smartresult.org hijack

**josie869** · 2013-03-31, 19:01

when I clicked on the firefox icon to post the log
it says
c:\program files (x86)\mozilla firefox\fiefox.exe
illegal operation attempted on a registry key that has been marked for deletion.

same error for internet explorer

I am posting from anther computer

**OCD** · 2013-03-31, 19:08

Hi joise869,

Did you reboot the computer? If not, do so now and see if this brings the functionality back to your browsers.

**josie869** · 2013-03-31, 19:54

ok, that worked
ComboFix 13-03-30.01 - Kathy 03/31/2013 12:20:37.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6050.4459 [GMT -4:00]
Running from: c:\users\Kathy\Desktop\ComboFix.exe
Command switches used :: c:\users\Kathy\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AVG SafeGuard toolbar
c:\program files (x86)\AVG SafeGuard toolbar\15.0.0.2\AVG SafeGuard toolbar_toolbar.dll
c:\program files (x86)\AVG SafeGuard toolbar\about.gif
c:\program files (x86)\AVG SafeGuard toolbar\active-threats18.gif
c:\program files (x86)\AVG SafeGuard toolbar\AVG SafeGuard toolbar
c:\program files (x86)\AVG SafeGuard toolbar\Chrome\content\icons\bg_close.gif
c:\program files (x86)\AVG SafeGuard toolbar\Chrome\content\icons\bg_expand.gif
c:\program files (x86)\AVG SafeGuard toolbar\Chrome\content\icons\bg_tooltip.gif
c:\program files (x86)\AVG SafeGuard toolbar\Chrome\content\icons\bg_tracking.gif
c:\program files (x86)\AVG SafeGuard toolbar\Chrome\content\icons\bull4x4.gif
c:\program files (x86)\AVG SafeGuard toolbar\Chrome\content\icons\divider.gif
c:\program files (x86)\AVG SafeGuard toolbar\Chrome\content\icons\innerBG_gradient.gif
c:\program files (x86)\AVG SafeGuard toolbar\ChromeRes\nt.html
c:\program files (x86)\AVG SafeGuard toolbar\CleanHistory.gif
c:\program files (x86)\AVG SafeGuard toolbar\configuration.xml
c:\program files (x86)\AVG SafeGuard toolbar\current.gif
c:\program files (x86)\AVG SafeGuard toolbar\currently-safe18.gif
c:\program files (x86)\AVG SafeGuard toolbar\DSPDlg_IE\all.css
c:\program files (x86)\AVG SafeGuard toolbar\DSPDlg_IE\btn-ok2.gif
c:\program files (x86)\AVG SafeGuard toolbar\DSPDlg_IE\downBtn.png
c:\program files (x86)\AVG SafeGuard toolbar\DSPDlg_IE\DSPDlg_IE.html
c:\program files (x86)\AVG SafeGuard toolbar\DSPDlg_IE\logo2.png
c:\program files (x86)\AVG SafeGuard toolbar\DSPDlg_IE\upBtn.png
c:\program files (x86)\AVG SafeGuard toolbar\EnableHelperRes\EEImageHandler.html
c:\program files (x86)\AVG SafeGuard toolbar\EnableHelperRes\Images\box_ie.png
c:\program files (x86)\AVG SafeGuard toolbar\EULA.gif
c:\program files (x86)\AVG SafeGuard toolbar\Eula.txt
c:\program files (x86)\AVG SafeGuard toolbar\Facebook.gif
c:\program files (x86)\AVG SafeGuard toolbar\favicon.ico
c:\program files (x86)\AVG SafeGuard toolbar\feedback.gif
c:\program files (x86)\AVG SafeGuard toolbar\FireFoxSearchXml.tmp
c:\program files (x86)\AVG SafeGuard toolbar\help.gif
c:\program files (x86)\AVG SafeGuard toolbar\icon18.gif
c:\program files (x86)\AVG SafeGuard toolbar\labs.gif
c:\program files (x86)\AVG SafeGuard toolbar\Licenses\CPOL license.txt
c:\program files (x86)\AVG SafeGuard toolbar\Licenses\Encoding_decoding_base64.txt
c:\program files (x86)\AVG SafeGuard toolbar\Licenses\hmac.txt
c:\program files (x86)\AVG SafeGuard toolbar\Licenses\LICENSE-bsdiff.txt
c:\program files (x86)\AVG SafeGuard toolbar\Licenses\LICENSE-bzip.txt
c:\program files (x86)\AVG SafeGuard toolbar\Licenses\LICENSE-JasonCpp.txt
c:\program files (x86)\AVG SafeGuard toolbar\Licenses\LICENSE-MPL-NPAPI.txt
c:\program files (x86)\AVG SafeGuard toolbar\Licenses\LICENSE-sparsehash.txt
c:\program files (x86)\AVG SafeGuard toolbar\Licenses\PassthruApp.txt
c:\program files (x86)\AVG SafeGuard toolbar\lip.exe
c:\program files (x86)\AVG SafeGuard toolbar\performanceIcon.gif
c:\program files (x86)\AVG SafeGuard toolbar\PostInstall.exe
c:\program files (x86)\AVG SafeGuard toolbar\PostInstaller.ini
c:\program files (x86)\AVG SafeGuard toolbar\privacy.gif
c:\program files (x86)\AVG SafeGuard toolbar\remote_configuration.xml
c:\program files (x86)\AVG SafeGuard toolbar\search.gif
c:\program files (x86)\AVG SafeGuard toolbar\setup.bmp
c:\program files (x86)\AVG SafeGuard toolbar\surf-with-caution18.gif
c:\program files (x86)\AVG SafeGuard toolbar\Uninstall.exe
c:\program files (x86)\AVG SafeGuard toolbar\uninstall.gif
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\cp-bg.png
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\cp_logo.png
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\downBtn.png
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\loader.gif
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\uninstall-bg.png
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\upBtn.png
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\jquery-1.5.1.min.js
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\jquery-1.8.1.min.js
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\uninstall_cp.css
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Uninstall_cp.html
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Uninstall_cp_step2.html
c:\program files (x86)\AVG SafeGuard toolbar\updating18.gif
c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe
c:\program files (x86)\Common Files\AVG Secure Search
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\UpdaterConfig.ini
c:\users\Kathy\AppData\Local\AVG SafeGuard toolbar
c:\users\Kathy\AppData\Local\AVG SafeGuard toolbar\DNT\dt.dat
c:\users\Kathy\AppData\Local\AVG SafeGuard toolbar\SiteSafety\l_2013_03_28_03_41_58.db
c:\users\Kathy\AppData\Local\AVG SafeGuard toolbar\SiteSafety\l_2013_03_29_06_41_02.db
c:\users\Kathy\AppData\Local\AVG Secure Search
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vToolbarUpdater15.0.0
.
.
((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-31 )))))))))))))))))))))))))))))))
.
.
2013-03-31 16:26 . 2013-03-31 16:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-30 23:29 . 2013-03-30 23:29 -------- d-----w- C:\TDSSKiller_Quarantine
2013-03-30 02:18 . 2013-03-30 02:18 121 ----a-w- c:\windows\DeleteOnReboot.bat
2013-03-28 22:42 . 2013-03-28 22:42 -------- d-----w- c:\users\Kathy\AppData\Local\WinZip
2013-03-28 22:42 . 2013-03-28 22:42 -------- d-----w- c:\programdata\WinZip
2013-03-28 22:42 . 2013-03-28 22:42 -------- d-----w- c:\program files\WinZip
2013-03-28 22:41 . 2013-03-28 22:41 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2013-03-28 22:41 . 2013-03-28 22:41 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-03-28 22:24 . 2013-03-28 22:25 -------- d-----w- c:\program files (x86)\ERUNT
2013-03-26 23:23 . 2013-03-26 23:23 -------- d-----w- c:\users\Kathy\AppData\Roaming\Malwarebytes
2013-03-26 23:22 . 2013-03-26 23:22 -------- d-----w- c:\programdata\Malwarebytes
2013-03-26 23:22 . 2013-03-26 23:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-26 23:22 . 2012-12-14 20:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-26 00:30 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-25 23:25 . 2013-03-30 23:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-03-25 23:25 . 2009-01-25 16:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-03-25 23:25 . 2013-03-25 23:25 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-03-25 23:23 . 2013-03-25 23:23 -------- d-----w- c:\users\Kathy\AppData\Local\Programs
2013-03-24 15:12 . 2013-03-24 15:12 -------- d-----w- c:\programdata\SugarGames
2013-03-16 14:42 . 2013-03-19 11:00 -------- d-----w- c:\users\Kathy\AppData\Local\Sonic
2013-03-16 00:31 . 2013-02-02 06:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-03-16 00:31 . 2013-02-02 03:23 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-03-16 00:28 . 2013-03-16 00:29 -------- d-----w- c:\program files (x86)\Dell Digital Delivery
2013-03-13 14:43 . 2013-03-13 14:43 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-13 14:43 . 2013-03-13 14:43 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-13 10:42 . 2013-03-13 10:43 -------- d-----w- C:\23486ff927f0f78691e0d6a5
