Security > Analysis and Malware Removal

computer very slow - no internet

<< < (2/2)

Corrine:
Hi, Kathy.

Please do your best to manually disable Norton.  I've added an additional switch to help prevent Norton from interfering with the process.  Note that the list is very long so be sure to copy the entire script.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


* Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK).  Copy/Paste all of the text present inside the code box below:
--- Code: ---Killall::

Folder::
C:\Program Files (x86)\Wajam
C:\Program Files (x86)\CouponAlert_2p

DDS::
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: Toolbar BHO: {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\PROGRA~2\COUPON~2\bar\1.bin\2pbar.dll
BHO: Qwiklinx: {3e7c8b5a-96ab-438f-bf9b-782400655440} - C:\Users\Kathy\AppData\Roaming\Qwiklinx\Qwiklinx.dll
BHO: Search Assistant BHO: {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
BHO: PlayBryte BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll
BHO: VideoFileDownload: {625f420e-a4a9-4b40-bc23-716c1c43893a} - C:\Program Files (x86)\OApps\bho.dll
BHO: Funmoods Helper Object: {75ebb0aa-4214-4cb4-90ec-e3e07ecd04f7} - C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\bh\funmoods.dll
BHO: DefaultTab Browser Helper: {7f6afbf1-e065-4627-a2fd-810366367d01} - C:\Users\Kathy\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: Browse For Change BHO: {912c156f-05cf-4b62-851a-96e167a677b0} - mscoree.dll
BHO: Wajam: {a7a6995d-6ee1-4fd1-a258-49395d5bf99c} - C:\Program Files (x86)\Wajam\IE\wajam.dll
BHO: TheSea.TheSeaPlugin: {c585d593-e7f3-4852-a200-561686ee02e4} - mscoree.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Zoom Downloader: {e5c66dd8-308b-4a4f-af0a-3d04f25b5343} - mscoree.dll
BHO: PricePeep: {fd6d90c0-e6ee-4bc6-b9f7-9ed319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: Coupon Alert: {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
EB: TheSeaApp: {c585d593-e7f4-4852-a200-561686ee02e4} - mscoree.dll
mRun: [iBryte browseforchange Desktop] C:\Program Files (x86)\iBryte\browseforchange\ibrytedesktop.exe
mRun: [Coupon Alert Search Scope Monitor] "C:\PROGRA~2\COUPON~2\bar\1.bin\2psrchmn.exe" /m=2 /w /h
mRun: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~2\bar\1.bin\2pbrmon.exe
BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO-X64:     Babylon toolbar helper - No File
BHO-X64: Toolbar BHO: {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\PROGRA~2\COUPON~2\bar\1.bin\2pbar.dll
BHO-X64: Qwiklinx: {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Kathy\AppData\Roaming\Qwiklinx\Qwiklinx.dll
BHO-X64: Search Assistant BHO: {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
BHO-X64: PlayBryte BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll
BHO-X64: VideoFileDownload: {625F420E-A4A9-4B40-BC23-716C1C43893A} - C:\Program Files (x86)\OApps\bho.dll
BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO-X64: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\bh\funmoods.dll
BHO-X64:     Funmoods Helper Object - No File
BHO-X64: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Kathy\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO-X64: Browse For Change BHO: {912C156F-05CF-4B62-851A-96E167A677B0} - mscoree.dll
BHO-X64: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\wajam.dll
BHO-X64: TheSea.TheSeaPlugin: {C585D593-E7F3-4852-A200-561686EE02E4} - mscoree.dll
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: Zoom Downloader: {E5C66DD8-308B-4a4f-AF0A-3D04F25B5343} - mscoree.dll
BHO-X64: PricePeep: {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll
BHO-X64:     PricePeep - No File
BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO-X64:     Yontoo Layers - No File
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB-X64: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsTlbr.dll
TB-X64: Coupon Alert: {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll

--- End code ---

* Save this as CFScript.txt and place it on your desktop.
* Close any open browsers.
* Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.





* Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
* ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
* When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

How is your computer now?

