1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Live Search Redirect

Discussion in 'Virus & Other Malware Removal' started by Heron51585, Jan 20, 2013.

Thread Status:
Not open for further replies.
  1. Heron51585

    Heron51585 Thread Starter

    Joined:
    Jan 20, 2013
    Messages:
    1
    I've read a few of the other posts about this and I'm just trying to get help removing the redirect.

    I am currently running windows 7 64bit and the redirect is effecting all the browsers. I downloaded combofix after reading one of the other threads. here is the log:

    ComboFix 13-01-17.04 - Tony 01/20/2013 12:18:59.1.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3838.1929 [GMT -5:00]
    Running from: c:\users\Tony\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Tony\AppData\Local\Conduit\Adobe\aubraurtg.dll
    c:\windows\Downloaded Program Files\popcaploader.dll
    c:\windows\Downloaded Program Files\popcaploader.inf
    c:\windows\SysWow64\SET2BA5.tmp
    c:\windows\SysWow64\SET38A6.tmp
    c:\windows\SysWow64\URTTemp
    c:\windows\SysWow64\URTTemp\regtlib.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-20 to 2013-01-20 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-20 17:24 . 2013-01-20 17:24 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-01-20 13:38 . 2013-01-20 13:44 -------- d-----w- c:\windows\LastGood
    2013-01-19 09:21 . 2013-01-19 09:21 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8C666D-D04C-4D43-9F3A-28C6E1E2F882}\offreg.dll
    2013-01-18 13:43 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8C666D-D04C-4D43-9F3A-28C6E1E2F882}\mpengine.dll
    2013-01-16 19:52 . 2013-01-16 22:07 -------- d-----w- c:\users\Tony\AppData\Roaming\Dwarfs
    2013-01-16 19:51 . 2013-01-16 19:51 -------- d-----w- c:\program files (x86)\Microsoft XNA
    2013-01-16 18:16 . 2008-12-27 06:01 310208 ----a-w- c:\windows\system32\drivers\OA007Vid.sys
    2013-01-16 18:16 . 2008-09-01 06:00 40960 ----a-w- c:\windows\SysWow64\OA007Pin.dll
    2013-01-16 18:16 . 2008-09-01 06:00 35328 ----a-w- c:\windows\system32\OA007Pin.dll
    2013-01-16 18:16 . 2008-08-01 22:21 102912 ----a-w- c:\windows\CtDrvIns.exe
    2013-01-16 18:16 . 2008-07-28 06:00 24576 ----a-w- c:\windows\SysWow64\OA007Pin.crl
    2013-01-16 18:16 . 2008-07-28 06:00 15360 ----a-w- c:\windows\system32\OA007Pin.crl
    2013-01-16 18:11 . 2013-01-16 18:11 -------- d-----w- c:\users\Tony\AppData\Roaming\U3
    2013-01-16 17:49 . 2013-01-16 17:49 -------- d-----w- c:\program files (x86)\Creative
    2013-01-16 17:11 . 2013-01-16 17:11 -------- d-----w- c:\users\Tony\AppData\Local\Akamai
    2013-01-15 14:55 . 2013-01-15 14:55 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
    2013-01-15 14:53 . 2010-06-28 15:51 490600 ----a-w- c:\windows\system32\nvumdshimx.dll
    2013-01-15 14:53 . 2010-06-28 15:51 429672 ----a-w- c:\windows\SysWow64\nvumdshim.dll
    2013-01-15 14:53 . 2010-06-28 15:51 113768 ----a-w- c:\windows\system32\nvinitx.dll
    2013-01-15 14:53 . 2010-06-28 15:51 101992 ----a-w- c:\windows\SysWow64\nvinit.dll
    2013-01-15 14:53 . 2010-06-28 15:51 408680 ----a-w- c:\windows\system32\nvdecodemft.dll
    2013-01-15 14:53 . 2010-06-28 15:51 335464 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
    2013-01-15 14:53 . 2010-06-28 15:51 255592 ----a-w- c:\windows\system32\nvcod1922.dll
    2013-01-15 14:53 . 2010-06-28 15:51 255592 ----a-w- c:\windows\system32\nvcod.dll
    2013-01-15 14:53 . 2011-03-17 09:38 1965672 ----a-w- c:\windows\SysWow64\nvapi.dll
    2013-01-15 14:53 . 2010-06-28 15:51 930272 ----a-w- c:\windows\system32\dpinst.exe
    2013-01-15 01:39 . 2013-01-15 01:39 -------- d-----w- c:\users\Tony\AppData\Roaming\Dell
    2013-01-15 01:39 . 2013-01-15 01:39 -------- d-----w- c:\programdata\PC-Doctor for Windows
    2013-01-15 01:39 . 2013-01-15 01:39 -------- d-----w- c:\programdata\PCDr
    2013-01-15 01:38 . 2013-01-15 02:02 -------- d-----w- c:\program files\AlienAutopsy
    2013-01-15 01:36 . 2013-01-15 01:36 -------- d-----w- c:\users\Tony\AppData\Roaming\PCDr
    2013-01-15 01:36 . 2013-01-15 02:03 -------- d-----w- C:\temp
    2013-01-15 01:28 . 2013-01-15 01:28 74703 ----a-w- c:\windows\SysWow64\mfc45.dll
    2013-01-15 01:28 . 2013-01-20 13:41 -------- d-----w- c:\programdata\iolo
    2013-01-15 01:28 . 2013-01-15 01:28 -------- d-----w- c:\program files (x86)\iolo
    2013-01-14 19:38 . 2013-01-15 00:50 -------- d-----w- c:\program files (x86)\osu!
    2013-01-14 19:25 . 2013-01-14 19:25 -------- d-----w- c:\users\Tony\AppData\Roaming\Downloaded Installations
