Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Browser REDIRECT Help
Message
<blockquote data-quote="suicidecharley" data-source="post: 123595" data-attributes="member: 8725"><p>Please post in your next reply:</p><p>1.Combofix log</p><p>ComboFix 13-06-03.06 - Tim 06/05/2013 8:10.1.4 - x64</p><p>Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6049.4155 [GMT -7:00]</p><p>Running from: c:\users\Tim\Desktop\ComboFix.exe</p><p>SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>c:\programdata\AMMYY</p><p>c:\programdata\AMMYY\hr</p><p>c:\programdata\AMMYY\hr3</p><p>c:\programdata\AMMYY\settings3.bin</p><p>c:\programdata\PCDr\6261\AddOnDownloaded\1b0b3c38-2b97-4f8d-954b-06296209b73d.dll</p><p>c:\programdata\PCDr\6261\AddOnDownloaded\1e512ef2-01fb-49fb-b09b-71de0eac4612.dll</p><p>c:\programdata\PCDr\6261\AddOnDownloaded\27ada864-54d8-46c9-a6e3-8334fa39b525.dll</p><p>c:\programdata\PCDr\6261\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll</p><p>c:\programdata\PCDr\6261\AddOnDownloaded\3e0b29b2-9809-4050-abfc-ef8aff73ceab.dll</p><p>c:\programdata\PCDr\6261\AddOnDownloaded\5f2ce3e8-3c56-40bb-86d6-a1a41867000b.dll</p><p>c:\programdata\PCDr\6261\AddOnDownloaded\b69d9551-76e9-4872-95f8-075916f82d74.dll</p><p>c:\users\Public\AlexaNSISPlugin.197224.dll</p><p>c:\users\Public\sdelevURL.tmp</p><p>c:\users\Tim\AppData\Local\common_functions.dll</p><p>c:\users\Tim\AppData\Local\ie_runner_app.exe</p><p>c:\windows\SysWow64\pt</p><p>c:\windows\SysWow64\pt\Lagoon.resources.dll</p><p>.</p><p>.</p><p>((((((((((((((((((((((((( Files Created from 2013-05-05 to 2013-06-05 )))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>2013-06-05 15:17 . 2013-06-05 15:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp</p><p>2013-06-05 15:17 . 2013-06-05 15:17 -------- d-----w- c:\users\Leatherneck\AppData\Local\temp</p><p>2013-06-05 15:17 . 2013-06-05 15:17 -------- d-----w- c:\users\Default\AppData\Local\temp</p><p>2013-06-05 14:45 . 2013-06-05 14:45 -------- d-s---w- c:\windows\SysWow64\Microsoft</p><p>2013-06-04 04:24 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe</p><p>2013-06-04 04:23 . 2013-06-04 04:23 -------- d-----w- c:\program files\AVAST Software</p><p>2013-06-04 04:22 . 2013-06-05 14:51 -------- d-----w- c:\programdata\AVAST Software</p><p>2013-06-03 17:43 . 2013-06-03 17:43 -------- d-----w- c:\users\Tim\AppData\Local\Mozilla</p><p>2013-06-03 17:10 . 2012-06-26 10:59 940544 ----a-w- c:\users\Tim\AppData\Local\log4cxx.dll</p><p>2013-06-03 17:06 . 2013-06-03 17:06 -------- d-----w- c:\programdata\boost_interprocess</p><p>2013-06-02 17:00 . 2013-06-02 17:00 -------- d-----w- c:\program files (x86)\Common Files\Steam</p><p>2013-06-02 16:58 . 2005-12-06 01:09 3815120 ----a-w- c:\windows\system32\d3dx9_28.dll</p><p>2013-06-02 16:58 . 2005-07-23 02:59 3807440 ----a-w- c:\windows\system32\d3dx9_27.dll</p><p>2013-06-02 16:58 . 2005-05-26 22:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll</p><p>2013-06-02 16:58 . 2005-05-26 22:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll</p><p>2013-06-02 16:58 . 2005-03-19 00:19 3823312 ----a-w- c:\windows\system32\d3dx9_25.dll</p><p>2013-06-02 16:58 . 2005-02-06 02:45 3544272 ----a-w- c:\windows\system32\d3dx9_24.dll</p><p>2013-06-02 16:09 . 2013-06-02 16:09 -------- d-----w- c:\users\Tim\AppData\Local\emaze</p><p>2013-06-02 07:06 . 2013-06-03 17:06 -------- d-----w- C:\AI_RecycleBin</p><p>2013-05-31 05:06 . 2013-05-31 05:06 -------- d-----w- c:\users\Tim\AppData\Roaming\redsn0w</p><p>2013-05-27 20:26 . 2013-06-05 15:06 -------- d-----w- c:\users\Tim\AppData\Roaming\WebCake</p><p>2013-05-27 20:26 . 2013-05-27 20:26 -------- d-----w- c:\program files (x86)\WebCake</p><p>2013-05-27 03:08 . 2009-09-30 03:57 758018 ----a-w- c:\windows\SysWow64\xvidcore.dll</p><p>2013-05-27 03:08 . 2008-12-05 04:46 180224 ----a-w- c:\windows\SysWow64\xvidvfw.dll</p><p>2013-05-27 03:08 . 2008-10-08 17:16 139264 ----a-w- c:\windows\SysWow64\xvid.ax</p><p>2013-05-26 23:29 . 2013-05-26 23:29 -------- d-----w- c:\programdata\StarApp</p><p>2013-05-24 23:48 . 2013-06-04 04:27 -------- d-----w- c:\program files (x86)\Google</p><p>2013-05-24 21:51 . 2013-05-24 21:51 -------- d-----w- c:\users\Tim\AppData\Local\FreemakeVideoConverter</p><p>2013-05-24 21:50 . 2013-06-03 17:13 -------- d-----w- c:\programdata\Freemake</p><p>2013-05-24 21:50 . 2013-06-03 17:13 -------- d-----w- c:\program files (x86)\Freemake</p><p>2013-05-24 21:50 . 2013-05-24 21:50 -------- d-----w- c:\users\Tim\AppData\Roaming\OpenCandy</p><p>2013-05-22 19:24 . 2013-05-22 19:24 -------- d-----w- c:\programdata\PC-Doctor for Windows</p><p>2013-05-22 19:24 . 2013-06-05 05:08 -------- d-----w- c:\program files\My Dell</p><p>2013-05-21 04:47 . 2013-05-21 04:47 -------- d-----w- c:\users\Tim\AppData\Roaming\HandBrake</p><p>2013-05-20 19:06 . 2013-06-03 17:44 -------- d-----w- c:\users\Tim\AppData\Roaming\player</p><p>2013-05-20 19:04 . 2013-05-20 19:04 -------- d-----w- c:\program files (x86)\Coupons</p><p>2013-05-20 07:06 . 2013-05-21 14:30 -------- d-----w- c:\users\Tim\AppData\Local\DownloadTerms</p><p>2013-05-20 06:27 . 2013-06-03 17:46 -------- d-----w- c:\program files (x86)\MyPC Backup</p><p>2013-05-20 06:26 . 2013-05-21 14:32 -------- d-----w- c:\users\Tim\AppData\Local\RapidFinda</p><p>2013-05-20 05:47 . 2013-05-20 05:47 -------- d-----w- c:\programdata\KingsIsle Entertainment</p><p>2013-05-20 04:53 . 2013-06-03 07:48 -------- d-----w- c:\users\Tim\AppData\Roaming\.minecraft</p><p>2013-05-19 22:46 . 2013-05-19 22:46 -------- d-----w- c:\users\Tim\AppData\Local\Reflection</p><p>2013-05-19 22:46 . 2013-05-19 22:46 -------- d-----w- c:\programdata\Reflection</p><p>2013-05-19 20:50 . 2013-05-19 20:50 -------- d-----w- c:\program files (x86)\Conduit</p><p>2013-05-19 20:50 . 2013-06-03 17:12 -------- d-----w- c:\users\Tim\AppData\Local\Conduit</p><p>2013-05-19 20:48 . 2013-05-19 20:48 -------- d-----w- c:\users\Tim\AppData\Roaming\SearchProtect</p><p>2013-05-19 20:48 . 2013-06-02 16:10 -------- d-----w- c:\users\Tim\AppData\Local\CRE</p><p>2013-05-19 08:30 . 2013-05-19 08:30 -------- d-----w- c:\users\Tim\AppData\Local\Macroplant_LLC</p><p>2013-05-19 08:29 . 2013-05-19 08:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll</p><p>2013-05-19 08:29 . 2013-05-19 08:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll</p><p>2013-05-19 08:29 . 2013-05-19 08:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll</p><p>2013-05-19 08:29 . 