Internet Connected but Browsers won't open.

ginocollins · 12-11-2007, 09:38 AM

After coming home from work today I noticed my browsers (IE and Firefox) no longer work. They both worked fine this morning and my messengers as well as P2P programs still work. My girlfriend is connected to the same network via router but she has no issues. Also after uninstalling both browsers and reinstalling, as well as using numerous spyware programs which found a couple of problems but nothing substantial, I installed Opera. Opera works fine but still no luck on the others. I have been at this for hours and it's getting severely frustrating. Help!

**johnwill** · 12-11-2007, 10:56 AM

Try these simple tests.

Start, Run, CMD to open a command prompt:

PING 216.109.112.135

PING yahoo.com

Right click in the command window and choose Select All, then hit Enter.
Paste the results in a message here.

If you are on a machine with no network connection, use a floppy, USB disk, or a CD-RW disk to transfer a text file with the information to allow pasting it here.

I'd also like to see this.

Start, Run, CMD to open a command prompt:

Type the following command:

IPCONFIG /ALL

Right click in the command window and choose Select All, then hit Enter.
Paste the results in a message here.

If you are on a machine with no network connection, use a floppy, USB disk, or a CD-RW disk to transfer a text file with the information to allow pasting it here.

dct693 · 12-11-2007, 11:06 AM

Quote:

Originally Posted by ginocollins

After coming home from work today I noticed my browsers (IE and Firefox) no longer work. They both worked fine this morning and my messengers as well as P2P programs still work. My girlfriend is connected to the same network via router but she has no issues. Also after uninstalling both browsers and reinstalling, as well as using numerous spyware programs which found a couple of problems but nothing substantial, I installed Opera. Opera works fine but still no luck on the others. I have been at this for hours and it's getting severely frustrating. Help!

The fact that your girlfriend's PC works and yours does not would lead me to think it's a software issue on your computer. Try temporarily turning off your software firewall (you do have one don't you?) and try surfing again. I assume you've already tried to restart your computer to no avail. You can also try installing Safari to see if something is blocking port 80. Or try going to an https website to see if port 443 is open.

ginocollins · 12-11-2007, 04:24 PM

Here's the results.

C:\>PING 216.109.112.135

Pinging 216.109.112.135 with 32 bytes of data:

Reply from 216.109.112.135: bytes=32 time=239ms TTL=45
Reply from 216.109.112.135: bytes=32 time=238ms TTL=45
Reply from 216.109.112.135: bytes=32 time=371ms TTL=45
Reply from 216.109.112.135: bytes=32 time=267ms TTL=45

Ping statistics for 216.109.112.135:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 238ms, Maximum = 371ms, Average = 278ms

C:\>PING yahoo.com
Ping request could not find host yahoo.com. Please check the name and try again.

C:\>IPCONFIG /ALL

Windows IP Configuration

Host Name . . . . . . . . . . . . : kitt
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Eth
ernet NIC
Physical Address. . . . . . . . . : 00-01-80-57-92-CA
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 219.252.0.1
219.252.2.100
Lease Obtained. . . . . . . . . . : December 12, 2007 2:32:23 AM
Lease Expires . . . . . . . . . . : January 19, 2038 12:14:07 PM

I already tried turning off the firewall when it first happened. No luck. No dice on an https wesbsite. Same result. Installed Safari and it works fine as does Opera which I mentioned earlier.

dct693 · 12-11-2007, 07:33 PM

Check out how Firefox and IE are configured to connected to the Internet. In Firefox, it's Tools > Options > Advanced > Network > Settings...

See if Firefox is configured to use a direct Internet connection.

**johnwill** · 12-12-2007, 06:35 AM

Let's go for the simple fix first.

TCP/IP stack repair options for use with Windows XP with SP2.

Start, Run, CMD to open a command prompt:

Reset TCP/IP stack to installation defaults. netsh int ip reset reset.log

Reset WINSOCK entries to installation defaults: netsh winsock reset catalog

Reboot the machine.

Let us know if that helps.

bonboncho · 06-30-2011, 08:23 AM

I have the same problem. yesterday, chrome stopped launching and today firefox won't launch. Only IE works..for now. I just ran combofix and these are the results. can someone help me ? what should I do next ?