Kathy:
Hi

Here is the latest combo fix log:

System seems more responsive

ComboFix 12-09-27.03 - Administrator 09/30/2012  18:19:38.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5619.4370 [GMT -6:00]
Running from: c:\users\Kathy\Downloads\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
c:\program files (x86)\Funmoods\funmoods\1.5.19.3\bh\funmoods.dll
c:\program files (x86)\iBryte\browseforchange\ibrytedesktop.exe
c:\program files (x86)\PricePeep\pricepeep.dll
c:\program files (x86)\Wajam
c:\program files (x86)\Wajam\IE\favicon.ico
c:\program files (x86)\Wajam\IE\res\res\alert_window_bho.html
c:\program files (x86)\Wajam\IE\res\res\wajam.html
c:\program files (x86)\Wajam\IE\res\res\wajam_logo.png
c:\program files (x86)\Wajam\IE\wajam.dll
c:\program files (x86)\Wajam\uninstall.exe
c:\program files (x86)\Wajam\Updater\update.exe
c:\program files (x86)\Wajam\Updater\wajamLogo.bmp
c:\program files (x86)\Wajam\Updater\WajamUpdater.exe
c:\program files (x86)\Yontoo\YontooIEClient.dll
c:\programdata\WeCareReminder\IEHelperv2.5.0.dll
c:\users\Kathy\AppData\Roaming\Qwiklinx\Qwiklinx.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WajamUpdater
-------\Service_WajamUpdater
.
.
(((((((((((((((((((((((((   Files Created from 2012-09-01 to 2012-10-01  )))))))))))))))))))))))))))))))
.
.
2012-10-01 00:33 . 2012-10-01 00:33   --------   d-----w-   c:\users\Kathy\AppData\Local\temp
2012-10-01 00:33 . 2012-10-01 00:33   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-09-30 23:36 . 2012-09-30 23:36   --------   d-----w-   C:\found.003
2012-09-30 23:21 . 2012-09-30 23:21   --------   d-----w-   c:\users\Administrator
2012-09-29 01:10 . 2012-08-21 21:01   245760   ----a-w-   c:\windows\system32\OxpsConverter.exe
2012-09-29 00:48 . 2012-09-29 00:48   --------   d-----w-   C:\found.002
2012-09-25 03:22 . 2012-09-25 03:22   --------   d-----w-   c:\users\Kathy\AppData\Local\Mozilla
2012-09-24 22:10 . 2012-09-25 06:23   --------   d-----w-   c:\programdata\Recovery
2012-09-24 21:25 . 2012-09-24 21:25   --------   d-----w-   C:\found.001
2012-09-12 16:26 . 2012-08-22 18:12   1913200   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-09-12 16:26 . 2012-08-22 18:12   950128   ----a-w-   c:\windows\system32\drivers\ndis.sys
2012-09-12 16:26 . 2012-08-22 18:12   376688   ----a-w-   c:\windows\system32\drivers\netio.sys
2012-09-12 16:26 . 2012-08-22 18:12   288624   ----a-w-   c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 16:26 . 2012-08-02 17:58   574464   ----a-w-   c:\windows\system32\d3d10level9.dll
2012-09-12 16:26 . 2012-08-02 16:57   490496   ----a-w-   c:\windows\SysWow64\d3d10level9.dll
2012-09-12 16:26 . 2012-07-04 20:26   41472   ----a-w-   c:\windows\system32\drivers\rndismpx.sys
2012-09-12 16:26 . 2012-07-04 20:26   41472   ----a-w-   c:\windows\system32\drivers\RNDISMP.sys
2012-09-05 09:06 . 2012-09-05 13:14   --------   d-----w-   c:\users\Kathy\AppData\Roaming\Skype
2012-09-05 09:06 . 2012-09-05 09:06   --------   d-----w-   c:\program files (x86)\Common Files\Skype
2012-09-05 09:06 . 2012-09-05 09:06   --------   d-----r-   c:\program files (x86)\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-30 15:02 . 2012-06-09 17:50   64462936   ----a-w-   c:\windows\system32\MRT.exe
2012-08-29 21:03 . 2012-08-29 21:03   69000   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C8E8E9B-7356-4B2A-A43C-0F2E71F3D1E1}\offreg.dll
2012-08-23 08:26 . 2012-08-28 16:16   9310152   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C8E8E9B-7356-4B2A-A43C-0F2E71F3D1E1}\mpengine.dll
2012-08-21 03:02 . 2012-08-21 03:02   18944   ----a-r-   c:\users\Kathy\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2012-07-18 18:15 . 2012-08-15 14:44   3148800   ----a-w-   c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-15 14:44   73216   ----a-w-   c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 14:44   59392   ----a-w-   c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 14:44   136704   ----a-w-   c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 14:44   41984   ----a-w-   c:\windows\SysWow64\browcli.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3a421c8f-e238-4aeb-8874-b8b5f2cc4772}]