2013-05-19 08:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll</p><p>2013-05-19 08:29 . 2013-05-19 08:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll</p><p>2013-05-19 08:29 . 2013-05-19 08:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll</p><p>2013-05-19 08:29 . 2013-05-19 08:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll</p><p>2013-05-19 08:29 . 2013-05-19 08:29 -------- d-----w- c:\program files (x86)\QuickTime</p><p>2013-05-19 08:29 . 2012-04-09 23:27 223760 ----a-w- c:\windows\SysWow64\CbFsNetRdr3.dll</p><p>2013-05-19 08:29 . 2012-04-09 23:27 190480 ----a-w- c:\windows\system32\CbFsMntNtf3.dll</p><p>2013-05-19 08:29 . 2012-04-09 23:27 158224 ----a-w- c:\windows\SysWow64\CbFsMntNtf3.dll</p><p>2013-05-19 08:29 . 2012-04-09 23:27 141328 ----a-w- c:\windows\system32\CbFsNetRdr3.dll</p><p>2013-05-19 08:28 . 2012-04-09 23:27 352144 ----a-w- c:\windows\system32\drivers\cbfs3.sys</p><p>2013-05-19 08:28 . 2013-06-03 17:45 -------- d-----w- c:\program files (x86)\iExplorer</p><p>2013-05-19 06:57 . 2013-05-19 06:57 -------- d-----w- c:\users\Tim\AppData\Local\Programs</p><p>2013-05-19 06:44 . 2013-05-19 06:44 -------- d-----w- c:\program files (x86)\Microsoft Expression</p><p>2013-05-19 05:54 . 2013-05-19 05:54 -------- d-----w- c:\program files (x86)\Common Files\Java</p><p>2013-05-19 05:54 . 2013-04-04 12:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll</p><p>2013-05-18 03:26 . 2013-05-26 23:29 -------- d-----w- c:\programdata\InstallMate</p><p>2013-05-16 19:54 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys</p><p>2013-05-12 06:06 . 2009-09-05 00:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll</p><p>2013-05-12 06:06 . 2009-09-05 00:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll</p><p>2013-05-12 06:06 . 2009-09-05 00:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll</p><p>2013-05-12 06:06 . 2009-09-05 00:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll</p><p>2013-05-12 06:05 . 2006-11-29 20:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll</p><p>2013-05-10 18:56 . 2013-05-10 19:26 -------- d-----w- c:\users\Leatherneck\AppData\Roaming\PCFixSpeed</p><p>2013-05-10 18:55 . 2013-05-10 18:55 -------- d-----w- c:\users\Leatherneck\AppData\Roaming\24x7 Help</p><p>2013-05-08 23:06 . 2013-05-08 23:06 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69</p><p>2013-05-08 23:06 . 2013-05-08 23:06 -------- d-----w- c:\program files\iTunes</p><p>2013-05-08 23:06 . 2013-05-08 23:06 -------- d-----w- c:\program files (x86)\iTunes</p><p>2013-05-08 23:06 . 2013-05-08 23:06 -------- d-----w- c:\program files\iPod</p><p>.</p><p>.</p><p>.</p><p>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>2013-05-17 14:41 . 2010-06-24 17:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll</p><p>2013-05-17 10:10 . 2012-03-18 16:27 75016696 ----a-w- c:\windows\system32\MRT.exe</p><p>2013-05-16 21:12 . 2012-10-10 01:11 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe</p><p>2013-05-16 21:12 . 2012-01-15 01:13 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl</p><p>2013-05-01 00:43 . 2013-05-01 00:43 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe</p><p>2013-05-01 00:43 . 2013-05-01 00:43 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll</p><p>2013-05-01 00:43 . 2013-05-01 00:43 523264 ----a-w- c:\windows\SysWow64\vbscript.dll</p><p>2013-05-01 00:43 . 2013-05-01 00:43 226304 ----a-w- c:\windows\system32\elshyph.dll</p><p>2013-05-01 00:43 . 2013-05-01 00:43 185344 ----a-w- c:\windows\SysWow64\elshyph.dll</p><p>2013-05-01 00:43 . 2013-05-01 00:43 158720 ----a-w- c:\windows\SysWow64\msls31.dll</p><p>2013-05-01 00:43 . 2013-05-01 00:43 150528 ----a-w- c:\windows\SysWow64\iexpress.exe</p><p>2013-05-01 00:43 . 2013-05-01 00:43 138752 ----a-w- c:\windows\SysWow64\wextract.exe</p><p>2013-05-01 00:43 . 2013-05-01 00:43 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe</p><p>2013-05-01 00:43 . 2013-05-01 00:43 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll</p><p>2013-05-01 00:43 . 2013-05-01 00:43 38400 ----a-w- c:\windows\SysWow64\imgutil.dll</p><p>2013-05-01 00:43 . 2013-05-01 00:43 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe</p><p>2013-05-01 00:43 . 2013-05-01 00:43 12800 ----a-w- c:\windows\SysWow64\mshta.exe</p><p>2013-05-01 00:43 . 2013-05-01 00:43 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll</p><p>2013-05-01 00:43 . 2013-05-01 00:43 61952 ----a-w- c:\windows\SysWow64\tdc.ocx</p><p>2013-05-01 00:43 . 2013-05-01 00:43 361984 ----a-w- c:\windows\SysWow64\html.iec</p><p>2013-05-01 00:43 . 2013-05-01 00:43 81408 ----a-w- c:\windows\system32\icardie.dll</p><p>2013-05-01 00:43 . 2013-05-01 00:43 762368 ----a-w- c:\windows\system32\ieapfltr.dll</p><p>2013-05-01 00:43 . 2013-05-01 00:43 452096 ----a-w- c:\windows\system32\dxtmsft.dll</p><p>2013-05-01 00:43 . 2013-05-01 00:43 441856 ----a-w- c:\windows\system32\html.iec</p><p>2013-05-01 00:43 . 2013-05-01 00:43 281600 ----a-w- c:\windows\system32\dxtrans.dll</p><p>2013-05-01 00:43 . 2013-05-01 00:43 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll</p><p>2013-05-01 00:43 . 2013-05-01 00:43 216064 ----a-w- c:\windows\system32\msls31.dll</p><p>2013-05-01 00:43 . 2013-05-01 00:43 197120 ----a-w- c:\windows\system32\msrating.dll</p><p>2013-05-01 00:43 . 2013-05-01 00:43 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl</p><p>2013-05-01 00:43 . 2013-05-01 00:43 1400416 ----a-w- c:\windows\system32\ieapfltr.dat</p><p>2013-05-01 00:43 . 2013-05-01 00:43 97280 ----a-w- c:\windows\system32\mshtmled.dll</p><p>2013-05-01 00:43 . 2013-05-01 00:43 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll</p><p>2013-05-01 00:43 . 2013-05-01 00:43 62976 ----a-w- c:\windows\system32\pngfilt.dll</p><p>2013-05-01 00:43 . 2013-05-01 00:43 599552 ----a-w- c:\windows\system32\vbscript.dll</p><p>2013-05-01 00:43 . 2013-05-01 00:43 27648 ----a-w- c:\windows\system32\licmgr10.dll</p><p>2013-05-01 00:43 . 2013-05-01 00:43 270848 ----a-w- c:\windows\system32\iedkcs32.dll</p><p>2013-05-01 00:43 . 2013-05-01 00:43 247296 ----a-w- c:\windows\system32\webcheck.dll</p><p>2013-05-01 00:43 . 2013-05-01 00:43 235008 ----a-w- c:\windows\system32\url.dll</p><p>2013-05-01 00:43 . 2013-05-01 00:43 173568 ----a-w- c:\windows\system32\ieUnatt.exe</p><p>2013-05-01 00:43 . 2013-05-01 00:43 167424 ----a-w- c:\windows\system32\iexpress.exe</p><p>2013-05-01 00:43 . 