    2013-01-09 20:34 . 2013-01-09 20:34 -------- d-----w- c:\programdata\Alienware
    2013-01-09 20:12 . 2013-01-09 20:12 -------- d-----w- c:\program files\Alienware
    2013-01-09 20:08 . 2003-11-10 23:14 729088 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
    2013-01-09 20:08 . 2003-11-10 23:13 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
    2013-01-09 20:08 . 2003-11-10 23:12 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
    2013-01-09 20:08 . 2003-11-10 23:12 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
    2013-01-09 20:08 . 2003-11-10 23:11 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
    2013-01-09 20:08 . 2003-11-10 23:10 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
    2013-01-09 20:08 . 2013-01-09 20:08 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
    2013-01-09 20:08 . 2013-01-09 20:08 188548 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
    2013-01-09 20:06 . 2013-01-09 20:06 -------- d-----w- c:\users\Tony\Bluetooth Software
    2013-01-09 20:06 . 2008-01-29 23:46 36392 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
    2013-01-09 20:06 . 2008-01-29 22:53 120872 ----a-w- c:\windows\system32\drivers\btwavdt.sys
    2013-01-09 20:06 . 2008-01-29 22:53 92200 ----a-w- c:\windows\system32\drivers\btwaudio.sys
    2013-01-09 20:06 . 2008-01-29 22:53 19880 ----a-w- c:\windows\system32\drivers\btwrchid.sys
    2013-01-09 20:06 . 2008-06-06 05:05 296960 ----a-w- c:\windows\system32\BtwRSupport.dll
    2013-01-09 20:06 . 2007-04-16 08:24 23752 ----a-w- c:\windows\system32\providers.bin
    2013-01-09 20:05 . 2013-01-09 20:05 -------- d-----w- c:\windows\system32\es-MX
    2013-01-09 20:05 . 2013-01-09 20:05 -------- d-----w- c:\windows\system32\es-AR
    2013-01-09 20:05 . 2013-01-09 20:05 -------- d-----w- c:\windows\SysWow64\es-MX
    2013-01-09 20:05 . 2013-01-09 20:05 -------- d-----w- c:\windows\SysWow64\es-AR
    2013-01-09 20:05 . 2013-01-09 20:05 -------- d-----w- c:\program files\WIDCOMM
    2013-01-09 20:01 . 2013-01-09 20:01 -------- d-----w- c:\program files (x86)\Cisco
    2013-01-09 20:01 . 2013-01-09 20:01 95472 ----a-w- c:\windows\system32\bcmwlcoi.dll
    2013-01-09 20:01 . 2013-01-16 17:41 3877888 ----a-w- c:\windows\system32\bcmihvsrv64.dll
    2013-01-09 20:01 . 2013-01-16 17:41 3541504 ----a-w- c:\windows\system32\bcmihvui64.dll
    2013-01-09 20:01 . 2013-01-16 17:41 2042872 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
    2013-01-09 20:01 . 2013-01-09 20:01 -------- d-----w- c:\program files\Broadcom
    2013-01-09 20:01 . 2013-01-09 20:01 -------- d-----w- c:\users\Tony\AppData\Roaming\InstallShield
    2013-01-09 19:55 . 2013-01-09 20:07 -------- d-----w- c:\users\Tony\Drivers
    2013-01-09 15:14 . 2013-01-09 15:14 -------- d-----w- c:\users\Tony\AppData\Roaming\RealNetworks
    2013-01-09 12:25 . 2013-01-09 12:25 -------- d-----w- c:\program files (x86)\RealNetworks
    2013-01-09 12:25 . 2013-01-09 12:25 -------- d-----w- c:\programdata\RealNetworks
    2013-01-09 12:24 . 2013-01-09 12:24 -------- d-----w- c:\program files (x86)\Common Files\xing shared
    2013-01-09 12:24 . 2013-01-09 12:24 153296 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
    2013-01-09 12:24 . 2013-01-09 12:24 124056 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
    2013-01-09 12:24 . 2013-01-09 12:24 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2013-01-09 12:24 . 2013-01-09 12:24 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2013-01-09 02:56 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
    2013-01-09 02:56 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
    2013-01-09 02:54 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
    2013-01-09 02:53 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
    2013-01-09 02:53 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
    2013-01-02 18:52 . 2013-01-02 18:53 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-01-02 18:52 . 2013-01-02 18:53 -------- d-----w- c:\program files\iTunes
    2013-01-02 18:52 . 2013-01-02 18:53 -------- d-----w- c:\program files (x86)\iTunes
    2013-01-02 18:52 . 2013-01-02 18:52 -------- d-----w- c:\program files\iPod
    2012-12-28 01:03 . 2012-12-28 01:03 -------- d-sh--w- c:\programdata\SecuROM
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-16 13:45 . 2012-04-07 22:13 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-16 13:45 . 2012-01-10 14:53 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-09 08:03 . 2011-03-09 17:39 67599240 ----a-w- c:\windows\system32\MRT.exe
