smartresult.org hijack

[josie869]

when I clicked on the firefox icon to post the log
it says
c:\program files (x86)\mozilla firefox\fiefox.exe
illegal operation attempted on a registry key that has been marked for deletion.

same error for internet explorer


I am posting from anther computer

 

[OCD]

Hi joise869,

Did you reboot the computer? If not, do so now and see if this brings the functionality back to your browsers.

 

[josie869]

ok, that worked
ComboFix 13-03-30.01 - Kathy 03/31/2013 12:20:37.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6050.4459 [GMT -4:00]
Running from: c:\users\Kathy\Desktop\ComboFix.exe
Command switches used :: c:\users\Kathy\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AVG SafeGuard toolbar
c:\program files (x86)\AVG SafeGuard toolbar\15.0.0.2\AVG SafeGuard toolbar_toolbar.dll
c:\program files (x86)\AVG SafeGuard toolbar\about.gif
c:\program files (x86)\AVG SafeGuard toolbar\active-threats18.gif
c:\program files (x86)\AVG SafeGuard toolbar\AVG SafeGuard toolbar
c:\program files (x86)\AVG SafeGuard toolbar\Chrome\content\icons\bg_close.gif
c:\program files (x86)\AVG SafeGuard toolbar\Chrome\content\icons\bg_expand.gif
c:\program files (x86)\AVG SafeGuard toolbar\Chrome\content\icons\bg_tooltip.gif
c:\program files (x86)\AVG SafeGuard toolbar\Chrome\content\icons\bg_tracking.gif
c:\program files (x86)\AVG SafeGuard toolbar\Chrome\content\icons\bull4x4.gif
c:\program files (x86)\AVG SafeGuard toolbar\Chrome\content\icons\divider.gif
c:\program files (x86)\AVG SafeGuard toolbar\Chrome\content\icons\innerBG_gradient.gif
c:\program files (x86)\AVG SafeGuard toolbar\ChromeRes\nt.html
c:\program files (x86)\AVG SafeGuard toolbar\CleanHistory.gif
c:\program files (x86)\AVG SafeGuard toolbar\configuration.xml
c:\program files (x86)\AVG SafeGuard toolbar\current.gif
c:\program files (x86)\AVG SafeGuard toolbar\currently-safe18.gif
c:\program files (x86)\AVG SafeGuard toolbar\DSPDlg_IE\all.css
c:\program files (x86)\AVG SafeGuard toolbar\DSPDlg_IE\btn-ok2.gif
c:\program files (x86)\AVG SafeGuard toolbar\DSPDlg_IE\downBtn.png
c:\program files (x86)\AVG SafeGuard toolbar\DSPDlg_IE\DSPDlg_IE.html
c:\program files (x86)\AVG SafeGuard toolbar\DSPDlg_IE\logo2.png
c:\program files (x86)\AVG SafeGuard toolbar\DSPDlg_IE\upBtn.png
c:\program files (x86)\AVG SafeGuard toolbar\EnableHelperRes\EEImageHandler.html
c:\program files (x86)\AVG SafeGuard toolbar\EnableHelperRes\Images\box_ie.png
c:\program files (x86)\AVG SafeGuard toolbar\EULA.gif
c:\program files (x86)\AVG SafeGuard toolbar\Eula.txt
c:\program files (x86)\AVG SafeGuard toolbar\Facebook.gif
c:\program files (x86)\AVG SafeGuard toolbar\favicon.ico
c:\program files (x86)\AVG SafeGuard toolbar\feedback.gif
c:\program files (x86)\AVG SafeGuard toolbar\FireFoxSearchXml.tmp
c:\program files (x86)\AVG SafeGuard toolbar\help.gif
c:\program files (x86)\AVG SafeGuard toolbar\icon18.gif
c:\program files (x86)\AVG SafeGuard toolbar\labs.gif
c:\program files (x86)\AVG SafeGuard toolbar\Licenses\CPOL license.txt
c:\program files (x86)\AVG SafeGuard toolbar\Licenses\Encoding_decoding_base64.txt
c:\program files (x86)\AVG SafeGuard toolbar\Licenses\hmac.txt
c:\program files (x86)\AVG SafeGuard toolbar\Licenses\LICENSE-bsdiff.txt
c:\program files (x86)\AVG SafeGuard toolbar\Licenses\LICENSE-bzip.txt
c:\program files (x86)\AVG SafeGuard toolbar\Licenses\LICENSE-JasonCpp.txt
c:\program files (x86)\AVG SafeGuard toolbar\Licenses\LICENSE-MPL-NPAPI.txt
c:\program files (x86)\AVG SafeGuard toolbar\Licenses\LICENSE-sparsehash.txt
c:\program files (x86)\AVG SafeGuard toolbar\Licenses\PassthruApp.txt
c:\program files (x86)\AVG SafeGuard toolbar\lip.exe
c:\program files (x86)\AVG SafeGuard toolbar\performanceIcon.gif
c:\program files (x86)\AVG SafeGuard toolbar\PostInstall.exe
c:\program files (x86)\AVG SafeGuard toolbar\PostInstaller.ini
c:\program files (x86)\AVG SafeGuard toolbar\privacy.gif
c:\program files (x86)\AVG SafeGuard toolbar\remote_configuration.xml
c:\program files (x86)\AVG SafeGuard toolbar\search.gif
c:\program files (x86)\AVG SafeGuard toolbar\setup.bmp
c:\program files (x86)\AVG SafeGuard toolbar\surf-with-caution18.gif
c:\program files (x86)\AVG SafeGuard toolbar\Uninstall.exe
c:\program files (x86)\AVG SafeGuard toolbar\uninstall.gif
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\cp-bg.png
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\cp_logo.png
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\downBtn.png
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\loader.gif
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\uninstall-bg.png
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\upBtn.png
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\jquery-1.5.1.min.js
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\jquery-1.8.1.min.js
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\uninstall_cp.css
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Uninstall_cp.html
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Uninstall_cp_step2.html
c:\program files (x86)\AVG SafeGuard toolbar\updating18.gif
c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe
c:\program files (x86)\Common Files\AVG Secure Search