2013-05-01 00:43 1509376 ----a-w- c:\windows\system32\inetcpl.cpl</p><p>2013-05-01 00:43 . 2013-05-01 00:43 149504 ----a-w- c:\windows\system32\occache.dll</p><p>2013-05-01 00:43 . 2013-05-01 00:43 144896 ----a-w- c:\windows\system32\wextract.exe</p><p>2013-05-01 00:43 . 2013-05-01 00:43 13824 ----a-w- c:\windows\system32\mshta.exe</p><p>2013-05-01 00:43 . 2013-05-01 00:43 102912 ----a-w- c:\windows\system32\inseng.dll</p><p>2013-05-01 00:43 . 2013-05-01 00:43 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe</p><p>2013-05-01 00:43 . 2013-05-01 00:43 77312 ----a-w- c:\windows\system32\tdc.ocx</p><p>2013-05-01 00:43 . 2013-05-01 00:43 52224 ----a-w- c:\windows\system32\msfeedsbs.dll</p><p>2013-05-01 00:43 . 2013-05-01 00:43 51200 ----a-w- c:\windows\system32\imgutil.dll</p><p>2013-05-01 00:43 . 2013-05-01 00:43 48640 ----a-w- c:\windows\system32\mshtmler.dll</p><p>2013-05-01 00:43 . 2013-05-01 00:43 136192 ----a-w- c:\windows\system32\iepeers.dll</p><p>2013-05-01 00:43 . 2013-05-01 00:43 135680 ----a-w- c:\windows\system32\IEAdvpack.dll</p><p>2013-05-01 00:43 . 2013-05-01 00:43 12800 ----a-w- c:\windows\system32\msfeedssync.exe</p><p>2013-04-24 19:28 . 2013-04-24 19:28 42184 ----a-w- c:\windows\system32\drivers\taphss6.sys</p><p>2013-04-24 19:18 . 2013-04-24 19:18 46792 ----a-w- c:\windows\system32\drivers\hssdrv6.sys</p><p>2013-04-13 05:49 . 2013-05-16 19:54 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll</p><p>2013-04-13 05:49 . 2013-05-16 19:54 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll</p><p>2013-04-13 05:49 . 2013-05-16 19:54 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll</p><p>2013-04-13 05:49 . 2013-05-16 19:54 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll</p><p>2013-04-13 04:45 . 2013-05-16 19:54 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll</p><p>2013-04-13 04:45 . 2013-05-16 19:54 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll</p><p>2013-04-12 14:45 . 2013-04-24 17:03 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys</p><p>2013-03-19 06:04 . 2013-04-11 02:22 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe</p><p>2013-03-19 05:46 . 2013-04-11 02:22 43520 ----a-w- c:\windows\system32\csrsrv.dll</p><p>2013-03-19 05:04 . 2013-04-11 02:22 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe</p><p>2013-03-19 05:04 . 2013-04-11 02:22 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe</p><p>2013-03-19 04:47 . 2013-04-11 02:22 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll</p><p>2013-03-19 03:06 . 2013-04-11 02:22 112640 ----a-w- c:\windows\system32\smss.exe</p><p>2013-03-16 13:47 . 2012-12-29 22:04 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll</p><p>2013-03-16 13:47 . 2012-01-15 01:30 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll</p><p>2013-03-12 03:35 . 2013-03-12 03:35 0 ----a-w- c:\windows\SysWow64\sho775E.tmp</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>*Note* empty entries & legit default entries are not shown </p><p>REGEDIT4</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}]</p><p>2013-05-24 18:58 197912 ----a-w- c:\program files (x86)\WebCake\WebCakeIEClient.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]</p><p>@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]</p><p>2012-04-09 23:27 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll</p><p>.</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"WebCake Desktop"="c:\users\Tim\AppData\Roaming\WebCake\WebCakeDesktop.exe" [2013-05-24 47896]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</p><p>"DELLOSD"="c:\program files (x86)\DELL\DELLOSD\FastUserSwitching.exe" [2010-12-06 49152]</p><p>"Chicony_OSD"="c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe" [2011-01-13 53248]</p><p>"StickyNotesWidget"="c:\program files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe" [2011-03-18 666344]</p><p>"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]</p><p>"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2011-08-04 4165440]</p><p>"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]</p><p>"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-05-10 37960]</p><p>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]</p><p>"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]</p><p>"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]</p><p>"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]</p><p>"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]</p><p>"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]</p><p>"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2012-02-15 96240]</p><p>"SMessaging"="c:\users\Tim\AppData\Local\Strongvault Online Backup\SMessaging.exe" [2012-04-05 31664]</p><p>"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-10 1073312]</p><p>"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2012-11-05 377800]</p><p>"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]</p><p>"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]</p><p>"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</p><p>"ConsentPromptBehaviorAdmin"= 5 (0x5)</p><p>"ConsentPromptBehaviorUser"= 3 (0x3)</p><p>"EnableUIADesktopToggle"= 0 (0x0)</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]</p><p>2012-02-15 00:26 153584 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]</p><p>"LoadAppInit_DLLs"=1 (0x1)</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]</p><p>"midi1"=wdmaud.drv</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]</p><p>BootExecute REG_MULTI_SZ autocheck autochk *\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0aswBoot.exe /A:* /L:1033 /heur:80 /RA:ask /pup /archives /IA:0 /KBD:5 /wow /dir:C:\Program</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]</p><p>Notification Packages REG_MULTI_SZ scecli FAPassSync</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]</p><p>@=""</p><p>.