2013-03-05 02:40 . 2013-03-05 02:40 -------- d-----w- c:\programdata\Meridian93
2013-03-03 15:08 . 2013-03-03 15:08 -------- d-----w- c:\users\Kathy\AppData\Roaming\Alawar
2013-03-02 21:58 . 2013-03-02 22:00 -------- d-----w- c:\users\Kathy\AppData\Roaming\Brunhilda_bfg
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 02:41 . 2012-04-03 17:15 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 02:41 . 2011-12-09 06:01 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-19 18:59 . 2011-03-13 17:20 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-02-19 18:56 . 2011-03-13 17:20 340216 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-02-19 18:56 . 2011-12-09 06:46 182752 ----a-w- c:\windows\system32\mfevtps.exe
2013-02-19 18:55 . 2011-12-09 06:46 10728 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2013-02-19 18:55 . 2011-03-13 17:20 106552 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2013-02-19 18:54 . 2011-03-13 17:20 771536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-02-19 18:53 . 2011-03-13 17:20 515968 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-02-19 18:53 . 2011-03-13 17:20 309840 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-02-19 18:52 . 2011-03-13 17:20 179280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-02-13 12:22 . 2012-02-21 20:46 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-02-12 05:45 . 2013-03-13 09:57 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 09:57 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 09:57 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 09:57 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 09:57 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 09:57 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-13 21:17 . 2013-02-27 12:06 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-27 12:06 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-27 12:06 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-27 12:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 12:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 12:06 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 12:06 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 12:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 12:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 12:06 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 12:06 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 12:06 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-27 12:06 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-27 12:06 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-27 12:06 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-27 12:06 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-27 12:06 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-27 12:06 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-27 12:06 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-27 12:06 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-27 12:06 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-27 12:06 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-27 12:06 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-27 12:06 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-27 12:06 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-27 12:06 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-27 12:06 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-27 12:06 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-27 12:06 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-27 12:06 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-27 12:06 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-27 12:06 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-27 12:06 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-27 12:06 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-27 12:06 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-27 12:06 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-27 12:06 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-27 12:06 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-27 12:06 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-27 12:06 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-27 12:06 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32 . 2013-02-27 12:06 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-13 18:09 . 2013-02-27 12:06 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-27 12:06 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05 . 2013-02-27 12:06 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-01-05 05:53 . 2013-02-13 11:21 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 11:21 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 11:21 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11 . 2013-02-27 12:06 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11 . 2013-02-27 12:06 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-01-04 05:46 . 2013-02-13 11:20 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 11:20 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 11:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 11:20 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 11:20 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 11:20 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 11:20 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 11:20 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 11:20 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 11:20 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-14 1534504]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
.
c:\users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk.disabled [2013-3-28 1106]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk.disabled [2013-2-10 2048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-05-19 1335360]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-06-21 34200]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-27 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-03-28 39768]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-05-19 921664]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-05-19 995392]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-10-09 187912]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 182752]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-05-19 51712]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-05-19 53248]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 282624]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-20 59904]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-06-21 25496]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys [2011-07-20 136000]
S3 tixhci;TI XHCI Service;c:\windows\system32\DRIVERS\tixhci.sys [2011-07-20 406336]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 02:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
FF - ProfilePath - c:\users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\187hsxeh.default\
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={48F5F16B-5EE2-425F-A22C-591CAC411205}&mid=2a62154e21694dc8aba5305666c3b128-7ebb7c7288368040367e0b9b33cae994739ffb45&lang=en&ds=hk018&pr=sa&d=2013-03-28 18:41&v=15.0.0.2&pid=safeguard&sg=1&sap=hp
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-03-16 15:26; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-AVG SafeGuard toolbar - c:\program files (x86)\AVG SafeGuard toolbar\UNINSTALL.exe
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-03-31 12:34:02 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-31 16:34
ComboFix2.txt 2013-03-31 00:12
.
Pre-Run: 425,706,987,520 bytes free
Post-Run: 425,173,393,408 bytes free
.
- - End Of File - - B8E46C90D557F685BC4DBC03F7412CC1