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\UpdaterConfig.ini
c:\users\Kathy\AppData\Local\AVG SafeGuard toolbar
c:\users\Kathy\AppData\Local\AVG SafeGuard toolbar\DNT\dt.dat
c:\users\Kathy\AppData\Local\AVG SafeGuard toolbar\SiteSafety\l_2013_03_28_03_41_58.db
c:\users\Kathy\AppData\Local\AVG SafeGuard toolbar\SiteSafety\l_2013_03_29_06_41_02.db
c:\users\Kathy\AppData\Local\AVG Secure Search
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vToolbarUpdater15.0.0
.
.
((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-31 )))))))))))))))))))))))))))))))
.
.
2013-03-31 16:26 . 2013-03-31 16:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-30 23:29 . 2013-03-30 23:29 -------- d-----w- C:\TDSSKiller_Quarantine
2013-03-30 02:18 . 2013-03-30 02:18 121 ----a-w- c:\windows\DeleteOnReboot.bat
2013-03-28 22:42 . 2013-03-28 22:42 -------- d-----w- c:\users\Kathy\AppData\Local\WinZip
2013-03-28 22:42 . 2013-03-28 22:42 -------- d-----w- c:\programdata\WinZip
2013-03-28 22:42 . 2013-03-28 22:42 -------- d-----w- c:\program files\WinZip
2013-03-28 22:41 . 2013-03-28 22:41 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2013-03-28 22:41 . 2013-03-28 22:41 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-03-28 22:24 . 2013-03-28 22:25 -------- d-----w- c:\program files (x86)\ERUNT
2013-03-26 23:23 . 2013-03-26 23:23 -------- d-----w- c:\users\Kathy\AppData\Roaming\Malwarebytes
2013-03-26 23:22 . 2013-03-26 23:22 -------- d-----w- c:\programdata\Malwarebytes
2013-03-26 23:22 . 2013-03-26 23:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-26 23:22 . 2012-12-14 20:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-26 00:30 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-25 23:25 . 2013-03-30 23:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-03-25 23:25 . 2009-01-25 16:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-03-25 23:25 . 2013-03-25 23:25 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-03-25 23:23 . 2013-03-25 23:23 -------- d-----w- c:\users\Kathy\AppData\Local\Programs
2013-03-24 15:12 . 2013-03-24 15:12 -------- d-----w- c:\programdata\SugarGames
2013-03-16 14:42 . 2013-03-19 11:00 -------- d-----w- c:\users\Kathy\AppData\Local\Sonic
2013-03-16 00:31 . 2013-02-02 06:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-03-16 00:31 . 2013-02-02 03:23 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-03-16 00:28 . 2013-03-16 00:29 -------- d-----w- c:\program files (x86)\Dell Digital Delivery
2013-03-13 14:43 . 2013-03-13 14:43 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-13 14:43 . 2013-03-13 14:43 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-13 10:42 . 2013-03-13 10:43 -------- d-----w- C:\23486ff927f0f78691e0d6a5
2013-03-05 02:40 . 2013-03-05 02:40 -------- d-----w- c:\programdata\Meridian93
2013-03-03 15:08 . 2013-03-03 15:08 -------- d-----w- c:\users\Kathy\AppData\Roaming\Alawar
2013-03-02 21:58 . 2013-03-02 22:00 -------- d-----w- c:\users\Kathy\AppData\Roaming\Brunhilda_bfg
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 02:41 . 2012-04-03 17:15 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 02:41 . 2011-12-09 06:01 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-19 18:59 . 2011-03-13 17:20 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-02-19 18:56 . 2011-03-13 17:20 340216 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-02-19 18:56 . 2011-12-09 06:46 182752 ----a-w- c:\windows\system32\mfevtps.exe
2013-02-19 18:55 . 2011-12-09 06:46 10728 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2013-02-19 18:55 . 2011-03-13 17:20 106552 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2013-02-19 18:54 . 2011-03-13 17:20 771536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-02-19 18:53 . 2011-03-13 17:20 515968 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-02-19 18:53 . 2011-03-13 17:20 309840 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-02-19 18:52 . 2011-03-13 17:20 179280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-02-13 12:22 . 2012-02-21 20:46 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-02-12 05:45 . 2013-03-13 09:57 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 09:57 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 09:57 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 09:57 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 09:57 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 09:57 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-13 21:17 . 