    2012-12-16 17:11 . 2012-12-21 08:01 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-21 08:00 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 08:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 08:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-11-30 04:45 . 2013-01-09 02:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-11-18 17:48 . 2011-09-08 20:17 800824 ----a-w- c:\users\Default\AppData\Roaming\DPInst.exe
    2012-11-18 17:48 . 2011-09-08 20:17 36352 ----a-w- c:\users\Default\AppData\Roaming\PnPutil.exe
    2012-11-18 17:48 . 2011-09-08 20:17 106496 ----a-w- c:\users\Default\AppData\Roaming\gacutil.exe
    2012-11-14 07:06 . 2012-12-12 08:02 17811968 ----a-w- c:\windows\system32\mshtml.dll
    2012-11-14 06:32 . 2012-12-12 08:02 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-11-14 06:11 . 2012-12-12 08:02 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 06:04 . 2012-12-12 08:02 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-11-14 06:04 . 2012-12-12 08:02 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 06:02 . 2012-12-12 08:02 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 06:02 . 2012-12-12 08:02 237056 ----a-w- c:\windows\system32\url.dll
    2012-11-14 05:59 . 2012-12-12 08:02 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-11-14 05:58 . 2012-12-12 08:02 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-11-14 05:57 . 2012-12-12 08:02 599040 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 05:57 . 2012-12-12 08:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 05:55 . 2012-12-12 08:02 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-11-14 05:55 . 2012-12-12 08:02 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2012-11-14 05:53 . 2012-12-12 08:02 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-11-14 05:52 . 2012-12-12 08:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-14 05:46 . 2012-12-12 08:02 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-11-14 02:09 . 2012-12-12 08:02 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-11-14 01:58 . 2012-12-12 08:02 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57 . 2012-12-12 08:02 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-11-14 01:49 . 2012-12-12 08:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48 . 2012-12-12 08:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-11-14 01:44 . 2012-12-12 08:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-11-09 05:45 . 2012-12-12 03:29 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-09 04:42 . 2012-12-12 03:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-11-02 05:59 . 2012-12-12 03:28 478208 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-02 05:11 . 2012-12-12 03:28 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
    2012-10-30 23:51 . 2011-03-09 18:22 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-10-30 23:51 . 2011-03-09 18:22 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-10-30 23:51 . 2011-03-09 18:22 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-10-30 23:51 . 2011-03-09 18:22 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-10-30 23:51 . 2011-03-09 18:22 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-10-30 23:51 . 2011-03-09 18:21 41224 ----a-w- c:\windows\avastSS.scr
    2012-10-30 23:50 . 2011-03-09 18:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-10-30 23:50 . 2011-03-09 17:52 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files (x86)\Zynga\prxtbZyng.dll" [2011-05-09 176936]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
    .
    [HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
    2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Zynga\prxtbZyng.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files (x86)\Zynga\prxtbZyng.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "Facebook Update"="c:\users\Tony\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-13 138096]
    "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928]
    "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-08-28 247768]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-17 1354736]
    "Akamai NetSession Interface"="c:\users\Tony\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    "masqform.exe"="c:\program files (x86)\PureEdge\Viewer 6.5\masqform.exe" [2005-07-04 643072]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2012-10-15 2844608]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-01-09 295072]
    "FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-10-19 2235840]
    .