</p><p>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]</p><p>R2 Dell WMI Service;Dell WMI Service;c:\program files (x86)\DELL\DELLOSD\DellOSDService.exe;c:\program files (x86)\DELL\DELLOSD\DellOSDService.exe [x]</p><p>R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]</p><p>R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]</p><p>R2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [x]</p><p>R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]</p><p>R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys;c:\windows\SYSNATIVE\DRIVERS\facap.sys [x]</p><p>R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]</p><p>R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]</p><p>R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]</p><p>R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]</p><p>R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]</p><p>R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]</p><p>R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]</p><p>R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]</p><p>R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]</p><p>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]</p><p>R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]</p><p>R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]</p><p>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]</p><p>R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]</p><p>S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]</p><p>S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]</p><p>S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]</p><p>S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]</p><p>S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Ath_CoexAgent.exe [x]</p><p>S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]</p><p>S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]</p><p>S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]</p><p>S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]</p><p>S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [x]</p><p>S2 IBUpdaterService;Updater Service;c:\programdata\IBUpdaterService\ibsvc.exe;c:\programdata\IBUpdaterService\ibsvc.exe [x]</p><p>S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]</p><p>S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]</p><p>S2 OSDSvc;ChiconyOSDService;c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe;c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [x]</p><p>S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]</p><p>S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]</p><p>S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]</p><p>S2 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files (x86)\WebCake\WebCakeDesktop.Updater.exe;c:\program files (x86)\WebCake\WebCakeDesktop.Updater.exe [x]</p><p>S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]</p><p>S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]</p><p>S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]</p><p>S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]</p><p>S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]</p><p>S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]</p><p>S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]</p><p>S3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\DRIVERS\cbfs3.sys;c:\windows\SYSNATIVE\DRIVERS\cbfs3.sys [x]</p><p>S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]</p><p>S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]</p><p>S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]</p><p>S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]</p><p>S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]</p><p>S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]</p><p>S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]</p><p>.</p><p>.</p><p>--- Other Services/Drivers In Memory ---</p><p>.</p><p>*NewlyCreated* - WS2IFSL</p><p>.</p><p>Contents of the 'Scheduled Tasks' folder</p><p>.</p><p>2013-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job</p><p>- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-10 21:12]</p><p>.</p><p>2013-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-24 23:48]</p><p>.</p><p>2013-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-24 23:48]</p><p>.</p><p>2013-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-501560442-661217399-2051705123-1001Core.job</p><p>- c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-12 16:24]</p><p>.</p><p>2013-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-501560442-661217399-2051705123-1001UA.job</p><p>- c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-12 16:24]</p><p>.</p><p>2013-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-501560442-661217399-2051705123-1005Core.job</p><p>- c:\users\Leatherneck\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-27 16:06]</p><p>.</p><p>2013-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-501560442-661217399-2051705123-1005UA.job</p><p>- c:\users\Leatherneck\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-27 16:06]</p><p>.</p><p>.</p><p>--------- X64 Entries -----------</p><p>.</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]</p><p>@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]</p><p>2012-04-09 23:27 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]</p><p>@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]</p><p>2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]</p><p>@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]</p><p>2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]</p><p>@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]</p><p>2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]</p><p>@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]</p><p>2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-05-25 7214696]</p><p>"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-22 168216]</p><p>"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-22 392472]</p><p>"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-22 416024]</p><p>"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-03-31 617120]</p><p>"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-03-31 379552]</p><p>"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-08-09 2034752]</p><p>"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]</p><p>"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]</p><p>"AppInit_DLLs"=c:\windows\System32\nvinitx.dll</p><p>.</p><p>------- Supplementary Scan -------</p><p>.</p><p>uLocal Page = c:\windows\system32\blank.htm</p><p>uStart Page = hxxp://www.bing.com</p><p>mStart Page = hxxp://search.coupons.com/</p><p>mLocal Page = c:\windows\SysWOW64\blank.htm</p><p>uInternet Settings,ProxyOverride = *.local</p><p>TCP: DhcpNameServer = 10.164.3.230</p><p>DPF: {8F2EACD9-51A6-4915-B9AD-2AA8657CB472} - hxxps://webpostage.stamps.com/webpostage/plugin/SdcWebClientServices.cab</p><p>FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\t83d22td.default\</p><p>FF - prefs.js: browser.search.selectedEngine - Google</p><p>FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox</p><p>FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=</p><p>FF - ExtSQL: 2013-06-03 21:24; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF</p><p>.