2013-02-27 12:06 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-27 12:06 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-27 12:06 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-27 12:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 12:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 12:06 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 12:06 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 12:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 12:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 12:06 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 12:06 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 12:06 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-27 12:06 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-27 12:06 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-27 12:06 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-27 12:06 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-27 12:06 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-27 12:06 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-27 12:06 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-27 12:06 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-27 12:06 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-27 12:06 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-27 12:06 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-27 12:06 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-27 12:06 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-27 12:06 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-27 12:06 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-27 12:06 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-27 12:06 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-27 12:06 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-27 12:06 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-27 12:06 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-27 12:06 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-27 12:06 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-27 12:06 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-27 12:06 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-27 12:06 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-27 12:06 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-27 12:06 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-27 12:06 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-27 12:06 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32 . 2013-02-27 12:06 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-13 18:09 . 2013-02-27 12:06 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-27 12:06 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05 . 2013-02-27 12:06 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-01-05 05:53 . 2013-02-13 11:21 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 11:21 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 11:21 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11 . 2013-02-27 12:06 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11 . 2013-02-27 12:06 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-01-04 05:46 . 2013-02-13 11:20 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 11:20 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 11:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 11:20 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 11:20 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 11:20 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 11:20 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 11:20 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 11:20 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 11:20 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-14 1534504]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
.
c:\users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk.disabled [2013-3-28 1106]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk.disabled [2013-2-10 2048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-05-19 1335360]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-06-21 34200]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-27 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-03-28 39768]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-05-19 921664]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-05-19 995392]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-10-09 187912]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 182752]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-05-19 51712]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-05-19 53248]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 282624]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-20 59904]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-06-21 25496]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys [2011-07-20 136000]
S3 tixhci;TI XHCI Service;c:\windows\system32\DRIVERS\tixhci.sys [2011-07-20 406336]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 02:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
FF - ProfilePath - c:\users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\187hsxeh.default\
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={48F5F16B-5EE2-425F-A22C-591CAC411205}&mid=2a62154e21694dc8aba5305666c3b128-7ebb7c7288368040367e0b9b33cae994739ffb45&lang=en&ds=hk018&pr=sa&d=2013-03-28 18:41&v=15.0.0.2&pid=safeguard&sg=1&sap=hp
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-03-16 15:26; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-AVG SafeGuard toolbar - c:\program files (x86)\AVG SafeGuard toolbar\UNINSTALL.exe
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-03-31 12:34:02 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-31 16:34
ComboFix2.txt 2013-03-31 00:12
.
Pre-Run: 425,706,987,520 bytes free
Post-Run: 425,173,393,408 bytes free
.
- - End Of File - - B8E46C90D557F685BC4DBC03F7412CC1