    c:\users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Tony\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-28 28539392]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 164904]
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 1025576]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
    2010-04-04 18:43 144712 ----a-w- c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli FAPassSync
    .
    R0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys [2011-06-16 69888]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 277032]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac576d174925c1c6\AESTSr64.exe [2009-03-03 89600]
    S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
    S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800]
    S2 FreeAgentGoFlex Service;Seagate Drive Settings Service;c:\program files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe [2011-02-10 91432]
    S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200]
    S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200]
    S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608]
    S2 SpyroService;Spyro Portal Service;c:\program files (x86)\FS\Spyro Portal\FlashPortal.exe [2011-09-09 48128]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-08-28 92632]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 36392]
    S3 ITECIRfilter;ITECIR Filter Driver;c:\windows\system32\DRIVERS\ITECIRfilter.sys [2011-03-22 28264]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-08-19 22408]
    S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-08-19 16008]
    S3 OA007Vid;Creative Camera OA007 Function Driver;c:\windows\system32\DRIVERS\OA007Vid.sys [2008-12-27 310208]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-20 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 13:45]
    .
    2013-01-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1058525360-2672619816-1123526767-1000Core.job
    - c:\users\Tony\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-01 23:42]
    .
    2013-01-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1058525360-2672619816-1123526767-1000UA.job
    - c:\users\Tony\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-01 23:42]
    .
    2013-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-05 02:31]
    .
    2013-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-05 02:31]
    .
    2013-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1058525360-2672619816-1123526767-1000Core.job
    - c:\users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-18 13:45]
    .
    2013-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1058525360-2672619816-1123526767-1000UA.job
    - c:\users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-18 13:45]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 196648]
    "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 483880]
    "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-06-15 110360]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
    "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2012-10-08 3182080]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-08-26 487424]
    "AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:tabs
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
    Trusted Zone: dell.com
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\onydrbnu.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://start.pogo.iplay.com/?o=shp
    FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
    FF - prefs.js: network.proxy.type - 0
    FF - ExtSQL: 2013-01-09 07:25; {34712C68-7391-4c47-94F3-8F88D49AD632}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-DW6 - c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
    Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
    Wow6432Node-HKLM-Run-ShopAtHomeWatcher - c:\users\Tony\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    Wow6432Node-HKLM-Run-FAStartup - (no file)
    WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
    AddRemove-{09760D42-E223-42AD-8C3E-55B47D0DDAC3} - c:\programdata\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-01-20 12:27:37
    ComboFix-quarantined-files.txt 2013-01-20 17:27
    .
    Pre-Run: 408,360,984,576 bytes free
    Post-Run: 408,536,170,496 bytes free
    .
    - - End Of File - - F22A5A34AFD556B1B02612D91910DC48

    It seems to have fixed it so I would like to thank you. And if you see anything in the log that says it might still be there but hiding please let me know.
     

    Attached Files:

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1086113

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice