Browser REDIRECT Help

suicidecharley

suicidecharley

New Member
Thread author
Jun 3, 2013
2
[attachment=4721]
A couple of days ago my wife told me the PC was redirecting our browser. When a url is entered in the browser it redirects to the attached page. Name of url still remains in the browser (in this example its google.com) Everything seems to work fine if I use links, but that's the only way I can get to any sites. Please direct me to how I can fix this. I've run avast, disc cleanup and tdsskiller and it has not worked.
 

Attachments

  • snap shot.png
    snap shot.png
    442.6 KB · Views: 112
Jack

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Hello Charley, and Welcome to the malwaretips.com forums!

I'm Jack and I am going to try to assist you with your problem. Please take note of the below:
  • I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
STEP 1: Reset the Windows Hosts file back to its default settings
This trojan has modified your Hosts file, so that you'll be redirected to those survey websites. To reset the Hosts file back to its default settings, we will run Microsoft Fix it 50267.
  1. Download Microsoft Fix it 50267 from the below link.
    MICROSOFT FIX IT 50267 DOWNLOAD LINK (This link will automatically download Microsoft Fix it 50267 on your computer)
  2. Double click on MicrosoftFixit50267, then follow the prompts to reset your Windows Hosts file.
    reset-hosts-file.jpg


STEP 2 : Run a scan with Combofix
Please read and follow very carefully the below instructions
 
Download ComboFix from one of the following locations: 

COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop  
<ul>
<li>Close any open browsers.</li>
<li><>Very Important!</> Temporarily <>disable</> your <>anti-virus</>, <>script blocking</> and any <>anti-malware</> real-time protection <em><>before</></em>performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause <em>"unpredictable results"</em>.</li>
<li><>WARNING: Combofix will disconnect your machine from the Internet as soon as it starts</></li>
<li>Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.</li>
</ul>

How to run the Combofix scan :
  1. Double click on ComboFix.exe & follow the prompts.
  2. Accept the disclaimer and allow to update if it asks
  3. Combofix will now start scanning your computer.
  4. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Additional notes:
<ol><li> DO NOT mouse-click Combofix's window while it is running. That may cause it to stall.</li>
<li>DO NOT "re-run" Combofix. If you have a problem, reply back for further instructions.</li>
<li>IF after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.</li></ol>


<hr />
What's next?

Please post in your next reply:
1.Combofix log
2.Let me know if you had any problems with the above instructions and also <>let me know how things are running now!</>
 