 

[OCD]

josie869,

I still need to see the TDSSKiller logs you have. Post them when you can.

 

[josie869]

I have attached it because this site tells me it's too many characters to post.

 

[OCD]

Hi josie869,

Are you still experiencing Google redirects?
If so, which browsers are effected?
Is you Firefox homepage issue been resolved?

= = = = = = = = = = = = = = = = = = = =

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Firefox::
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={48F5F16B-5EE2-425F-A22C-591CAC411205}&mid=2a62154e21694dc8aba5305666c3b128-7ebb7c7288368040367e0b9b33cae994739ffb45&lang=en&ds=hk018&pr=sa&d=2013-03-28 18:41&v=15.0.0.2&pid=safeguard&sg=1&sap=hp

Folder::
c:\programdata\AVG SafeGuard toolbar

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, please post the C:\ComboFix.txt for further review.

In your next post please provide the following:

• Answers to the questions above
• ComboFix.txt
• Any remaining issues?

 

[josie869]

I have disabled mcafee, malware and spybot , combofix is saying spybot is still running.


can I uninstall spybot?

 

[OCD]

Hi josie869,

Try this to disable Spybot S & D, you shouldn't need to uninstall it.

Disable Spybot Search & Destroy (temporarily)

• Launch Spybot S & D
• Select Mode it the top menu bar, select Advanced
• Select the Tools sub menu on the left
• Select the Resident from the left hand menu
• Remove the check marks from both options in the right hand menu under "Resident Protection Status"
• Exit Spybot

Then retry the ComboFix step and post the results.

 

[josie869]

i don't have a mode option
I have version 2.0.12.126
I have unchecked all spybot references in the start up tools

 

[OCD]

Hi josie869,

Just go ahead and uninstall Spybot and we'll reinstall it after we get the computer clean.

Then run the ComboFix step I outlined previously and post the results when they are available and an update on the Google redirection issues.

 

[josie869]