c:\progra~2\COUPON~2\bar\1.bin\2pbar.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{60e91567-ef8a-4520-bce2-83aba5256799}]
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd}]
2010-11-21 03:24   297808   ----a-w-   c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{625F420E-A4A9-4B40-BC23-716C1C43893A}]
c:\program files (x86)\OApps\bho.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]
c:\users\Kathy\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{912C156F-05CF-4B62-851A-96E167A677B0}]
2010-11-21 03:24   297808   ----a-w-   c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C585D593-E7F3-4852-A200-561686EE02E4}]
2010-11-21 03:24   297808   ----a-w-   c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E5C66DD8-308B-4a4f-AF0A-3D04F25B5343}]
2010-11-21 03:24   297808   ----a-w-   c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}"= "c:\program files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsTlbr.dll" [2012-03-08 251344]
"{3462c343-be19-4143-af70-cefb56f46fc6}"= "c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{a4c272ec-ed9e-4ace-a6f2-9558c7f29ef3}]
[HKEY_CLASSES_ROOT\funmoods.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\funmoods.dskBnd]
.
[HKEY_CLASSES_ROOT\clsid\{3462c343-be19-4143-af70-cefb56f46fc6}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-12 658424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2012-03-22 4862384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1588401562-1905477843-745187313-1001Core.job
- c:\users\Kathy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22 23:22]
.
2012-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1588401562-1905477843-745187313-1001UA.job
- c:\users\Kathy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22 23:22]
.
2012-09-28 c:\windows\Tasks\HPCeeScheduleForKathy.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
2012-09-24 c:\windows\Tasks\HPCeeScheduleForSAM-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
2012-09-30 c:\windows\Tasks\User_Feed_Synchronization-{C17ADEFC-022D-4272-8E74-EB55B132DA4B}.job
- c:\windows\system32\msfeedssync.exe [2012-01-26 04:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{3E7C8B5A-96AB-438F-BF9B-782400655440} - c:\users\Kathy\AppData\Roaming\Qwiklinx\Qwiklinx.dll
BHO-{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - c:\program files (x86)\Funmoods\funmoods\1.5.19.3\bh\funmoods.dll
BHO-{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - c:\program files (x86)\PricePeep\pricepeep.dll
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files (x86)\Yontoo\YontooIEClient.dll
Toolbar-{b278d9f8-0fa9-465e-9938-0c392605d8e3} - (no file)
Wow6432Node-HKLM-Run-iBryte browseforchange Desktop - c:\program files (x86)\iBryte\browseforchange\ibrytedesktop.exe
AddRemove-DefaultTab - c:\users\Kathy\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
AddRemove-I Want This - c:\program files (x86)\I Want This\Uninstall.exe
AddRemove-iBryte_browseforchange - c:\program files (x86)\iBryte\browseforchange\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1588401562-1905477843-745187313-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,3b,1b,10,6e,dc,
   9c,b9,88,eb,0f,91,4f,cf,e8,45,63,3e,26
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,3b,1b,f3,f0,fc,
   6e,26,3c,26,0f,81,df,bf,f0,9c,01,0c,d3
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,87,9f,
   89,12,13,b2,05,80,da,9c,c6,6a,a2,38,a5
"{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}"=hex:51,66,7a,6c,4c,1d,3b,1b,fc,6d,d5,
   b5,a1,ba,a1,06,bf,ff,d5,18,c6,b8,db,ea
"{3462C343-BE19-4143-AF70-CEFB56F46FC6}"=hex:51,66,7a,6c,4c,1d,3b,1b,53,dc,75,
   25,26,e9,2c,0d,b6,7d,8e,bb,57,be,2a,df
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,3b,1b,22,a2,8e,
   fe,c4,96,bd,5d,90,22,40,d0,26,57,0a,91
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,3b,1b,28,92,50,
   13,c6,94,94,02,82,5c,36,d5,ed,ea,13,69
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,c8,
   09,92,bf,ec,0e,bc,9b,ba,17,8d,64,f8,da
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,3b,1b,28,c8,fb,
   3f,7b,0f,f6,06,ad,bb,54,2b,f9,48,24,22