</p><p>- - - - ORPHANS REMOVED - - - -</p><p>.</p><p>Toolbar-Locked - (no file)</p><p>Toolbar-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)</p><p>Wow6432Node-HKCU-Run-AdobeBridge - (no file)</p><p>Wow6432Node-HKLM-Run-FAStartup - (no file)</p><p>HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start</p><p>BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)</p><p>Toolbar-Locked - (no file)</p><p>WebBrowser-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)</p><p>AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready</p><p>AddRemove-SPSDesignBase - c:\program files (x86)\Corel\DesignBase Assets\DesignBase-uninstall.exe</p><p>.</p><p>.</p><p>.</p><p>--------------------- LOCKED REGISTRY KEYS ---------------------</p><p>.</p><p>[HKEY_USERS\S-1-5-21-501560442-661217399-2051705123-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]</p><p>@Denied: (Full) (Everyone)</p><p>@Allowed: (Read) (RestrictedCode)</p><p>"scansk"=hex(0):e8,17,de,40,20,c0,c6,a3,ae,03,eb,b2,88,35,31,29,eb,19,86,98,6d,</p><p> 61,e2,8f,a0,62,55,b0,aa,27,58,8c,8c,fb,fb,dd,78,69,9e,86,00,00,00,00,00,00,\</p><p>.</p><p>[HKEY_USERS\S-1-5-21-501560442-661217399-2051705123-1001_Classes\Wow6432Node\CLSID\{cc32bd8d-53df-447d-9c7d-e25eadb8e3b7}]</p><p>@Denied: (Full) (Everyone)</p><p>@Allowed: (Read) (RestrictedCode)</p><p>"Model"=dword:00000059</p><p>"Therad"=dword:0000001e</p><p>"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,</p><p> 38,95,44,46,e5,2c,02,46,78,24,c3,34,63,5d,e4,47,19,88,c3,07,f1,b8,aa,23,75,\</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="FlashBroker"</p><p>"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</p><p>"Enabled"=dword:00000001</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</p><p>@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="IFlashBroker5"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</p><p>@="{00020424-0000-0000-C000-000000000046}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>"Version"="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="FlashBroker"</p><p>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</p><p>"Enabled"=dword:00000001</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="Shockwave Flash Object"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"</p><p>"ThreadingModel"="Apartment"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]</p><p>@="0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]</p><p>@="ShockwaveFlash.ShockwaveFlash.11"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]</p><p>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]</p><p>@="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</p><p>@="ShockwaveFlash.ShockwaveFlash"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="Macromedia Flash Factory Object"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"</p><p>"ThreadingModel"="Apartment"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]</p><p>@="FlashFactory.FlashFactory.1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]</p><p>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]</p><p>@="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</p><p>@="FlashFactory.FlashFactory"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="IFlashBroker5"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</p><p>@="{00020424-0000-0000-C000-000000000046}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>"Version"="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]</p><p>"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,</p><p> 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]</p><p>@Denied: (A) (Users)</p><p>@Denied: (A) (Everyone)</p><p>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</p><p>"BlindDial"=dword:00000000</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]</p><p>@Denied: (Full) (Everyone)</p><p>.</p><p>Completion time: 2013-06-05 08:19:01</p><p>ComboFix-quarantined-files.txt 2013-06-05 15:19</p><p>.</p><p>Pre-Run: 849,933,660,160 bytes free</p><p>Post-Run: 850,534,305,792 bytes free</p><p>.</p><p>- - End Of File - - 6E71662F280FE003AC036475972CDA65</p><p></p><p>2.Let me know if you had any problems with the above instructions and also <<strong>>let me know how things are running now!</<strong>>[/size]</strong></strong></p><p><strong><strong></strong></strong></p></blockquote><p><strong><strong></strong></strong></p><p><strong><strong></strong></strong></p><p><strong><strong>PEACHY KEEN!!! Where do I donate the hundreds of dollars I was going to pay someone to fix my machine??!!! AWESOMENESS</strong></strong></p><p>[/QUOTE]</p>
[QUOTE="suicidecharley, post: 123595, member: 8725"] Please post in your next reply: 1.Combofix log ComboFix 13-06-03.06 - Tim 06/05/2013 8:10.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6049.4155 [GMT -7:00] Running from: c:\users\Tim\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\AMMYY c:\programdata\AMMYY\hr c:\programdata\AMMYY\hr3 c:\programdata\AMMYY\settings3.bin c:\programdata\PCDr\6261\AddOnDownloaded\1b0b3c38-2b97-4f8d-954b-06296209b73d.dll c:\programdata\PCDr\6261\AddOnDownloaded\1e512ef2-01fb-49fb-b09b-71de0eac4612.dll c:\programdata\PCDr\6261\AddOnDownloaded\27ada864-54d8-46c9-a6e3-8334fa39b525.dll c:\programdata\PCDr\6261\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll c:\programdata\PCDr\6261\AddOnDownloaded\3e0b29b2-9809-4050-abfc-ef8aff73ceab.dll c:\programdata\PCDr\6261\AddOnDownloaded\5f2ce3e8-3c56-40bb-86d6-a1a41867000b.dll c:\programdata\PCDr\6261\AddOnDownloaded\b69d9551-76e9-4872-95f8-075916f82d74.dll c:\users\Public\AlexaNSISPlugin.197224.dll c:\users\Public\sdelevURL.tmp c:\users\Tim\AppData\Local\common_functions.dll c:\users\Tim\AppData\Local\ie_runner_app.exe c:\windows\SysWow64\pt c:\windows\SysWow64\pt\Lagoon.resources.dll . . ((((((((((((((((((((((((( Files Created from 2013-05-05 to 2013-06-05 ))))))))))))))))))))))))))))))) . . 2013-06-05 15:17 . 2013-06-05 15:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-06-05 15:17 . 2013-06-05 15:17 -------- d-----w- c:\users\Leatherneck\AppData\Local\temp 2013-06-05 15:17 . 