ComboFix 11-06-30.01 - bonboncho 06/30/2011 7:31.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4085.2256 [GMT -7:00]
Running from: c:\users\bonboncho\Desktop\PCHelpForum.exe.exe
.
/wow section - STAGE 50
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The system cannot find the file LockedB.
The system cannot find the file lockedB.
'.d.a.1.a.3.f.f.' is not recognized as an internal or external command
'.0.\\.' is not recognized as an internal or external command
The system cannot find the file LockedB.
The system cannot find the file LockedB.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Mp3Tube Toolbar\mp3Tubetb.dll
c:\users\bonboncho\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3B5A76AE-88CD-482C-81C2-77FF1EAAFCCC}.xps
c:\users\bonboncho\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AA859C38-8CEF-47B3-98E3-884656971764}.xps
c:\windows\SysWow64\KBL.LOG
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Mp3Tube Toolbar Service
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-30 )))))))))))))))))))))))))))))))
.
.
2011-06-30 14:27 . 2011-06-30 14:27 -------- d-----w- C:\32788R22FWJFW
2011-06-29 17:56 . 2011-05-30 13:42 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-06-29 17:56 . 2011-05-30 13:42 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2011-06-29 17:56 . 2011-05-23 09:52 153088 ----a-w- c:\windows\SysWow64\xvid.ax
2011-06-29 17:56 . 2011-05-23 07:49 173568 ----a-w- c:\windows\system32\xvid.ax
2011-06-29 17:56 . 2011-05-23 07:46 645632 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-06-29 17:56 . 2011-05-23 07:45 696832 ----a-w- c:\windows\system32\xvidcore.dll
2011-06-29 17:15 . 2011-04-29 15:25 344576 ----a-w- c:\windows\system32\schannel.dll
2011-06-29 17:15 . 2011-04-29 14:54 276992 ----a-w- c:\windows\SysWow64\schannel.dll
2011-06-28 12:58 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{890DCA30-A3DB-4251-965D-382AFA4FDC10}\mpengine.dll
2011-06-18 05:53 . 2011-06-18 05:53 -------- d-----w- c:\programdata\Sony
2011-06-18 05:27 . 2011-06-29 17:56 -------- d-----w- c:\program files (x86)\Xvid
2011-06-18 05:26 . 2011-06-30 14:41 -------- d-----w- c:\program files (x86)\Mp3Tube Toolbar
2011-06-18 05:26 . 2011-06-29 17:39 -------- d-----w- c:\program files (x86)\QuestScan
2011-06-18 05:26 . 2011-06-29 17:10 -------- d-----w- c:\programdata\QuestScan
2011-06-16 19:22 . 2010-12-20 15:39 563200 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-16 19:19 . 2011-05-02 16:38 1104384 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-06-16 19:19 . 2011-05-02 16:00 766464 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll
2011-06-16 06:24 . 2011-06-28 21:39 -------- d-----w- c:\programdata\Skype Extras
2011-06-16 06:23 . 2011-06-16 06:23 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 02:14 . 2009-10-02 22:10 270720 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-23 39408]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1ca18cb7a2f89c4;Google Update Service (gupdate1ca18cb7a2f89c4);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-09 133104]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-01-12 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-09 133104]
R3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw3v64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S2 QuestScan Service;QuestScan Service;c:\programdata\QuestScan\questscan145.exe [2011-06-28 26112]
S3 NETw4v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw4v64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-24 01:34 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-29 08:28]
.
2011-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-09 08:28]
.
2011-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-09 08:28]
.
2011-06-25 c:\windows\Tasks\HPCeeScheduleForbonboncho.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-02-23 19:58]
.
2011-06-30 c:\windows\Tasks\PCConfidential.job
- c:\program files (x86)\Winferno\PC Confidential\PCConfidential.exe [2008-12-29 22:10]
.
2010-12-17 c:\windows\Tasks\User_Feed_Synchronization-{FD3E0B61-D363-4787-A86F-85C69FD732D5}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\pchelpforum.exe\CF394.cfxxe" [X]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-22 138264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-22 203800]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-22 168472]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1702400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mp3tubetoolbar.com/?tmp=toolbar_Mp3Tube_homepage&prt=pinballtbfour04ie&clid=cdefc598771544f9aefa33b06cfb166c
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyServer = 127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\bonboncho\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
DPF: {3713F92E-2252-4A87-868E-C5F17704D4C6} - hxxp://www.rockyou.com/RockYouImageUploader.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\bonboncho\AppData\Roaming\Mozilla\Firefox\Profiles\ojquq7kr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://www.questscan.com/?tmp=nemo_results_removelink&prt=QstscanPB&keywords=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: MP3Tube Toolbar: mp3tubetoolbar@mp3tubetoolbar.com - c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com
FF - Ext: QuestScan: {F0E1168A-B4B5-484C-B77E-0D28E6B64096} - c:\program files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}
FF - Ext: Bulgarian Dictionary: bg-BG@dictionaries.addons.mozilla.org - %profile%\extensions\bg-BG@dictionaries.addons.mozilla.org
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - c:\program files (x86)\My.Freeze.com Toolbar\NetAssistant.dll
BHO-{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - c:\program files (x86)\My.Freeze.com Toolbar\NetAssistant.dll
Toolbar-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - c:\program files (x86)\My.Freeze.com Toolbar\freeze_us.dll
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKCU-Run-ares - c:\program files (x86)\Ares\Ares.exe
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
AddRemove-My.Freeze.com Toolbar - c:\program files (x86)\My.Freeze.com Toolbar\settings_uninstall_app.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2954481614-2778706235-2205699449-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*=]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2954481614-2778706235-2205699449-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*=\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Pure Networks\Network Magic\nmsrvc.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files (x86)\QuestScan\questscan.exe
.
**************************************************************************
.
Completion time: 2011-06-30 07:55:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-30 14:55
.
Pre-Run: 34,215,374,848 bytes free
Post-Run: 36,580,446,208 bytes free
.
- - End Of File - - 5423E91B82EA4379EC34735C05F7D3DC