here's the log
ComboFix 13-03-31.01 - Kathy 03/31/2013 20:47:45.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6050.4245 [GMT -4:00]
Running from: c:\users\Kathy\Desktop\ComboFix.exe
Command switches used :: c:\users\Kathy\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AVG SafeGuard toolbar
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\chrome.manifest
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\chrome\avg.jar
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\components\avg-dnt-policy.js
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\components\toolbarhomeApi.js
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\icon.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\install.rdf
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\locale\en-US\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\locale\en-US\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\avg-dnt-adapter.js
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\avg.xml
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\avgJsm.js
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\Bindings.xml
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\configuration.js
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\configuration_0.css
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\configuration_0.xul
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\HistoryCleaner.js
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\IOJsm.js
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\af\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\af\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\cs\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\cs\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\da\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\da\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\de\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\de\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\el\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\el\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\en\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\en\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\es-es\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\es-es\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\es\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\es\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\fi\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\fi\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\fr\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\fr\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\hi\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\hi\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\hu\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\hu\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\id\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\id\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\it\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\it\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\ja\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\ja\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\ko\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\ko\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\ms\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\ms\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\nb\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\nb\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\nl\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\nl\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\pl\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\pl\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\pt-br\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\pt-br\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\pt\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\pt\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\ro\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\ro\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\ru\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\ru\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\sk\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\sk\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\sr\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\sr\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\sv\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\sv\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\th\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\th\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\tr\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\tr\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\zh-cn\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\zh-cn\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\zh-tw\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\zh-tw\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\Preferences.js
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\propertiesJsm.js
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\about.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\active-threats18.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\ajax-loader.gif
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\CleanHistory.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\close.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\current.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\currently-safe18.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\dnt.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\EULA.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\Facebook.gif
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\feedback.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\feedicon.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\help.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\icon_search.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\icon18.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\information-24.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\labs.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\loader.gif
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\performanceIcon.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\privacy.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\questionmarkIcon.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\search.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\surf-with-caution18.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\uninstall.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\updating18.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\window-close.png
.
.
((((((((((((((((((((((((( Files Created from 2013-03-01 to 2013-04-01 )))))))))))))))))))))))))))))))
.
.
2013-04-01 00:57 . 2013-04-01 00:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-30 23:29 . 2013-03-30 23:29 -------- d-----w- C:\TDSSKiller_Quarantine
2013-03-30 02:18 . 2013-03-30 02:18 121 ----a-w- c:\windows\DeleteOnReboot.bat
2013-03-28 22:42 . 2013-03-28 22:42 -------- d-----w- c:\users\Kathy\AppData\Local\WinZip
2013-03-28 22:42 . 2013-03-28 22:42 -------- d-----w- c:\programdata\WinZip
2013-03-28 22:42 . 2013-03-28 22:42 -------- d-----w- c:\program files\WinZip
2013-03-28 22:41 . 2013-03-28 22:41 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-03-28 22:24 . 2013-03-28 22:25 -------- d-----w- c:\program files (x86)\ERUNT
2013-03-26 23:23 . 2013-03-26 23:23 -------- d-----w- c:\users\Kathy\AppData\Roaming\Malwarebytes
2013-03-26 23:22 . 2013-03-26 23:22 -------- d-----w- c:\programdata\Malwarebytes
2013-03-26 23:22 . 2013-03-26 23:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-26 23:22 . 2012-12-14 20:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-26 00:30 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-25 23:25 . 2013-03-30 23:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-03-25 23:25 . 2013-04-01 00:44 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-03-25 23:23 . 2013-03-25 23:23 -------- d-----w- c:\users\Kathy\AppData\Local\Programs
2013-03-24 15:12 . 2013-03-24 15:12 -------- d-----w- c:\programdata\SugarGames
2013-03-16 14:42 . 2013-03-19 11:00 -------- d-----w- c:\users\Kathy\AppData\Local\Sonic
2013-03-16 00:31 . 2013-02-02 06:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-03-16 00:31 . 2013-02-02 03:23 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-03-16 00:28 . 2013-03-16 00:29 -------- d-----w- c:\program files (x86)\Dell Digital Delivery
2013-03-13 14:43 . 2013-03-13 14:43 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-13 14:43 . 2013-03-13 14:43 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-13 10:42 . 2013-03-13 10:43 -------- d-----w- C:\23486ff927f0f78691e0d6a5
2013-03-05 02:40 . 2013-03-05 02:40 -------- d-----w- c:\programdata\Meridian93
2013-03-03 15:08 . 2013-03-03 15:08 -------- d-----w- c:\users\Kathy\AppData\Roaming\Alawar
2013-03-02 21:58 . 2013-03-02 22:00 -------- d-----w- c:\users\Kathy\AppData\Roaming\Brunhilda_bfg
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 02:41 . 2012-04-03 17:15 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 02:41 . 2011-12-09 06:01 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-19 18:59 . 2011-03-13 17:20 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-02-19 18:56 . 2011-03-13 17:20 340216 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-02-19 18:56 . 2011-12-09 06:46 182752 ----a-w- c:\windows\system32\mfevtps.exe
2013-02-19 18:55 . 2011-12-09 06:46 10728 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2013-02-19 18:55 . 2011-03-13 17:20 106552 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2013-02-19 18:54 . 2011-03-13 17:20 771536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-02-19 18:53 . 2011-03-13 17:20 515968 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-02-19 18:53 . 2011-03-13 17:20 309840 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-02-19 18:52 . 2011-03-13 17:20 179280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-02-13 12:22 . 2012-02-21 20:46 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-02-12 05:45 . 2013-03-13 09:57 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 09:57 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 09:57 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 09:57 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 09:57 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 09:57 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-13 21:17 . 2013-02-27 12:06 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-27 12:06 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-27 12:06 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-27 12:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 12:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 12:06 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 12:06 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 12:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 12:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 12:06 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 12:06 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 12:06 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-27 12:06 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-27 12:06 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-27 12:06 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-27 12:06 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-27 12:06 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-27 12:06 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-27 12:06 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-27 12:06 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-27 12:06 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-27 12:06 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-27 12:06 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-27 12:06 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-27 12:06 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-27 12:06 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-27 12:06 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-27 12:06 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-27 12:06 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-27 12:06 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-27 12:06 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-27 12:06 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-27 12:06 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-27 12:06 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-27 12:06 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-27 12:06 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-27 12:06 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-27 12:06 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-27 12:06 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-27 12:06 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-27 12:06 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32 . 2013-02-27 12:06 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-13 18:09 . 2013-02-27 12:06 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-27 12:06 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05 . 2013-02-27 12:06 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-01-05 05:53 . 2013-02-13 11:21 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 11:21 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 11:21 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11 . 2013-02-27 12:06 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11 . 2013-02-27 12:06 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-01-04 05:46 . 2013-02-13 11:20 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 11:20 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 11:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 11:20 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 11:20 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 11:20 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 11:20 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 11:20 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 11:20 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 11:20 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-14 1534504]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
.
c:\users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk.disabled [2013-3-28 1106]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk.disabled [2013-2-10 2048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
.
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-05-19 995392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-05-19 1335360]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-06-21 34200]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-27 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-03-28 39768]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-05-19 921664]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-10-09 187912]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 182752]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-05-19 51712]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-05-19 53248]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 282624]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-20 59904]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-06-21 25496]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys [2011-07-20 136000]
S3 tixhci;TI XHCI Service;c:\windows\system32\DRIVERS\tixhci.sys [2011-07-20 406336]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 02:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
FF - ProfilePath - c:\users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\187hsxeh.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-03-16 15:26; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-AVG SafeGuard toolbar - c:\program files (x86)\AVG SafeGuard toolbar\UNINSTALL.exe
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-31 21:00:02
ComboFix-quarantined-files.txt 2013-04-01 01:00
ComboFix2.txt 2013-03-31 16:34
ComboFix3.txt 2013-03-31 00:12
.
Pre-Run: 425,579,335,680 bytes free
Post-Run: 425,357,725,696 bytes free
.
- - End Of File - - 453D06629B822E8143553354DF108663

