program files\Windows Defender\MpSvc.dll
2013-07-10 01:59 . 2013-05-27 05:50   571904   ----a-w-   c:\program files\Windows Defender\MpClient.dll
2013-07-10 01:59 . 2013-05-27 05:50   314880   ----a-w-   c:\program files\Windows Defender\MpCommu.dll
2013-07-10 01:59 . 2013-05-27 04:57   4608   ----a-w-   c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 01:59 . 2013-05-27 04:57   54784   ----a-w-   c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 01:59 . 2013-05-27 04:57   392704   ----a-w-   c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 01:59 . 2013-05-27 03:15   9216   ----a-w-   c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 01:59 . 2013-06-04 06:00   624128   ----a-w-   c:\windows\system32\qedit.dll
2013-07-10 01:59 . 2013-06-04 04:53   509440   ----a-w-   c:\windows\SysWow64\qedit.dll
2013-07-10 01:59 . 2013-05-06 06:03   1887744   ----a-w-   c:\windows\system32\WMVDECOD.DLL
2013-07-10 01:59 . 2013-05-06 04:56   1620480   ----a-w-   c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 01:56 . 2013-06-05 03:34   3153920   ----a-w-   c:\windows\system32\win32k.sys
2013-07-10 01:56 . 2013-04-10 05:48   1732608   ----a-w-   c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 01:56 . 2013-04-10 05:46   1393152   ----a-w-   c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 01:56 . 2013-04-10 05:46   1367040   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 01:56 . 2013-04-10 05:46   1402880   ----a-w-   c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 01:56 . 2013-04-10 05:03   936448   ----a-w-   c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 01:55 . 2013-04-09 23:34   1247744   ----a-w-   c:\windows\SysWow64\DWrite.dll
2013-07-10 01:55 . 2013-04-02 22:51   1643520   ----a-w-   c:\windows\system32\DWrite.dll
2013-07-06 11:07 . 2013-07-06 11:07   --------   d-----w-   c:\users\Dad\Tracing
2013-07-06 10:33 . 2013-07-06 10:33   --------   d-----w-   c:\windows\en
2013-07-06 10:23 . 2013-07-06 10:23   --------   d-----w-   c:\programdata\Licenses
2013-07-06 08:56 . 2013-07-06 08:56   --------   d-----w-   c:\program files (x86)\Common Files\Skype
2013-07-06 08:51 . 2013-07-06 08:50   312232   ----a-w-   c:\windows\system32\javaws.exe
2013-07-06 08:50 . 2013-07-06 08:50   108968   ----a-w-   c:\windows\system32\WindowsAccessBridge-64.dll
2013-07-06 08:50 . 2013-07-06 08:50   189352   ----a-w-   c:\windows\system32\javaw.exe
2013-07-06 08:50 . 2013-07-06 08:50   188840   ----a-w-   c:\windows\system32\java.exe
2013-07-06 08:50 . 2013-07-06 08:50   --------   d-----w-   c:\program files\Java
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-21 01:44 . 2013-06-03 23:56   47368   ----a-w-   c:\windows\SysWow64\certsentry.dll
2013-07-21 01:44 . 2013-01-16 23:07   56072   ----a-w-   c:\windows\system32\certsentry.dll
2013-07-19 20:08 . 2012-05-06 13:59   692104   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-19 20:08 . 2012-03-12 20:17   71048   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-10 03:18 . 2012-06-01 15:51   78185248   ----a-w-   c:\windows\system32\MRT.exe
2013-07-06 08:50 . 2013-02-21 15:39   972712   ----a-w-   c:\windows\system32\deployJava1.dll
2013-07-06 08:50 . 2013-02-21 15:39   1093032   ----a-w-   c:\windows\system32\npDeployJava1.dll
2013-06-29 00:09 . 2013-03-18 21:01   189936   ----a-w-   c:\windows\system32\drivers\aswVmm.sys
2013-06-29 00:09 . 2012-05-06 01:33   378944   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2013-06-29 00:09 . 2012-05-06 01:33   1030952   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2013-05-13 05:51 . 2013-06-12 05:30   184320   ----a-w-   c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 05:30   1464320   ----a-w-   c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 05:30   139776   ----a-w-   c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 05:30   52224   ----a-w-   c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 05:30   140288   ----a-w-   c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 05:30   1160192   ----a-w-   c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 05:30   103936   ----a-w-   c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 05:30   1192448   ----a-w-   c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 05:30   903168   ----a-w-   c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 05:30   43008   ----a-w-   c:\windows\SysWow64\certenc.dll
2013-05-10 20:31 . 2012-07-17 19:37   22240   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-10 05:49 . 2013-06-12 05:30   30720   ----a-w-   c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 05:30   24576   ----a-w-   c:\windows\SysWow64\cryptdlg.dll
2013-05-09 08:59 . 2013-03-18 21:01   65336   ----a-w-   c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2012-05-06 01:33   72016   ----a-w-   c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2012-05-06 01:33   64288   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2012-05-06 01:33   33400   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2012-05-06 01:33   80816   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2012-05-06 01:33   41664   ----a-w-   c:\windows\avastSS.scr
2013-05-09 08:58 . 2012-05-06 01:33   287840   ----a-w-   c:\windows\system32\aswBoot.exe
2013-05-08 06:39 . 2013-06-12 05:32   1910632   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-04-26 05:51 . 2013-06-12 05:30   751104   ----a-w-   c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-12 05:30   492544   ----a-w-   c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-12 05:30   1505280   ----a-w-   c:\windows\SysWow64\d3d11.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-21 15:19   220632   ----a-w-   c:\users\Dad\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-21 15:19   220632   ----a-w-   c:\users\Dad\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-21 15:19   220632   ----a-w-   c:\users\Dad\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36   130736   ----a-w-   c:\users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36   130736   ----a-w-   c:\users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36   130736   ----a-w-   c:\users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-06-04 5622512]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-12 658424]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe

S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys

S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys

S0 aswRvrt;aswRvrt;

S0 aswVmm;aswVmm;

S1 aswSnx;aswSnx;

S1 aswSP;aswSP;

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe

S2 aswFsBlk;aswFsBlk;

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys

S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe

S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe

S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys

.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 03:13   1173456   ----a-w-   c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 20:08]
.
2013-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-06 01:33]
.
2013-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-06 01:33]
.
2013-06-25 c:\windows\Tasks\HPCeeScheduleForDad.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-21 15:19   244696   ----a-w-   c:\users\Dad\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-21 15:19   244696   ----a-w-   c:\users\Dad\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-21 15:19   244696   ----a-w-   c:\users\Dad\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58   133840   ----a-w-   c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36   164016   ----a-w-   c:\users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36   164016   ----a-w-   c:\users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36   164016   ----a-w-   c:\users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36   164016   ----a-w-   c:\users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-07 03:57   778192   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 03:57   778192   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 03:57   778192   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-07 03:57   778192   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-07 03:57   778192   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-07 03:57   778192   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 9577680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{1ACBDD46-D1D3-442E-9395-C7AE0DC68675}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{1CC7BA71-17EF-49C5-A240-6E56E842C3B0}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\x96n8jpf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4016863288-1328350486-1320324310-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4016863288-1328350486-1320324310-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-4016863288-1328350486-1320324310-1000\Software\SecuROM\License information*]
"datasecu"=hex:42,a2,56,3e,0d,0b,ce,5b,96,8f,a4,8b,77,06,0d,0d,a1,04,06,7e,22,
   69,c0,b9,b1,55,e4,b4,ad,2c,f8,d2,4d,4c,c8,2d,9a,4f,3e,cf,a1,2b,73,e7,31,c0,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-22  16:09:53
ComboFix-quarantined-files.txt  2013-07-22 20:09
.
Pre-Run: 898,097,520,640 bytes free
Post-Run: 897,614,393,344 bytes free
.
- - End Of File - - 0EA35C4A4AA3EED6966A3F3E325AB376
A36C5E4F47E84449FF07ED3517B43A31

[SuperDave]

I believe your problem has been fixed. Are you having any other issues?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[cpbunch]

Hi!  I was able to finish the ESET scan and it said no threats detected. Looks like things are okay. Do I start another topic for my daughter's computer. It has a different threat detected but we are all on the same network. I didn't want to take up too many threads at the same time.

Thanks so much for the help!

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=775264a0a34b9d46b586edda873547a1
# engine=14497
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-22 11:50:29
# local_time=2013-07-22 07:50:29 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 24153 150328901 0 0
# compatibility_mode=3074 16777213 100 100 20158094 45321393 0 0
# compatibility_mode=5893 16776574 100 94 145154 126080479 0 0
# scanned=31324
# found=0
# cleaned=0
# scan_time=3246
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=775264a0a34b9d46b586edda873547a1
# engine=14497
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-23 02:35:15
# local_time=2013-07-22 10:35:15 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 34039 150338787 0 0
# compatibility_mode=3074 16777213 100 100 21006780 45331279 0 0
# compatibility_mode=5893 16776574 100 94 155040 126090365 0 0
# scanned=170121
# found=0
# cleaned=0
# scan_time=9815

[SuperDave]

Do I start another topic for my daughter's computer.

Yes, please start another thread. Let's do some cleanup and we'll be finished here.

Download this program and run it Uninstall ComboFix .It will remove ComboFix for you.

Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
*******************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

[cpbunch]

Thanks a lot! I'll open a new thread for my daughter's computer with the initial files. I've already run them.

I downloaded the links below and updated and immunized. I did notice one of the links has been moved to: http://www.bleepingcomputer.com/tutorials/use-spywareblaster-to-protect-your-computer/ by Bleeping Computer.

I'm bookmarking the last two and will go through those as well in order to better safeguard this type of infection. I didn't know about the internet explorer immunization so I'll definitely be implementing that on the other computers as well once they are clean.

Thanks so much and see you on the other thread! I will be donating as this service in invaluable.

[SuperDave]

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.