Last edited:
suicidecharley

suicidecharley

New Member
Thread author
Jun 3, 2013
2
Please post in your next reply:
1.Combofix log
ComboFix 13-06-03.06 - Tim 06/05/2013 8:10.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6049.4155 [GMT -7:00]
Running from: c:\users\Tim\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AMMYY
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\hr3
c:\programdata\AMMYY\settings3.bin
c:\programdata\PCDr\6261\AddOnDownloaded\1b0b3c38-2b97-4f8d-954b-06296209b73d.dll
c:\programdata\PCDr\6261\AddOnDownloaded\1e512ef2-01fb-49fb-b09b-71de0eac4612.dll
c:\programdata\PCDr\6261\AddOnDownloaded\27ada864-54d8-46c9-a6e3-8334fa39b525.dll
c:\programdata\PCDr\6261\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll
c:\programdata\PCDr\6261\AddOnDownloaded\3e0b29b2-9809-4050-abfc-ef8aff73ceab.dll
c:\programdata\PCDr\6261\AddOnDownloaded\5f2ce3e8-3c56-40bb-86d6-a1a41867000b.dll
c:\programdata\PCDr\6261\AddOnDownloaded\b69d9551-76e9-4872-95f8-075916f82d74.dll
c:\users\Public\AlexaNSISPlugin.197224.dll
c:\users\Public\sdelevURL.tmp
c:\users\Tim\AppData\Local\common_functions.dll
c:\users\Tim\AppData\Local\ie_runner_app.exe
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\Lagoon.resources.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-05-05 to 2013-06-05 )))))))))))))))))))))))))))))))
.
.
2013-06-05 15:17 . 2013-06-05 15:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-06-05 15:17 . 2013-06-05 15:17 -------- d-----w- c:\users\Leatherneck\AppData\Local\temp
2013-06-05 15:17 . 2013-06-05 15:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-05 14:45 . 2013-06-05 14:45 -------- d-s---w- c:\windows\SysWow64\Microsoft
2013-06-04 04:24 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-06-04 04:23 . 2013-06-04 04:23 -------- d-----w- c:\program files\AVAST Software
2013-06-04 04:22 . 2013-06-05 14:51 -------- d-----w- c:\programdata\AVAST Software
2013-06-03 17:43 . 2013-06-03 17:43 -------- d-----w- c:\users\Tim\AppData\Local\Mozilla
2013-06-03 17:10 . 2012-06-26 10:59 940544 ----a-w- c:\users\Tim\AppData\Local\log4cxx.dll
2013-06-03 17:06 . 2013-06-03 17:06 -------- d-----w- c:\programdata\boost_interprocess
2013-06-02 17:00 . 2013-06-02 17:00 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-06-02 16:58 . 2005-12-06 01:09 3815120 ----a-w- c:\windows\system32\d3dx9_28.dll
2013-06-02 16:58 . 2005-07-23 02:59 3807440 ----a-w- c:\windows\system32\d3dx9_27.dll
2013-06-02 16:58 . 2005-05-26 22:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll
2013-06-02 16:58 . 2005-05-26 22:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll
2013-06-02 16:58 . 2005-03-19 00:19 3823312 ----a-w- c:\windows\system32\d3dx9_25.dll
2013-06-02 16:58 . 2005-02-06 02:45 3544272 ----a-w- c:\windows\system32\d3dx9_24.dll
2013-06-02 16:09 . 2013-06-02 16:09 -------- d-----w- c:\users\Tim\AppData\Local\emaze
2013-06-02 07:06 . 2013-06-03 17:06 -------- d-----w- C:\AI_RecycleBin
2013-05-31 05:06 . 2013-05-31 05:06 -------- d-----w- c:\users\Tim\AppData\Roaming\redsn0w
2013-05-27 20:26 . 2013-06-05 15:06 -------- d-----w- c:\users\Tim\AppData\Roaming\WebCake
2013-05-27 20:26 . 2013-05-27 20:26 -------- d-----w- c:\program files (x86)\WebCake
2013-05-27 03:08 . 2009-09-30 03:57 758018 ----a-w- c:\windows\SysWow64\xvidcore.dll
2013-05-27 03:08 . 2008-12-05 04:46 180224 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2013-05-27 03:08 . 2008-10-08 17:16 139264 ----a-w- c:\windows\SysWow64\xvid.ax
2013-05-26 23:29 . 2013-05-26 23:29 -------- d-----w- c:\programdata\StarApp
2013-05-24 23:48 . 2013-06-04 04:27 -------- d-----w- c:\program files (x86)\Google
2013-05-24 21:51 . 2013-05-24 21:51 -------- d-----w- c:\users\Tim\AppData\Local\FreemakeVideoConverter
2013-05-24 21:50 . 2013-06-03 17:13 -------- d-----w- c:\programdata\Freemake
2013-05-24 21:50 . 2013-06-03 17:13 -------- d-----w- c:\program files (x86)\Freemake
2013-05-24 21:50 . 2013-05-24 21:50 -------- d-----w- c:\users\Tim\AppData\Roaming\OpenCandy
2013-05-22 19:24 . 2013-05-22 19:24 -------- d-----w- c:\programdata\PC-Doctor for Windows
2013-05-22 19:24 . 2013-06-05 05:08 -------- d-----w- c:\program files\My Dell
2013-05-21 04:47 . 2013-05-21 04:47 -------- d-----w- c:\users\Tim\AppData\Roaming\HandBrake
2013-05-20 19:06 . 2013-06-03 17:44 -------- d-----w- c:\users\Tim\AppData\Roaming\player
2013-05-20 19:04 . 2013-05-20 19:04 -------- d-----w- c:\program files (x86)\Coupons
2013-05-20 07:06 . 2013-05-21 14:30 -------- d-----w- c:\users\Tim\AppData\Local\DownloadTerms
2013-05-20 06:27 . 2013-06-03 17:46 -------- d-----w- c:\program files (x86)\MyPC Backup
2013-05-20 06:26 . 2013-05-21 14:32 -------- d-----w- c:\users\Tim\AppData\Local\RapidFinda
2013-05-20 05:47 . 2013-05-20 05:47 -------- d-----w- c:\programdata\KingsIsle Entertainment
2013-05-20 04:53 . 2013-06-03 07:48 -------- d-----w- c:\users\Tim\AppData\Roaming\.minecraft
2013-05-19 22:46 . 2013-05-19 22:46 -------- d-----w- c:\users\Tim\AppData\Local\Reflection
2013-05-19 22:46 . 2013-05-19 22:46 -------- d-----w- c:\programdata\Reflection
2013-05-19 20:50 . 2013-05-19 20:50 -------- d-----w- c:\program files (x86)\Conduit
2013-05-19 20:50 . 2013-06-03 17:12 -------- d-----w- c:\users\Tim\AppData\Local\Conduit
2013-05-19 20:48 . 2013-05-19 20:48 -------- d-----w- c:\users\Tim\AppData\Roaming\SearchProtect
2013-05-19 20:48 . 2013-06-02 16:10 -------- d-----w- c:\users\Tim\AppData\Local\CRE
2013-05-19 08:30 . 2013-05-19 08:30 -------- d-----w- c:\users\Tim\AppData\Local\Macroplant_LLC
2013-05-19 08:29 . 2013-05-19 08:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2013-05-19 08:29 . 2013-05-19 08:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2013-05-19 08:29 . 2013-05-19 08:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-19 08:29 . 2013-05-19 08:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-19 08:29 . 2013-05-19 08:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-19 08:29 . 2013-05-19 08:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-19 08:29 . 2013-05-19 08:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-05-19 08:29 . 2013-05-19 08:29 -------- d-----w- c:\program files (x86)\QuickTime
2013-05-19 08:29 . 2012-04-09 23:27 223760 ----a-w- c:\windows\SysWow64\CbFsNetRdr3.dll
2013-05-19 08:29 . 2012-04-09 23:27 190480 ----a-w- c:\windows\system32\CbFsMntNtf3.dll
2013-05-19 08:29 . 2012-04-09 23:27 158224 ----a-w- c:\windows\SysWow64\CbFsMntNtf3.dll
2013-05-19 08:29 . 2012-04-09 23:27 141328 ----a-w- c:\windows\system32\CbFsNetRdr3.dll
2013-05-19 08:28 . 2012-04-09 23:27 352144 ----a-w- c:\windows\system32\drivers\cbfs3.sys
2013-05-19 08:28 . 2013-06-03 17:45 -------- d-----w- c:\program files (x86)\iExplorer
2013-05-19 06:57 . 2013-05-19 06:57 -------- d-----w- c:\users\Tim\AppData\Local\Programs
2013-05-19 06:44 . 2013-05-19 06:44 -------- d-----w- c:\program files (x86)\Microsoft Expression
2013-05-19 05:54 . 2013-05-19 05:54 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-19 05:54 . 2013-04-04 12:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-18 03:26 . 2013-05-26 23:29 -------- d-----w- c:\programdata\InstallMate
2013-05-16 19:54 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-12 06:06 . 2009-09-05 00:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2013-05-12 06:06 . 2009-09-05 00:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2013-05-12 06:06 . 2009-09-05 00:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2013-05-12 06:06 . 2009-09-05 00:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-05-12 06:05 . 2006-11-29 20:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-05-10 18:56 . 2013-05-10 19:26 -------- d-----w- c:\users\Leatherneck\AppData\Roaming\PCFixSpeed
2013-05-10 18:55 . 2013-05-10 18:55 -------- d-----w- c:\users\Leatherneck\AppData\Roaming\24x7 Help
2013-05-08 23:06 . 2013-05-08 23:06 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-08 23:06 . 2013-05-08 23:06 -------- d-----w- c:\program files\iTunes
2013-05-08 23:06 . 2013-05-08 23:06 -------- d-----w- c:\program files (x86)\iTunes
2013-05-08 23:06 . 2013-05-08 23:06 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-17 14:41 . 2010-06-24 17:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-17 10:10 . 2012-03-18 16:27 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-16 21:12 . 2012-10-10 01:11 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-16 21:12 . 2012-01-15 01:13 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-01 00:43 . 2013-05-01 00:43 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-01 00:43 . 2013-05-01 00:43 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-01 00:43 . 2013-05-01 00:43 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-01 00:43 . 2013-05-01 00:43 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-01 00:43 . 2013-05-01 00:43 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-01 00:43 . 2013-05-01 00:43 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-01 00:43 . 2013-05-01 00:43 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-01 00:43 . 2013-05-01 00:43 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-01 00:43 . 2013-05-01 00:43 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-01 00:43 . 2013-05-01 00:43 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-01 00:43 . 2013-05-01 00:43 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-01 00:43 . 2013-05-01 00:43 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-01 00:43 . 2013-05-01 00:43 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-01 00:43 . 2013-05-01 00:43 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-01 00:43 . 2013-05-01 00:43 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-01 00:43 . 2013-05-01 00:43 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-01 00:43 . 2013-05-01 00:43 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-01 00:43 . 2013-05-01 00:43 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-01 00:43 . 2013-05-01 00:43 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-01 00:43 . 2013-05-01 00:43 441856 ----a-w- c:\windows\system32\html.iec
2013-05-01 00:43 . 2013-05-01 00:43 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-01 00:43 . 2013-05-01 00:43 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-01 00:43 . 2013-05-01 00:43 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-01 00:43 . 2013-05-01 00:43 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-01 00:43 . 2013-05-01 00:43 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-01 00:43 . 2013-05-01 00:43 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-01 00:43 . 2013-05-01 00:43 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-01 00:43 . 2013-05-01 00:43 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-01 00:43 . 2013-05-01 00:43 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-01 00:43 . 2013-05-01 00:43 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-01 00:43 . 2013-05-01 00:43 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-01 00:43 . 2013-05-01 00:43 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-01 00:43 . 2013-05-01 00:43 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-01 00:43 . 2013-05-01 00:43 235008 ----a-w- c:\windows\system32\url.dll
2013-05-01 00:43 . 2013-05-01 00:43 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-01 00:43 . 2013-05-01 00:43 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-01 00:43 . 2013-05-01 00:43 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-01 00:43 . 2013-05-01 00:43 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-01 00:43 . 2013-05-01 00:43 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-01 00:43 . 2013-05-01 00:43 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-01 00:43 . 2013-05-01 00:43 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-01 00:43 . 2013-05-01 00:43 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-01 00:43 . 2013-05-01 00:43 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-01 00:43 . 2013-05-01 00:43 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-01 00:43 . 2013-05-01 00:43 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-01 00:43 . 2013-05-01 00:43 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-01 00:43 . 2013-05-01 00:43 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-01 00:43 . 2013-05-01 00:43 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-01 00:43 . 2013-05-01 00:43 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-24 19:28 . 2013-04-24 19:28 42184 ----a-w- c:\windows\system32\drivers\taphss6.sys
2013-04-24 19:18 . 2013-04-24 19:18 46792 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-04-13 05:49 . 2013-05-16 19:54 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 19:54 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 19:54 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 19:54 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 19:54 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 19:54 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 17:03 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-19 06:04 . 2013-04-11 02:22 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-11 02:22 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-11 02:22 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-11 02:22 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-11 02:22 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-11 02:22 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-16 13:47 . 2012-12-29 22:04 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-16 13:47 . 2012-01-15 01:30 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-12 03:35 . 2013-03-12 03:35 0 ----a-w- c:\windows\SysWow64\sho775E.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}]
2013-05-24 18:58 197912 ----a-w- c:\program files (x86)\WebCake\WebCakeIEClient.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 23:27 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebCake Desktop"="c:\users\Tim\AppData\Roaming\WebCake\WebCakeDesktop.exe" [2013-05-24 47896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DELLOSD"="c:\program files (x86)\DELL\DELLOSD\FastUserSwitching.exe" [2010-12-06 49152]
"Chicony_OSD"="c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe" [2011-01-13 53248]
"StickyNotesWidget"="c:\program files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe" [2011-03-18 666344]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2011-08-04 4165440]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-05-10 37960]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2012-02-15 96240]
"SMessaging"="c:\users\Tim\AppData\Local\Strongvault Online Backup\SMessaging.exe" [2012-04-05 31664]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-10 1073312]
"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2012-11-05 377800]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2012-02-15 00:26 153584 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0aswBoot.exe /A:* /L:1033 /heur:80 /RA:ask /pup /archives /IA:0 /KBD:5 /wow /dir:C:\Program
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Dell WMI Service;Dell WMI Service;c:\program files (x86)\DELL\DELLOSD\DellOSDService.exe;c:\program files (x86)\DELL\DELLOSD\DellOSDService.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys;c:\windows\SYSNATIVE\DRIVERS\facap.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [x]
S2 IBUpdaterService;Updater Service;c:\programdata\IBUpdaterService\ibsvc.exe;c:\programdata\IBUpdaterService\ibsvc.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 OSDSvc;ChiconyOSDService;c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe;c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files (x86)\WebCake\WebCakeDesktop.Updater.exe;c:\program files (x86)\WebCake\WebCakeDesktop.Updater.exe [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\DRIVERS\cbfs3.sys;c:\windows\SYSNATIVE\DRIVERS\cbfs3.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-10 21:12]
.
2013-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-24 23:48]
.
2013-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-24 23:48]
.
2013-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-501560442-661217399-2051705123-1001Core.job
- c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-12 16:24]
.
2013-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-501560442-661217399-2051705123-1001UA.job
- c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-12 16:24]
.
2013-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-501560442-661217399-2051705123-1005Core.job
- c:\users\Leatherneck\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-27 16:06]
.
2013-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-501560442-661217399-2051705123-1005UA.job
- c:\users\Leatherneck\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-27 16:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 23:27 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-05-25 7214696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-22 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-22 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-22 416024]
"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-03-31 617120]
"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-03-31 379552]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-08-09 2034752]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com
mStart Page = hxxp://search.coupons.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.164.3.230
DPF: {8F2EACD9-51A6-4915-B9AD-2AA8657CB472} - hxxps://webpostage.stamps.com/webpostage/plugin/SdcWebClientServices.cab
FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\t83d22td.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - ExtSQL: 2013-06-03 21:24; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-FAStartup - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
AddRemove-SPSDesignBase - c:\program files (x86)\Corel\DesignBase Assets\DesignBase-uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-501560442-661217399-2051705123-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):e8,17,de,40,20,c0,c6,a3,ae,03,eb,b2,88,35,31,29,eb,19,86,98,6d,
61,e2,8f,a0,62,55,b0,aa,27,58,8c,8c,fb,fb,dd,78,69,9e,86,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-501560442-661217399-2051705123-1001_Classes\Wow6432Node\CLSID\{cc32bd8d-53df-447d-9c7d-e25eadb8e3b7}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000059
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,46,e5,2c,02,46,78,24,c3,34,63,5d,e4,47,19,88,c3,07,f1,b8,aa,23,75,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-05 08:19:01
ComboFix-quarantined-files.txt 2013-06-05 15:19
.
Pre-Run: 849,933,660,160 bytes free
Post-Run: 850,534,305,792 bytes free
.
- - End Of File - - 6E71662F280FE003AC036475972CDA65

2.Let me know if you had any problems with the above instructions and also <>let me know how things are running now!</>[/size]
[/quote]

PEACHY KEEN!!! Where do I donate the hundreds of dollars I was going to pay someone to fix my machine??!!! AWESOMENESS
 
Last edited by a moderator:

Similar threads

bigeljacko
    • Like
  • Locked
Chromstera
Replies
5
Views
459
Windows Malware Removal Help & Support
nasdaq
nasdaq
D
  • Locked
Solved Help in removing HaastsEagle browser extension
Replies
11
Views
654
Windows Malware Removal Help & Support
icotonev
icotonev
9
  • Locked
Chrome browser malware
Replies
1
Views
385
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top