 

[josie869]

ok , when I rebooted, I got these errors ( see attached images)
and google is still getting hijacked when I click on the google results

first try smartresult.com
same with the next two tries

 

[OCD]

Hi josie869,

Please flush the cache from all browsers that are experiencing the redirections.

= = = = = = = = = = = = = = = = = = = =

Delete cache and other browser data in Chrome

• Click the Chrome menu
  
  on the browser toolbar.
• Select Tools.
• Select Clear browsing data.
• In the dialogue that appears, select the highlighted check-boxes for the types of information that you want to remove.
  • Clear browsing history
  • Clear download history
  • Empty the cache
  • Delete cookies and other site and plug-in data
  • Clear saved passwords
  • Clear saved Autofill form data
  • Clear data from hosted apps
  • Deauthorize content licenses
• Use the menu at the top to select the amount of data that you want to delete. Select beginning of time to delete everything.
• Click Clear browsing data.

- - - - - Next - - - - -

Flush the Internet Explorer Cache

• In Internet Explorer, click Tools
• Select Internet Options
• Now on the General tab and click Delete Files and select Delete all Offline content too
• Click OK.
• When it finishes Click OK.

- - - - - Next - - - - -

Flush the FireFox Cache
(these directions are specific to Firefox 19, if you have a different version the exact steps might be slightly different)

• In Firefox, Options
• Select Options
• Select Privacy tab
• Find the section that reads: You might want to clear your recent history or remove individual cookies
• Select clear your recent history
• Click the Details drop-down arrow
• Make sure a check mark is placed in the following boxes:
  
  • Cookies
  • Cache
• Next select the Time Range to Clear drop-down menu
• Select Everything (this will only delete all the cookies and cache, and will save the other items not selected)
• Click Clear Now

- - - - - Next - - - - -

Run OTL.exe
Windows Vista and Windows 7 users Right Click and select "Run as Administrator"

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [createrestorepoint]
  [emptyflash]
  [emptyjava]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done

- - - - - Next - - - - -

REBOOT

- - - - - Next - - - - -

Run a fresh OTL scan ( don't check the boxes beside LOP Check or Purity this time )

- - - - - Next - - - - -

Please download Malwarebytes' Anti-Malware to your desktop.

• Right click and select "Run as Administrator" mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan as shown below.
  
  
  
  
  
  
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure nothing is checked, and click Save Log.
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

- - - - - Next - - - - -

Please run Eset Online Scanner

Administrator rights are required to run ESET Online Scanner

• Place a check mark in the box YES, I accept the Terms Of Use
• Click the Start button.
• Now click the Install button.
• Click Start. The scanner engine will initialize and update.
• Do Not place a check mark in the box beside Remove found threats.
• Click the Scan button. The scan will now run, please be patient.
• When the scan finishes click the Details tab.
• Copy and paste the contents of the C:\Program Files\ESET\log.txt into your next reply.

In your next post please provide the following:

• OTL.txt
• MBAM log
• ESET's log.txt
• Any change with the Google redirects?

 

[josie869]

otl scn too long to post - I have attached it


Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.31.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kathy :: KATHY-PC-LAPTOP [administrator]

Protection: Enabled

4/1/2013 7:46:07 PM
mbam-log-2013-04-01 (19-46-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214863
Time elapsed: 2 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[josie869]

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK


it said it had no infections, but my browser is still getting hijacked

first it goes to livesearch and then to here
http://63.209.69.107/search/web/revolution/C10/ecn/46938-s70005/v5

 

[OCD]

Hi josie869,

Run OTL.exe
Windows Vista and Windows 7 users Right Click and select "Run as Administrator"

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  :OTL
  FF - prefs.js..extensions.enabledAddons: xzxpbckclf%40xzxpbckclf.org:2.5
  [1642/01/02 12:33:50 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\187hsxeh.default\extensions\xzxpbckclf@xzxpbckclf.org.xpi
  
  :Files
  C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\187hsxeh.default\extensions\xzxpbckclf@xzxpbckclf.org.xpi
  C:\windows\svchost.exe
  
  :Commands
  [purity]
  [createrestorepoint]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

- - - - - Next - - - - -

Reset Firefox to its default state

1. At the top of the Firefox window, click the Firefox button, go over to the Help sub-menu
   (on Windows XP, click the Help menu at the top of the Firefox window) and select Troubleshooting Information.
   
   
   
   
   
2. Click the Reset Firefox button in the upper-right corner of the Troubleshooting Information page.
   
   
   
   
   
3. To continue, click Reset Firefox in the confirmation window that opens.
4. Firefox will close and be reset. When it's done, a window will list the information that was imported. Click Finish and Firefox will open.

In your next post please provide the following:

• OTL.txt
• Status of Google redirects
• If still being redirected, which browser does it occur in?

 

[josie869]

that seems to have worked
I have attached the otl file
I will keep an eye on it over the next day or 2 and will let you know how it goes.
Is there a reason you asked me to remove pogo games in the beginning? Do you think that's where this problem came from?
Thank you so much for your help!!

 

[josie869]

oh wait - I'm still getting these 2 errors when I reboot - see attached images
I'm going to get rid of mcafee and switch to norton - I have norton on my computer ( the one with the issues was my mother's) - not sure if that makes a difference with one of those errors

 

[OCD]

Hi josie869,

Now although we seem to have gotten the redirects taken care of we still have some clean-up steps to take before we are done. I will keep the thread open for a few days, please check back after you have tested the system to be sure all is well.

Is there a reason you asked me to remove pogo games in the beginning?

Pogo Games is classified as a "PUP" (Potentially Unwanted Program).

A PUP (Potentially Unwanted Program) is a program that may be unwanted, despite the possibility that users consented to download it. PUPs include spyware, adware, and dialers, and are often downloaded in conjunction with a program that the user wants.

The term was created by McAfee, the Internet Security company, because marketing firms objected to having their products called "spyware": in the view of such firms, all the information necessary for informed consent is included in the download agreement. It is widely recognized, however, that many if not most users fail to read a download agreement in sufficient detail to understand exactly what they are downloading.

McAfee differentiates PUPs from other types of malware, such as viruses, Trojans, and worms, which can be safely assumed to be unwanted by the user.

= = = = = = = = = = = = = = = = = = = =

To clear up the error messages you have been receiving on start up, unfortunately the only solution I can offer is to uninstall the program, reboot and then reinstall the program.

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

• ERUNT
• McAfee Security Scan Plus

REBOOT

Then reinstall

 

[josie869]

I uninstalled both but only reinstalled erunt
got several erros - see attached . i got 3 more after these