2xg · 06-30-2011, 03:36 PM

Hi bonboncho - your system seems to be infected, please post at the Security Forums.
Prior to posting read the First Steps
. Just a heads up, they are extremely busy so be very patient and you will be assisted. Thanks.

Quote:

Originally Posted by bonboncho

I have the same problem. yesterday, chrome stopped launching and today firefox won't launch. Only IE works..for now. I just ran combofix and these are the results. can someone help me ? what should I do next ?

ComboFix 11-06-30.01 - bonboncho 06/30/2011 7:31.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4085.2256 [GMT -7:00]
Running from: c:\users\bonboncho\Desktop\PCHelpForum.exe.exe
.
/wow section - STAGE 50
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The system cannot find the file LockedB.
The system cannot find the file lockedB.
'.d.a.1.a.3.f.f.' is not recognized as an internal or external command
'.0.\\.' is not recognized as an internal or external command
The system cannot find the file LockedB.
The system cannot find the file LockedB.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Mp3Tube Toolbar\mp3Tubetb.dll
c:\users\bonboncho\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3B5A76AE-88CD-482C-81C2-77FF1EAAFCCC}.xps
c:\users\bonboncho\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AA859C38-8CEF-47B3-98E3-884656971764}.xps
c:\windows\SysWow64\KBL.LOG
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Mp3Tube Toolbar Service
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-30 )))))))))))))))))))))))))))))))
.
.
2011-06-30 14:27 . 2011-06-30 14:27 -------- d-----w- C:\32788R22FWJFW
2011-06-29 17:56 . 2011-05-30 13:42 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-06-29 17:56 . 2011-05-30 13:42 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2011-06-29 17:56 . 2011-05-23 09:52 153088 ----a-w- c:\windows\SysWow64\xvid.ax
2011-06-29 17:56 . 2011-05-23 07:49 173568 ----a-w- c:\windows\system32\xvid.ax
2011-06-29 17:56 . 2011-05-23 07:46 645632 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-06-29 17:56 . 2011-05-23 07:45 696832 ----a-w- c:\windows\system32\xvidcore.dll
2011-06-29 17:15 . 2011-04-29 15:25 344576 ----a-w- c:\windows\system32\schannel.dll
2011-06-29 17:15 . 2011-04-29 14:54 276992 ----a-w- c:\windows\SysWow64\schannel.dll
2011-06-28 12:58 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{890DCA30-A3DB-4251-965D-382AFA4FDC10}\mpengine.dll
2011-06-18 05:53 . 2011-06-18 05:53 -------- d-----w- c:\programdata\Sony
2011-06-18 05:27 . 2011-06-29 17:56 -------- d-----w- c:\program files (x86)\Xvid
2011-06-18 05:26 . 2011-06-30 14:41 -------- d-----w- c:\program files (x86)\Mp3Tube Toolbar
2011-06-18 05:26 . 2011-06-29 17:39 -------- d-----w- c:\program files (x86)\QuestScan
2011-06-18 05:26 . 2011-06-29 17:10 -------- d-----w- c:\programdata\QuestScan
2011-06-16 19:22 . 2010-12-20 15:39 563200 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-16 19:19 . 2011-05-02 16:38 1104384 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-06-16 19:19 . 2011-05-02 16:00 766464 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll
2011-06-16 06:24 . 2011-06-28 21:39 -------- d-----w- c:\programdata\Skype Extras
2011-06-16 06:23 . 2011-06-16 06:23 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 02:14 . 2009-10-02 22:10 270720 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-23 39408]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1ca18cb7a2f89c4;Google Update Service (gupdate1ca18cb7a2f89c4);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-09 133104]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-01-12 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-09 133104]
R3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw3v64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S2 QuestScan Service;QuestScan Service;c:\programdata\QuestScan\questscan145.exe [2011-06-28 26112]
S3 NETw4v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw4v64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-24 01:34 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-29 08:28]
.
2011-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-09 08:28]
.
2011-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-09 08:28]
.
2011-06-25 c:\windows\Tasks\HPCeeScheduleForbonboncho.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-02-23 19:58]
.
2011-06-30 c:\windows\Tasks\PCConfidential.job
- c:\program files (x86)\Winferno\PC Confidential\PCConfidential.exe [2008-12-29 22:10]
.
2010-12-17 c:\windows\Tasks\User_Feed_Synchronization-{FD3E0B61-D363-4787-A86F-85C69FD732D5}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\pchelpforum.exe\CF394.cfxxe" [X]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-22 138264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-22 203800]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-22 168472]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1702400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mp3tubetoolbar.com/?tmp=toolbar_Mp3Tube_homepage&prt=pinballtbfour04ie&clid=cdefc598771544f9aefa33b06cfb166c
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyServer = 127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\bonboncho\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
DPF: {3713F92E-2252-4A87-868E-C5F17704D4C6} - hxxp://www.rockyou.com/RockYouImageUploader.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\bonboncho\AppData\Roaming\Mozilla\Firefox\Profiles\ojquq7kr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://www.questscan.com/?tmp=nemo_results_removelink&prt=QstscanPB&keywords=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: MP3Tube Toolbar: mp3tubetoolbar@mp3tubetoolbar.com - c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com
FF - Ext: QuestScan: {F0E1168A-B4B5-484C-B77E-0D28E6B64096} - c:\program files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}
FF - Ext: Bulgarian Dictionary: bg-BG@dictionaries.addons.mozilla.org - %profile%\extensions\bg-BG@dictionaries.addons.mozilla.org
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - c:\program files (x86)\My.Freeze.com Toolbar\NetAssistant.dll
BHO-{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - c:\program files (x86)\My.Freeze.com Toolbar\NetAssistant.dll
Toolbar-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - c:\program files (x86)\My.Freeze.com Toolbar\freeze_us.dll
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKCU-Run-ares - c:\program files (x86)\Ares\Ares.exe
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
AddRemove-My.Freeze.com Toolbar - c:\program files (x86)\My.Freeze.com Toolbar\settings_uninstall_app.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2954481614-2778706235-2205699449-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*=]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2954481614-2778706235-2205699449-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*=\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Pure Networks\Network Magic\nmsrvc.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files (x86)\QuestScan\questscan.exe
.
**************************************************************************
.
Completion time: 2011-06-30 07:55:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-30 14:55
.
Pre-Run: 34,215,374,848 bytes free
Post-Run: 36,580,446,208 bytes free
.
- - End Of File - - 5423E91B82EA4379EC34735C05F7D3DC