2013-06-05 15:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-05 14:45 . 2013-06-05 14:45 -------- d-s---w- c:\windows\SysWow64\Microsoft 2013-06-04 04:24 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-06-04 04:23 . 2013-06-04 04:23 -------- d-----w- c:\program files\AVAST Software 2013-06-04 04:22 . 2013-06-05 14:51 -------- d-----w- c:\programdata\AVAST Software 2013-06-03 17:43 . 2013-06-03 17:43 -------- d-----w- c:\users\Tim\AppData\Local\Mozilla 2013-06-03 17:10 . 2012-06-26 10:59 940544 ----a-w- c:\users\Tim\AppData\Local\log4cxx.dll 2013-06-03 17:06 . 2013-06-03 17:06 -------- d-----w- c:\programdata\boost_interprocess 2013-06-02 17:00 . 2013-06-02 17:00 -------- d-----w- c:\program files (x86)\Common Files\Steam 2013-06-02 16:58 . 2005-12-06 01:09 3815120 ----a-w- c:\windows\system32\d3dx9_28.dll 2013-06-02 16:58 . 2005-07-23 02:59 3807440 ----a-w- c:\windows\system32\d3dx9_27.dll 2013-06-02 16:58 . 2005-05-26 22:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll 2013-06-02 16:58 . 2005-05-26 22:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll 2013-06-02 16:58 . 2005-03-19 00:19 3823312 ----a-w- c:\windows\system32\d3dx9_25.dll 2013-06-02 16:58 . 2005-02-06 02:45 3544272 ----a-w- c:\windows\system32\d3dx9_24.dll 2013-06-02 16:09 . 2013-06-02 16:09 -------- d-----w- c:\users\Tim\AppData\Local\emaze 2013-06-02 07:06 . 2013-06-03 17:06 -------- d-----w- C:\AI_RecycleBin 2013-05-31 05:06 . 2013-05-31 05:06 -------- d-----w- c:\users\Tim\AppData\Roaming\redsn0w 2013-05-27 20:26 . 2013-06-05 15:06 -------- d-----w- c:\users\Tim\AppData\Roaming\WebCake 2013-05-27 20:26 . 2013-05-27 20:26 -------- d-----w- c:\program files (x86)\WebCake 2013-05-27 03:08 . 2009-09-30 03:57 758018 ----a-w- c:\windows\SysWow64\xvidcore.dll 2013-05-27 03:08 . 2008-12-05 04:46 180224 ----a-w- c:\windows\SysWow64\xvidvfw.dll 2013-05-27 03:08 . 2008-10-08 17:16 139264 ----a-w- c:\windows\SysWow64\xvid.ax 2013-05-26 23:29 . 2013-05-26 23:29 -------- d-----w- c:\programdata\StarApp 2013-05-24 23:48 . 2013-06-04 04:27 -------- d-----w- c:\program files (x86)\Google 2013-05-24 21:51 . 2013-05-24 21:51 -------- d-----w- c:\users\Tim\AppData\Local\FreemakeVideoConverter 2013-05-24 21:50 . 2013-06-03 17:13 -------- d-----w- c:\programdata\Freemake 2013-05-24 21:50 . 2013-06-03 17:13 -------- d-----w- c:\program files (x86)\Freemake 2013-05-24 21:50 . 2013-05-24 21:50 -------- d-----w- c:\users\Tim\AppData\Roaming\OpenCandy 2013-05-22 19:24 . 2013-05-22 19:24 -------- d-----w- c:\programdata\PC-Doctor for Windows 2013-05-22 19:24 . 2013-06-05 05:08 -------- d-----w- c:\program files\My Dell 2013-05-21 04:47 . 2013-05-21 04:47 -------- d-----w- c:\users\Tim\AppData\Roaming\HandBrake 2013-05-20 19:06 . 2013-06-03 17:44 -------- d-----w- c:\users\Tim\AppData\Roaming\player 2013-05-20 19:04 . 2013-05-20 19:04 -------- d-----w- c:\program files (x86)\Coupons 2013-05-20 07:06 . 2013-05-21 14:30 -------- d-----w- c:\users\Tim\AppData\Local\DownloadTerms 2013-05-20 06:27 . 2013-06-03 17:46 -------- d-----w- c:\program files (x86)\MyPC Backup 2013-05-20 06:26 . 2013-05-21 14:32 -------- d-----w- c:\users\Tim\AppData\Local\RapidFinda 2013-05-20 05:47 . 2013-05-20 05:47 -------- d-----w- c:\programdata\KingsIsle Entertainment 2013-05-20 04:53 . 2013-06-03 07:48 -------- d-----w- c:\users\Tim\AppData\Roaming\.minecraft 2013-05-19 22:46 . 2013-05-19 22:46 -------- d-----w- c:\users\Tim\AppData\Local\Reflection 2013-05-19 22:46 . 2013-05-19 22:46 -------- d-----w- c:\programdata\Reflection 2013-05-19 20:50 . 2013-05-19 20:50 -------- d-----w- c:\program files (x86)\Conduit 2013-05-19 20:50 . 2013-06-03 17:12 -------- d-----w- c:\users\Tim\AppData\Local\Conduit 2013-05-19 20:48 . 2013-05-19 20:48 -------- d-----w- c:\users\Tim\AppData\Roaming\SearchProtect 2013-05-19 20:48 . 2013-06-02 16:10 -------- d-----w- c:\users\Tim\AppData\Local\CRE 2013-05-19 08:30 . 2013-05-19 08:30 -------- d-----w- c:\users\Tim\AppData\Local\Macroplant_LLC 2013-05-19 08:29 . 2013-05-19 08:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll 2013-05-19 08:29 . 2013-05-19 08:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll 2013-05-19 08:29 . 2013-05-19 08:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2013-05-19 08:29 . 2013-05-19 08:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2013-05-19 08:29 . 2013-05-19 08:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2013-05-19 08:29 . 2013-05-19 08:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2013-05-19 08:29 . 2013-05-19 08:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2013-05-19 08:29 . 2013-05-19 08:29 -------- d-----w- c:\program files (x86)\QuickTime 2013-05-19 08:29 . 2012-04-09 23:27 223760 ----a-w- c:\windows\SysWow64\CbFsNetRdr3.dll 2013-05-19 08:29 . 2012-04-09 23:27 190480 ----a-w- c:\windows\system32\CbFsMntNtf3.dll 2013-05-19 08:29 . 2012-04-09 23:27 158224 ----a-w- c:\windows\SysWow64\CbFsMntNtf3.dll 2013-05-19 08:29 . 2012-04-09 23:27 141328 ----a-w- c:\windows\system32\CbFsNetRdr3.dll 2013-05-19 08:28 . 2012-04-09 23:27 352144 ----a-w- c:\windows\system32\drivers\cbfs3.sys 2013-05-19 08:28 . 2013-06-03 17:45 -------- d-----w- c:\program files (x86)\iExplorer 2013-05-19 06:57 . 2013-05-19 06:57 -------- d-----w- c:\users\Tim\AppData\Local\Programs 2013-05-19 06:44 . 2013-05-19 06:44 -------- d-----w- c:\program files (x86)\Microsoft Expression 2013-05-19 05:54 . 2013-05-19 05:54 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-05-19 05:54 . 2013-04-04 12:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-05-18 03:26 . 2013-05-26 23:29 -------- d-----w- c:\programdata\InstallMate 2013-05-16 19:54 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-12 06:06 . 2009-09-05 00:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll 2013-05-12 06:06 . 2009-09-05 00:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll 2013-05-12 06:06 . 2009-09-05 00:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll 2013-05-12 06:06 . 2009-09-05 00:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll 2013-05-12 06:05 . 2006-11-29 20:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll 2013-05-10 18:56 . 2013-05-10 19:26 -------- d-----w- c:\users\Leatherneck\AppData\Roaming\PCFixSpeed 2013-05-10 18:55 . 2013-05-10 18:55 -------- d-----w- c:\users\Leatherneck\AppData\Roaming\24x7 Help 2013-05-08 23:06 . 2013-05-08 23:06 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-05-08 23:06 . 