"{3A421C8F-E238-4AEB-8874-B8B5F2CC4772}"=hex:51,66,7a,6c,4c,1d,3b,1b,9f,03,55,
   2b,07,b5,84,06,91,79,f8,f5,f3,86,02,6b
"{3E7C8B5A-96AB-438F-BF9B-782400655440}"=hex:51,66,7a,6c,4c,1d,3b,1b,4a,94,6b,
   2f,94,c1,e0,0f,a6,96,38,64,01,2f,11,59
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,3b,1b,1e,c4,3d,
   71,c0,1d,78,0e,93,ac,d5,9a,c5,95,e1,11
"{60E91567-EF8A-4520-BCE2-83ABA5256799}"=hex:51,66,7a,6c,4c,1d,3b,1b,77,0a,fe,
   71,b5,b8,4f,09,a5,ef,c3,eb,a4,6f,22,80
"{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}"=hex:51,66,7a,6c,4c,1d,3b,1b,6a,f0,f7,
   70,ff,cc,85,09,82,22,b3,a9,f1,6c,d7,a4
"{625F420E-A4A9-4B40-BC23-716C1C43893A}"=hex:51,66,7a,6c,4c,1d,3b,1b,1e,5d,48,
   73,96,f3,2f,07,a5,2e,31,2c,1d,09,cc,23
"{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}"=hex:51,66,7a,6c,4c,1d,3b,1b,be,14,7f,
   7d,63,32,52,02,96,c9,a6,e5,21,89,9c,31
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,3b,1b,94,f3,44,
   7c,91,3d,e8,0b,b7,e3,b4,22,8e,4b,44,15
"{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}"=hex:51,66,7a,6c,4c,1d,3b,1b,ba,af,fc,
   64,2b,15,db,00,89,e1,a3,a0,7f,87,41,ee
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,88,03,
   67,cf,81,43,0a,af,e6,94,9a,f0,93,68,5a
"{7F6AFBF1-E065-4627-A2FD-810366367D01}"=hex:51,66,7a,6c,4c,1d,3b,1b,e1,e4,7d,
   6e,5a,b7,48,0a,bb,f0,c1,43,67,7c,38,18
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,cb,27,
   81,3d,1b,d0,06,97,c1,11,24,77,42,26,df
"{912C156F-05CF-4B62-851A-96E167A677B0}"=hex:51,66,7a,6c,4c,1d,3b,1b,7f,0a,3b,
   80,f0,52,0d,07,9c,17,d6,a1,66,ec,32,a9
"{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}"=hex:51,66,7a,6c,4c,1d,3b,1b,4d,86,b1,
   b6,de,39,be,03,bb,55,09,79,5c,11,bc,85
"{C585D593-E7F3-4852-A200-561686EE02E4}"=hex:51,66,7a,6c,4c,1d,3b,1b,83,ca,92,
   d4,cc,b0,3d,04,bb,0d,16,56,87,a4,47,fd
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,3b,1b,10,21,d9,
   c3,75,ae,2f,0b,81,83,43,9c,2e,72,86,56
"{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,3b,1b,ce,ef,33,
   c9,5f,6a,38,03,87,bc,26,43,3f,87,cf,a2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,df,
   ca,7a,f3,34,0f,a5,79,dc,65,c0,8f,cd,b0
"{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}"=hex:51,66,7a,6c,4c,1d,3b,1b,c8,72,d1,
   f4,b4,67,20,06,b6,07,7d,44,f3,11,16,5a
"{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}"=hex:51,66,7a,6c,4c,1d,3b,1b,d0,8f,7a,
   ec,d1,b1,a9,07,a0,fa,de,93,18,23,c5,1e
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,3b,1b,0e,19,65,
   ec,e1,c8,22,04,bc,87,4b,eb,40,1b,8f,c1
"{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,3b,1b,4b,e0,e5,
   86,33,71,a0,00,9a,47,6d,9a,4f,63,a6,87
"{C585D593-E7F4-4852-A200-561686EE02E4}"=hex:51,66,7a,6c,4c,1d,3b,1b,83,ca,92,
   d4,cb,b0,3d,04,bb,0d,16,56,87,a4,47,fd
.
[HKEY_USERS\S-1-5-21-1588401562-1905477843-745187313-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:31,12,a7,d1,65,9f,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\program files (x86)\PDF Complete\pdfsvc.exe
c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe
c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
.
**************************************************************************
.
Completion time: 2012-09-30  18:53:10 - machine was rebooted
ComboFix-quarantined-files.txt  2012-10-01 00:53
ComboFix2.txt  2012-09-29 22:31
.
Pre-Run: 927,070,330,880 bytes free
Post-Run: 927,014,477,824 bytes free
.
- - End Of File - - 2D1EE077D780016AA604C5E865F8CD7C

Corrine:
Hi, Kathy.

I'm glad the computer is working better.  I'm not happy though since it appears that Funmoods made a change to the registry.  First, let's take a look with AdwCleaner to see what it is showing.

Please download AdwCleaner by Xplode to your Desktop.
[*]  Double-click AdwCleaner.exe to run the tool.
[*]  Click Search.
[*]  A logfile will automatically open after the scan has finished.
[*]  Please post the contents of that logfile with your next response.[/list]
 Note: The log can also be found at C:\AdwCleaner[XX].txt where XX denotes the number of times the application has been run, i.e., R1

Navigation

[0] Message Index

[*] Previous page

Go to full version