**OCD** · 2013-03-31, 20:06

josie869,

I still need to see the TDSSKiller logs you have. Post them when you can.

**josie869** · 2013-03-31, 20:14

I have attached it because this site tells me it's too many characters to post.

**OCD** · 2013-03-31, 23:30

Hi josie869,

Are you still experiencing Google redirects?
If so, which browsers are effected?
Is you Firefox homepage issue been resolved?

= = = = = = = = = = = = = = = = = = = =

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Code:

Firefox::
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={48F5F16B-5EE2-425F-A22C-591CAC411205}&mid=2a62154e21694dc8aba5305666c3b128-7ebb7c7288368040367e0b9b33cae994739ffb45&lang=en&ds=hk018&pr=sa&d=2013-03-28 18:41&v=15.0.0.2&pid=safeguard&sg=1&sap=hp

Folder::
c:\programdata\AVG SafeGuard toolbar

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, please post the C:\ComboFix.txt for further review.

In your next post please provide the following:
Answers to the questions above
ComboFix.txt
Any remaining issues?

**josie869** · 2013-04-01, 01:21

I have disabled mcafee, malware and spybot , combofix is saying spybot is still running.

can I uninstall spybot?

**OCD** · 2013-04-01, 01:37

Hi josie869,

Try this to disable Spybot S & D, you shouldn't need to uninstall it.

Disable Spybot Search & Destroy (temporarily)

Launch Spybot S & D
Select Mode it the top menu bar, select Advanced
Select the Tools sub menu on the left
Select the Resident from the left hand menu
Remove the check marks from both options in the right hand menu under "Resident Protection Status"
Exit Spybot

Then retry the ComboFix step and post the results.

**josie869** · 2013-04-01, 01:47

i don't have a mode option
I have version 2.0.12.126
I have unchecked all spybot references in the start up tools

**OCD** · 2013-04-01, 02:38

Hi josie869,

Just go ahead and uninstall Spybot and we'll reinstall it after we get the computer clean.

Then run the ComboFix step I outlined previously and post the results when they are available and an update on the Google redirection issues.

Thread: smartresult.org hijack

Thread Tools

Display

Posting Permissions