2013-05-08 23:06 -------- d-----w- c:\program files\iTunes 2013-05-08 23:06 . 2013-05-08 23:06 -------- d-----w- c:\program files (x86)\iTunes 2013-05-08 23:06 . 2013-05-08 23:06 -------- d-----w- c:\program files\iPod . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-17 14:41 . 2010-06-24 17:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-17 10:10 . 2012-03-18 16:27 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-05-16 21:12 . 2012-10-10 01:11 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-16 21:12 . 2012-01-15 01:13 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-01 00:43 . 2013-05-01 00:43 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-05-01 00:43 . 2013-05-01 00:43 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-05-01 00:43 . 2013-05-01 00:43 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-05-01 00:43 . 2013-05-01 00:43 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-05-01 00:43 . 2013-05-01 00:43 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-05-01 00:43 . 2013-05-01 00:43 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-05-01 00:43 . 2013-05-01 00:43 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-05-01 00:43 . 2013-05-01 00:43 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-05-01 00:43 . 2013-05-01 00:43 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-05-01 00:43 . 2013-05-01 00:43 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-05-01 00:43 . 2013-05-01 00:43 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-05-01 00:43 . 2013-05-01 00:43 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-05-01 00:43 . 2013-05-01 00:43 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-05-01 00:43 . 2013-05-01 00:43 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-05-01 00:43 . 2013-05-01 00:43 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-05-01 00:43 . 2013-05-01 00:43 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-05-01 00:43 . 2013-05-01 00:43 81408 ----a-w- c:\windows\system32\icardie.dll 2013-05-01 00:43 . 2013-05-01 00:43 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-05-01 00:43 . 2013-05-01 00:43 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-05-01 00:43 . 2013-05-01 00:43 441856 ----a-w- c:\windows\system32\html.iec 2013-05-01 00:43 . 2013-05-01 00:43 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-05-01 00:43 . 2013-05-01 00:43 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-05-01 00:43 . 2013-05-01 00:43 216064 ----a-w- c:\windows\system32\msls31.dll 2013-05-01 00:43 . 2013-05-01 00:43 197120 ----a-w- c:\windows\system32\msrating.dll 2013-05-01 00:43 . 2013-05-01 00:43 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-05-01 00:43 . 2013-05-01 00:43 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-05-01 00:43 . 2013-05-01 00:43 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-05-01 00:43 . 2013-05-01 00:43 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-05-01 00:43 . 2013-05-01 00:43 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-05-01 00:43 . 2013-05-01 00:43 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-05-01 00:43 . 2013-05-01 00:43 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-05-01 00:43 . 2013-05-01 00:43 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-05-01 00:43 . 2013-05-01 00:43 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-05-01 00:43 . 2013-05-01 00:43 235008 ----a-w- c:\windows\system32\url.dll 2013-05-01 00:43 . 2013-05-01 00:43 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-05-01 00:43 . 2013-05-01 00:43 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-05-01 00:43 . 2013-05-01 00:43 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-05-01 00:43 . 2013-05-01 00:43 149504 ----a-w- c:\windows\system32\occache.dll 2013-05-01 00:43 . 2013-05-01 00:43 144896 ----a-w- c:\windows\system32\wextract.exe 2013-05-01 00:43 . 2013-05-01 00:43 13824 ----a-w- c:\windows\system32\mshta.exe 2013-05-01 00:43 . 2013-05-01 00:43 102912 ----a-w- c:\windows\system32\inseng.dll 2013-05-01 00:43 . 2013-05-01 00:43 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-05-01 00:43 . 2013-05-01 00:43 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-05-01 00:43 . 2013-05-01 00:43 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-05-01 00:43 . 2013-05-01 00:43 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-05-01 00:43 . 2013-05-01 00:43 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-05-01 00:43 . 2013-05-01 00:43 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-05-01 00:43 . 2013-05-01 00:43 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-05-01 00:43 . 2013-05-01 00:43 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-04-24 19:28 . 2013-04-24 19:28 42184 ----a-w- c:\windows\system32\drivers\taphss6.sys 2013-04-24 19:18 . 2013-04-24 19:18 46792 ----a-w- c:\windows\system32\drivers\hssdrv6.sys 2013-04-13 05:49 . 2013-05-16 19:54 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-16 19:54 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-16 19:54 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-16 19:54 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-16 19:54 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-16 19:54 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 14:45 . 2013-04-24 17:03 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-03-19 06:04 . 2013-04-11 02:22 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-11 02:22 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-11 02:22 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-11 02:22 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-11 02:22 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-11 02:22 112640 ----a-w- c:\windows\system32\smss.exe 2013-03-16 13:47 . 2012-12-29 22:04 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-03-16 13:47 . 2012-01-15 01:30 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-03-12 03:35 . 2013-03-12 03:35 0 ----a-w- c:\windows\SysWow64\sho775E.tmp . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}] 2013-05-24 18:58 197912 ----a-w- c:\program files (x86)\WebCake\WebCakeIEClient.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay] @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}" [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}] 2012-04-09 23:27 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WebCake Desktop"="c:\users\Tim\AppData\Roaming\WebCake\WebCakeDesktop.exe" [2013-05-24 47896] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "DELLOSD"="c:\program files (x86)\DELL\DELLOSD\FastUserSwitching.exe" [2010-12-06 49152] "Chicony_OSD"="c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe" [2011-01-13 53248] "StickyNotesWidget"="c:\program files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe" [2011-03-18 666344] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942] "Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2011-08-04 4165440] "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-05-10 37960] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496] "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2012-02-15 96240] "SMessaging"="c:\users\Tim\AppData\Local\Strongvault Online Backup\SMessaging.exe" [2012-04-05 31664] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-10 1073312] "AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2012-11-05 377800] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess] 2012-02-15 00:26 153584 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "midi1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0aswBoot.exe /A:* /L:1033 /heur:80 /RA:ask /pup /archives /IA:0 /KBD:5 /wow /dir:C:\Program . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli FAPassSync . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 Dell WMI Service;Dell WMI Service;c:\program files (x86)\DELL\DELLOSD\DellOSDService.exe;c:\program files (x86)\DELL\DELLOSD\DellOSDService.exe [x] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [x] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys;c:\windows\SYSNATIVE\DRIVERS\facap.sys [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x] R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x] S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Ath_CoexAgent.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x] S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x] S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [x] S2 IBUpdaterService;Updater Service;c:\programdata\IBUpdaterService\ibsvc.exe;c:\programdata\IBUpdaterService\ibsvc.exe [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x] S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] S2 OSDSvc;ChiconyOSDService;c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe;c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files (x86)\WebCake\WebCakeDesktop.Updater.exe;c:\program files (x86)\WebCake\WebCakeDesktop.Updater.exe [x] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] S3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\DRIVERS\cbfs3.sys;c:\windows\SYSNATIVE\DRIVERS\cbfs3.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2013-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-10 21:12] . 2013-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-24 23:48] . 2013-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-24 23:48] . 2013-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-501560442-661217399-2051705123-1001Core.job - c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-12 16:24] . 2013-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-501560442-661217399-2051705123-1001UA.job - c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-12 16:24] . 2013-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-501560442-661217399-2051705123-1005Core.job - c:\users\Leatherneck\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-27 16:06] . 2013-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-501560442-661217399-2051705123-1005UA.job - c:\users\Leatherneck\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-27 16:06] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay] @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}" [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}] 2012-04-09 23:27 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-05-25 7214696] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-22 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-22 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-22 416024] "AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-03-31 617120] "AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-03-31 379552] "Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-08-09 2034752] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.bing.com mStart Page = hxxp://search.coupons.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 10.164.3.230 DPF: {8F2EACD9-51A6-4915-B9AD-2AA8657CB472} - hxxps://webpostage.stamps.com/webpostage/plugin/SdcWebClientServices.cab FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\t83d22td.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q= FF - ExtSQL: 2013-06-03 21:24; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file) Wow6432Node-HKCU-Run-AdobeBridge - (no file) Wow6432Node-HKLM-Run-FAStartup - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file) Toolbar-Locked - (no file) WebBrowser-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file) AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready AddRemove-SPSDesignBase - c:\program files (x86)\Corel\DesignBase Assets\DesignBase-uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-501560442-661217399-2051705123-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):e8,17,de,40,20,c0,c6,a3,ae,03,eb,b2,88,35,31,29,eb,19,86,98,6d, 61,e2,8f,a0,62,55,b0,aa,27,58,8c,8c,fb,fb,dd,78,69,9e,86,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-501560442-661217399-2051705123-1001_Classes\Wow6432Node\CLSID\{cc32bd8d-53df-447d-9c7d-e25eadb8e3b7}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000059 "Therad"=dword:0000001e "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,46,e5,2c,02,46,78,24,c3,34,63,5d,e4,47,19,88,c3,07,f1,b8,aa,23,75,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-06-05 08:19:01 ComboFix-quarantined-files.txt 2013-06-05 15:19 . Pre-Run: 849,933,660,160 bytes free Post-Run: 850,534,305,792 bytes free . - - End Of File - - 6E71662F280FE003AC036475972CDA65 2.Let me know if you had any problems with the above instructions and also <[b]>let me know how things are running now!</[b]>[/size] [/quote] PEACHY KEEN!!! Where do I donate the hundreds of dollars I was going to pay someone to fix my machine??!!! AWESOMENESS[/b][/b] [/QUOTE]
Insert quotes…
Verification
Post reply
Top